US20050010670A1 - Port proxy and system for server and client computers - Google Patents
Port proxy and system for server and client computers Download PDFInfo
- Publication number
- US20050010670A1 US20050010670A1 US10/894,671 US89467104A US2005010670A1 US 20050010670 A1 US20050010670 A1 US 20050010670A1 US 89467104 A US89467104 A US 89467104A US 2005010670 A1 US2005010670 A1 US 2005010670A1
- Authority
- US
- United States
- Prior art keywords
- port
- application
- communications
- server
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
Definitions
- a web-based software-sales institution can utilize the Internet, or other public network, to allow customers to “test-drive” the programs, and thereby increase sales.
- a second justification for deployment arises in the thin-client/network-computer model where the code required for the application-functionality and user data reside on the server. In this situation, when required at the thin client, the application code is provided by the server on an as-needed basis.
- These servers can even be off-site in an application service provider (ASP) environment.
- ASP application service provider
- Another justification surrounds the possibility to “rent” programs to users.
- a large number of potential users may have only limited requirements for certain classes of application programs. Their individual requirements may not justify investment in the typically expensive programs or not justify the costs of client installation. The thought here is to enable these users to rent access to the application programs, preferably via the Internet, to generate new revenue streams for the application software companies.
- the selling institution may allow the potential owner to download a trial-version of the program.
- This version may have reduced capabilities and/or a limited lifetime, where the program is disabled after it has been invoked a set number of times, or after a specified date.
- This process is complex, often requiring a multi-step process in which the user must accept the download, pick a save-as location, watch the download, quit the browser, find the file on the hard drive, and run an installer, for example.
- Another technique is to extend the potential purchaser's browser in some fashion using, for example, a Java applet. This approach, however, shares the problems discussed previously relative to ActiveX and Java.
- the present invention features a method for enabling remote networking functionality by port redirection.
- the method comprises executing a process requiring networking protocol and intercepting communications from the process to a port assigned to support the network protocol. The communications are then redirected over an open port.
- the step of executing the process comprises executing an application program on a remote storage asset using SMB networking protocols, with the communications being directed at port 139 .
- This interception can be accomplished by addressing the communications to a local loop back.
- the communications are preferably encapsulated an HTTP packet, and specifically a post data portion.
- the invention can also be characterized in the context of a system for remote networking by port proxy.
- the system comprises an application program executing on a computer which is utilizing the SMB protocol to access a remote storage asset.
- a port proxy program intercepts communications from the program to a port assigned to support the SMB protocol and redirects the communications over an open port.
- FIG. 1 is a schematic illustration showing the application serving system and specifically the interaction between the target client computer, the host Web server computer of the third-party subscribing institution, and the server system, according to the present invention
- FIG. 2 is a flow diagram illustrating the method by which the serving of applications to the target computer is initiated at the third-party subscribing institution according to the present invention
- FIG. 3 is a flow diagram illustrating the steps performed by the server system when the target computer requests an application
- FIG. 4 is a flow diagram showing the launch process for the helper application, or software player, on the target client computer;
- FIGS. 5A and 5B are flow diagrams showing the application launch process that is performed on the target client computer
- FIGS. 6A-6C are flow diagrams showing the steps associated with the application monitoring process according to the present invention.
- FIG. 7 is a flow diagram illustrating the application shutdown process according to the present invention.
- FIG. 8 is a schematic block/communication stack diagram illustrating the operation of the SMB proxy application according to the present invention.
- FIG. 9 is a process diagram illustrating the operation of the port proxy.
- FIG. 1 shows an application serving system 100 , which has been constructed according to the principles of the present invention.
- the application serving system 100 comprises the user, target client computer 110 that connects to a server system 112 and subscribing institution host Web Server 130 , over a network 114 .
- Client computer 110 , Web server 130 , and server system 112 implement a network protocol layer to communicate across the network.
- network 114 is the Internet, or other public or private network
- the network protocol layers are TCP/IP and NetBios.
- Other network configurations and network protocols layers could be implemented in place or in addition to those associated with the Internet such as those provided in other public or private networks and internetwork systems.
- the target, client computer 110 is a PC computer in one implementation. It operates Microsoft Windows 95/98/NT/2000/CE operating system or other OS providing compatible API's (application programming interfaces), on an Intel processor/IBM-compatible hardware platform. Other alternatives, however, are possible such as open source operating system platforms, such as Linux, or Apple MAC OS's or other operating systems that provide the API support for these operating systems. Still further alternatives include embedded OS platforms such as Windows CE and Palm OS's, or similar reduced code-footprint systems.
- the target computer 110 preferably has preinstalled application programs.
- a browser 134 such as the ubiquitous Netscape Navigator or Microsoft Explorer browsers, is installed.
- the target computer also preferably has a helper application or software player 132 .
- Such pre-installation can be performed typically at a website hosted by the institution that operates the server system 112 or also the subscribing institution 130 .
- a firewall 111 may be present between the target computer and the network 114 .
- the subscribing institution which maintains the host web server 130 , is typically a third party relative to the institution, which maintains the server system 112 in one anticipated business model.
- the subscribing institution has a requirement, or desires to provide, application programs and the related functionality to the user at the target computer 110 , but, rather than providing this functionality itself, the subscribing institution outsources this to the institution operating the server system 112 . Nonetheless, the subscribing institution typically has an Internet presence. Specifically, it typically maintains a website/websites that offer the application programs to users.
- the server system 112 is maintained by an institution that provides application programs to users as a paid service to subscribing institutions. Nonetheless, it should be appreciated that the technology of the present invention also has applicability to the business model where the server system 112 and host Web server 120 are maintained by the same institution. In this context, the institution does not wish to out-source the work associated with the serving of the applications, but wishes to provide this functionality through in-house expertise.
- the service institution's server system 112 maintains a log-in database 116 , a customer database 118 , an application database 120 , and a current sessions database 122 .
- the server system additionally executes a session ID generator 124 , a load balancing process 126 , and an encryption process 128 .
- FIG. 2 shows the steps performed by or at the target computer 110 to initiate the serving of an application from the server system 112 .
- a user at the target computer identifies a desired application to the target computer 110 in step 210 .
- the browser 134 is executing on the target computer 110 and a link is displayed in the browser window. This link is identified and/or associated with the application that the user desires to execute on the target computer.
- the user operating a graphical pointing device, such as a mouse, controls the target computer's graphical user interface to select or “click-on” the link for the desired application.
- Selection of the link in step 210 causes the browser 134 to interrogate the target computer's operating system to determine whether the appropriate software player (SWP) has been installed on the target computer in step 212 .
- This interrogation is performed in one embodiment by an application programming interface (API) call to check the operating system registry.
- API application programming interface
- Applets, ActiveX, or scripting are other modalities for performing the interrogation.
- an installation process is initiated in step 214 .
- this installation process comprises either pointing the browser 134 , or a new instantiation of the browser, with a new universal resource locator (URL), to website that supports the installation of the software player through a download, for example.
- URL universal resource locator
- the install/download is simplified for ease of operation.
- a Java applet is used that allows installation and writing to the drive—if permission is provided.
- a download bar is displayed on the browser screen.
- the browser 134 is pointed with a URL to the server system 112 , in step 216 .
- the URL link contains: 1) a unique identifier, or number, associated by the server system 112 with the application requested (TitleId); 2) a unique session ID (SID); and 3) an identifier that identifies the subscribing institution (SubInstId).
- the subscribing institution is the company that operates the host Web server computer 130 , which served the web page that originally contained the link associated with the application that was desired by the user of the target computer 110 .
- the SID is a unique session ID that is specific to the link and the specific session.
- a session ID that served as part of the original link provides a token from the web site that tells indicates that the subscribing institution has authenticated this specific session. This is important for the rental/subscription model where they will be authenticating users with credit cards or user names and passwords.
- FIG. 3 shows the steps performed by the server system 112 when the target computer 110 requests an application by transmitting the URL containing the SID, Titleld, and Sublnstld to the server system 112 over the network 114 .
- the server system 112 receives the URL, SID, Titleld, and SubInstld.
- the server system then accesses the log-in database 116 to verify that: 1) the user at the target computer 110 is a valid user by reference to the session Id field (SID); and 2) the subscribing institution is a currently valid subscribing institution by reference to the Sublnstld field in step 312 . If either the user or subscribing institution is invalid (step 314 ), an error is returned to the target computer 110 in the step 316 by the server system 112 .
- the server system 112 then proceeds to construct an application descriptor or data file that will coordinate the operation of the target computer 110 and the server system 112 across the network 114 .
- the application descriptor is a file that is named with a “.WOW” suffix, which is the MIME type.
- step 318 the server system 112 accesses the customer database 118 using the SID to obtain information regarding the session.
- the application database 120 is accessed. This contains information concerning the application, which was requested by the user.
- the application database 120 contains information such as minimum system requirements (RAM, processing power, etc.) that are required by the application on the target computer 110 and the application's media weight or processing requirements on the server system 112 associated with each instantiation.
- the load balancing process 126 is executed.
- the server system 112 selects a host computer within the server system that will be primarily responsible for serving the application over the network 114 to the target computer 110 .
- the server system comprises multiple host Web and associated application servers.
- the selected host computer is co-located with the other host computers in one implementation; alternatively, components or servers of the server system are located in a server farm and/or geographically local to the target computer 110 .
- the load balancing process selects the host computer based on geographic proximity, in addition to load, to reduce latency.
- the load balancing checks the current session's database 122 to determine which host server in the server system 112 has the least load.
- the list of servers serving the specific application is part of the title's application description. Determination of which server to use is based on the number of concurrent connections to each server and the media weight of each application and also the user's physical geographic location based on the IP address.
- the current sessions database 122 is updated in step 324 with the current session being added. Specifically, the session ID, the user's IP (Internet protocol) address, the application title, the media weight, and the server assigned to the session is added. This database is used by the load balancing process 126 , and by a watch dog process that watches the connections to each host server in the server system, to verify that all connections are from authorized users.
- IP Internet protocol
- step 326 the application descriptor is encrypted.
- this application descriptor comprises the host address of the host computer of the server system 112 , which was assigned by the load balancing process 126 along with a session ID assigned as part of the update of the current session database 122 .
- the application descriptor is sent to the target computer 110 in step 328 .
- FIG. 4 shows the launch process for the helper application or software player 132 .
- the client Upon receiving the WOW application descriptor file, the client launches the software player 132 in step 409 .
- This is a helper application that performs the bulk of the client-side application management.
- the receipt of the .WOW descriptor file automatically launches the software player. This is accomplished by configuration of MIME types during the software player's initial installation. In the Windows 95 operating system, MIME types are set in the registry, associating files with a specified suffix, here: WOW, that are to be opened with the software player 132 .
- the Buddy API Xtra (a library of calls employed by programmers of Macromedia Director) is used to access Windows API functions. Specifically, the initial writing to the registry is done with the baWriteRegNumber and baWriteRegString commands in Buddy API.
- step 410 the registration status of the software player 132 with respect to the server system 112 , or institution operating the system, is determined. If it has not been registered and/or properly licensed, a registration box is displayed on the graphical user interface of the target computer 110 in step 412 . The user is either requested or required to complete the registration information box, depending on the implementation. Once completed, the registration information is sent, in step 414 , to the server system 112 over network 114 .
- any firewall proxy for firewall 111 is interrogated in step 416 . If it is not valid, a proxy information dialog box is displayed in step 418 , and the user is requested to complete it on the target computer 110 . Once completed, the proxy information is updated in step 420 .
- step 422 the status of the application descriptor, or WOW file is interrogated in step 422 . If no application descriptor file is detected, a dialog is generated in step 424 , on the target computer 110 for the user. The user is requested to enter a partner or subscribing institution. If it is determined that no institution has been entered in step 426 , the process aborts. However, if a subscribing institution was entered, the process similarly aborts in step 430 , but also points the browser 134 to the Web page for the subscribing institution in step 432 .
- step 434 it is interrogated as to whether the client is monitoring a similar process, i.e., the software player 132 is currently running on the client. If it is not running, the SWP window is created in step 436 . Depending on the run mode, the window is either hidden or visible on the client interface.
- step 438 any system clean-up is performed. Generally, the operating system registry is written to when applications 133 are run. The software player tracks those modifications, and any registry changes; these changes are undone when the application 133 and software player 132 are quit. However, if the software player 132 was terminated unexpectedly during its last operation, the registry clean-up may not have been performed. If not, the clean-up occurs in this step.
- any modified registry settings are returned, icons are removed, folders in any disk drive are removed, and any new copies of applications on the desktop are removed.
- the player is set up on the OS tray.
- the port proxy application is started in step 442 prior to the application launch process in step 450 in the preferred embodiment.
- the port proxy application is required because of the preferred embodiment of the present invention utilizes standard Microsoft Windows 95/98/NT/2000 operating system networking protocol implementation of SMB (server message block), the functionality of which is blocked on may client computers.
- This standard protocol operates over port 139 .
- it since it is a sharing protocol, it is deemed dangerous or non-secure, and communications through this port are blocked by many commercial, government, and/or corporate firewalls.
- the use of the port proxy is not limited only systems using the SMB protocol, but is deploy in any environment where the port and or network communications protocol used by the player is blocked, or possibly blocked, on the client computer.
- the port proxy enables a protocol to be redirected to another port such as HTTP or web ports.
- step 444 If it was determined that the SWP is currently monitoring a process and thus invoked, in step 444 , the status of the target computer operating system is interrogated in step 444 . If too many applications are currently running, a dialog is generated notifying the user in step 446 and the process aborts in step 448 . However, if there is sufficient resources to run the application, the new launch application process is started in step 450 .
- FIGS. 5A and 5B show the application launch process.
- the software player 132 reads and decrypts the incoming application descriptor WOW file.
- the program uses the baCommandArgs command in the Buddy API.
- the decryption of the commands is done via the baDecryptText command in the Buddy API.
- the software player 132 checks to see if this is the first time it has been run on the client computer 110 by checking the computer's internal settings to see if a unique ID has been written to the settings. This is done via the baReadRegString command in Buddy API. If it finds the unique ID, it continues. If it does not find a unique ID, it asks the user for personal information that will be collected for a User Database, in one exemplary implementation.
- step 510 It then creates a WOW data struct in step 510 .
- the version of the application descriptor is then compared to the version of the software player 132 in step 512 to ensure compatibility. If there is no compatibility, a dialog is displayed in step 514 asking the user if they wish to upgrade to a new software player. If the user agrees to upgrade, the new dynamic link libraries (.DLL files) are downloaded from the server system 112 in step 516 .
- the software player unloads the current dynamic link libraries and updates the DLL's in step 516 .
- step 514 the process aborts in step 518 , while simultaneously pointing the browser 134 with an upgrade URL to a site hosted by the server system 112 or hosted by another server in step 520 .
- step 518 the application requirements contained in the application description are compared to the target computer's configuration in step 522 . If there are inadequate resources, the process aborts in step 524 . Additionally, the browser 134 is pointed toward a web page hosted by the server system providing for maintenance. Specifically, the maintenance URL is passed to the browser in step 526 . For example, a minimum or maximum screen depth, resolution, RAM requirements, processor requirements, sound board requirements, and video board requirements are assessed.
- baVersion(“os”) baVersion(“qt”)
- baVersion(qt3”) baScreenInfo(“height”)
- baScreenInfo(“width”) baScreenInfo(“depth”).
- a message is sent from the target client computer 110 to the server system over the network 114 in step 528 .
- the message contains the session ID, which was just received from the server system in the application descriptor file.
- a start request message is sent to the server system. The receipt of the session ID identifies the session and implicitly notifies the server system 112 that the target computer has successfully decrypted the application descriptor file, which had been previously sent. The start request indicates that the target client computer is now ready to begin to execute the requested application.
