Secure and Stable Hosting of Third-Party Extensions to Web Services

US 20070011199A1
Filed: 12/15/2005
Published: 01/11/2007
Est. Priority Date: 06/20/2005
Status: Active Grant

First Claim

Patent Images

1. One or more computer operating environments comprising:

a host computing system having one or more processing cores and one or more memory subsystems, the host computing system configured to execute computer-executable instructions of one or more isolation processes (isoprocs), wherein each isoproc'"'"'s ability to communicate is limited to only defined communication channels over which it has express permission to communicate;

a communication-channel regulator configured to selectively grant one or more isoprocs express permission to communicate over one or more defined communication channels.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Described herein are one or more computer operating environments that include a standard set of web services via a communications network (e.g., the Internet) and a mechanism for extending the standard set of web services to execute one or more extended web services. Since these extended web services may be produced by an unconfirmed or untrusted source (e.g., a third-party software developer), the described computer operating environments isolate the extended web services from the standard set of web services and from the communication network. Furthermore, each extended web service is an isolated process (isoproc) with a limited ability to communicate with other services. In particular, each isoproc'"'"'s ability to communicate is limited to only associated defined communication channels over which it has express permission to communicate.

121 Citations

View as Search Results

22 Claims

1. One or more computer operating environments comprising:
- a host computing system having one or more processing cores and one or more memory subsystems, the host computing system configured to execute computer-executable instructions of one or more isolation processes (isoprocs), wherein each isoproc'"'"'s ability to communicate is limited to only defined communication channels over which it has express permission to communicate;
  
  a communication-channel regulator configured to selectively grant one or more isoprocs express permission to communicate over one or more defined communication channels.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 14)
- - 2. One or more computer operating environments as recited in claim 1, wherein an isoproc, which is executing on a host computing system, is selected from a group consisting of a hardware isolation process (HIP), firmware isolation process (FIP), and software isolation process (SIP).
  - 3. One or more computer operating environments as recited in claim 1, wherein the express permission granted by the communication-channel regulator defines communications properties of a defined communication channel.
  - 4. One or more computer operating environments as recited in claim 1, wherein the express permission granted by the communication-channel regulator defines communications properties of a defined communication channel of a subject isoproc, wherein such properties include one or more of the following:
    - with which other isoprocs that a subject isoproc may communicate;
      
      resources on the system that the isoproc may access across a channel;
      
      other processes on the system that the isoproc may interact with;
      
      ability to access communication mechanisms (e.g. TCP or web protocols) to communicate with other systems;
      
      ability to communicate with specific systems;
      
      type of communication;
      
      rate, amount, and time of communication.
  - 5. One or more computer operating environments as recited in claim 1 further comprising a mediator configured to mediate communication via multiple isoprocs.
  - 6. One or more computer operating environments as recited in claim 1, wherein the one or more computing operating environments are a web service.
  - 7. One or more computer operating environments as recited in claim 1, wherein the one or more computing operating environments are large-scale multi-user distributed games or simulators.
  - 8. One or more computer operating environments as recited in claim 1, wherein the one or more computing operating environments are massively multiplayer online game.
  - 9. One or more computer operating environments as recited in claim 1, wherein the communication-channel regulator is further configured to prevent an executing subject isoproc from directly affecting the execution of other executing isoprocs.
  - 10. One or more computer operating environments as recited in claim 1, wherein the communication-channel regulator is further configured to prevent an executing subject isoproc from communicating with other executing isoprocs except for a defined set of other executing isoprocs.
  - 11. One or more computer operating environments as recited in claim 1, wherein the communication-channel regulator is further configured to prevent an executing subject isoproc from accessing the resources of other executing isoprocs except for a defined set of other executing isoprocs.
  - 12. One or more computer operating environments as recited in claim 1, wherein the communication-channel regulator is further configured to prevent an executing subject isoproc from communicating with other computing systems over a communications network, unless the executing subject isoproc is expressly permitted to do so.
  - 14. One or more computer operating environments as recited in claim 1 further comprising a cloaking or filtering mechanism configured to hide data from one or more isoprocs executing on the host computing system.

13. One or more computer operating environments further comprising a mediator configured to mediate communication via one or more isoprocs and communications network, the network being external to the host computing system.

15. One or more computer-readable media having computer-executable instructions that, when executed by a computer, perform a method comprising:
- executing instructions of a defined standard set of one or more isolation processes (isoprocs), wherein each isoproc'"'"'s ability to communicate is limited to only associated defined communication channels over which it has express permission to communicate;
  
  executing instructions of an extended isoproc, which is not part of the standard set, the extended isoproc having express permission to communicate with one or more defined members of the standard set and thus cannot communicate with the other members of the standard set.
- View Dependent Claims (16, 17)
- - 16. One or more computer-readable media of claim 15, wherein the defined standard set of one or more isoprocs represent a massively multiplayer online game (MMOG) and the extended isoproc is a “
    - mod”
      
      to the MMOG.
  - 17. One or more computer-readable media of claim 15, wherein the executing instructions of the extended isoproc is further characterized by the extended isoproc'"'"'s ability to communicate with an external communications network is provided by an express permission to communicate via a mediation isoproc.

18. One or more computer-readable media having computer-executable instructions that, when executed by a computer, perform a method comprising:
- providing a standard set of web services via a communications network;
  
  providing a mechanism for extending the standard set of web services to execute one or more extended processes;
  
  isolating the extended processes from the standard set of web services and from the communication network.
- View Dependent Claims (19, 20, 21, 22)
- - 19. One or more computer-readable media of claim 18, wherein the ability of each of the one or more extended processes to communicate with members of the web services and with other extended processes is limited to only defined communication channels over which an extended process has express permission to communicate.
  - 20. One or more computer-readable media of claim 18, wherein each of the member of the standard set of web services and the one or more extended processes is selected from a group consisting of a hardware isolation process (HIP), firmware isolation process (FIP), and software isolation process (SIP).
  - 21. One or more computer-readable media of claim 18, wherein the isolating act is characterized by preventing the extended processes from impersonating the standard set of web services or any member thereof.
  - 22. One or more computer-readable media of claim 18, wherein the isolating act is characterized by defining with which other processes that an extended process may communicate and regulating such communication there between.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Gounares, Alexander, Larus, James, Hunt, Galen, Endres, Raymond

Granted Patent

US 8,849,968 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/53 by executing in a restricte...

Secure and Stable Hosting of Third-Party Extensions to Web Services

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

121 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Secure and Stable Hosting of Third-Party Extensions to Web Services

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

121 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links