公开(公告)号：US08990399B2

公开(公告)日：2015-03-24

申请号：US13725582

申请日：2012-12-21

Applicant: Microsoft Corporation

Inventor： Jiahe Helen Wang ,  Alexander Moshchuk

IPC: G06F15/173 ,  H04L12/911 ,  G06F9/50

CPC classification number: H04L47/783 ,  G06F9/50

Abstract: Resource sharing in a multi-principal browser includes managing a resource for a web entity by determining how to divide the resource for sharing among two or more web entities based at least in part on a Document Object Model (DOM)-recursive resource allocation policy or an application-specified resource allocation policy. A web entity includes a principal instance contending for the resource. The process identifies resource allocation mechanisms from each resource type based at least in part on the DOM-recursive sharing policy or the application-specified resource allocation policy along with the resource type.

Abstract translation: 多主体浏览器中的资源共享包括通过至少部分地基于文档对象模型（DOM） - 资源分配策略来确定如何划分用于在两个或更多个web实体之间共享的资源的资源来管理web实体的资源，或者 应用程序指定的资源分配策略。 网络实体包括竞争资源的主体实例。 该过程至少部分地基于DOM递归共享策略或应用指定的资源分配策略以及资源类型来识别来自每种资源类型的资源分配机制。

公开(公告)号：US09413784B2

公开(公告)日：2016-08-09

申请号：US14020735

申请日：2013-09-06

Applicant: Microsoft Corporation

Inventor： Tadayoshi Kohno ,  David A. Molnar ,  Alexander N. Moshchuk ,  Franziska Roesner ,  Jiahe Helen Wang

IPC: G06F21/00 ,  H04L29/06 ,  G06F21/54 ,  G06F21/62 ,  H04W12/08 ,  H04W4/00 ,  H04W88/02 ,  H04W12/02

CPC classification number: H04L63/20 ,  G06F21/54 ,  G06F21/6245 ,  G06F2221/2111 ,  H04W4/80 ,  H04W12/02 ,  H04W12/08 ,  H04W88/02

Abstract: Functionality is described herein for managing the behavior of one or more applications, such as augmented reality applications and/or other environment-sensing applications. The functionality defines permission information in a world-driven manner, which means that the functionality uses a trusted mechanism to identify cues in the sensed environment, and then maps those cues to permission information. The functionality then uses the permission information to govern the operation of one or more applications.

Abstract translation: 本文描述了用于管理一个或多个应用（例如增强现实应用和/或其他环境感测应用）的行为的功能。 该功能以世界驱动的方式定义许可信息，这意味着功能使用可信机制来识别感测环境中的提示，然后将这些提示映射到许可信息。 然后，该功能使用权限信息来管理一个或多个应用程序的操作。

公开(公告)号：US20150071555A1

公开(公告)日：2015-03-12

申请号：US14020708

申请日：2013-09-06

Applicant: Microsoft Corporation

Inventor： Loris D'Antoni ,  Alan M. Dunn ,  Suman Jana ,  Tadayoshi Kohno ,  Benjamin Livshits ,  David A. Molnar ,  Alexander N. Moshchuk ,  Eyal Ofek ,  Franziska Roesner ,  Timothy Scott Saponas ,  Margus Veanes ,  Jiahe Helen Wang

IPC: G06K9/03 ,  G06T19/00 ,  G06F21/62 ,  G06K9/00

CPC classification number: G06F21/6218 ,  G06F2221/2141 ,  G06F2221/2149 ,  G06K9/00671

Abstract: Functionality is described herein by which plural environment-sensing applications capture information from an environment in a fine-grained and least-privileged manner. By doing so, the functionality reduces the risk that private information that appears within the environment will be released to unauthorized parties. Among other aspects, the functionality provides an error correction mechanism for reducing the incidence of false positives in the detection of objects, an offloading technique for delegating computationally intensive recognition tasks to a remote computing framework, and a visualization module by which a user may inspect the access rights to be granted (or already granted) to each application.

Abstract translation: 本文描述了功能性，通过该功能，多个环境感测应用以细粒度和最小特权的方式从环境捕获信息。 通过这样做，功能可以降低出现在环境中的私人信息将被释放给未授权方的风险。 在其他方面中，功能提供了一种用于减少对象检测中的误报的发生率的错误校正机制，用于将计算密集型识别任务委派给远程计算框架的卸载技术，以及用户可以通过该可视化模块检查 每个应用程序授予（或已经授予）的访问权限。

公开(公告)号：US20130212283A1

公开(公告)日：2013-08-15

申请号：US13725582

申请日：2012-12-21

Applicant: Microsoft Corporation

Inventor： Jiahe Helen Wang ,  Alexander Moshchuk

IPC: G06F15/173

CPC classification number: H04L47/783 ,  G06F9/50

Abstract: Techniques for providing resource sharing in a multi-principal browser are described. Resource sharing includes managing a resource for web entity by determining how to divide the resource to share among two or more web entities based at least in part on a Document Object Model (DOM)-recursive resource allocation policy or an application-specified resource allocation policy. A web entity includes a principal instance contending for the resource. The process identifies resource allocation mechanisms from each resource type based at least in part on the DOM-recursive sharing policy or the application-specified resource allocation policy along with the resource type.

