公开(公告)号：US07136859B2

公开(公告)日：2006-11-14

申请号：US10003753

申请日：2001-10-22

申请人： Mark Lucovsky ,  Shaun D. Pierce ,  Alexander T. Weinert ,  Michael G. Burner ,  Richard B. Ward ,  Paul J. Leach ,  George M. Moore ,  Arthur Zwiegincew ,  Robert M. Hyman ,  Jonathan D. Pincus ,  Daniel R. Simon

发明人： Mark Lucovsky ,  Shaun D. Pierce ,  Alexander T. Weinert ,  Michael G. Burner ,  Richard B. Ward ,  Paul J. Leach ,  George M. Moore ,  Arthur Zwiegincew ,  Robert M. Hyman ,  Jonathan D. Pincus ,  Daniel R. Simon

IPC分类号： G06F7/00 ,  G06F17/30

CPC分类号： H04L67/16 ,  G06F17/3061 ,  G06F17/30908 ,  G06F21/6218 ,  G06F21/6227 ,  G06F21/6245 ,  G06Q10/109 ,  H04L12/1859 ,  H04L12/1863 ,  H04L29/06 ,  H04L63/101 ,  H04L67/02 ,  H04L67/28 ,  H04L67/2819 ,  H04L67/303 ,  H04L67/306 ,  H04L67/325 ,  H04L67/40 ,  H04L67/42 ,  H04L69/329 ,  Y10S707/99944

摘要： Directly operating on data structures in a generic manner regardless of the type of data structure being operated upon and without requiring dedicated executable code for manipulating data structures of the particular data type. A common set of commands (e.g., insert, delete, replace, update, query) are recognized that may be used to operate on data structures of a number of different data types. A navigation module accesses a request to execute one of the common command methods on at least an identified portion of an identified data structure. Then, the navigation module accesses a navigation assistance module to access a set of rules associated with the particular data type, the set of rules allowing the navigation module to find the portion of the data structure that is to be operated on. If appropriate, the command operation is then executed on the identified portion of the data structure.

公开(公告)号：US06985958B2

公开(公告)日：2006-01-10

申请号：US10003754

申请日：2001-10-22

申请人： Mark Lucovsky ,  Shaun D. Pierce ,  Alexander T. Weinert ,  Michael G. Burner ,  Richard B. Ward ,  Paul J. Leach ,  George M. Moore ,  Arthur Zwiegincew ,  Vivek Gundotra ,  Robert M. Hyman ,  Jonathan D. Pincus ,  Daniel R. Simon

发明人： Mark Lucovsky ,  Shaun D. Pierce ,  Alexander T. Weinert ,  Michael G. Burner ,  Richard B. Ward ,  Paul J. Leach ,  George M. Moore ,  Arthur Zwiegincew ,  Vivek Gundotra ,  Robert M. Hyman ,  Jonathan D. Pincus ,  Daniel R. Simon

IPC分类号： G06F13/00

CPC分类号： H04L63/101 ,  G06F21/6218 ,  G06F21/6227 ,  G06F21/6245 ,  G06Q10/109 ,  H04L12/1859 ,  H04L12/1863 ,  H04L29/06 ,  H04L63/104 ,  H04L63/123 ,  H04L63/1425 ,  H04L67/02 ,  H04L67/16 ,  H04L67/303 ,  H04L67/306 ,  H04L67/325 ,  H04L67/40 ,  H04L67/42 ,  H04L69/329

摘要： A messaging data structure for accessing data in an identity-centric manner. An identity may be a user, a group of users, or an organization. Instead of data being maintained on an application-by-application basis, the data associated with a particular identity is stored by one or more data services accessible by many applications. The data is stored in accordance with a schema that is recognized by a number of different applications and the data service. The messaging data structure includes fields that identify the target data object to be operated upon using an identity field, a schema field, and an instance identifier field. In addition, the desired operation is specified. Thus, the target data object is operated on in an identity-centric manner.