- the software player 132 preferably determines, via the application descriptor, the transaction mode being used. This will impact the appearance of the player 134 on the screen or GUI of the computer 110 . For example, if the application descriptor identifies itself as an advertisement-based transaction (noted as an “a” in the Application Descriptor), then the software player 132 will respond by positioning itself at the top level of the screen depth and begin to request advertisements from an advertisement server, within the server system 112 , over the network 114 . Conversely, if the application descriptor identifies itself as a subscription-based (noted as an “s” in the application descriptor), the software player 132 will hide itself, but continue to execute in the background. To hide itself the program uses the baWindowState command in Buddy API. The ads are obtains through hypertext transfer protocol (http) calls.
- http hypertext transfer protocol
- step 530 the target client computer 112 then waits for a start request acknowledgment from the server system 112 . If no acknowledgment is received after a predetermined time period, a dialog is displayed on the target client computer 110 to notify the user that the server system is currently unavailable in step 532 .
- a proxy socket is opened in the target computer 110 and the application server address is passed to the proxy in step 536 .
- the software player 132 determines if any files are required from the server system 112 to continue the launch process. If additional files are required, they can be obtained by initiating a remote drive mounting process in step 540 . Alternatively, the files can be obtained using a local file installation and replace process in step 542 . Additionally, both processes could be used if multiple files are required.
- Certain applications require specific files at specific locations. For example, certain anti-virus programs require virus definitions to exist at specific path. Such hard coded path requirements are addressed in this initial configurations check. A file check is performed and any required files are shipped to the client computer before the application is launched.
- the target client computer 110 With the remote drive mounting and possibly local file installation/replace, the target client computer 110 now has access to the files and specifically the code required to invoke the selected application.
- the directory is set to the local or remote drive and the run command is issued to the host server. In one embodiment, this occurs on port 139 , the SMB port, from the perspective of the application, but is actually sent through port 80 by the proxy application.
- standard Windows NT remote networking methods are used to attach to the server's directory using the Net Use command, which is part of the Windows Networking.
- Windows 95 computers need to have the name of the server they are attaching to in a file in the Windows directory called LMHOST; the software player 132 writes the name of the server to the LMHOST file using the FileI/O command in Macromedia Director.
- the software player 132 then waits for the application window and the update of the stream display in step 548 .
- the window status is acquired by reference to the operating system application programming interface. In the preferred embodiment, where it is operating on a Windows OS platform, the window status is obtained via the WIN API in step 550 .
- the stream data size is obtained from the proxy application in step 552 .
- step 554 it is interrogated as to whether or not the application window has opened. Until the window opens, the host server in the server system 112 is periodically pinged. The window timeout is reset as many as three times and as long as the server is responsive to the ping in step 558 . If there is no server response to the ping as determined in step 556 , the user is notified via the dialog in step 560 and the program aborts in step 562 .
- step 554 If, however, the window opens as determined in step 554 , the user interface elements are activated that are specific to the application in step 564 . The size and position of the software player and application windows are then set in step 566 . At this stage, with the application running on the operating system of the target client computer 110 , the process proceeds to an application monitoring in step 568 .
- Application window monitoring In the preferred embodiment, there are six processes that are performed to monitor the application.
- Application window monitoring tracking pulse monitoring, advertising updating, net traffic monitoring, count-down timing, and user event handling.
- FIG. 6A illustrates the steps associated with application window monitor process and the tracking pulse process.
- the client computer multitasks to also monitor the operation of the application.
- One of the processes is the application window monitor process 610 .
- the application window monitor process 610 periodically makes API calls to determine whether or not the application's window is still open in step 612 . If the window is open, it continues to maintain and/or set the position and layer of the windows of the application 133 and the software player 132 with respect to each other in step 614 according to the transaction mode. However, if the application window monitor process 610 determines that the application window has closed, the software player 132 begins the execution of a shutdown process 616 .
- the tracking pulse process 618 periodically sends a pulse or a ping to the host server of the server system 112 in step 620 . If it is determined that no pulse has been received in step 622 , the target client computer 110 pings the host server of the server system in step 624 . Based on the status of the ping, if it is determined that there is no connection to the server, a dialog is generated in step 626 and there is a forced shutdown of the application process in step 628 , and again, the shutdown process is activated 616 . If the ping is successfully sent to the server, but no response is received, a dialog is generated in step 628 . Again, a “no response” dialog is generated in step 630 and the shut down process is activated in step 616 .
- tracking is not provided by sending pulses; instead, the application server monitors socket connections to determine if connections are still active. From the client side, instead of the server telling the client to shut down, the client gets its “total time to run” as part of the wow file and begins counting down—and eventually shuts down—once it hits zero time.
- step 622 if it is determined that the pulse is received in step 622 , the message is analyzed. If it is determined that the message is to turn off the application in step 632 , the application process is terminated in step 628 and the shut down process is activated, step 616 .
- step 634 If the message returned that the application must be terminated within n minutes, a dialog is generated in step 634 , notifying the user of the remaining minutes of access to the application. A countdown timer is started in step 636 . Finally, if the message returned is an all clear or o.k. message in step 632 , process returns.
- FIG. 6B shows the advertisement update process, net traffic monitoring process, and countdown timer process, which are additionally performed as part of the application monitoring.
- the ad update process periodically updates the ads displayed on the software player and any URL's required for the ad server in step 640 . It then returns to the run mode of the ad process in step 642 .
- the software player will maintain a +1 depth relationship with the application's window. This means that if the application 133 is brought to the front, the software player 132 will place itself in front of the application 133 so the application cannot hide the advertisements being served. If a different application or window, i.e., one not being hosted by the server system 112 , is brought to the front, the software player 132 will not obscure the application or window. It will maintain its +1 depth relation to the application 133 . This is accomplished via the baWindowDepth command in Buddy API. Also, the player is monitored so that it is not moved off the screen.
- Step 644 monitors network activity and notifies the net traffic monitoring process in step 646 . This allows the application monitor to determine if there are any problems associated with high traffic, which would impact the operation of the application.
- step 648 the display countdown timer is updated. This countdown timer notifies the user as to the time remaining in which the application is available. This is most relevant where the user has, for example, “rented” the application for a fixed period of time as indicated by the transaction mode.
- the countdown timer updates the countdown timer process 650 so that a shut down process is automatically activated when the timer has timed-out.
- FIG. 6C illustrates event handling process 652 of the application monitoring processes. Specifically, if the bookmark is selected in step 654 , the URL of the third-party application hosting institution and its server system 112 is added to the start menu folder of the browser 132 .
- the bookmarking feature is termed“Quick Launch”—instead of adding it to the start menu folder system, it gets book-marked as part of a screen in the player—the one that comes up if you click on Quick Launch. It remembers the location from where you initially clicked, thus guaranteeing the web site that they will still get ad revenue and a follow-up page each time the user clicks on the Quick Launch bookmark.
- a help file is displayed.
- the browser 134 is pointed to a URL of a help file server in step 658 .
- the browser is pointed to the URL or a specified URL of the subscribing institution in step 662 .
- the home button is selected in step 664 , the browser 134 is pointed to the home page of the third-party application hosting system in step 666 .
- the ad which is displayed by the player, is selected in step 668 , the browser is pointed to the URL of the advertising company in step 670 .
- the quit button is selected in step 672 , the application is forced to terminate in step 674 and the shutdown process is started in step 676 .
- FIG. 7 is a flow diagram illustrating the application shutdown process. Specifically, if the application 133 is desired to be shutdown or quit in step 710 , a shutdown pulse or signal is sent from the client computer 110 to the host server of the server system 112 in step 712 . Any remnants of the application program are then removed from the operating system 135 and local drives generally, in step 714 . Specifically, any modified registry settings are returned, icons are removed, folders in any disk drive are removed, and any new copies of applications on desktop are removed. Next, the player 132 is set up on the OS tray.
- a follow-up URL is sent to the browser 134 in step 718 .
- this follow-up URL is for the subscribing institution and is typically hosted by the web server 130 , allowing it to follow with a “sales pitch” or to solicit for further purchase of goods and/or services. This allows, in some implementations, the third-party application hosting to be transparent to the user at the target computer.
- any remaining monitoring processes are identified in step 720 , and the monitoring processes are terminated in step 722 .
- step 724 the proxy application is quit and the software player is shut down in step 726 .
- FIG. 8 illustrates the operation of the port proxy of the software player 132 .
- the application 133 through the software player, makes request to server system 112 , the request is directed to port 139 as a standard SMB communication by the application.
- This SMB communication is intercepted by the SMB proxy of the software player 132 .
- the request is redirected, by the proxy, through port 80 , which is the http, or web port or some other open port such as the FTP port.
- the SMB protocol has been in use on corporate LAN's (local area networks) for nearly twenty years. In that time, it has become a popular vehicle for enabling simple networking. It is at the heart of Microsoft Networking and also in IBM's OS/2. For historical, practical, and security reasons, it has remained a LAN based, however.
- Microsoft networking utilizes the SMB protocol to communicate between PC clients and servers to provide file sharing, print sharing, and basic network authentication. Most commonly this is wrapped in the NetBIOS protocol to enable plug and play networking for small, medium and large LANs.
- the NetBIOS protocol provides for auto-discovery of networks, machine addressing abstraction, and decentralized management of networks.
- NetBIOS has grown to be a common standard on corporate LAN's. However, this also presents a significant security risk.
- a hacker who has broken into or is seeking to break into a corporation's LAN can either wait and “sniff” to find addresses of machines on the LAN, or a smart hacker can broadcast spurious NetBIOS packets and discover the formation of the LAN automatically.
- TCP and UDP ports 137 , 138 and 139 are used for enabling a NetBIOS-based service.
- Microsoft Networking is such a service, wrapping the SMB protocol with NetBIOS for name resolution and other services. Therefore, all Microsoft Networks behind firewalls or proxies most commonly block these ports to guard their LANs from intrusion. In addition, many ISP's today block this traffic as well, to protect their user's from malicious Internet hackers.
- the proxy of the software player 132 listens for requests for port 139 . These are transferred using address 27.0.0.1, which is the address for a loopback. The client computer 110 then monitors this local-loopback address.
- firewalls there are three levels of firewalls. Minimally, most firewalls do not route anything from port 139 . As a result, if the transmissions are sent through port 80 , they can pass through this type of firewall. Even in more secure firewalls, port 80 is typically open. In the most secure type, the firewall blocks port 80 , but proxies communications on this port.
- the SMB communication is preferably encapsulated within an http packet, HTTP(SMB packet).
- HTTP(SMB packet) As a result, an http header is added, which comprises a request line followed by a post form-data tag. These types of headers are used when data from a form is typically sent to a script process. For the http post to be performed correctly, the content length, content type, and MIME type are also set.
- a web server 810 of the server system 112 listens on the corresponding port for the communications. It received the http packet with the post data commands. It strips off the packet's header and then sends the post data to the application server as SMB packets.
- the SMB proxy allows to the application 133 to execute as if it were mounting a standard Window NT server using the SMB protocol. Communications, however, are actually occurring over port 80 of the client computer 110 .
- the web server 810 receives and maintains the connection with the client computer over the network. Incoming upload HTTP communications are received and the post data stripped out. This data is then transferred to the application server 812 as SMB protocol communications. The download path is handled by the inverse process where the application server sends SMB packets to the web server, which encapsulates the packets into the post data section of an HTTP packet. The HTTP packet header is then established, and the packet is transmitted to port 80 of the client over the intervening networks.
- the proxy application on the client can be rerouted through port 23 (FTP) with the server returning on port 21 , also reserved for FTP transfer, in another embodiment, if those ports are open.
- FTP FTP
- the use of the SMB proxy and port 80 communications requires that the operating system of the host application server in the server system be non-standard.
- the server code has been recompiled to support SMB communications over port 80 instead of port 139 . This necessitates the use of open source operating systems that implement Standard Microsoft Windows 95/98/NT/2000 protocols.
- FIG. 9 illustrates the port proxy process.
- Client 110 computer will request a file from a server by making a request in the form of ⁇ COMPUTERNAME ⁇ SHARENAME.
- the COMPUTERNAME is a 15 character mnemonic for some machine in the user's network.
- the client PC will then try to resolve the COMPUTERNAME into a MAC address /IP address for the destination computer. This is done through a series of measures. First, the client will check its name cache for a pre-existing entry. Then it will try to resolve the name via broadcast to the network for any machine responding to this name or response from a machine which has already resolved this name. As a last fallback, the computer will check a special file, the LMHOSTS file, for a hard coded address.
- This process generates a small amount of LAN traffic, which if the remote computer is not on the local LAN, will most likely be blocked by the firewall.
- This traffic constitutes the requests on ports 137 and 138 TCP and UDP.
- the software player 132 uses the LMHOSTS file to preload the name cache of client computer to avoid the network requests for name resolution in step 910 .
- the next phase is called NetBIOS Session Setup in step 912 .
- the PC client will establish a connection to the remote computer, COMPUTERNAME, using the default, pre-assigned port, 139 .
- SMB is then used to establish a connection to SHARENAME and gain the files requested.
- the NetBIOS Session Setup request is retargeted. This means that a valid response to a NetBIOS Session Setup is the IP address and port of a different machine which serves the information sought by the client computer 110 .
- an entry is made into the LMHOSTS file designating the local loopback interface, 127.0.0.1, be given the NetBIOS name SWOWREDIR, in step 914 . All requests then to ⁇ SWOWREDIR ⁇ SHARENAME are redirected on the fly to the machine designated by the software player 132 .
- the request can be retargeted to use the FTP control port, 21 . This enables further penetration of many corporate firewalls.
- the NetBIOS session is preferably proxied as described. Specifically, the port proxy of the player 132 listens again to the loopback interface under the name SWOWPROXY in step 916 . Then any request to ⁇ SWOWPROXY ⁇ SHARENAME are relayed to address of the server system 112 over port 21 in step 918 .
- the NetBIOS session is preferably wrapped in HTTP in step 917 .
- the port proxy rather than simply relaying packets, queues up a request until a predetermined point is reached.
- the current accumulated data is then sent to the server system in the form of an HTTP POST transaction.
- NetBIOS and SMB packets are not simply relayed.
- the port proxy of the player 132 assembles the SMB packets into requests.
- the proxy will queue up a request until it is complete, then forward it in its entirety to the other end of the HTTP connection, a server side HTTP proxy.
- the proxy will read the first four bytes of an SMB request. This determines the number of bytes which are to follow and the actual SMB/NetBIOS command. Each request is then read to completion and then transmitted using the HTTP protocol to the server side proxy.
- the code 1234567889012 represents a unique session identifier used by the server side proxy to track the HTTP connections between requests.
- the actual URL is irrelevant, but is used to detract hackers from prodding at the server. If a request is made for an alternate URL, a 404 Not Found response is sent by the server side proxy.
- the next 6 lines of HTTP are used solely to adhere to HTTP standards, without these lines many proxy servers will ignore the request, deeming our proxy not to be a valid web browser.
- Content-type and Content-length identify that what is to follow is a series of MIME encoding postings that the web server will know how to deal with.
- the Content-length is vital, without it most proxies will delay the request, not knowing when it has ended.
- YYYYDDHHMISS represents a time stamp used to simply increment and vary the boundary stamp used in the MIME encoding as per RFC requirements.
- the first line will be rewritten as follows instead to accommodate the requirements of the HTTP proxy:
- the server side proxy on the web server 810 will parse this input and strip out the SMB Keep Alive packet, and transfer it to the SMB server 812 in step 922 . Once a full packet is received from the SMB server in step 924 , the HTTP server side proxy will transmit the response as follows:
- This response identifies a return of an SMB Keep Alive to the client PC.
- the server must respond in the first line with a valid response code, 200 represents a valid transaction. Then the server will respond with MIME identification of the type and size of response. On the response, no MIME boundaries are required if the server is solely sending back one packet of type application/octet-stream, which identifies a binary object is being returned.
