公开(公告)号：US08418222B2

公开(公告)日：2013-04-09

申请号：US12241710

申请日：2008-09-30

Applicant: Abolade Gbadegesin ,  Roman Batoukov ,  David R. Reed

Inventor： Abolade Gbadegesin ,  Roman Batoukov ,  David R. Reed

IPC: G06F17/00

CPC classification number: H04L63/0807 ,  H04L9/3234 ,  H04L63/102

Abstract: A representational state transfer-based model for a computing environment uses models resources with links between them. Security principals are resources which can be independently authenticated. Each resource may be associated with an authorization policy that determines level of access, protocol supported. Successfully presenting security credentials at a security principal allows use of an instance of the security principal (i.e. application) as well as generation of an authentication token that can be presented across the computing environment to resources subscribing to the same authorization policy. As security principals with different security policies are authenticated, the appropriate tokens may be combined to allow broader access without undue re-authentication for resources subscribing to the same security policy. Authorization requirements (policies) may be attached to links to resources so that an application instance can dynamically discover authentication rules for that resource by inspecting the link.

Abstract translation: 用于计算环境的基于状态转移的表示模型使用具有它们之间链接的模型资源。 安全主体是可以独立验证的资源。 每个资源可以与确定访问级别的授权策略相关联，协议支持。 成功地在安全主体上呈现安全凭证允许使用安全主体（即应用程序）的实例，以及生成可以跨越计算环境呈现给订阅相同授权策略的资源的认证令牌。 由于具有不同安全策略的安全主体被认证，因此可以组合适当的令牌以允许更广泛的访问，而不需要对订阅相同安全策略的资源进行不必要的重新认证。 可以将授权要求（策略）附加到资源链接，以便应用程序实例可以通过检查链接来动态地发现该资源的认证规则。

公开(公告)号：US08412930B2

公开(公告)日：2013-04-02

申请号：US12248137

申请日：2008-10-09

Applicant: Abolade Gbadegesin ,  Dharma K. Shukla ,  Thomas A. Galvin ,  David R. Reed ,  Nikolay Smolyanskiy ,  Eric Fleischman ,  Roman Batoukov

Inventor： Abolade Gbadegesin ,  Dharma K. Shukla ,  Thomas A. Galvin ,  David R. Reed ,  Nikolay Smolyanskiy ,  Eric Fleischman ,  Roman Batoukov

IPC: H04L29/06

CPC classification number: H04L63/10 ,  H04L63/0807 ,  H04L63/0884 ,  H04L63/101

Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g., user identification ticket).

Abstract translation: 可部署的计算环境可以促进用户和设备之间的交互和数据共享。 用户，设备以及用户和设备之间的关系可以在可部署的计算环境中进行表示。 用户和设备之间的关系可以指定该设备由用户拥有，并且该设备被授权代表用户在可部署计算环境内执行操作。 通过认证对应于用户，设备和关系的票据来实现设备和用户在可部署计算环境内进行交互的安全认证。 使用设备识别票和用户识别券来认证设备和用户在可部署计算环境内进行交互。 设备声明票证允许设备代表用户执行委托操作（例如，数据同步，对等连接等），而不需要用户的凭证（例如，用户身份证明）。

公开(公告)号：US20120233676A1

公开(公告)日：2012-09-13

申请号：US13042817

申请日：2011-03-08

Applicant: Joshua C. Zana ,  David R. Reed ,  Matthew J. Pope ,  Shyam S. Habarakada ,  Boyd Cannon Multerer ,  Nir Nice ,  Todd R. Manion ,  Melissa W. Dunn

Inventor： Joshua C. Zana ,  David R. Reed ,  Matthew J. Pope ,  Shyam S. Habarakada ,  Boyd Cannon Multerer ,  Nir Nice ,  Todd R. Manion ,  Melissa W. Dunn

IPC: G06F7/04 ,  G06F15/173 ,  G06F15/16

CPC classification number: H04L67/306 ,  G06Q30/0269 ,  G06Q30/0631 ,  H04L67/02

Abstract: This document describes grouping personal accounts to tailor a web service. By grouping personal accounts, a service provider may tailor a web service to multiple people based on information about those people.