公开(公告)号：US07284271B2

公开(公告)日：2007-10-16

申请号：US10003767

申请日：2001-10-22

申请人： Mark Lucovsky ,  Shaun D. Pierce ,  Michael G. Burner ,  Richard B. Ward ,  Paul J. Leach ,  George M. Moore ,  Arthur Zwiegincew ,  Robert M. Hyman ,  Jonathan D. Pincus ,  Daniel R. Simon

发明人： Mark Lucovsky ,  Shaun D. Pierce ,  Michael G. Burner ,  Richard B. Ward ,  Paul J. Leach ,  George M. Moore ,  Arthur Zwiegincew ,  Robert M. Hyman ,  Jonathan D. Pincus ,  Daniel R. Simon

IPC分类号： H04L9/32 ,  G06F12/14

CPC分类号： H04L63/101 ,  G06F21/6218 ,  G06F21/6227 ,  G06F21/6245 ,  G06Q10/109 ,  H04L12/1859 ,  H04L12/1863 ,  H04L29/06 ,  H04L63/08 ,  H04L63/1425 ,  H04L67/02 ,  H04L67/16 ,  H04L67/303 ,  H04L67/306 ,  H04L67/325 ,  H04L67/40 ,  H04L67/42 ,  H04L69/329

摘要： Authorizing a requesting entity to have a service perform a particular action in a manner that is at least partially independent of the underlying target data structure. An authorization station maintains a number of role templates that each define basic access permissions with respect to a number of command methods. The authorization station also maintains a number of role definitions that each define access permissions for specific requesting entities by using one or more of the role templates. When the authorization station receives a request from the requesting entity, the authorization station then identifies the appropriate role definition. Using this role definition, the authorization station determines access permissions for the requesting entity with respect to the requested action.

摘要翻译： 授权请求实体使服务以至少部分独立于基础目标数据结构的方式执行特定动作。 授权站维护多个角色模板，每个角色模板定义关于多个命令方法的基本访问权限。 授权站还维护多个角色定义，每个角色定义通过使用一个或多个角色模板定义特定请求实体的访问权限。 当授权站从请求实体接收到请求时，授权站然后识别适当的角色定义。 使用该角色定义，授权站根据所请求的动作确定请求实体的访问权限。

公开(公告)号：US07206788B2

公开(公告)日：2007-04-17

申请号：US10208975

申请日：2002-07-30

申请人： Eric J. Horvitz ,  Paul A. Steckler ,  Shaun D. Pierce ,  Lijiang Fang ,  Mark H. Lucovsky ,  Winnie C. Wu ,  Rhae-Christie Shaw ,  George M. Moore ,  John M. Gehlsen ,  David M. Sauntry

发明人： Eric J. Horvitz ,  Paul A. Steckler ,  Shaun D. Pierce ,  Lijiang Fang ,  Mark H. Lucovsky ,  Winnie C. Wu ,  Rhae-Christie Shaw ,  George M. Moore ,  John M. Gehlsen ,  David M. Sauntry

IPC分类号： G06F17/00

CPC分类号： G06F17/30873 ,  H04L29/06 ,  H04L67/02 ,  H04L67/1095 ,  H04L67/303 ,  H04L69/329 ,  Y10S707/99942 ,  Y10S707/99943

摘要： A schema-based device service that provides centralized access to per-user device data, wherein access to the device data is based on each user's identity. The device service includes a schema that defines rules and a structure for each user's data, and also includes methods that provide access to the data in a defined way. The device schema thus corresponds to a logical document containing the data for each user. A service such as a notification/alerts service accesses data in the logical document by data access requests through defined methods, such as in order to customize or modify a notification for a device based on the device characteristics. In one implementation, the device schemas are arranged as XML documents, and the services provide methods that control access to the data based on the requesting user's identification, defined role and scope for that role.

摘要翻译： 基于模式的设备服务，其提供对每用户设备数据的集中访问，其中对设备数据的访问基于每个用户的身份。 设备服务包括定义每个用户数据的规则和结构的模式，并且还包括以定义的方式提供对数据的访问的方法。 因此，设备方案对应于包含每个用户的数据的逻辑文档。 诸如通知/警报服务之类的服务通过定义的方法通过数据访问请求来访问逻辑文档中的数据，例如为了基于设备特性定制或修改设备的通知。 在一个实现中，设备模式被排列为XML文档，并且服务提供了基于请求用户的标识，该角色的定义的角色和范围来控制对数据的访问的方法。

公开(公告)号：US08533666B2

公开(公告)日：2013-09-10

申请号：US12253545

申请日：2008-10-17

申请人： Dharma K. Shukla ,  Aditya G. Bhandarkar ,  Shelly Guo ,  Abhay Parasnis ,  Ori M. Amiga ,  Raymond E. Endres ,  George M. Moore