- the client SMB proxy will then parse the number of bytes specified in the Content-length header and return these to the true SMB client, closing its connection to the HTTP proxy server.
- HTTP Keep Alive As a further enhancement to the above protocol, the SMB proxy could maintain its connection with the HTTP proxy and send multiple requests down the socket. This practice is covered in the HTTP/1.1 RFC.
Abstract
Description
- This application is a continuation of U.S. patent application Ser. No. 09/531,121, filed on Mar. 17, 2000, which is a continuation-in-part and claims priority under 35 U.S.C. § 120 to U.S. patent application Ser. No. 09/456,181, filed on Dec. 7, 1999, which claims the benefit under 35 USC 119(e) of U.S. Provisional Patent Application No. 60/128,828, filed on Apr. 12, 1999, all of which are incorporated herein by reference in their entirety.
- Internet or network delivery of application-program-style functionality has become increasingly important. The ubiquitous client-server platform typically requires that the application program code be loaded and installed on the client computers. This requirement, however, is viewed as substantially increasing the installation and maintenance costs associated with computer networks. Moreover, many client operating system platforms are deemed unstable. Network delivery of applications programs would enable the code to be maintained only on the server-side, rather than distributed throughout the network.
- Additionally, there are a number of different business models that are pulling for network delivery of application program functionality. First, it can be used in software sales. A web-based software-sales institution can utilize the Internet, or other public network, to allow customers to “test-drive” the programs, and thereby increase sales. A second justification for deployment arises in the thin-client/network-computer model where the code required for the application-functionality and user data reside on the server. In this situation, when required at the thin client, the application code is provided by the server on an as-needed basis. These servers can even be off-site in an application service provider (ASP) environment. Another justification surrounds the possibility to “rent” programs to users. A large number of potential users may have only limited requirements for certain classes of application programs. Their individual requirements may not justify investment in the typically expensive programs or not justify the costs of client installation. The thought here is to enable these users to rent access to the application programs, preferably via the Internet, to generate new revenue streams for the application software companies.
- One solution to providing application program functionality to the client computer via the network involves expanding the functionality of the browser. For example, the term “plug-in” is used to describe a browser code extension. ActiveX and Java are two of the most common code platforms for the browser.
- While the solution to provide application program functionality via the browser is attractive in its simplicity, a number of problems exist under current technology. First, providing sophisticated ActiveX and/or Java functionality is still in its infancy and largely untried. Further, it ignores the wealth of existing, stable application programs that have been written and are being written to run directly on operating systems, such as Windows 95/98/NT/2000, Unix, Linux, and Mac OS's.
- Related, but limited, solutions attempt to allow potential buyers, for example, to “test drive” the program over the Internet. Typically, one of two techniques have been used. First, the selling institution may allow the potential owner to download a trial-version of the program. This version may have reduced capabilities and/or a limited lifetime, where the program is disabled after it has been invoked a set number of times, or after a specified date. This process, however, is complex, often requiring a multi-step process in which the user must accept the download, pick a save-as location, watch the download, quit the browser, find the file on the hard drive, and run an installer, for example. Another technique is to extend the potential purchaser's browser in some fashion using, for example, a Java applet. This approach, however, shares the problems discussed previously relative to ActiveX and Java.
- Against this backdrop, most modem computer/network operating systems allow for the execution of code that is stored remotely from the client computer. The systems allow a client computer to mount a physically remote drive, residing on a server or peer computer, and execute the application program residing there. Typically, however, these capabilities of the operating system are only utilized within an institution where an umbrella network management exercises control over both the clients and the servers to realize the necessary security levels, prevent corruption of data on the server side, and configure the client computers to access the server-stored code.
- Software players can be defined that will configure the client to communicate with remote storage assets across a network, automatically. The problem is, however, that security policies and institution firewalls may a priori block this remote access with these existing networking protocols. Thus, in many environments, they can not be used.
- In general, according to one aspect, the present invention features a method for enabling remote networking functionality by port redirection. The method comprises executing a process requiring networking protocol and intercepting communications from the process to a port assigned to support the network protocol. The communications are then redirected over an open port.
- In preferred embodiments, the step of executing the process comprises executing an application program on a remote storage asset using SMB networking protocols, with the communications being directed at
port 139. This interception can be accomplished by addressing the communications to a local loop back. - To overcome even the most sophisticated firewall systems, the communications are preferably encapsulated an HTTP packet, and specifically a post data portion.
- In general, according to another aspect, the invention can also be characterized in the context of a system for remote networking by port proxy. The system comprises an application program executing on a computer which is utilizing the SMB protocol to access a remote storage asset. A port proxy program intercepts communications from the program to a port assigned to support the SMB protocol and redirects the communications over an open port.
- The above and other features of the invention including various novel details of construction and combinations of parts, and other advantages, will now be more particularly described with reference to the accompanying drawings and pointed out in the claims. It will be understood that the particular method and device embodying the invention are shown by way of illustration and not as a limitation of the invention. The principles and features of this invention may be employed in various and numerous embodiments without departing from the scope of the invention.
- In the accompanying drawings, reference characters refer to the same parts throughout the different views. The drawings are not necessarily to scale; emphasis has instead been placed upon illustrating the principles of the invention. Of the drawings:
-
FIG. 1 is a schematic illustration showing the application serving system and specifically the interaction between the target client computer, the host Web server computer of the third-party subscribing institution, and the server system, according to the present invention; -
FIG. 2 is a flow diagram illustrating the method by which the serving of applications to the target computer is initiated at the third-party subscribing institution according to the present invention; -
FIG. 3 is a flow diagram illustrating the steps performed by the server system when the target computer requests an application; -
FIG. 4 is a flow diagram showing the launch process for the helper application, or software player, on the target client computer; -
FIGS. 5A and 5B are flow diagrams showing the application launch process that is performed on the target client computer; -
FIGS. 6A-6C are flow diagrams showing the steps associated with the application monitoring process according to the present invention; -
FIG. 7 is a flow diagram illustrating the application shutdown process according to the present invention; -
FIG. 8 is a schematic block/communication stack diagram illustrating the operation of the SMB proxy application according to the present invention; and -
FIG. 9 is a process diagram illustrating the operation of the port proxy. -
FIG. 1 shows anapplication serving system 100, which has been constructed according to the principles of the present invention. - Generally, the
application serving system 100 comprises the user,target client computer 110 that connects to aserver system 112 and subscribing institutionhost Web Server 130, over anetwork 114. -
Client computer 110,Web server 130, andserver system 112 implement a network protocol layer to communicate across the network. In a preferred embodiment,network 114 is the Internet, or other public or private network, and the network protocol layers are TCP/IP and NetBios. Other network configurations and network protocols layers, however, could be implemented in place or in addition to those associated with the Internet such as those provided in other public or private networks and internetwork systems. - The target,
client computer 110 is a PC computer in one implementation. It operates Microsoft Windows 95/98/NT/2000/CE operating system or other OS providing compatible API's (application programming interfaces), on an Intel processor/IBM-compatible hardware platform. Other alternatives, however, are possible such as open source operating system platforms, such as Linux, or Apple MAC OS's or other operating systems that provide the API support for these operating systems. Still further alternatives include embedded OS platforms such as Windows CE and Palm OS's, or similar reduced code-footprint systems. - The
target computer 110 preferably has preinstalled application programs. In the present implementation, abrowser 134, such as the ubiquitous Netscape Navigator or Microsoft Explorer browsers, is installed. Additionally, the target computer also preferably has a helper application orsoftware player 132. Such pre-installation can be performed typically at a website hosted by the institution that operates theserver system 112 or also the subscribinginstitution 130. - Depending on the institution managing the target computer, a
firewall 111 may be present between the target computer and thenetwork 114. - The subscribing institution, which maintains the
host web server 130, is typically a third party relative to the institution, which maintains theserver system 112 in one anticipated business model. The subscribing institution has a requirement, or desires to provide, application programs and the related functionality to the user at thetarget computer 110, but, rather than providing this functionality itself, the subscribing institution outsources this to the institution operating theserver system 112. Nonetheless, the subscribing institution typically has an Internet presence. Specifically, it typically maintains a website/websites that offer the application programs to users. - From one implementation, the
server system 112 is maintained by an institution that provides application programs to users as a paid service to subscribing institutions. Nonetheless, it should be appreciated that the technology of the present invention also has applicability to the business model where theserver system 112 andhost Web server 120 are maintained by the same institution. In this context, the institution does not wish to out-source the work associated with the serving of the applications, but wishes to provide this functionality through in-house expertise. - Specifically the service institution's
server system 112 maintains a log-indatabase 116, acustomer database 118, anapplication database 120, and a current sessions database 122. The server system additionally executes asession ID generator 124, aload balancing process 126, and anencryption process 128. -
FIG. 2 shows the steps performed by or at thetarget computer 110 to initiate the serving of an application from theserver system 112. Specifically, a user at the target computer identifies a desired application to thetarget computer 110 instep 210. In the typical case, thebrowser 134 is executing on thetarget computer 110 and a link is displayed in the browser window. This link is identified and/or associated with the application that the user desires to execute on the target computer. The user, operating a graphical pointing device, such as a mouse, controls the target computer's graphical user interface to select or “click-on” the link for the desired application. - Selection of the link in
step 210 causes thebrowser 134 to interrogate the target computer's operating system to determine whether the appropriate software player (SWP) has been installed on the target computer instep 212. This interrogation is performed in one embodiment by an application programming interface (API) call to check the operating system registry. Applets, ActiveX, or scripting, however, are other modalities for performing the interrogation. - If it is determined that the software player has not been installed on the
target computer 110, an installation process is initiated instep 214. In the typical implementation, this installation process comprises either pointing thebrowser 134, or a new instantiation of the browser, with a new universal resource locator (URL), to website that supports the installation of the software player through a download, for example. - The install/download is simplified for ease of operation. In one implementation, a Java applet is used that allows installation and writing to the drive—if permission is provided. A download bar is displayed on the browser screen. When the
player 132 has been installed, it begins to run and will launch the application that was initially requested by the user. As a result, the user at theclient computer 110 observes the invocation of the application, rather than the software player alone. - Once there is an installed software player, the
browser 134 is pointed with a URL to theserver system 112, instep 216. The URL link contains: 1) a unique identifier, or number, associated by theserver system 112 with the application requested (TitleId); 2) a unique session ID (SID); and 3) an identifier that identifies the subscribing institution (SubInstId). Typically, the subscribing institution is the company that operates the hostWeb server computer 130, which served the web page that originally contained the link associated with the application that was desired by the user of thetarget computer 110. - The SID is a unique session ID that is specific to the link and the specific session. A session ID that served as part of the original link provides a token from the web site that tells indicates that the subscribing institution has authenticated this specific session. This is important for the rental/subscription model where they will be authenticating users with credit cards or user names and passwords.
-
FIG. 3 shows the steps performed by theserver system 112 when thetarget computer 110 requests an application by transmitting the URL containing the SID, Titleld, and Sublnstld to theserver system 112 over thenetwork 114. - Specifically, in
step 310, theserver system 112 receives the URL, SID, Titleld, and SubInstld. The server system then accesses the log-indatabase 116 to verify that: 1) the user at thetarget computer 110 is a valid user by reference to the session Id field (SID); and 2) the subscribing institution is a currently valid subscribing institution by reference to the Sublnstld field instep 312. If either the user or subscribing institution is invalid (step 314), an error is returned to thetarget computer 110 in thestep 316 by theserver system 112. - If the user and subscribing institution are verified, the
server system 112 then proceeds to construct an application descriptor or data file that will coordinate the operation of thetarget computer 110 and theserver system 112 across thenetwork 114. In the present implementation, the application descriptor is a file that is named with a “.WOW” suffix, which is the MIME type. - Specifically, in
step 318, theserver system 112 accesses thecustomer database 118 using the SID to obtain information regarding the session. - Next, in
step 320, theapplication database 120 is accessed. This contains information concerning the application, which was requested by the user. For example, theapplication database 120 contains information such as minimum system requirements (RAM, processing power, etc.) that are required by the application on thetarget computer 110 and the application's media weight or processing requirements on theserver system 112 associated with each instantiation. - In
step 322, theload balancing process 126 is executed. Theserver system 112 selects a host computer within the server system that will be primarily responsible for serving the application over thenetwork 114 to thetarget computer 110. In the typical embodiment, the server system comprises multiple host Web and associated application servers. The selected host computer is co-located with the other host computers in one implementation; alternatively, components or servers of the server system are located in a server farm and/or geographically local to thetarget computer 110. In this last case, the load balancing process selects the host computer based on geographic proximity, in addition to load, to reduce latency. - Typically, the load balancing checks the current session's database 122 to determine which host server in the
server system 112 has the least load. The list of servers serving the specific application is part of the title's application description. Determination of which server to use is based on the number of concurrent connections to each server and the media weight of each application and also the user's physical geographic location based on the IP address. - Next, in
step 324, the current sessions database 122 is updated instep 324 with the current session being added. Specifically, the session ID, the user's IP (Internet protocol) address, the application title, the media weight, and the server assigned to the session is added. This database is used by theload balancing process 126, and by a watch dog process that watches the connections to each host server in the server system, to verify that all connections are from authorized users. - In
step 326, the application descriptor is encrypted. Minimally, this application descriptor comprises the host address of the host computer of theserver system 112, which was assigned by theload balancing process 126 along with a session ID assigned as part of the update of the current session database 122. Finally, the application descriptor is sent to thetarget computer 110 instep 328. -
FIG. 4 shows the launch process for the helper application orsoftware player 132. - Upon receiving the WOW application descriptor file, the client launches the
software player 132 instep 409. This is a helper application that performs the bulk of the client-side application management. - In the preferred implementation, the receipt of the .WOW descriptor file automatically launches the software player. This is accomplished by configuration of MIME types during the software player's initial installation. In the Windows 95 operating system, MIME types are set in the registry, associating files with a specified suffix, here: WOW, that are to be opened with the
software player 132. - Many of the methods used employ Windows API Functions to control the executed applications. In one embodiment of the invention, the Buddy API Xtra (a library of calls employed by programmers of Macromedia Director) is used to access Windows API functions. Specifically, the initial writing to the registry is done with the baWriteRegNumber and baWriteRegString commands in Buddy API.
- In
step 410, the registration status of thesoftware player 132 with respect to theserver system 112, or institution operating the system, is determined. If it has not been registered and/or properly licensed, a registration box is displayed on the graphical user interface of thetarget computer 110 instep 412. The user is either requested or required to complete the registration information box, depending on the implementation. Once completed, the registration information is sent, instep 414, to theserver system 112 overnetwork 114. - After registration, the status of any firewall proxy for
firewall 111 is interrogated instep 416. If it is not valid, a proxy information dialog box is displayed instep 418, and the user is requested to complete it on thetarget computer 110. Once completed, the proxy information is updated instep 420. - Next, the status of the application descriptor, or WOW file is interrogated in
step 422. If no application descriptor file is detected, a dialog is generated instep 424, on thetarget computer 110 for the user. The user is requested to enter a partner or subscribing institution. If it is determined that no institution has been entered instep 426, the process aborts. However, if a subscribing institution was entered, the process similarly aborts instep 430, but also points thebrowser 134 to the Web page for the subscribing institution instep 432. - Next, 434, it is interrogated as to whether the client is monitoring a similar process, i.e., the
software player 132 is currently running on the client. If it is not running, the SWP window is created instep 436. Depending on the run mode, the window is either hidden or visible on the client interface. Instep 438, any system clean-up is performed. Generally, the operating system registry is written to whenapplications 133 are run. The software player tracks those modifications, and any registry changes; these changes are undone when theapplication 133 andsoftware player 132 are quit. However, if thesoftware player 132 was terminated unexpectedly during its last operation, the registry clean-up may not have been performed. If not, the clean-up occurs in this step. Specifically, any modified registry settings are returned, icons are removed, folders in any disk drive are removed, and any new copies of applications on the desktop are removed. Next, the player is set up on the OS tray. Finally the port proxy application is started instep 442 prior to the application launch process instep 450 in the preferred embodiment. - Generally, the port proxy application is required because of the preferred embodiment of the present invention utilizes standard Microsoft Windows 95/98/NT/2000 operating system networking protocol implementation of SMB (server message block), the functionality of which is blocked on may client computers. This standard protocol operates over
port 139. However, since it is a sharing protocol, it is deemed dangerous or non-secure, and communications through this port are blocked by many commercial, government, and/or corporate firewalls. - The use of the port proxy is not limited only systems using the SMB protocol, but is deploy in any environment where the port and or network communications protocol used by the player is blocked, or possibly blocked, on the client computer. Generally, the port proxy enables a protocol to be redirected to another port such as HTTP or web ports.