Abstract translation: 本文档描述分组个人帐户以定制Web服务。 通过分组个人帐户，服务提供商可以根据关于这些人的信息为多个人定制web服务。

公开(公告)号：US06714962B1

公开(公告)日：2004-03-30

申请号：US09527317

申请日：2000-03-16

Applicant: Patrick James Helland ,  Rodney Limprecht ,  Mohsen Al-Ghosein ,  David R. Reed

Inventor： Patrick James Helland ,  Rodney Limprecht ,  Mohsen Al-Ghosein ,  David R. Reed

IPC: G06F1516

CPC classification number: G06F21/6218 ,  Y10S707/99943 ,  Y10S707/99944 ,  Y10S707/99945

Abstract: A multi-tier server application architecture provides a simplified programming model of multiple user server applications that enhances programmer productivity. The multi-tier architecture comprises a client tier for client application code that initiates processing by the server application in response to user input, a middle tier of object-oriented server application code, and a database tier of shared access data and management code. A run-time environment for the object-oriented server application code limits access to instantiated objects of the middle tier server application code to a single one of the users. Objects in the middle tier that are instantiated to initiate processing for a particular user and grouped into a collection. The run-time environment manages the flow of execution into the collection such that the collection has only a single logical thread of execution and access by the client application code is exclusive to the particular user.

Abstract translation: 多层服务器应用程序架构提供了多个用户服务器应用程序的简化编程模型，从而提高了程序员的生产力。 多层架构包括用于客户端应用程序代码的客户端层，其响应于用户输入启动服务器应用程序的处理，面向对象的服务器应用程序代码的中间层以及共享访问数据和管理代码的数据库层。 用于面向对象的服务器应用程序代码的运行时环境将对中间层服务器应用程序代码的实例化对象的访问限制为单个用户的访问。 实例化中间层中的对象，以启动特定用户的处理并分组成一个集合。 运行时环境将执行流程管理到集合中，使得集合仅具有单个逻辑执行线程，客户端应用程序代码的访问对特定用户是排他性的。

公开(公告)号：US08180663B2

公开(公告)日：2012-05-15

申请号：US11168786

申请日：2005-06-28

Applicant: Paul D. Tischhauser ,  David R. Reed ,  Jason C. Mayans ,  Michael A. Faoro ,  Brendan C. Fields

Inventor： Paul D. Tischhauser ,  David R. Reed ,  Jason C. Mayans ,  Michael A. Faoro ,  Brendan C. Fields

IPC: G06F15/02

CPC classification number: G06Q10/109 ,  G06Q10/06314 ,  G06Q10/1095

Abstract: A computer-implemented method for assisting in the scheduling of a meeting. A user who desires to schedule a meeting simply inputs the relevant meeting parameters. In response, the computer evaluates a number of possible meeting times by comparing the input constraints against a predetermined set of suitability criteria. Based on this evaluation, the system identifies suggested meeting time(s), and also may identify rooms suitable for each meeting time. The system also calculates an estimated desirability for each suggested meeting time based on its compliance with the suitability criteria. The suggested meeting time(s) and a visual indicator of desirability for each time are then displayed. In addition, the raw free-busy data for each attendee may still be displayed. When the user selects a suggested meeting time, an electronic meeting request is automatically populated with the meeting time and a suitable place associated with the suggested meeting time.

Abstract translation: 一种用于协助安排会议的计算机实现的方法。 希望安排会议的用户只需输入相关的会议参数。 作为响应，计算机通过将输入约束与预定的一组适合性标准进行比较来评估多个可能的会议时间。 基于此评估，系统识别建议的会议时间，并且还可以识别适合于每个会议时间的房间。 该系统还根据其适用性标准计算每个建议的会议时间的估计需求。 然后显示建议的会议时间和每次可视性的视觉指示符。 此外，每个参加者的原始忙碌数据可能仍然可以显示。 当用户选择建议的会议时间时，会议时间和建议的会议时间相关联的合适位置自动填充电子会议请求。