发明人： Dharma K. Shukla ,  Aditya G. Bhandarkar ,  Shelly Guo ,  Abhay Parasnis ,  Ori M. Amiga ,  Raymond E. Endres ,  George M. Moore

IPC分类号： G06F9/44

CPC分类号： G06F8/34

摘要： In scenarios involving a data set accessible through a protocol, operations sets may be formulated for performing various operations on the data set, and may be expressed as resource scripts according to a scripting language. However, such resource scripts may be difficult to design due to the complicated aspects of the interaction, such as asynchrony, network transport, the syntax of the scripting language, and the details of the protocol. A design environment may be devised to facilitate designers in generating resource scripts, e.g., through the manipulation of visual elements. The design environment may abstract the lower-level working details of the resource scripts, and may allow designers to focus on the logical designing of the operations set. The design environment may then automatically generate the resource script from the operations set in accordance with the constraints of the script language and the protocol.

摘要翻译： 在涉及通过协议可访问的数据集的场景中，可以制定操​​作集用于对数据集执行各种操作，并且可以根据脚本语言表示为资源脚本。 然而，由于交互的复杂方面，例如异步，网络传输，脚本语言的语法和协议的细节，这样的资源脚本可能难以设计。 可以设计出设计环境，以便于设计者生成资源脚本，例如通过操纵视觉元素。 设计环境可以抽象资源脚本的较低级别的工作细节，并且可能允许设计人员专注于操作集的逻辑设计。 然后，设计环境可以根据脚本语言和协议的约束自动从操作集合生成资源脚本。

公开(公告)号：US09639678B2

公开(公告)日：2017-05-02

申请号：US13539267

申请日：2012-06-29

申请人： George M. Moore

发明人： George M. Moore

IPC分类号： G06F21/31 ,  H04L29/06

CPC分类号： G06F21/316 ,  G06F21/31 ,  G06F2221/2111 ,  H04L63/08 ,  H04L63/10 ,  H04L63/102 ,  H04L63/105

摘要： Embodiments are directed to providing an identity risk score as part of an authentication assertion, applying operating heuristics to determine an operating application's validity and to providing identity risk scores to requesting third parties. In one scenario, an authentication server receives from a cloud service portal various user credentials from a user. The user credentials identify a user to the authentication server. The authentication server verifies the user's identity using the received credentials and generates an identity risk score based on one or more identity factors. The identity factors indicate a likelihood that the user is a valid user. The authentication server encapsulates the generated identity risk score in an authentication assertion and sends the authentication assertion that includes the generated identity risk score to the cloud service portal.

公开(公告)号：US08266237B2

公开(公告)日：2012-09-11

申请号：US11110128

申请日：2005-04-20

申请人： George M. Moore ,  Istvan Cseri

发明人： George M. Moore ,  Istvan Cseri

IPC分类号： G06F15/167 ,  G06F15/16 ,  G06F13/00

CPC分类号： H04L67/104 ,  G06F17/30206 ,  H04L67/02 ,  H04L67/108 ,  H04L67/1097

摘要： Systems and methods for distributed, decentralized storage and retrieval of data in an extensible SOAP environment are disclosed. Such systems and methods decentralize not only the bandwidth required for data storage and retrieval, but also the computational requirements. Accordingly, such systems and methods alleviate the need for one node to do all the storage and retrieval processing, and no single node is required to send or receive all the data.

摘要翻译： 公开了在可扩展SOAP环境中分布式，分散式存储和检索数据的系统和方法。 这样的系统和方法不仅分散了数据存储和检索所需的带宽，而且分散了计算要求。 因此，这样的系统和方法减轻了一个节点进行所有存储和检索处理的需要，并且不需要单个节点来发送或接收所有数据。

公开(公告)号：US20120089833A1

公开(公告)日：2012-04-12

申请号：US12901445

申请日：2010-10-08

申请人： Ian Jirka ,  Kahren Tevosyan ,  Corey Sanders ,  George M. Moore ,  Mohit Srivastava ,  Mark Eugene Russinovich

发明人： Ian Jirka ,  Kahren Tevosyan ,  Corey Sanders ,  George M. Moore ,  Mohit Srivastava ,  Mark Eugene Russinovich

IPC分类号： H04L9/32

CPC分类号： H04L9/3228 ,  G06F9/45558 ,  G06F21/33 ,  G06F21/57 ,  G06F2009/45562 ,  G06F2009/45595 ,  H04L63/0823

摘要： An invention is described for securely deploying a provable identity for virtual machines (VMs) in a dynamic environment. In an embodiment, a fabric controller instructs a VM host to create a VM and sends that VM a secret. The fabric controller sends that same secret (or a second secret, such as the private key of a public/private key pair) to the security token service along with an instruction to make an account for the VM. The VM presents proof that it possesses the secret to the security token service and in return receives a full token. When a client connects to the deployment, it receives the public key from the security token service, which it trusts, and the full token from the VM. It validates the full token with the public key to determine that the VM has the identity that it purports to have.