- If it was determined that the SWP is currently monitoring a process and thus invoked, in
step 444, the status of the target computer operating system is interrogated instep 444. If too many applications are currently running, a dialog is generated notifying the user instep 446 and the process aborts instep 448. However, if there is sufficient resources to run the application, the new launch application process is started instep 450. -
FIGS. 5A and 5B show the application launch process. - Specifically, the
software player 132 reads and decrypts the incoming application descriptor WOW file. To read in the encrypted data, the program uses the baCommandArgs command in the Buddy API. The decryption of the commands is done via the baDecryptText command in the Buddy API. - Once decrypted, the
software player 132 checks to see if this is the first time it has been run on theclient computer 110 by checking the computer's internal settings to see if a unique ID has been written to the settings. This is done via the baReadRegString command in Buddy API. If it finds the unique ID, it continues. If it does not find a unique ID, it asks the user for personal information that will be collected for a User Database, in one exemplary implementation. - It then creates a WOW data struct in
step 510. The version of the application descriptor is then compared to the version of thesoftware player 132 instep 512 to ensure compatibility. If there is no compatibility, a dialog is displayed instep 514 asking the user if they wish to upgrade to a new software player. If the user agrees to upgrade, the new dynamic link libraries (.DLL files) are downloaded from theserver system 112 instep 516. The software player unloads the current dynamic link libraries and updates the DLL's instep 516. - In contrast, if the user chooses not to install the new software player in
step 514, the process aborts instep 518, while simultaneously pointing thebrowser 134 with an upgrade URL to a site hosted by theserver system 112 or hosted by another server instep 520. - If the process is not aborted, in
step 518, the application requirements contained in the application description are compared to the target computer's configuration instep 522. If there are inadequate resources, the process aborts instep 524. Additionally, thebrowser 134 is pointed toward a web page hosted by the server system providing for maintenance. Specifically, the maintenance URL is passed to the browser instep 526. For example, a minimum or maximum screen depth, resolution, RAM requirements, processor requirements, sound board requirements, and video board requirements are assessed. These checks are supported by the following commands in Buddy API: baVersion(“os”), baVersion(“qt”), baVersion (“qt3”), baScreenInfo(“height”), baScreenInfo(“width”) and baScreenInfo(“depth”). - If the user system's resources are determined to be adequate in
step 522, a message is sent from thetarget client computer 110 to the server system over thenetwork 114 in step 528. The message contains the session ID, which was just received from the server system in the application descriptor file. Also, a start request message is sent to the server system. The receipt of the session ID identifies the session and implicitly notifies theserver system 112 that the target computer has successfully decrypted the application descriptor file, which had been previously sent. The start request indicates that the target client computer is now ready to begin to execute the requested application. - Also, the
software player 132 preferably determines, via the application descriptor, the transaction mode being used. This will impact the appearance of theplayer 134 on the screen or GUI of thecomputer 110. For example, if the application descriptor identifies itself as an advertisement-based transaction (noted as an “a” in the Application Descriptor), then thesoftware player 132 will respond by positioning itself at the top level of the screen depth and begin to request advertisements from an advertisement server, within theserver system 112, over thenetwork 114. Conversely, if the application descriptor identifies itself as a subscription-based (noted as an “s” in the application descriptor), thesoftware player 132 will hide itself, but continue to execute in the background. To hide itself the program uses the baWindowState command in Buddy API. The ads are obtains through hypertext transfer protocol (http) calls. - In
step 530, thetarget client computer 112 then waits for a start request acknowledgment from theserver system 112. If no acknowledgment is received after a predetermined time period, a dialog is displayed on thetarget client computer 110 to notify the user that the server system is currently unavailable instep 532. - If the start request is acknowledged in
step 534 by theserver system 112, a proxy socket is opened in thetarget computer 110 and the application server address is passed to the proxy instep 536. - Continuing onto
FIG. 5B instep 538, thesoftware player 132 determines if any files are required from theserver system 112 to continue the launch process. If additional files are required, they can be obtained by initiating a remote drive mounting process instep 540. Alternatively, the files can be obtained using a local file installation and replace process instep 542. Additionally, both processes could be used if multiple files are required. - Certain applications require specific files at specific locations. For example, certain anti-virus programs require virus definitions to exist at specific path. Such hard coded path requirements are addressed in this initial configurations check. A file check is performed and any required files are shipped to the client computer before the application is launched.
- With the remote drive mounting and possibly local file installation/replace, the
target client computer 110 now has access to the files and specifically the code required to invoke the selected application. Next, instep 544, the directory is set to the local or remote drive and the run command is issued to the host server. In one embodiment, this occurs onport 139, the SMB port, from the perspective of the application, but is actually sent throughport 80 by the proxy application. Specifically, standard Windows NT remote networking methods are used to attach to the server's directory using the Net Use command, which is part of the Windows Networking. - If the client computer is running the Windows 95-version operating system, there is an additional step taken here. Since Windows 95 computers need to have the name of the server they are attaching to in a file in the Windows directory called LMHOST; the
software player 132 writes the name of the server to the LMHOST file using the FileI/O command in Macromedia Director. - The
software player 132 then waits for the application window and the update of the stream display instep 548. The window status is acquired by reference to the operating system application programming interface. In the preferred embodiment, where it is operating on a Windows OS platform, the window status is obtained via the WIN API instep 550. The stream data size is obtained from the proxy application instep 552. - In
step 554, it is interrogated as to whether or not the application window has opened. Until the window opens, the host server in theserver system 112 is periodically pinged. The window timeout is reset as many as three times and as long as the server is responsive to the ping instep 558. If there is no server response to the ping as determined instep 556, the user is notified via the dialog instep 560 and the program aborts instep 562. - If, however, the window opens as determined in
step 554, the user interface elements are activated that are specific to the application instep 564. The size and position of the software player and application windows are then set instep 566. At this stage, with the application running on the operating system of thetarget client computer 110, the process proceeds to an application monitoring instep 568. - In the preferred embodiment, there are six processes that are performed to monitor the application. Application window monitoring, tracking pulse monitoring, advertising updating, net traffic monitoring, count-down timing, and user event handling.
-
FIG. 6A illustrates the steps associated with application window monitor process and the tracking pulse process. - Specifically, while the selected application is executing, the client computer multitasks to also monitor the operation of the application. One of the processes is the application
window monitor process 610. Specifically, the applicationwindow monitor process 610 periodically makes API calls to determine whether or not the application's window is still open instep 612. If the window is open, it continues to maintain and/or set the position and layer of the windows of theapplication 133 and thesoftware player 132 with respect to each other instep 614 according to the transaction mode. However, if the applicationwindow monitor process 610 determines that the application window has closed, thesoftware player 132 begins the execution of ashutdown process 616. - The tracking
pulse process 618 periodically sends a pulse or a ping to the host server of theserver system 112 instep 620. If it is determined that no pulse has been received instep 622, thetarget client computer 110 pings the host server of the server system instep 624. Based on the status of the ping, if it is determined that there is no connection to the server, a dialog is generated instep 626 and there is a forced shutdown of the application process instep 628, and again, the shutdown process is activated 616. If the ping is successfully sent to the server, but no response is received, a dialog is generated instep 628. Again, a “no response” dialog is generated instep 630 and the shut down process is activated instep 616. - In other implementations, tracking is not provided by sending pulses; instead, the application server monitors socket connections to determine if connections are still active. From the client side, instead of the server telling the client to shut down, the client gets its “total time to run” as part of the wow file and begins counting down—and eventually shuts down—once it hits zero time.
- In contrast, if it is determined that the pulse is received in
step 622, the message is analyzed. If it is determined that the message is to turn off the application instep 632, the application process is terminated instep 628 and the shut down process is activated,step 616. - If the message returned that the application must be terminated within n minutes, a dialog is generated in
step 634, notifying the user of the remaining minutes of access to the application. A countdown timer is started instep 636. Finally, if the message returned is an all clear or o.k. message instep 632, process returns. -
FIG. 6B shows the advertisement update process, net traffic monitoring process, and countdown timer process, which are additionally performed as part of the application monitoring. - Specifically, the ad update process periodically updates the ads displayed on the software player and any URL's required for the ad server in
step 640. It then returns to the run mode of the ad process instep 642. - If the transaction mode is advertisement-based, the software player will maintain a +1 depth relationship with the application's window. This means that if the
application 133 is brought to the front, thesoftware player 132 will place itself in front of theapplication 133 so the application cannot hide the advertisements being served. If a different application or window, i.e., one not being hosted by theserver system 112, is brought to the front, thesoftware player 132 will not obscure the application or window. It will maintain its +1 depth relation to theapplication 133. This is accomplished via the baWindowDepth command in Buddy API. Also, the player is monitored so that it is not moved off the screen. - Step 644 monitors network activity and notifies the net traffic monitoring process in
step 646. This allows the application monitor to determine if there are any problems associated with high traffic, which would impact the operation of the application. - In
step 648, the display countdown timer is updated. This countdown timer notifies the user as to the time remaining in which the application is available. This is most relevant where the user has, for example, “rented” the application for a fixed period of time as indicated by the transaction mode. The countdown timer updates thecountdown timer process 650 so that a shut down process is automatically activated when the timer has timed-out. -
FIG. 6C illustratesevent handling process 652 of the application monitoring processes. Specifically, if the bookmark is selected instep 654, the URL of the third-party application hosting institution and itsserver system 112 is added to the start menu folder of thebrowser 132. - Currently, the bookmarking feature is termed“Quick Launch”—instead of adding it to the start menu folder system, it gets book-marked as part of a screen in the player—the one that comes up if you click on Quick Launch. It remembers the location from where you initially clicked, thus guaranteeing the web site that they will still get ad revenue and a follow-up page each time the user clicks on the Quick Launch bookmark.
- If the help button is selected in
step 656, a help file is displayed. Thebrowser 134 is pointed to a URL of a help file server instep 658. If the third party home is selected instep 660, the browser is pointed to the URL or a specified URL of the subscribing institution instep 662. If the home button is selected instep 664, thebrowser 134 is pointed to the home page of the third-party application hosting system instep 666. If the ad, which is displayed by the player, is selected instep 668, the browser is pointed to the URL of the advertising company instep 670. Finally, if the quit button is selected instep 672, the application is forced to terminate instep 674 and the shutdown process is started instep 676. -
FIG. 7 is a flow diagram illustrating the application shutdown process. Specifically, if theapplication 133 is desired to be shutdown or quit instep 710, a shutdown pulse or signal is sent from theclient computer 110 to the host server of theserver system 112 instep 712. Any remnants of the application program are then removed from theoperating system 135 and local drives generally, instep 714. Specifically, any modified registry settings are returned, icons are removed, folders in any disk drive are removed, and any new copies of applications on desktop are removed. Next, theplayer 132 is set up on the OS tray. - Finally, in the preferred embodiment, a follow-up URL is sent to the
browser 134 instep 718. In the preferred embodiment, this follow-up URL is for the subscribing institution and is typically hosted by theweb server 130, allowing it to follow with a “sales pitch” or to solicit for further purchase of goods and/or services. This allows, in some implementations, the third-party application hosting to be transparent to the user at the target computer. Finally, any remaining monitoring processes are identified instep 720, and the monitoring processes are terminated instep 722. - Finally, in
step 724, the proxy application is quit and the software player is shut down instep 726. -
FIG. 8 illustrates the operation of the port proxy of thesoftware player 132. According to the preferred embodiment, when theapplication 133, through the software player, makes request toserver system 112, the request is directed toport 139 as a standard SMB communication by the application. This SMB communication is intercepted by the SMB proxy of thesoftware player 132. The request is redirected, by the proxy, throughport 80, which is the http, or web port or some other open port such as the FTP port. - The SMB protocol has been in use on corporate LAN's (local area networks) for nearly twenty years. In that time, it has become a popular vehicle for enabling simple networking. It is at the heart of Microsoft Networking and also in IBM's OS/2. For historical, practical, and security reasons, it has remained a LAN based, however.
- Microsoft networking utilizes the SMB protocol to communicate between PC clients and servers to provide file sharing, print sharing, and basic network authentication. Most commonly this is wrapped in the NetBIOS protocol to enable plug and play networking for small, medium and large LANs. The NetBIOS protocol provides for auto-discovery of networks, machine addressing abstraction, and decentralized management of networks.
- For ease of use reasons, NetBIOS has grown to be a common standard on corporate LAN's. However, this also presents a significant security risk. A hacker who has broken into or is seeking to break into a corporation's LAN can either wait and “sniff” to find addresses of machines on the LAN, or a smart hacker can broadcast spurious NetBIOS packets and discover the formation of the LAN automatically.
- In addition, early implementations of SMB transmitted usernames and passwords without encryption or other security across the LAN. This has since, however, been discovered and patched.
- As a result of these two situations, most corporations block traffic to and from the Internet which uses the NetBIOS protocol. This is typically accomplished at the firewall because the frames identify the port from which they originated. The firewall stops frames based upon their port origination.
- According to request for comments (RFC) 1001/1002, TCP and
UDP ports 137, 138 and 139 are used for enabling a NetBIOS-based service. Microsoft Networking is such a service, wrapping the SMB protocol with NetBIOS for name resolution and other services. Therefore, all Microsoft Networks behind firewalls or proxies most commonly block these ports to guard their LANs from intrusion. In addition, many ISP's today block this traffic as well, to protect their user's from malicious Internet hackers. - In addition, most corporations have by default blocked all traffic to and from the Internet with only minor exceptions like HTTP, FTP, SMTP and POP3, protocols, which have become a staple in job performance. Therefore, it can be expected that to guarantee provision of any service across corporate firewalls, the use of HTTP as a carrier is the only choice. Though there are many other options, such as SOCKS proxies, or HTTP tunneling, use of standard HTTP over
port 80 is preferred. - The proxy of the
software player 132 listens for requests forport 139. These are transferred using address 27.0.0.1, which is the address for a loopback. Theclient computer 110 then monitors this local-loopback address. - Generally, there are three levels of firewalls. Minimally, most firewalls do not route anything from
port 139. As a result, if the transmissions are sent throughport 80, they can pass through this type of firewall. Even in more secure firewalls,port 80 is typically open. In the most secure type, the firewall blocksport 80, but proxies communications on this port. To handle this last configuration, the SMB communication is preferably encapsulated within an http packet, HTTP(SMB packet). As a result, an http header is added, which comprises a request line followed by a post form-data tag. These types of headers are used when data from a form is typically sent to a script process. For the http post to be performed correctly, the content length, content type, and MIME type are also set. - At the other end of the network, a
web server 810 of theserver system 112 listens on the corresponding port for the communications. It received the http packet with the post data commands. It strips off the packet's header and then sends the post data to the application server as SMB packets. Thus, the SMB proxy allows to theapplication 133 to execute as if it were mounting a standard Window NT server using the SMB protocol. Communications, however, are actually occurring overport 80 of theclient computer 110. - More specifically, the
web server 810 receives and maintains the connection with the client computer over the network. Incoming upload HTTP communications are received and the post data stripped out. This data is then transferred to theapplication server 812 as SMB protocol communications. The download path is handled by the inverse process where the application server sends SMB packets to the web server, which encapsulates the packets into the post data section of an HTTP packet. The HTTP packet header is then established, and the packet is transmitted to port 80 of the client over the intervening networks. - Alternatively, the proxy application on the client can be rerouted through port 23 (FTP) with the server returning on port 21, also reserved for FTP transfer, in another embodiment, if those ports are open.