Abstract translation: 描述了在多主浏览器中提供资源共享的技术。 资源共享包括至少部分地基于文档对象模型（DOM） - 资源分配策略或应用指定的资源分配策略，通过确定如何划分资源以在两个或多个web实体之间共享来管理web实体的资源 。 网络实体包括竞争资源的主体实例。 该过程至少部分地基于DOM递归共享策略或应用指定的资源分配策略以及资源类型来识别来自每种资源类型的资源分配机制。

公开(公告)号：US20130145043A1

公开(公告)日：2013-06-06

申请号：US13752216

申请日：2013-01-28

Applicant: Microsoft Corporation

Inventor： Chuanxiong Guo ,  Jiahe Helen Wang ,  Qing Yu ,  Yongguang Zhang ,  Youjun Liu

IPC: H04L29/12

CPC classification number: H04L61/20 ,  G06F17/30241 ,  G06F17/3087

Abstract: A network address mapping system is described. The network address mapping system can identify a set of Web pages, collects information from the Web pages indicating geographical locations (“geolocations”), and correlate the geolocations with the network addresses from which the identified Web pages are served. The collected information can be weighted based on various factors, such as its relative position in a Web page. The collected information can then be used to identify a geolocation. The network mapping system can deduce geolocations for portions of ranges of network addresses based on the score, and can infer geolocations for other portions based on the deduced geolocations. This mapping can then be stored in a database and provided as a geomapping service. The network address mapping system is able to map network addresses to geographical locations. Thereafter, when a user's client computing device accesses a Web server, the Web server can easily and accurately determine a geographical location by querying the database storing the mapping or a geomapping service.

公开(公告)号：US09355268B2

公开(公告)日：2016-05-31

申请号：US14020708

申请日：2013-09-06

Applicant: Microsoft Corporation

Inventor： Loris D'Antoni ,  Alan M. Dunn ,  Suman Jana ,  Tadayoshi Kohno ,  Benjamin Livshits ,  David A. Molnar ,  Alexander N. Moshchuk ,  Eyal Ofek ,  Franziska Roesner ,  Timothy Scott Saponas ,  Margus Veanes ,  Jiahe Helen Wang

IPC: G06K9/00 ,  G06F21/62

CPC classification number: G06F21/6218 ,  G06F2221/2141 ,  G06F2221/2149 ,  G06K9/00671

Abstract: Functionality is described herein by which plural environment-sensing applications capture information from an environment in a fine-grained and least-privileged manner. By doing so, the functionality reduces the risk that private information that appears within the environment will be released to unauthorized parties. Among other aspects, the functionality provides an error correction mechanism for reducing the incidence of false positives in the detection of objects, an offloading technique for delegating computationally intensive recognition tasks to a remote computing framework, and a visualization module by which a user may inspect the access rights to be granted (or already granted) to each application.

Abstract translation: 本文描述了功能性，通过该功能，多个环境感测应用以细粒度和最小特权的方式从环境捕获信息。 通过这样做，功能可以降低出现在环境中的私人信息将被释放给未授权方的风险。 在其他方面中，功能提供了一种用于减少对象检测中的误报的发生率的错误校正机制，用于将计算密集型识别任务委派给远程计算框架的卸载技术，以及用户可以通过该可视化模块检查 每个应用程序授予（或已经授予）的访问权限。

公开(公告)号：US20150074746A1

公开(公告)日：2015-03-12

申请号：US14166774

申请日：2014-01-28

Applicant: Microsoft Corporation

Inventor： Tadayoshi Kohno ,  David A. Molnar ,  Alexander N. Moshchuk ,  Franziska Roesner ,  Jiahe Helen Wang

IPC: G06F21/60 ,  G06F21/34

CPC classification number: G06F21/60 ,  G06F21/34 ,  G06F21/6245 ,  H04L63/0823 ,  H04L63/102 ,  H04L63/107

Abstract: Functionality is described herein for receiving events which characterize features in an environment, and for identifying at least one policy based on the events. The functionality consults a certificate, associated with the policy, to determine whether the policy is valid. If valid, the functionality uses the policy to govern the behavior of at least one application, such as by controlling the application's consumption of events. A trusted passport authority may be employed to generate the certificates. Each certificate may: (1) identify that it originated from the trusted passport authority; (2) contain context information which describes a context in which the policy is intended to be applied within an environment; and/or (3) contain machine-readable content that, when executed, carries out at least one aspect of the policy.