摘要翻译： 描述了用于在动态环境中安全地部署用于虚拟机（VM）的可证明身份的发明。 在一个实施例中，结构控制器指示VM主机创建VM并将该VM发送给机密。 结构控制器向安全令牌服务器发送相同的秘密（或第二个密钥，例如公共/私人密钥对的私钥）以及为VM建立帐户的指令。 VM提供证明它拥有安全令牌服务的秘密，并且返回接收到完整的令牌。 当客户端连接到部署时，它从安全令牌服务（它信任的）接收公钥，并从VM接收完整的令牌。 它使用公钥验证完整的令牌，以确定虚拟机具有其所声称的身份。

公开(公告)号：US20100088234A1

公开(公告)日：2010-04-08

申请号：US12245585

申请日：2008-10-03

申请人： George M. Moore ,  Federico Raggi ,  Yuan Yuan Yu

发明人： George M. Moore ,  Federico Raggi ,  Yuan Yuan Yu

IPC分类号： G06Q10/00 ,  G06Q30/00 ,  H04L9/00

CPC分类号： G06F21/62 ,  G06Q10/063 ,  G06Q30/0251 ,  H04L63/08

摘要： Methods and systems for providing unified analytics across a distributed computing services infrastructure are disclosed. Embodiments include providing an application identifier for an application created by a developer and, during an execution of the application, collecting and storing analytic data with an association with the application identifier and an authenticated developer identifier. Other embodiments may include collecting and storing analytic data with the association further including an authenticated user identifier and/or a device identifier for a device of a user-defined group or mesh. Access mechanisms, report generation, and billing based on the analytic data and associated application identifier are also disclosed. The disclosed methods and systems allow for unified reporting and correlation of analytic data across multiple services of a distributed computing services infrastructure.

摘要翻译： 公开了在分布式计算服务基础设施上提供统一分析的方法和系统。 实施例包括为由开发者创建的应用提供应用标识符，并且在应用执行期间收集和存储具有与应用标识符和经认证的开发者标识符的关联的分析数据。 其他实施例可以包括收集和存储具有关联的分析数据，其进一步包括用户定义的组或网格的设备的经认证的用户标识符和/或设备标识符。 还公开了基于分析数据和相关联的应用标识符的访问机制，报告生成和计费。 所公开的方法和系统允许分布式计算服务基础设施的多个服务之间的分析数据的统一报告和关联。

公开(公告)号：US07310641B2

公开(公告)日：2007-12-18

申请号：US10909139

申请日：2004-07-30

申请人： George M. Moore ,  Georgios Chrysanthakopoulos ,  Henrik Frystyk Nielsen

发明人： George M. Moore ,  Georgios Chrysanthakopoulos ,  Henrik Frystyk Nielsen

IPC分类号： G06F15/18

CPC分类号： G06F9/5055 ,  Y10S707/99936

摘要： Multiple copies of web services reside on associated computing devices, each having an associated reputation. A client may desire to access the web service having the highest or best reputation to be ensured of a greater degree of accuracy and confidence. The client does a search, and attaches to whichever web service has the highest reputation. By running multiple copies of the web services, they may vote amongst themselves on the results in the event that one or more of the services starts giving incorrect or otherwise inconsistent results. Combining the voting with reputation data associated with each copy of the web service allows a service's reputation to be dynamically adjusted based upon how faithfully it computes the results of work items sent to it.

摘要翻译： 多个Web服务副本驻留在相关联的计算设备上，每个都具有关联的信誉。 客户可能希望访问具有最高或最佳信誉的Web服务以确保更高的准确性和置信度。 客户端进行搜索，并附加到哪个Web服务具有最高的声誉。 通过运行多个Web服务副本，如果一个或多个服务开始给出不正确或不一致的结果，他们可以在结果之间投票。 将投票与与Web服务的每个副本相关联的声誉数据组合允许根据如何忠实地计算发送给其的工作项目的结果来动态地调整服务的声誉。