公开(公告)号：US6134594A

公开(公告)日：2000-10-17

申请号：US958975

申请日：1997-10-28

Applicant: Patrick James Helland ,  Rodney Limprecht ,  Mohsen Al-Ghosein ,  David R. Reed

Inventor： Patrick James Helland ,  Rodney Limprecht ,  Mohsen Al-Ghosein ,  David R. Reed

IPC: G06F21/00 ,  G06F15/16

CPC classification number: G06F21/6218 ,  Y10S707/99943 ,  Y10S707/99944 ,  Y10S707/99945

Abstract: A multi-tier server application architecture provides a simplified programming model of multiple user server applications that enhances programmer productivity. The multi-tier architecture comprises a client tier for client application code that initiates processing by the server application in response to user input, a middle tier of object-oriented server application code, and a database tier of shared access data and management code. A run-time environment for the object-oriented server application code limits access to instantiated objects of the middle tier server application code to a single one of the users. Objects in the middle tier that are instantiated to initiate processing for a particular user and grouped into a collection. The run-time environment manages the flow of execution into the collection such that the collection has only a single logical thread of execution and access by the client application code is exclusive to the particular user.

Abstract translation: 多层服务器应用程序架构提供了多个用户服务器应用程序的简化编程模型，从而提高了程序员的生产力。 多层架构包括用于客户端应用程序代码的客户端层，其响应于用户输入启动服务器应用程序的处理，面向对象的服务器应用程序代码的中间层以及共享访问数据和管理代码的数据库层。 用于面向对象的服务器应用程序代码的运行时环境将对中间层服务器应用程序代码的实例化对象的访问限制为单个用户的访问。 实例化中间层中的对象，以启动特定用户的处理并分组成一个集合。 运行时环境将执行流程管理到集合中，使得集合仅具有单个逻辑执行线程，客户端应用程序代码的访问对特定用户是排他性的。

公开(公告)号：US08196175B2

公开(公告)日：2012-06-05

申请号：US12042637

申请日：2008-03-05

Applicant: David R. Reed ,  Eric S. Fleischman ,  Abolade Gbadegesin ,  Dharma Shukla ,  Nikolay Smolyanskiy ,  Thomas A. Galvin

Inventor： David R. Reed ,  Eric S. Fleischman ,  Abolade Gbadegesin ,  Dharma Shukla ,  Nikolay Smolyanskiy ,  Thomas A. Galvin

IPC: G06F17/00

CPC classification number: H04L63/0807 ,  H04L63/102

Abstract: A ticketing system adapted for use with a cloud-based services platform is provided by a ticket-based authorization model in which the authorization requirements for traversing one or more meshes of resources associated with a cloud service are annotated in links included in a resource that refer to other resources. The meshes are thus self-describing with respect to the association among the resources (i.e., the links) as well as the authorization required to access resources. Resource access requires a principal ticket which asserts that a caller at a client (e.g., a security principal representing a device or identity associated with a user) is authenticated, plus zero or more claim tickets. The claim tickets make additional assertions about the caller that the cloud service may use to check that the caller is authorized to access the resource.

Abstract translation: 适用于基于云的服务平台的票务系统由基于票据的授权模型提供，其中用于遍历与云服务相关联的一个或多个资源网格的授权要求在包括在引用的资源中的链接中注释 到其他资源。 因此，网格关于资源（即，链接）之间的关联以及访问资源所需的授权是自描述的。 资源访问需要一个主体票据，该票据确认在客户端的呼叫者（例如，表示与用户相关联的设备或身份的安全主体）被认证，加上零个或多个声明券。 索赔票据对云端服务可能用来检查呼叫者是否被授权访问资源的呼叫者做出额外的断言。

公开(公告)号：US20100093310A1

公开(公告)日：2010-04-15

申请号：US12248137

申请日：2008-10-09

Applicant: Abolade Gbadegesin ,  Dharma K. Shukla ,  Thomas A. Galvin ,  David R. Reed ,  Nikolay Smolyanskiy ,  Eric Fleischman ,  Roman Batoukov

Inventor： Abolade Gbadegesin ,  Dharma K. Shukla ,  Thomas A. Galvin ,  David R. Reed ,  Nikolay Smolyanskiy ,  Eric Fleischman ,  Roman Batoukov

IPC: H04M1/66

CPC classification number: H04L63/10 ,  H04L63/0807 ,  H04L63/0884 ,  H04L63/101

Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g., user identification ticket).