- If the
web server 810 is not used, the use of the SMB proxy andport 80 communications requires that the operating system of the host application server in the server system be non-standard. In the one implementation, the server code has been recompiled to support SMB communications overport 80 instead ofport 139. This necessitates the use of open source operating systems that implement Standard Microsoft Windows 95/98/NT/2000 protocols. -
FIG. 9 illustrates the port proxy process. -
Client 110 computer will request a file from a server by making a request in the form of \\COMPUTERNAME\SHARENAME. The COMPUTERNAME is a 15 character mnemonic for some machine in the user's network. The client PC will then try to resolve the COMPUTERNAME into a MAC address /IP address for the destination computer. This is done through a series of measures. First, the client will check its name cache for a pre-existing entry. Then it will try to resolve the name via broadcast to the network for any machine responding to this name or response from a machine which has already resolved this name. As a last fallback, the computer will check a special file, the LMHOSTS file, for a hard coded address. - This process generates a small amount of LAN traffic, which if the remote computer is not on the local LAN, will most likely be blocked by the firewall. This traffic constitutes the requests on ports 137 and 138 TCP and UDP. In the present embodiment, the
software player 132 uses the LMHOSTS file to preload the name cache of client computer to avoid the network requests for name resolution instep 910. - The next phase is called NetBIOS Session Setup in
step 912. During this phase the PC client will establish a connection to the remote computer, COMPUTERNAME, using the default, pre-assigned port, 139. In the case of Microsoft Networking, SMB is then used to establish a connection to SHARENAME and gain the files requested. - The NetBIOS Session Setup request is retargeted. This means that a valid response to a NetBIOS Session Setup is the IP address and port of a different machine which serves the information sought by the
client computer 110. Using a small program, an entry is made into the LMHOSTS file designating the local loopback interface, 127.0.0.1, be given the NetBIOS name SWOWREDIR, instep 914. All requests then to \\SWOWREDIR\SHARENAME are redirected on the fly to the machine designated by thesoftware player 132. Also, the request can be retargeted to use the FTP control port, 21. This enables further penetration of many corporate firewalls. - The NetBIOS session is preferably proxied as described. Specifically, the port proxy of the
player 132 listens again to the loopback interface under the name SWOWPROXY instep 916. Then any request to \\SWOWPROXY\SHARENAME are relayed to address of theserver system 112 over port 21 instep 918. - First, however, the NetBIOS session is preferably wrapped in HTTP in
step 917. The port proxy, rather than simply relaying packets, queues up a request until a predetermined point is reached. The current accumulated data is then sent to the server system in the form of an HTTP POST transaction. - In this final case, NetBIOS and SMB packets are not simply relayed. The port proxy of the
player 132 assembles the SMB packets into requests. The proxy will queue up a request until it is complete, then forward it in its entirety to the other end of the HTTP connection, a server side HTTP proxy. - In the case of the client, the proxy will read the first four bytes of an SMB request. This determines the number of bytes which are to follow and the actual SMB/NetBIOS command. Each request is then read to completion and then transmitted using the HTTP protocol to the server side proxy. The format of this transmission follows an HTTP POST transaction as this example shows:
Outgoing SMB request: 0x85 0x00 0x00 0x00 (SMB Keep Alive) Proxy intercepts and resends as: POST /cgi-bin/send.cgi?123456789012 HTTP/1.0 User-Agent: Mozilla/4.0 (compatible; SoftwareWow; 1.0) Accept: */* Accept-Encoding: gzip Accept-Language: en-us Pragma: no-cache Host: www.softwarewow.net:80 Content-type: multipart/form-data; boundary=--------------------------- YYYYMMDDHHMISS Content-length: 201 -----------------------------YYYYMMDDHHMISS Content-Disposition: form-data; name=″″command″″; filename=″″ Content-Type: application/octet-stream 0x85 0x00 0x00 0x00 -----------------------------YYYYMMDDHHMISS - In this above case, the code 1234567889012 represents a unique session identifier used by the server side proxy to track the HTTP connections between requests. The actual URL is irrelevant, but is used to detract hackers from prodding at the server. If a request is made for an alternate URL, a 404 Not Found response is sent by the server side proxy. The next 6 lines of HTTP are used solely to adhere to HTTP standards, without these lines many proxy servers will ignore the request, deeming our proxy not to be a valid web browser.
- The next two lines, Content-type and Content-length identify that what is to follow is a series of MIME encoding postings that the web server will know how to deal with. The Content-length is vital, without it most proxies will delay the request, not knowing when it has ended. Additionally, YYYYDDHHMISS represents a time stamp used to simply increment and vary the boundary stamp used in the MIME encoding as per RFC requirements.
- If the
target computer 110 is behind an HTTP proxy/firewall, the first line will be rewritten as follows instead to accommodate the requirements of the HTTP proxy: - POST http://www.softwarewow.net/cgi-bin/send.cgi?123456789012 HTTP/1.0
- The server side proxy on the
web server 810 will parse this input and strip out the SMB Keep Alive packet, and transfer it to theSMB server 812 instep 922. Once a full packet is received from the SMB server instep 924, the HTTP server side proxy will transmit the response as follows: - HTTP/1.0 200 OK
- Date: Mon, 13 Mar. 2000 20:50:15 GMT
- Server: SoftwareWow 1.0
- Connection: close
- Content-type: application/octet-stream
- Content-length: 4
- 0x85 0x00 0x00 0x00
- This response identifies a return of an SMB Keep Alive to the client PC. The server must respond in the first line with a valid response code, 200 represents a valid transaction. Then the server will respond with MIME identification of the type and size of response. On the response, no MIME boundaries are required if the server is solely sending back one packet of type application/octet-stream, which identifies a binary object is being returned. The client SMB proxy will then parse the number of bytes specified in the Content-length header and return these to the true SMB client, closing its connection to the HTTP proxy server.
- As HTTP connections are stateless and incur a full TCP setup time to establish, it is an often used practice to utilize an HTTP/1.1 feature called HTTP Keep Alive. As a further enhancement to the above protocol, the SMB proxy could maintain its connection with the HTTP proxy and send multiple requests down the socket. This practice is covered in the HTTP/1.1 RFC.
- While this invention has been particularly shown and described with references to preferred embodiments thereof, it will be understood by those skilled in the art that various changes in form and details may be made therein without departing from the scope of the invention encompassed by the appended claims.
Claims (20)
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/894,671 US20050010670A1 (en) | 1999-04-12 | 2004-07-20 | Port proxy and system for server and client computers |
US11/264,747 US8099758B2 (en) | 1999-05-12 | 2005-10-31 | Policy based composite file system and method |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US12882899P | 1999-04-12 | 1999-04-12 | |
US45618199A | 1999-12-07 | 1999-12-07 | |
US09/531,121 US6938096B1 (en) | 1999-04-12 | 2000-03-17 | Method and system for remote networking using port proxying by detecting if the designated port on a client computer is blocked, then encapsulating the communications in a different format and redirecting to an open port |
US10/894,671 US20050010670A1 (en) | 1999-04-12 | 2004-07-20 | Port proxy and system for server and client computers |
Related Parent Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/310,294 Continuation-In-Part US7017188B1 (en) | 1998-11-16 | 1999-05-12 | Method and apparatus for secure content delivery over broadband access networks |
US09/531,121 Continuation US6938096B1 (en) | 1999-04-12 | 2000-03-17 | Method and system for remote networking using port proxying by detecting if the designated port on a client computer is blocked, then encapsulating the communications in a different format and redirecting to an open port |
Related Child Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US11/264,747 Continuation-In-Part US8099758B2 (en) | 1999-05-12 | 2005-10-31 | Policy based composite file system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
US20050010670A1 true US20050010670A1 (en) | 2005-01-13 |
Family
ID=34864173
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/531,121 Expired - Lifetime US6938096B1 (en) | 1999-04-12 | 2000-03-17 | Method and system for remote networking using port proxying by detecting if the designated port on a client computer is blocked, then encapsulating the communications in a different format and redirecting to an open port |
US10/894,671 Abandoned US20050010670A1 (en) | 1999-04-12 | 2004-07-20 | Port proxy and system for server and client computers |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/531,121 Expired - Lifetime US6938096B1 (en) | 1999-04-12 | 2000-03-17 | Method and system for remote networking using port proxying by detecting if the designated port on a client computer is blocked, then encapsulating the communications in a different format and redirecting to an open port |
Country Status (1)
Country | Link |
---|---|
US (2) | US6938096B1 (en) |
Cited By (59)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020169998A1 (en) * | 2000-05-19 | 2002-11-14 | Kenneth Largman | Computer with special-purpose subsystems |
US20030004882A1 (en) * | 2000-11-06 | 2003-01-02 | Holler Anne Marie | Optimized server for streamed applications |
US20030018834A1 (en) * | 2000-12-22 | 2003-01-23 | Sun Microsystems, Inc. | Server side execution of application modules in a client and server system |
US20030196114A1 (en) * | 2002-04-10 | 2003-10-16 | International Business Machines | Persistent access control of protected content |
US20040210796A1 (en) * | 2001-11-19 | 2004-10-21 | Kenneth Largman | Computer system capable of supporting a plurality of independent computing environments |
US20040236874A1 (en) * | 2001-05-17 | 2004-11-25 | Kenneth Largman | Computer system architecture and method providing operating-system independent virus-, hacker-, and cyber-terror-immune processing environments |
US20050010754A1 (en) * | 1999-09-01 | 2005-01-13 | Resonate Inc. | Atomic session-start operation combining clear-text and encrypted sessions to provide ID visibility to middleware such as load-balancers |
US20050021613A1 (en) * | 1998-11-16 | 2005-01-27 | Softricity, Inc. | Method and apparatus for content protection in a secure content delivery system |
US20060026165A1 (en) * | 2004-07-19 | 2006-02-02 | Microsoft Corporation | Remote file updates through remote protocol |
US20060048136A1 (en) * | 2004-08-25 | 2006-03-02 | Vries Jeff D | Interception-based resource detection system |
US20060070030A1 (en) * | 2004-09-30 | 2006-03-30 | Laborczfalvi Lee G | Method and apparatus for providing an aggregate view of enumerated system resources from various isolation layers |
US20060070029A1 (en) * | 2004-09-30 | 2006-03-30 | Citrix Systems, Inc. | Method and apparatus for providing file-type associations to multiple applications |
US20060075381A1 (en) * | 2004-09-30 | 2006-04-06 | Citrix Systems, Inc. | Method and apparatus for isolating execution of software applications |
US20060074989A1 (en) * | 2004-09-30 | 2006-04-06 | Laborczfalvi Lee G | Method and apparatus for virtualizing object names |
US20060090171A1 (en) * | 2004-09-30 | 2006-04-27 | Citrix Systems, Inc. | Method and apparatus for virtualizing window information |
US20060106770A1 (en) * | 2004-10-22 | 2006-05-18 | Vries Jeffrey D | System and method for predictive streaming |
US20060123185A1 (en) * | 2004-11-13 | 2006-06-08 | De Vries Jeffrey | Streaming from a media device |
US20060143530A1 (en) * | 2000-05-19 | 2006-06-29 | Self-Repairing Computers, Inc. | Self-repairing computing device and method of monitoring and repair |
US20060143514A1 (en) * | 2001-05-21 | 2006-06-29 | Self-Repairing Computers, Inc. | Computer system and method of controlling communication port to prevent computer contamination by virus or malicious code |
US20060150245A1 (en) * | 2004-12-31 | 2006-07-06 | Infopower Corporation | System and method of automatically transforming instant message transmission modes on internet |
US20060161813A1 (en) * | 2000-05-19 | 2006-07-20 | Self-Repairing Computers, Inc. | Computer system and method having isolatable storage for enhanced immunity to viral and malicious code infection |
US7096253B2 (en) | 1997-06-16 | 2006-08-22 | Stream Theory, Inc. | Method and apparatus for streaming software |
US20060218165A1 (en) * | 2005-03-23 | 2006-09-28 | Vries Jeffrey De | Explicit overlay integration rules |
US20060230175A1 (en) * | 2005-03-23 | 2006-10-12 | De Vries Jeffrey | System and method for tracking changes to files in streaming applications |
US20060271697A1 (en) * | 2005-05-25 | 2006-11-30 | Microsoft Corporation | Data communication protocol |
US20060272017A1 (en) * | 2002-03-06 | 2006-11-30 | Kenneth Largman | Computer and method for safe usage of documents, email attachments and other content that may contain virus, spy-ware, or malicious code |
US20060272023A1 (en) * | 1998-11-16 | 2006-11-30 | Yonah Schmeidler | Method and apparatus for secure content delivery over broadband access networks |
US20060277433A1 (en) * | 2000-05-19 | 2006-12-07 | Self Repairing Computers, Inc. | Computer having special purpose subsystems and cyber-terror and virus immunity and protection features |
US20070067321A1 (en) * | 2005-09-19 | 2007-03-22 | Bissett Nicholas A | Method and system for locating and accessing resources |
US20070083610A1 (en) * | 2005-10-07 | 2007-04-12 | Treder Terry N | Method and a system for accessing a plurality of files comprising an application program |
US20070083501A1 (en) * | 2005-10-07 | 2007-04-12 | Pedersen Bradley J | Method and system for accessing a remote file in a directory structure associated with an application program executing locally |
US20070083620A1 (en) * | 2005-10-07 | 2007-04-12 | Pedersen Bradley J | Methods for selecting between a predetermined number of execution methods for an application program |
US20070083522A1 (en) * | 2005-10-07 | 2007-04-12 | Nord Joseph H | Method and a system for responding locally to requests for file metadata associated with files stored remotely |
US20070106993A1 (en) * | 2005-10-21 | 2007-05-10 | Kenneth Largman | Computer security method having operating system virtualization allowing multiple operating system instances to securely share single machine resources |
US20080052779A1 (en) * | 2006-08-11 | 2008-02-28 | Airdefense, Inc. | Methods and Systems For Wired Equivalent Privacy and Wi-Fi Protected Access Protection |
US7359933B1 (en) * | 2002-09-26 | 2008-04-15 | Oracle International Corporation | Providing remote access to network applications using a dual proxy |
US20080109876A1 (en) * | 2006-10-23 | 2008-05-08 | Endeavors Technologies, Inc. | Rule-based application access management |
US20080178298A1 (en) * | 2001-02-14 | 2008-07-24 | Endeavors Technology, Inc. | Intelligent network streaming and execution system for conventionally coded applications |
