-
公开(公告)号:US09461985B2
公开(公告)日:2016-10-04
申请号:US13850091
申请日:2013-03-25
Applicant: Microsoft Technology Licensing, LLC
Inventor: Abolade Gbadegesin , Dharma K. Shukla , Thomas A. Galvin , David R. Reed , Nikolay Smolyanskiy , Eric Fleischman , Roman Batoukov
CPC classification number: H04L63/10 , H04L63/0807 , H04L63/0884 , H04L63/101
Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g., user identification ticket).
-
公开(公告)号:US20160226875A1
公开(公告)日:2016-08-04
申请号:US15095459
申请日:2016-04-11
Applicant: Microsoft Technology Licensing, LLC
Inventor: Abolade Gbadegesin , Dharma K. Shukla , Thomas A. Galvin , David R. Reed , Nikolay Smolyanskiy , Eric Fleischman , Roman Batoukov
IPC: H04L29/06
CPC classification number: H04L63/10 , H04L63/0807 , H04L63/0884 , H04L63/101
Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g., user identification ticket).
-
Patent Agency Ranking
公开(公告)号:US20160080358A1
公开(公告)日:2016-03-17
申请号:US14946142
申请日:2015-11-19
Applicant: Microsoft Technology Licensing, LLC
Inventor: Arash Ghanaie-Sichanie , Matthew S. Augustine , Dharma K. Shukla , Hari Krishnan , Matthew J. Burdick
IPC: H04L29/06 , H04L12/911 , G06F17/22
CPC classification number: H04L63/083 , G06F17/2247 , G06F21/53 , H04L9/3234 , H04L47/70 , H04L63/08 , H04L63/10 , H04L63/102 , H04L67/42 , H04L2209/80
Abstract: An application host (such as a web application server) may execute a set of applications on behalf of a set of users. Such applications may not be fully trusted, and a two-way isolation of the distributed resources of an application (e.g., the executing application, the application user interface on the user's computer, and server- and client-side stored resources) from other applications may be desirable. This isolation may be promoted utilizing the cross-domain restriction policies of each user's computer by allocating a distinct subdomain of the application host for each application. The routing of network requests to a large number of distinct subdomains may be economized by mapping all distinct subdomains to the address of the domain of the application host. Moreover, the application user interfaces may be embedded in an isolation construct (e.g., an IFRAME HTML element) to promote two-way isolation among application user interfaces and client-side application resources.
Abstract translation: 应用程序主机(如Web应用程序服务器)可以代表一组用户执行一组应用程序。 这样的应用可能不是完全信任的,并且应用程序的分布式资源(例如,执行应用程序,用户计算机上的应用程序用户界面以及服务器端和客户端存储的资源)与其他应用程序的双向隔离 可能是可取的。 可以通过为每个应用分配应用主机的不同子域来利用每个用户计算机的跨域限制策略来促进这种隔离。 通过将所有不同的子域映射到应用程序主机的域的地址,可以节省网络请求到大量不同子域的路由。 此外,应用程序用户界面可以嵌入到隔离构造(例如,IFRAME HTML元素)中,以促进应用程序用户界面和客户端应用程序资源之间的双向隔离。
-
公开(公告)号:US10447684B2
公开(公告)日:2019-10-15
申请号:US14946142
申请日:2015-11-19
Applicant: Microsoft Technology Licensing, LLC
Inventor: Arash Ghanaie-Sichanie , Matthew S. Augustine , Dharma K. Shukla , Hari Krishnan , Matthew J. Burdick
Abstract: An application host (such as a web application server) may execute a set of applications on behalf of a set of users. Such applications may not be fully trusted, and a two-way isolation of the distributed resources of an application (e.g., the executing application, the application user interface on the user's computer, and server- and client-side stored resources) from other applications may be desirable. This isolation may be promoted utilizing the cross-domain restriction policies of each user's computer by allocating a distinct subdomain of the application host for each application. The routing of network requests to a large number of distinct subdomains may be economized by mapping all distinct subdomains to the address of the domain of the application host. Moreover, the application user interfaces may be embedded in an isolation construct (e.g., an IFRAME HTML element) to promote two-way isolation among application user interfaces and client-side application resources.
-
公开(公告)号:US09930039B2
公开(公告)日:2018-03-27
申请号:US15095459
申请日:2016-04-11
Applicant: Microsoft Technology Licensing, LLC
Inventor: Abolade Gbadegesin , Dharma K. Shukla , Thomas A. Galvin , David R. Reed , Nikolay Smolyanskiy , Eric Fleischman , Roman Batoukov
CPC classification number: H04L63/10 , H04L63/0807 , H04L63/0884 , H04L63/101
Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g., user identification ticket).
-
公开(公告)号:US09967258B2
公开(公告)日:2018-05-08
申请号:US15251247
申请日:2016-08-30
Applicant: Microsoft Technology Licensing, LLC
Inventor: Abolade Gbadegesin , Dharma K. Shukla , Thomas A. Galvin , David R. Reed , Nikolay Smolyanskiy , Eric Fleischman , Roman Batoukov
CPC classification number: H04L63/10 , H04L63/0807 , H04L63/0884 , H04L63/101
Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g., user identification ticket).
-
公开(公告)号:US20160373451A1
公开(公告)日:2016-12-22
申请号:US15251247
申请日:2016-08-30
Applicant: Microsoft Technology Licensing, LLC
Inventor: Abolade Gbadegesin , Dharma K. Shukla , Thomas A. Galvin , David R. Reed , Nikolay Smolyanskiy , Eric Fleischman , Roman Batoukov
IPC: H04L29/06
CPC classification number: H04L63/10 , H04L63/0807 , H04L63/0884 , H04L63/101
Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g., user identification ticket).
-
-
-
-
-
-
Search Results
7
records
(took 0.015 seconds)