Abstract translation: 本文描述了用于接收表征环境中的特征的事件以及用于基于事件识别至少一个策略的功能。 功能参考与策略相关联的证书，以确定策略是否有效。 如果有效，该功能使用策略来管理至少一个应用程序的行为，例如通过控制应用程序的事件消耗。 可以使用值得信赖的护照机构来生成证书。 每个证书可以：（1）识别它来自受信任的护照机构; （2）包含描述策略旨在在环境中应用的上下文的上下文信息; 和/或（3）包含机器可读内容，其在执行时执行策略的至少一个方面。

公开(公告)号：US20130055396A1

公开(公告)日：2013-02-28

申请号：US13660808

申请日：2012-10-25

Applicant: Microsoft Corporation

Inventor： Jiahe Helen Wang ,  Jacob R. Lorch ,  Bryan Jeffrey Parno

IPC: G06F21/00

CPC classification number: G06F21/53

Abstract: The subject disclosure relates to systems and methods that secure anti-virus software through virtualization. Anti-virus systems can be maintained separate from user applications and operating system through virtualization. The user applications and operating system run in a guest virtual machine while anti-virus systems are isolated in a secure virtual machine. The virtual machines are partially interdependent such that the anti-virus systems can monitor user applications and operating systems while the anti-virus systems remain free from possible malicious attack originating from a user environment. Further, the anti-virus system is secured against zero-day attacks so that detection and recovery may occur post zero-day.

公开(公告)号：US09697365B2

公开(公告)日：2017-07-04

申请号：US14166774

申请日：2014-01-28

Applicant: Microsoft Corporation

Inventor： Tadayoshi Kohno ,  David A. Molnar ,  Alexander N. Moshchuk ,  Franziska Roesner ,  Jiahe Helen Wang

IPC: H04L29/06 ,  G06F21/60 ,  G06F21/34 ,  G06F21/62

CPC classification number: G06F21/60 ,  G06F21/34 ,  G06F21/6245 ,  H04L63/0823 ,  H04L63/102 ,  H04L63/107

Abstract: Functionality is described herein for receiving events which characterize features in an environment, and for identifying at least one policy based on the events. The functionality consults a certificate, associated with the policy, to determine whether the policy is valid. If valid, the functionality uses the policy to govern the behavior of at least one application, such as by controlling the application's consumption of events. A trusted passport authority may be employed to generate the certificates. Each certificate may: (1) identify that it originated from the trusted passport authority; (2) contain context information which describes a context in which the policy is intended to be applied within an environment; and/or (3) contain machine-readable content that, when executed, carries out at least one aspect of the policy.

公开(公告)号：US08788664B2

公开(公告)日：2014-07-22

申请号：US13752216

申请日：2013-01-28

Applicant: Microsoft Corporation

Inventor： Chuanxiong Guo ,  Jiahe Helen Wang ,  Qing Yu ,  Yongguang Zhang ,  Youjun Liu

IPC: G06F15/16

CPC classification number: H04L61/20 ,  G06F17/30241 ,  G06F17/3087

Abstract: A network address mapping system is described. The network address mapping system can identify a set of Web pages, collects information from the Web pages indicating geographical locations (“geolocations”), and correlate the geolocations with the network addresses from which the identified Web pages are served. The collected information can be weighted based on various factors, such as its relative position in a Web page. The collected information can then be used to identify a geolocation. The network mapping system can deduce geolocations for portions of ranges of network addresses based on the score, and can infer geolocations for other portions based on the deduced geolocations. This mapping can then be stored in a database and provided as a geomapping service. The network address mapping system is able to map network addresses to geographical locations. Thereafter, when a user's client computing device accesses a Web server, the Web server can easily and accurately determine a geographical location by querying the database storing the mapping or a geomapping service.

Abstract translation: 描述网络地址映射系统。 网络地址映射系统可以识别一组网页，从指定地理位置（“地理位置”）的网页收集信息，以及将地理位置与所识别的网页从其提供的网络地址相关联。 所收集的信息可以基于各种因素加权，例如其在网页中的相对位置。 然后可以使用收集的信息来识别地理位置。 网络映射系统可以基于分数推断出部分网络地址范围的地理位置，并且可以基于推导的地理位置来推断其他部分的地理位置。 然后，该映射可以存储在数据库中并作为地理服务提供。 网络地址映射系统能够将网络地址映射到地理位置。 此后，当用户的客户计算设备访问Web服务器时，Web服务器可以通过查询存储映射的数据库或地理位置服务来容易且准确地确定地理位置。