US20080189361A1 (en) * | 2000-03-17 | 2008-08-07 | Softricity, Inc. | Method for serviing third party software applications from servers to client computers |
US20090106780A1 (en) * | 2007-10-20 | 2009-04-23 | Nord Joseph | Method and system for communicating between isolation environments |
US7529778B1 (en) | 2001-12-12 | 2009-05-05 | Microsoft Corporation | System and method for providing access to consistent point-in-time file versions |
US20090119644A1 (en) * | 2007-11-07 | 2009-05-07 | Endeavors Technologies, Inc. | Deriving component statistics for a stream enabled application |
US20090119458A1 (en) * | 2007-11-07 | 2009-05-07 | Endeavors Technologies, Inc. | Opportunistic block transmission with time constraints |
US20090172160A1 (en) * | 2008-01-02 | 2009-07-02 | Sepago Gmbh | Loading of server-stored user profile data |
WO2010028073A1 (en) * | 2008-09-02 | 2010-03-11 | Fuhu, Inc. | A stable active x linux based operating environment |
US7730169B1 (en) | 1999-04-12 | 2010-06-01 | Softricity, Inc. | Business method and system for serving third party software applications |
US20100281102A1 (en) * | 2009-05-02 | 2010-11-04 | Chinta Madhav | Methods and systems for launching applications into existing isolation environments |
US8099758B2 (en) | 1999-05-12 | 2012-01-17 | Microsoft Corporation | Policy based composite file system and method |
US20140006481A1 (en) * | 2012-06-29 | 2014-01-02 | Clifford A. Frey | Methods for exchanging network management messages using udp over http protocol |
US8631277B2 (en) | 2010-12-10 | 2014-01-14 | Microsoft Corporation | Providing transparent failover in a file system |
US8775369B2 (en) | 2007-01-24 | 2014-07-08 | Vir2Us, Inc. | Computer system architecture and method having isolated file system management for secure and reliable data processing |
US8788579B2 (en) | 2011-09-09 | 2014-07-22 | Microsoft Corporation | Clustered client failover |
US20140244790A1 (en) * | 2013-02-27 | 2014-08-28 | Kabushiki Kaisha Toshiba | Communication apparatus, communication method and non-transitory computer readable medium |
US8856582B2 (en) | 2011-06-30 | 2014-10-07 | Microsoft Corporation | Transparent failover |
US20150304278A1 (en) * | 2014-04-21 | 2015-10-22 | General Electric Company | Systems and methods for secure network-based monitoring of electrical power generators |
US9331955B2 (en) | 2011-06-29 | 2016-05-03 | Microsoft Technology Licensing, Llc | Transporting operations of arbitrary size over remote direct memory access |
US20160253170A1 (en) * | 2015-02-27 | 2016-09-01 | Lenovo (Singapore) Pte, Ltd. | Efficient deployment of thin client applications to end user |
US10460085B2 (en) | 2008-03-13 | 2019-10-29 | Mattel, Inc. | Tablet computer |
US10630781B2 (en) | 2011-09-09 | 2020-04-21 | Microsoft Technology Licensing, Llc | SMB2 scaleout |
Families Citing this family (42)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20020087883A1 (en) * | 2000-11-06 | 2002-07-04 | Curt Wohlgemuth | Anti-piracy system for remotely served computer applications |
US20020083183A1 (en) * | 2000-11-06 | 2002-06-27 | Sanjay Pujare | Conventionally coded application conversion system for streamed delivery and execution |
US7984110B1 (en) * | 2001-11-02 | 2011-07-19 | Hewlett-Packard Company | Method and system for load balancing |
US7647422B2 (en) | 2001-11-06 | 2010-01-12 | Enterasys Networks, Inc. | VPN failure recovery |
US7606938B2 (en) * | 2002-03-01 | 2009-10-20 | Enterasys Networks, Inc. | Verified device locations in a data network |
US7346672B2 (en) * | 2002-03-12 | 2008-03-18 | Hewlett-Packard Development Company, L.P. | Automatic TFTP firmware download |
US7565413B1 (en) * | 2002-08-05 | 2009-07-21 | Cisco Technology, Inc. | Content request redirection from a wed protocol to a file protocol |
JP4311637B2 (en) * | 2003-10-30 | 2009-08-12 | 株式会社日立製作所 | Storage controller |
US7945945B2 (en) | 2004-08-06 | 2011-05-17 | Enterasys Networks, Inc. | System and method for address block enhanced dynamic network policy management |
US20060277275A1 (en) * | 2005-04-02 | 2006-12-07 | Glaenzer Eric F | Dynamic management of communication ports, devices, and logical connections |
US20060247338A1 (en) * | 2005-05-02 | 2006-11-02 | General Electric Company | Poly(arylene ether) compositions with improved ultraviolet light stability, and related articles |
US8086232B2 (en) | 2005-06-28 | 2011-12-27 | Enterasys Networks, Inc. | Time synchronized wireless method and operations |
WO2007044230A2 (en) * | 2005-10-07 | 2007-04-19 | Citrix Systems, Inc. | Methods for selecting between a predetermined number of execution methods for an application program |
US7949714B1 (en) * | 2005-12-05 | 2011-05-24 | Google Inc. | System and method for targeting advertisements or other information using user geographical information |
EP1818822A1 (en) | 2006-02-10 | 2007-08-15 | France Telecom | Method and server for the distribution of software components, and update method and corresponding terminal und computer program products |
US8423954B2 (en) * | 2006-03-31 | 2013-04-16 | Sap Ag | Interactive container of development components and solutions |
US20070239470A1 (en) * | 2006-03-31 | 2007-10-11 | Benzi Ronen | Method and system for managing development component metrics |
US8745583B2 (en) * | 2006-03-31 | 2014-06-03 | Sap Ag | Method and system for managing development components |
US7877507B2 (en) * | 2008-02-29 | 2011-01-25 | Red Hat, Inc. | Tunneling SSL over SSH |
BRPI0921978A2 (en) | 2008-11-26 | 2019-01-15 | Calgary Scient Inc | method of providing remote access to application program state and storage media. |
US10055105B2 (en) | 2009-02-03 | 2018-08-21 | Calgary Scientific Inc. | Method and system for enabling interaction with a plurality of applications using a single user interface |
US20110264559A1 (en) * | 2010-04-27 | 2011-10-27 | Barrientos Edward | System and method for product identification and cataloging |
US9116728B2 (en) | 2010-12-21 | 2015-08-25 | Microsoft Technology Licensing, Llc | Providing a persona-based application experience |
US9003543B2 (en) | 2010-12-21 | 2015-04-07 | Microsoft Technology Licensing, Llc | Providing a security boundary |
US9354852B2 (en) | 2010-12-23 | 2016-05-31 | Microsoft Technology Licensing, Llc | Satisfying application dependencies |
US8789138B2 (en) | 2010-12-27 | 2014-07-22 | Microsoft Corporation | Application execution in a restricted application execution environment |
US9189308B2 (en) | 2010-12-27 | 2015-11-17 | Microsoft Technology Licensing, Llc | Predicting, diagnosing, and recovering from application failures based on resource access patterns |
US8931037B2 (en) | 2010-12-27 | 2015-01-06 | Microsoft Corporation | Policy-based access to virtualized applications |
US9176742B2 (en) | 2010-12-27 | 2015-11-03 | Microsoft Technology Licensing, Llc | Converting desktop applications to web applications |
US9223611B2 (en) | 2010-12-28 | 2015-12-29 | Microsoft Technology Licensing, Llc | Storing and resuming application runtime state |
US9741084B2 (en) | 2011-01-04 | 2017-08-22 | Calgary Scientific Inc. | Method and system for providing remote access to data for display on a mobile device |
CA2734860A1 (en) | 2011-03-21 | 2012-09-21 | Calgary Scientific Inc. | Method and system for providing a state model of an application program |
BR112014003549A2 (en) | 2011-08-15 | 2017-06-13 | Calgary Scientific Inc. | noninvasive remote access to an application program |
US9720747B2 (en) | 2011-08-15 | 2017-08-01 | Calgary Scientific Inc. | Method for flow control and reliable communication in a collaborative environment |
WO2013046015A1 (en) | 2011-09-30 | 2013-04-04 | Calgary Scientific Inc. | Uncoupled application extensions including interactive digital surface layer for collaborative remote application sharing and annotating |
KR20140106551A (en) | 2011-11-23 | 2014-09-03 | 캘거리 싸이언티픽 인코포레이티드 | Methods and systems for collaborative remote application sharing and conferencing |
WO2013128284A1 (en) | 2012-03-02 | 2013-09-06 | Calgary Scientific Inc. | Remote control of an application using dynamic-linked library (dll) injection |
US9729673B2 (en) | 2012-06-21 | 2017-08-08 | Calgary Scientific Inc. | Method and system for providing synchronized views of multiple applications for display on a remote computing device |
US9686205B2 (en) | 2013-11-29 | 2017-06-20 | Calgary Scientific Inc. | Method for providing a connection of a client to an unmanaged service in a client-server remote access system |
US10015264B2 (en) | 2015-01-30 | 2018-07-03 | Calgary Scientific Inc. | Generalized proxy architecture to provide remote access to an application framework |
US11310348B2 (en) | 2015-01-30 | 2022-04-19 | Calgary Scientific Inc. | Highly scalable, fault tolerant remote access architecture and method of connecting thereto |
US10523770B2 (en) * | 2017-02-28 | 2019-12-31 | Microsoft Technology Licensing, Llc | Progress tracking for requests made through an intermediary |
Citations (38)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5572643A (en) * | 1995-10-19 | 1996-11-05 | Judson; David H. | Web browser with dynamic display of information objects during linking |
US5644718A (en) * | 1994-11-10 | 1997-07-01 | At&T Corporation | Apparatus using circuit manager to associate a single circuit with each host application where the circuit is shared by a plurality of client applications |
US5708709A (en) * | 1995-12-08 | 1998-01-13 | Sun Microsystems, Inc. | System and method for managing try-and-buy usage of application programs |
US5737619A (en) * | 1995-10-19 | 1998-04-07 | Judson; David Hugh | World wide web browsing with content delivery over an idle connection and interstitial content display |
US5758074A (en) * | 1994-11-04 | 1998-05-26 | International Business Machines Corporation | System for extending the desktop management interface at one node to a network by using pseudo management interface, pseudo component interface and network server interface |
US5826014A (en) * | 1996-02-06 | 1998-10-20 | Network Engineering Software | Firewall system for protecting network elements connected to a public network |
US5900871A (en) * | 1997-03-10 | 1999-05-04 | International Business Machines Corporation | System and method for managing multiple cultural profiles in an information handling system |
US5930792A (en) * | 1996-11-07 | 1999-07-27 | Intervoice Limited Partnership | Monitoring and directing flow of HTML documents for security and access |
US5928330A (en) * | 1996-09-06 | 1999-07-27 | Motorola, Inc. | System, device, and method for streaming a multimedia file |
US5941908A (en) * | 1997-04-23 | 1999-08-24 | Vascular Science, Inc. | Artificial medical graft with a releasable retainer |
US5941954A (en) * | 1997-10-01 | 1999-08-24 | Sun Microsystems, Inc. | Network message redirection |
US5941959A (en) * | 1995-12-20 | 1999-08-24 | Tandem Computers Incorporated | System for transferring a data stream to a requestor without copying data segments to each one of multiple data source/sinks during data stream building |
US5978828A (en) * | 1997-06-13 | 1999-11-02 | Intel Corporation | URL bookmark update notification of page content or location changes |
US6002853A (en) * | 1995-10-26 | 1999-12-14 | Wegener Internet Projects Bv | System for generating graphics in response to a database search |
US6006252A (en) * | 1996-10-08 | 1999-12-21 | Wolfe; Mark A. | System and method for communicating information relating to a network resource |
US6012090A (en) * | 1997-03-14 | 2000-01-04 | At&T Corp. | Client-side parallel requests for network services using group name association |
US6076115A (en) * | 1997-02-11 | 2000-06-13 | Xaqti Corporation | Media access control receiver and network management system |
US6076951A (en) * | 1996-10-16 | 2000-06-20 | National University Of Singapore | Frequency-domain adaptive controller |
US6098067A (en) * | 1997-05-02 | 2000-08-01 | Kabushiki Kaisha Toshiba | Remote computer management system |
US6101549A (en) * | 1996-09-27 | 2000-08-08 | Intel Corporation | Proxy-based reservation of network resources |
US6119165A (en) * | 1997-11-17 | 2000-09-12 | Trend Micro, Inc. | Controlled distribution of application programs in a computer network |
US6138162A (en) * | 1997-02-11 | 2000-10-24 | Pointcast, Inc. | Method and apparatus for configuring a client to redirect requests to a caching proxy server based on a category ID with the request |
US6151643A (en) * | 1996-06-07 | 2000-11-21 | Networks Associates, Inc. | Automatic updating of diverse software products on multiple client computer systems by downloading scanning application to client computer and generating software list on client computer |
US6163806A (en) * | 1997-06-30 | 2000-12-19 | Sun Microsystems, Inc. | System and method for transparent, global access to physical devices on a computer cluster |
US6247013B1 (en) * | 1997-06-30 | 2001-06-12 | Canon Kabushiki Kaisha | Hyper text reading system |
US6260066B1 (en) * | 1997-03-17 | 2001-07-10 | International Business Machines Corporation | Method and apparatus for optimal rebasing of web page transmission using a plurality of different rebasing tests and a Cost-Effectiveness determination |
US6272673B1 (en) * | 1997-11-25 | 2001-08-07 | Alphablox Corporation | Mechanism for automatically establishing connections between executable components of a hypertext-based application |
US6295639B1 (en) * | 1998-09-01 | 2001-09-25 | Aidministrator Nederland B.V. | Securely accessing a file system of a remote server computer |
US20010043215A1 (en) * | 1997-09-11 | 2001-11-22 | Thomas M. Middleton | Efficient downloading of animated presentation files |
US6324578B1 (en) * | 1998-12-14 | 2001-11-27 | International Business Machines Corporation | Methods, systems and computer program products for management of configurable application programs on a network |
US6360366B1 (en) * | 1996-09-05 | 2002-03-19 | Managesoft Corporation | Systems and methods for automatic application version upgrading and maintenance |
US6389462B1 (en) * | 1998-12-16 | 2002-05-14 | Lucent Technologies Inc. | Method and apparatus for transparently directing requests for web objects to proxy caches |
US6405111B2 (en) * | 1997-05-16 | 2002-06-11 | Snap-On Technologies, Inc. | System and method for distributed computer automotive service equipment |
US6412009B1 (en) * | 1999-03-15 | 2002-06-25 | Wall Data Incorporated | Method and system for providing a persistent HTTP tunnel |
US6421726B1 (en) * | 1997-03-14 | 2002-07-16 | Akamai Technologies, Inc. | System and method for selection and retrieval of diverse types of video data on a computer network |
US6502137B1 (en) * | 1997-10-09 | 2002-12-31 | International Business Machines Corporation | System and method for transferring information over a computer network |
US6546554B1 (en) * | 2000-01-21 | 2003-04-08 | Sun Microsystems, Inc. | Browser-independent and automatic apparatus and method for receiving, installing and launching applications from a browser on a client computer |
US6578199B1 (en) * | 1999-11-12 | 2003-06-10 | Fujitsu Limited | Automatic tracking system and method for distributable software |
Family Cites Families (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5611049A (en) * | 1992-06-03 | 1997-03-11 | Pitts; William M. | System for accessing distributed data cache channel at each network node to pass requests and data |
US5793763A (en) * | 1995-11-03 | 1998-08-11 | Cisco Technology, Inc. | Security system for network address translation systems |
US5956483A (en) * | 1996-06-28 | 1999-09-21 | Microsoft Corporation | System and method for making function calls from a web browser to a local application |
US6125352A (en) * | 1996-06-28 | 2000-09-26 | Microsoft Corporation | System and method for conducting commerce over a distributed network |
US5919247A (en) * | 1996-07-24 | 1999-07-06 | Marimba, Inc. | Method for the distribution of code and data updates |