Abstract translation: 可部署的计算环境可以促进用户和设备之间的交互和数据共享。 用户，设备以及用户和设备之间的关系可以在可部署的计算环境中进行表示。 用户和设备之间的关系可以指定该设备由用户拥有，并且该设备被授权代表用户在可部署计算环境内执行操作。 通过认证对应于用户，设备和关系的票据来实现设备和用户在可部署计算环境内进行交互的安全认证。 使用设备识别票和用户识别券来认证设备和用户在可部署计算环境内进行交互。 设备声明票证允许设备代表用户执行委托操作（例如，数据同步，对等连接等），而不需要用户的凭证（例如，用户身份证明）。

公开(公告)号：US20090228967A1

公开(公告)日：2009-09-10

申请号：US12241710

申请日：2008-09-30

Applicant: Abolade Gbadegesin ,  Roman Batoukov ,  David R. Reed

Inventor： Abolade Gbadegesin ,  Roman Batoukov ,  David R. Reed

IPC: H04L9/32

CPC classification number: H04L63/0807 ,  H04L9/3234 ,  H04L63/102

Abstract: A representational state transfer-based model for a computing environment uses models resources with links between them. Security principals are resources which can be independently authenticated. Each resource may be associated with an authorization policy that determines level of access, protocol supported. Successfully presenting security credentials at a security principal allows use of an instance of the security principal (i.e. application) as well as generation of an authentication token that can be presented across the computing environment to resources subscribing to the same authorization policy. As security principals with different security policies are authenticated, the appropriate tokens may be combined to allow broader access without undue re-authentication for resources subscribing to the same security policy. Authorization requirements (policies) may be attached to links to resources so that an application instance can dynamically discover authentication rules for that resource by inspecting the link.

Abstract translation: 用于计算环境的基于状态转移的表示模型使用具有它们之间链接的模型资源。 安全主体是可以独立验证的资源。 每个资源可以与确定访问级别的授权策略相关联，协议支持。 成功地在安全主体上呈现安全凭证允许使用安全主体（即应用程序）的实例，以及生成可以跨计算环境呈现给订阅相同授权策略的资源的认证令牌。 由于具有不同安全策略的安全主体被认证，因此可以组合适当的令牌以允许更广泛的访问，而不需要对订阅相同安全策略的资源进行不必要的重新认证。 可以将授权要求（策略）附加到资源链接，以便应用程序实例可以通过检查链接来动态地发现该资源的认证规则。

公开(公告)号：US08839390B2

公开(公告)日：2014-09-16

申请号：US13042817

申请日：2011-03-08

Applicant: Joshua C. Zana ,  David R. Reed ,  Matthew J. Pope ,  Shyam S. Habarakada ,  Boyd Cannon Multerer ,  Nir Nice ,  Todd R. Manion ,  Melissa W. Dunn

Inventor： Joshua C. Zana ,  David R. Reed ,  Matthew J. Pope ,  Shyam S. Habarakada ,  Boyd Cannon Multerer ,  Nir Nice ,  Todd R. Manion ,  Melissa W. Dunn

IPC: G06F7/04 ,  H04L29/08

CPC classification number: H04L67/306 ,  G06Q30/0269 ,  G06Q30/0631 ,  H04L67/02

Abstract: Grouping personal accounts to tailor a web service may be accomplished by grouping information from two or more personal accounts. In some embodiments, a personal account may include a set of persons. By grouping personal accounts, a service provider may tailor a web service to multiple people based on information about those people.

Abstract translation: 将个人帐户分组以定制Web服务可以通过分组来自两个或更多个人帐户的信息来实现。 在一些实施例中，个人帐户可以包括一组人。 通过分组个人帐户，服务提供商可以根据关于这些人的信息为多个人定制web服务。