US6067582A (en) | 1996-08-13 | 2000-05-23 | Angel Secure Networks, Inc. | System for installing information related to a software application to a remote computer over a network |
US5867651A (en) * | 1996-08-27 | 1999-02-02 | International Business Machines Corporation | System for providing custom functionality to client systems by redirecting of messages through a user configurable filter network having a plurality of partially interconnected filters |
US5915119A (en) * | 1996-10-01 | 1999-06-22 | Ncr Corporation | Proxy terminal for network controlling of power managed user terminals in suspend mode |
US5987523A (en) * | 1997-06-04 | 1999-11-16 | International Business Machines Corporation | Applet redirection for controlled access to non-orginating hosts |
US6226680B1 (en) * | 1997-10-14 | 2001-05-01 | Alacritech, Inc. | Intelligent network interface system method for protocol processing |
US6434620B1 (en) * | 1998-08-27 | 2002-08-13 | Alacritech, Inc. | TCP/IP offload network interface device |
US6212560B1 (en) * | 1998-05-08 | 2001-04-03 | Compaq Computer Corporation | Dynamic proxy server |
US6356863B1 (en) * | 1998-09-08 | 2002-03-12 | Metaphorics Llc | Virtual network file server |
-
2000
- 2000-03-17 US US09/531,121 patent/US6938096B1/en not_active Expired - Lifetime
-
2004
- 2004-07-20 US US10/894,671 patent/US20050010670A1/en not_active Abandoned
Patent Citations (38)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5758074A (en) * | 1994-11-04 | 1998-05-26 | International Business Machines Corporation | System for extending the desktop management interface at one node to a network by using pseudo management interface, pseudo component interface and network server interface |
US5644718A (en) * | 1994-11-10 | 1997-07-01 | At&T Corporation | Apparatus using circuit manager to associate a single circuit with each host application where the circuit is shared by a plurality of client applications |
US5737619A (en) * | 1995-10-19 | 1998-04-07 | Judson; David Hugh | World wide web browsing with content delivery over an idle connection and interstitial content display |
US5572643A (en) * | 1995-10-19 | 1996-11-05 | Judson; David H. | Web browser with dynamic display of information objects during linking |
US6002853A (en) * | 1995-10-26 | 1999-12-14 | Wegener Internet Projects Bv | System for generating graphics in response to a database search |
US5708709A (en) * | 1995-12-08 | 1998-01-13 | Sun Microsystems, Inc. | System and method for managing try-and-buy usage of application programs |
US5941959A (en) * | 1995-12-20 | 1999-08-24 | Tandem Computers Incorporated | System for transferring a data stream to a requestor without copying data segments to each one of multiple data source/sinks during data stream building |
US5826014A (en) * | 1996-02-06 | 1998-10-20 | Network Engineering Software | Firewall system for protecting network elements connected to a public network |
US6151643A (en) * | 1996-06-07 | 2000-11-21 | Networks Associates, Inc. | Automatic updating of diverse software products on multiple client computer systems by downloading scanning application to client computer and generating software list on client computer |
US6360366B1 (en) * | 1996-09-05 | 2002-03-19 | Managesoft Corporation | Systems and methods for automatic application version upgrading and maintenance |
US5928330A (en) * | 1996-09-06 | 1999-07-27 | Motorola, Inc. | System, device, and method for streaming a multimedia file |
US6101549A (en) * | 1996-09-27 | 2000-08-08 | Intel Corporation | Proxy-based reservation of network resources |
US6006252A (en) * | 1996-10-08 | 1999-12-21 | Wolfe; Mark A. | System and method for communicating information relating to a network resource |
US6076951A (en) * | 1996-10-16 | 2000-06-20 | National University Of Singapore | Frequency-domain adaptive controller |
US5930792A (en) * | 1996-11-07 | 1999-07-27 | Intervoice Limited Partnership | Monitoring and directing flow of HTML documents for security and access |
US6138162A (en) * | 1997-02-11 | 2000-10-24 | Pointcast, Inc. | Method and apparatus for configuring a client to redirect requests to a caching proxy server based on a category ID with the request |
US6076115A (en) * | 1997-02-11 | 2000-06-13 | Xaqti Corporation | Media access control receiver and network management system |
US5900871A (en) * | 1997-03-10 | 1999-05-04 | International Business Machines Corporation | System and method for managing multiple cultural profiles in an information handling system |
US6421726B1 (en) * | 1997-03-14 | 2002-07-16 | Akamai Technologies, Inc. | System and method for selection and retrieval of diverse types of video data on a computer network |
US6012090A (en) * | 1997-03-14 | 2000-01-04 | At&T Corp. | Client-side parallel requests for network services using group name association |
US6260066B1 (en) * | 1997-03-17 | 2001-07-10 | International Business Machines Corporation | Method and apparatus for optimal rebasing of web page transmission using a plurality of different rebasing tests and a Cost-Effectiveness determination |
US5941908A (en) * | 1997-04-23 | 1999-08-24 | Vascular Science, Inc. | Artificial medical graft with a releasable retainer |
US6098067A (en) * | 1997-05-02 | 2000-08-01 | Kabushiki Kaisha Toshiba | Remote computer management system |
US6405111B2 (en) * | 1997-05-16 | 2002-06-11 | Snap-On Technologies, Inc. | System and method for distributed computer automotive service equipment |
US5978828A (en) * | 1997-06-13 | 1999-11-02 | Intel Corporation | URL bookmark update notification of page content or location changes |
US6247013B1 (en) * | 1997-06-30 | 2001-06-12 | Canon Kabushiki Kaisha | Hyper text reading system |
US6163806A (en) * | 1997-06-30 | 2000-12-19 | Sun Microsystems, Inc. | System and method for transparent, global access to physical devices on a computer cluster |
US20010043215A1 (en) * | 1997-09-11 | 2001-11-22 | Thomas M. Middleton | Efficient downloading of animated presentation files |
US5941954A (en) * | 1997-10-01 | 1999-08-24 | Sun Microsystems, Inc. | Network message redirection |
US6502137B1 (en) * | 1997-10-09 | 2002-12-31 | International Business Machines Corporation | System and method for transferring information over a computer network |
US6119165A (en) * | 1997-11-17 | 2000-09-12 | Trend Micro, Inc. | Controlled distribution of application programs in a computer network |
US6272673B1 (en) * | 1997-11-25 | 2001-08-07 | Alphablox Corporation | Mechanism for automatically establishing connections between executable components of a hypertext-based application |
US6295639B1 (en) * | 1998-09-01 | 2001-09-25 | Aidministrator Nederland B.V. | Securely accessing a file system of a remote server computer |
US6324578B1 (en) * | 1998-12-14 | 2001-11-27 | International Business Machines Corporation | Methods, systems and computer program products for management of configurable application programs on a network |
US6389462B1 (en) * | 1998-12-16 | 2002-05-14 | Lucent Technologies Inc. | Method and apparatus for transparently directing requests for web objects to proxy caches |
US6412009B1 (en) * | 1999-03-15 | 2002-06-25 | Wall Data Incorporated | Method and system for providing a persistent HTTP tunnel |
US6578199B1 (en) * | 1999-11-12 | 2003-06-10 | Fujitsu Limited | Automatic tracking system and method for distributable software |
US6546554B1 (en) * | 2000-01-21 | 2003-04-08 | Sun Microsystems, Inc. | Browser-independent and automatic apparatus and method for receiving, installing and launching applications from a browser on a client computer |
Cited By (150)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8509230B2 (en) | 1997-06-16 | 2013-08-13 | Numecent Holdings, Inc. | Software streaming system and method |
US20100023640A1 (en) * | 1997-06-16 | 2010-01-28 | Stream Theory, Inc. | Software streaming system and method |
US7096253B2 (en) | 1997-06-16 | 2006-08-22 | Stream Theory, Inc. | Method and apparatus for streaming software |
US9094480B2 (en) | 1997-06-16 | 2015-07-28 | Numecent Holdings, Inc. | Software streaming system and method |
US9578075B2 (en) | 1997-06-16 | 2017-02-21 | Numecent Holdings, Inc. | Software streaming system and method |
US20060272023A1 (en) * | 1998-11-16 | 2006-11-30 | Yonah Schmeidler | Method and apparatus for secure content delivery over broadband access networks |
US7690039B2 (en) | 1998-11-16 | 2010-03-30 | Softricity, Inc. | Method and apparatus for content protection in a secure content delivery system |
US7707641B2 (en) | 1998-11-16 | 2010-04-27 | Softricity, Inc. | Method and apparatus for secure content delivery over broadband access networks |
US20050021613A1 (en) * | 1998-11-16 | 2005-01-27 | Softricity, Inc. | Method and apparatus for content protection in a secure content delivery system |
US7730169B1 (en) | 1999-04-12 | 2010-06-01 | Softricity, Inc. | Business method and system for serving third party software applications |
US8612514B2 (en) | 1999-04-12 | 2013-12-17 | Microsoft Corporation | Serving software applications from servers to client computers |
US8099758B2 (en) | 1999-05-12 | 2012-01-17 | Microsoft Corporation | Policy based composite file system and method |
US7861075B2 (en) * | 1999-09-01 | 2010-12-28 | Juergen Brendel | Atomic session-start operation combining clear-text and encrypted sessions to provide ID visibility to middleware such as load-balancers |
US20050010754A1 (en) * | 1999-09-01 | 2005-01-13 | Resonate Inc. | Atomic session-start operation combining clear-text and encrypted sessions to provide ID visibility to middleware such as load-balancers |
US7900040B2 (en) * | 1999-09-01 | 2011-03-01 | Juergen Brendel | Atomic session-start operation combining clear-text and encrypted sessions to provide ID visibility to middleware such as load-balancers |
US20070094373A1 (en) * | 1999-09-01 | 2007-04-26 | Resonate Inc. | Atomic session-start operation combining clear-text and encrypted sessions to provide ID visibility to middleware such as load-balancers |
US7797372B2 (en) | 2000-03-17 | 2010-09-14 | Softricity, Inc. | Serving software applications from servers for client computers |
US20080189361A1 (en) * | 2000-03-17 | 2008-08-07 | Softricity, Inc. | Method for serviing third party software applications from servers to client computers |
US20020169998A1 (en) * | 2000-05-19 | 2002-11-14 | Kenneth Largman | Computer with special-purpose subsystems |
US7571353B2 (en) | 2000-05-19 | 2009-08-04 | Vir2Us, Inc. | Self-repairing computing device and method of monitoring and repair |
US20060161813A1 (en) * | 2000-05-19 | 2006-07-20 | Self-Repairing Computers, Inc. | Computer system and method having isolatable storage for enhanced immunity to viral and malicious code infection |
US20060143530A1 (en) * | 2000-05-19 | 2006-06-29 | Self-Repairing Computers, Inc. | Self-repairing computing device and method of monitoring and repair |
US7577871B2 (en) | 2000-05-19 | 2009-08-18 | Vir2Us, Inc. | Computer system and method having isolatable storage for enhanced immunity to viral and malicious code infection |
US7137034B2 (en) | 2000-05-19 | 2006-11-14 | Vir2Us, Inc. | Self repairing computer having user accessible switch for modifying bootable storage device configuration to initiate repair |
US20060277433A1 (en) * | 2000-05-19 | 2006-12-07 | Self Repairing Computers, Inc. | Computer having special purpose subsystems and cyber-terror and virus immunity and protection features |
US9654548B2 (en) | 2000-11-06 | 2017-05-16 | Numecent Holdings, Inc. | Intelligent network streaming and execution system for conventionally coded applications |
US8831995B2 (en) | 2000-11-06 | 2014-09-09 | Numecent Holdings, Inc. | Optimized server for streamed applications |
US20030004882A1 (en) * | 2000-11-06 | 2003-01-02 | Holler Anne Marie | Optimized server for streamed applications |
US9130953B2 (en) | 2000-11-06 | 2015-09-08 | Numecent Holdings, Inc. | Intelligent network streaming and execution system for conventionally coded applications |
US7257615B2 (en) * | 2000-12-22 | 2007-08-14 | Sun Microsystems, Inc. | Server side execution of application modules in a client and server system |
US20030018834A1 (en) * | 2000-12-22 | 2003-01-23 | Sun Microsystems, Inc. | Server side execution of application modules in a client and server system |
US8893249B2 (en) | 2001-02-14 | 2014-11-18 | Numecent Holdings, Inc. | Intelligent network streaming and execution system for conventionally coded applications |
US8438298B2 (en) | 2001-02-14 | 2013-05-07 | Endeavors Technologies, Inc. | Intelligent network streaming and execution system for conventionally coded applications |
US20080178298A1 (en) * | 2001-02-14 | 2008-07-24 | Endeavors Technology, Inc. | Intelligent network streaming and execution system for conventionally coded applications |
US7392541B2 (en) | 2001-05-17 | 2008-06-24 | Vir2Us, Inc. | Computer system architecture and method providing operating-system independent virus-, hacker-, and cyber-terror-immune processing environments |
US20040236874A1 (en) * | 2001-05-17 | 2004-11-25 | Kenneth Largman | Computer system architecture and method providing operating-system independent virus-, hacker-, and cyber-terror-immune processing environments |
US7849360B2 (en) | 2001-05-21 | 2010-12-07 | Vir2Us, Inc. | Computer system and method of controlling communication port to prevent computer contamination by virus or malicious code |
US20060143514A1 (en) * | 2001-05-21 | 2006-06-29 | Self-Repairing Computers, Inc. | Computer system and method of controlling communication port to prevent computer contamination by virus or malicious code |
US7536598B2 (en) | 2001-11-19 | 2009-05-19 | Vir2Us, Inc. | Computer system capable of supporting a plurality of independent computing environments |
US20040210796A1 (en) * | 2001-11-19 | 2004-10-21 | Kenneth Largman | Computer system capable of supporting a plurality of independent computing environments |
US7529778B1 (en) | 2001-12-12 | 2009-05-05 | Microsoft Corporation | System and method for providing access to consistent point-in-time file versions |
US20060272017A1 (en) * | 2002-03-06 | 2006-11-30 | Kenneth Largman | Computer and method for safe usage of documents, email attachments and other content that may contain virus, spy-ware, or malicious code |
US7788699B2 (en) | 2002-03-06 | 2010-08-31 | Vir2Us, Inc. | Computer and method for safe usage of documents, email attachments and other content that may contain virus, spy-ware, or malicious code |
US20030196114A1 (en) * | 2002-04-10 | 2003-10-16 | International Business Machines | Persistent access control of protected content |
US7614077B2 (en) * | 2002-04-10 | 2009-11-03 | International Business Machines Corporation | Persistent access control of protected content |
US7359933B1 (en) * | 2002-09-26 | 2008-04-15 | Oracle International Corporation | Providing remote access to network applications using a dual proxy |
US7617256B2 (en) | 2004-07-19 | 2009-11-10 | Microsoft Corporation | Remote file updates through remote protocol |
US20060026165A1 (en) * | 2004-07-19 | 2006-02-02 | Microsoft Corporation | Remote file updates through remote protocol |
US20060048136A1 (en) * | 2004-08-25 | 2006-03-02 | Vries Jeff D | Interception-based resource detection system |
US8042120B2 (en) | 2004-09-30 | 2011-10-18 | Citrix Systems, Inc. | Method and apparatus for moving processes between isolation environments |
US8302101B2 (en) | 2004-09-30 | 2012-10-30 | Citrix Systems, Inc. | Methods and systems for accessing, by application programs, resources provided by an operating system |
US20060075381A1 (en) * | 2004-09-30 | 2006-04-06 | Citrix Systems, Inc. | Method and apparatus for isolating execution of software applications |
US8132176B2 (en) | 2004-09-30 | 2012-03-06 | Citrix Systems, Inc. | Method for accessing, by application programs, resources residing inside an application isolation scope |
US8117559B2 (en) | 2004-09-30 | 2012-02-14 | Citrix Systems, Inc. | Method and apparatus for virtualizing window information |
US20060074989A1 (en) * | 2004-09-30 | 2006-04-06 | Laborczfalvi Lee G | Method and apparatus for virtualizing object names |
US20060090171A1 (en) * | 2004-09-30 | 2006-04-27 | Citrix Systems, Inc. | Method and apparatus for virtualizing window information |
US20060085789A1 (en) * | 2004-09-30 | 2006-04-20 | Laborczfalvi Lee G | Method and apparatus for moving processes between isolation environments |
US20070094667A1 (en) * | 2004-09-30 | 2007-04-26 | Bissett Nicholas A | Method for accessing, by application programs, resources residing inside an application isolation environment |
US7676813B2 (en) | 2004-09-30 | 2010-03-09 | Citrix Systems, Inc. | Method and system for accessing resources |
US20060070030A1 (en) * | 2004-09-30 | 2006-03-30 | Laborczfalvi Lee G | Method and apparatus for providing an aggregate view of enumerated system resources from various isolation layers |
US7680758B2 (en) | 2004-09-30 | 2010-03-16 | Citrix Systems, Inc. | Method and apparatus for isolating execution of software applications |
US20060070029A1 (en) * | 2004-09-30 | 2006-03-30 | Citrix Systems, Inc. | Method and apparatus for providing file-type associations to multiple applications |
US8171479B2 (en) | 2004-09-30 | 2012-05-01 | Citrix Systems, Inc. | Method and apparatus for providing an aggregate view of enumerated system resources from various isolation layers |
US8352964B2 (en) | 2004-09-30 | 2013-01-08 | Citrix Systems, Inc. | Method and apparatus for moving processes between isolation environments |
US7853947B2 (en) | 2004-09-30 | 2010-12-14 | Citrix Systems, Inc. | System for virtualizing access to named system objects using rule action associated with request |
US7752600B2 (en) | 2004-09-30 | 2010-07-06 | Citrix Systems, Inc. | Method and apparatus for providing file-type associations to multiple applications |
US20070067255A1 (en) * | 2004-09-30 | 2007-03-22 | Bissett Nicholas A | Method and system for accessing resources |
US20060106770A1 (en) * | 2004-10-22 | 2006-05-18 | Vries Jeffrey D | System and method for predictive streaming |
US20060123185A1 (en) * | 2004-11-13 | 2006-06-08 | De Vries Jeffrey | Streaming from a media device |
US20060168294A1 (en) * | 2004-11-13 | 2006-07-27 | De Vries Jeff | Hybrid local/remote streaming |
US8359591B2 (en) | 2004-11-13 | 2013-01-22 | Streamtheory, Inc. | Streaming from a media device |
US8949820B2 (en) | 2004-11-13 | 2015-02-03 | Numecent Holdings, Inc. | Streaming from a media device |
US20060150245A1 (en) * | 2004-12-31 | 2006-07-06 | Infopower Corporation | System and method of automatically transforming instant message transmission modes on internet |
US20060230175A1 (en) * | 2005-03-23 | 2006-10-12 | De Vries Jeffrey | System and method for tracking changes to files in streaming applications |
US8898391B2 (en) | 2005-03-23 | 2014-11-25 | Numecent Holdings, Inc. | Opportunistic block transmission with time constraints |
US20060218165A1 (en) * | 2005-03-23 | 2006-09-28 | Vries Jeffrey De | Explicit overlay integration rules |
US9300752B2 (en) | 2005-03-23 | 2016-03-29 | Numecent Holdings, Inc. | Opportunistic block transmission with time constraints |
US9716609B2 (en) | 2005-03-23 | 2017-07-25 | Numecent Holdings, Inc. | System and method for tracking changes to files in streaming applications |
US8527706B2 (en) | 2005-03-23 | 2013-09-03 | Numecent Holdings, Inc. | Opportunistic block transmission with time constraints |
US9781007B2 (en) | 2005-03-23 | 2017-10-03 | Numecent Holdings, Inc. | Opportunistic block transmission with time constraints |
US10587473B2 (en) | 2005-03-23 | 2020-03-10 | Numecent Holdings, Inc. | Opportunistic block transmission with time constraints |
US11121928B2 (en) | 2005-03-23 | 2021-09-14 | Numecent Holdings, Inc. | Opportunistic block transmission with time constraints |
US8316129B2 (en) | 2005-05-25 | 2012-11-20 | Microsoft Corporation | Data communication coordination with sequence numbers |
US20060271697A1 (en) * | 2005-05-25 | 2006-11-30 | Microsoft Corporation | Data communication protocol |
US8850025B2 (en) | 2005-05-25 | 2014-09-30 | Microsoft Corporation | Data communication coordination with sequence numbers |
US9438696B2 (en) | 2005-05-25 | 2016-09-06 | Microsoft Technology Licensing, Llc | Data communication protocol |
US9332089B2 (en) | 2005-05-25 | 2016-05-03 | Microsoft Technology Licensing, Llc | Data communication coordination with sequence numbers |
US8825885B2 (en) | 2005-05-25 | 2014-09-02 | Microsoft Corporation | Data communication protocol |
US9071661B2 (en) | 2005-05-25 | 2015-06-30 | Microsoft Technology Licensing, Llc | Data communication coordination with sequence numbers |
US8332526B2 (en) | 2005-05-25 | 2012-12-11 | Microsoft Corporation | Data communication protocol including negotiation and command compounding |
US20070067321A1 (en) * | 2005-09-19 | 2007-03-22 | Bissett Nicholas A | Method and system for locating and accessing resources |
US8095940B2 (en) | 2005-09-19 | 2012-01-10 | Citrix Systems, Inc. | Method and system for locating and accessing resources |
US8131825B2 (en) | 2005-10-07 | 2012-03-06 | Citrix Systems, Inc. | Method and a system for responding locally to requests for file metadata associated with files stored remotely |
US20070083610A1 (en) * | 2005-10-07 | 2007-04-12 | Treder Terry N | Method and a system for accessing a plurality of files comprising an application program |
US7779034B2 (en) | 2005-10-07 | 2010-08-17 | Citrix Systems, Inc. | Method and system for accessing a remote file in a directory structure associated with an application program executing locally |
US20070083501A1 (en) * | 2005-10-07 | 2007-04-12 | Pedersen Bradley J | Method and system for accessing a remote file in a directory structure associated with an application program executing locally |
US20070083620A1 (en) * | 2005-10-07 | 2007-04-12 | Pedersen Bradley J | Methods for selecting between a predetermined number of execution methods for an application program |
US20070083522A1 (en) * | 2005-10-07 | 2007-04-12 | Nord Joseph H | Method and a system for responding locally to requests for file metadata associated with files stored remotely |
US20070106993A1 (en) * | 2005-10-21 | 2007-05-10 | Kenneth Largman | Computer security method having operating system virtualization allowing multiple operating system instances to securely share single machine resources |
US8281392B2 (en) * | 2006-08-11 | 2012-10-02 | Airdefense, Inc. | Methods and systems for wired equivalent privacy and Wi-Fi protected access protection |
US20080052779A1 (en) * | 2006-08-11 | 2008-02-28 | Airdefense, Inc. | Methods and Systems For Wired Equivalent Privacy and Wi-Fi Protected Access Protection |
US9380063B2 (en) | 2006-10-23 | 2016-06-28 | Numecent Holdings, Inc. | Rule-based application access management |
US9699194B2 (en) | 2006-10-23 | 2017-07-04 | Numecent Holdings, Inc. | Rule-based application access management |
US11451548B2 (en) | 2006-10-23 | 2022-09-20 | Numecent Holdings, Inc | Rule-based application access management |
US8782778B2 (en) | 2006-10-23 | 2014-07-15 | Numecent Holdings, Inc. | Rule-based application access management |
US9054962B2 (en) | 2006-10-23 | 2015-06-09 | Numecent Holdings, Inc. | Rule-based application access management |
US8752128B2 (en) | 2006-10-23 | 2014-06-10 | Numecent Holdings, Inc. | Rule-based application access management |
US10356100B2 (en) | 2006-10-23 | 2019-07-16 | Numecent Holdings, Inc. | Rule-based application access management |
US10057268B2 (en) | 2006-10-23 | 2018-08-21 | Numecent Holdings, Inc. | Rule-based application access management |
US9825957B2 (en) | 2006-10-23 | 2017-11-21 | Numecent Holdings, Inc. | Rule-based application access management |
US20080109876A1 (en) * | 2006-10-23 | 2008-05-08 | Endeavors Technologies, Inc. | Rule-based application access management |
US9054963B2 (en) | 2006-10-23 | 2015-06-09 | Numecent Holdings, Inc. | Rule-based application access management |
US9571501B2 (en) | 2006-10-23 | 2017-02-14 | Numecent Holdings, Inc. | Rule-based application access management |
US8261345B2 (en) | 2006-10-23 | 2012-09-04 | Endeavors Technologies, Inc. | Rule-based application access management |
US8775369B2 (en) | 2007-01-24 | 2014-07-08 | Vir2Us, Inc. | Computer system architecture and method having isolated file system management for secure and reliable data processing |
US9021494B2 (en) | 2007-10-20 | 2015-04-28 | Citrix Systems, Inc. | Method and system for communicating between isolation environments |
US20090106780A1 (en) * | 2007-10-20 | 2009-04-23 | Nord Joseph | Method and system for communicating between isolation environments |
US9009720B2 (en) | 2007-10-20 | 2015-04-14 | Citrix Systems, Inc. | Method and system for communicating between isolation environments |
US9009721B2 (en) | 2007-10-20 | 2015-04-14 | Citrix Systems, Inc. | Method and system for communicating between isolation environments |
US8171483B2 (en) | 2007-10-20 | 2012-05-01 | Citrix Systems, Inc. | Method and system for communicating between isolation environments |
US20090119458A1 (en) * | 2007-11-07 | 2009-05-07 | Endeavors Technologies, Inc. | Opportunistic block transmission with time constraints |
US11119884B2 (en) | 2007-11-07 | 2021-09-14 | Numecent Holdings, Inc. | Deriving component statistics for a stream enabled application |
US8024523B2 (en) | 2007-11-07 | 2011-09-20 | Endeavors Technologies, Inc. | Opportunistic block transmission with time constraints |
US20090119644A1 (en) * | 2007-11-07 | 2009-05-07 | Endeavors Technologies, Inc. | Deriving component statistics for a stream enabled application |
US10445210B2 (en) | 2007-11-07 | 2019-10-15 | Numecent Holdings, Inc. | Deriving component statistics for a stream enabled application |
US9436578B2 (en) | 2007-11-07 | 2016-09-06 | Numecent Holdings, Inc. | Deriving component statistics for a stream enabled application |
US8892738B2 (en) | 2007-11-07 | 2014-11-18 | Numecent Holdings, Inc. | Deriving component statistics for a stream enabled application |
US8661197B2 (en) | 2007-11-07 | 2014-02-25 | Numecent Holdings, Inc. | Opportunistic block transmission with time constraints |
US11740992B2 (en) | 2007-11-07 | 2023-08-29 | Numecent Holdings, Inc. | Deriving component statistics for a stream enabled application |
US20090172160A1 (en) * | 2008-01-02 | 2009-07-02 | Sepago Gmbh | Loading of server-stored user profile data |
US10460085B2 (en) | 2008-03-13 | 2019-10-29 | Mattel, Inc. | Tablet computer |
WO2010028073A1 (en) * | 2008-09-02 | 2010-03-11 | Fuhu, Inc. | A stable active x linux based operating environment |
US20100070752A1 (en) * | 2008-09-02 | 2010-03-18 | Robb Fujioka | Stable Active X Linux based operating environment |
US20100281102A1 (en) * | 2009-05-02 | 2010-11-04 | Chinta Madhav | Methods and systems for launching applications into existing isolation environments |
US8326943B2 (en) | 2009-05-02 | 2012-12-04 | Citrix Systems, Inc. | Methods and systems for launching applications into existing isolation environments |
US8090797B2 (en) | 2009-05-02 | 2012-01-03 | Citrix Systems, Inc. | Methods and systems for launching applications into existing isolation environments |
US8631277B2 (en) | 2010-12-10 | 2014-01-14 | Microsoft Corporation | Providing transparent failover in a file system |
US10284626B2 (en) | 2011-06-29 | 2019-05-07 | Microsoft Technology Licensing, Llc | Transporting operations of arbitrary size over remote direct memory access |
US9331955B2 (en) | 2011-06-29 | 2016-05-03 | Microsoft Technology Licensing, Llc | Transporting operations of arbitrary size over remote direct memory access |
US9462039B2 (en) | 2011-06-30 | 2016-10-04 | Microsoft Technology Licensing, Llc | Transparent failover |
US8856582B2 (en) | 2011-06-30 | 2014-10-07 | Microsoft Corporation | Transparent failover |
US8788579B2 (en) | 2011-09-09 | 2014-07-22 | Microsoft Corporation | Clustered client failover |
US10630781B2 (en) | 2011-09-09 | 2020-04-21 | Microsoft Technology Licensing, Llc | SMB2 scaleout |
US10110714B2 (en) | 2012-06-29 | 2018-10-23 | Cisco Technology, Inc. | Methods for exchanging network management messages using UDP over HTTP protocol |
US9215131B2 (en) * | 2012-06-29 | 2015-12-15 | Cisco Technology, Inc. | Methods for exchanging network management messages using UDP over HTTP protocol |
US20140006481A1 (en) * | 2012-06-29 | 2014-01-02 | Clifford A. Frey | Methods for exchanging network management messages using udp over http protocol |
US20140244790A1 (en) * | 2013-02-27 | 2014-08-28 | Kabushiki Kaisha Toshiba | Communication apparatus, communication method and non-transitory computer readable medium |
US20150304278A1 (en) * | 2014-04-21 | 2015-10-22 | General Electric Company | Systems and methods for secure network-based monitoring of electrical power generators |
US20160253170A1 (en) * | 2015-02-27 | 2016-09-01 | Lenovo (Singapore) Pte, Ltd. | Efficient deployment of thin client applications to end user |
US9785429B2 (en) * | 2015-02-27 | 2017-10-10 | Lenovo (Singapore) Pte. Ltd. | Efficient deployment of thin client applications to end user |
Also Published As
Publication number | Publication date |
---|---|
US6938096B1 (en) | 2005-08-30 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6938096B1 (en) | Method and system for remote networking using port proxying by detecting if the designated port on a client computer is blocked, then encapsulating the communications in a different format and redirecting to an open port | |
US7200632B1 (en) | Method and system for serving software applications to client computers | |
US8612514B2 (en) | Serving software applications from servers to client computers | |
JP4734592B2 (en) | Method and system for providing secure access to private network by client redirection | |
US9578075B2 (en) | Software streaming system and method | |
US7730169B1 (en) | Business method and system for serving third party software applications | |
US5987523A (en) | Applet redirection for controlled access to non-orginating hosts | |
US6308212B1 (en) | Web user interface session and sharing of session environment information | |
US7650390B2 (en) | System and method for playing rich internet applications in remote computing devices | |
US6289370B1 (en) | Platform independent enhanced help system for an internet enabled embedded system | |
US20050198493A1 (en) | Distribution methods and apparatus for promoting distributed digital content on a local network | |
EP0822692A2 (en) | A client object API and gateway to enable OLTP via the internet | |
US20020023123A1 (en) | Geographic data locator | |
US8244875B2 (en) | Secure network computing | |
KR20070003922A (en) | Automated remote site downloading on a geographic drive | |
CA2363571A1 (en) | Proxy server augmenting a client request with user profile data | |
WO2000062161A2 (en) | Method and system for serving software applications | |
EP1419637B1 (en) | A method and system for providing a web service for a plurality of web domains sharig a single IP address | |
CN113922982A (en) | Login method, electronic device and computer-readable storage medium | |
US20030174841A1 (en) | Methods, systems, and data structures for secure data content presentation | |
BOOTH | of Document: WP2: Interim Report |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: SOFTRICITY, INC., MASSACHUSETTS Free format text: CHANGE OF NAME;ASSIGNOR:SOFTWAREWOW.COM, INC.;REEL/FRAME:015290/0873 Effective date: 20001027 Owner name: SOFTWAREWOW.COM, INC., MASSACHUSETTS Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:GRESCHLER, DAVID M.;MYSLIWY, OWEN;SCHAEFER, STUART;REEL/FRAME:015290/0862 Effective date: 20000920 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO PAY ISSUE FEE |
|
AS | Assignment |
Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MICROSOFT CORPORATION;REEL/FRAME:034766/0509 Effective date: 20141014 |