Secure Application Interoperation via User Interface Gestures

US 20110307817A1
Filed: 06/11/2010
Published: 12/15/2011
Est. Priority Date: 06/11/2010
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable media storing computer-executable instructions that, when executed by one or more processors, cause the one or more processors to perform acts comprising:

detecting an atomic user gesture requesting to facilitate a communication between a first location of a computing device and a second location of the computing device, the computing device providing a bilateral security boundary isolating communications from the first location to the second location and from the second location to the first location; and

at least partly in response to the detecting of the atomic user gesture,piercing the bilateral security boundary isolating the communications from the first location to the second location and from the second location to the first location; and

facilitating the requested communication between the first location and the second location.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques for facilitating secure application interoperation via user interface (UI) gestures in computing devices that strictly isolate applications operating thereon are described herein. For instance, applications may define one or more specific UI gestures that, when executed by the user, express that the user desires for the computing device to allow for an instance of directed, ephemeral, by-value communication between two isolated applications. In some implementations, the gesture is an atomic gesture, such as a drag-and-drop operation. That is, the gesture is one that the user completes continuously and without interruption.

78 Citations

View as Search Results

20 Claims

1. One or more computer-readable media storing computer-executable instructions that, when executed by one or more processors, cause the one or more processors to perform acts comprising:
- detecting an atomic user gesture requesting to facilitate a communication between a first location of a computing device and a second location of the computing device, the computing device providing a bilateral security boundary isolating communications from the first location to the second location and from the second location to the first location; and
  
  at least partly in response to the detecting of the atomic user gesture,piercing the bilateral security boundary isolating the communications from the first location to the second location and from the second location to the first location; and
  
  facilitating the requested communication between the first location and the second location.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. One or more computer-readable media as recited in claim 1, wherein the atomic user gesture comprises a gesture that is uninterrupted and continuous from selection of the first location through selection of the second location.
  - 3. One or more computer-readable media as recited in claim 2, wherein the atomic user gesture comprises a drag-and-drop gesture.
  - 4. One or more computer-readable media as recited in claim 1, wherein:
    - the atomic user gesture specifies the first location as a source of the requested communication and the second location as a destination of the requested communication; and
      
      the facilitating of the requested communication comprises facilitating communication from the source to the destination while refraining from facilitating communication from the destination to the source.
  - 5. One or more computer-readable media as recited in claim 1, wherein:
    - the requested communication comprises a request to move data from the first location to the second location; and
      
      the facilitating of the requested communication comprises moving the data from the first location to the second location.
  - 6. One or more computer-readable media as recited in claim 5, wherein the moving of the data from the first location to the second location comprises:
    - copying out a value of the data from the first location; and
      
      copying the value of the data into the second location and refraining from copying in an address of the data.
  - 7. One or more computer-readable media as recited in claim 5, wherein the moving of the data from the first location to the second location is free from imparting a permission to the second location to access the data from the first location at a later time.

8. A system comprising:
- one or more processors;
  
  memory, accessible by the one or more processors;
  
  multiple applications, stored in the memory and executable by the one or more processors; and
  
  an operating system, stored in the memory and executable by the one or more processors to;
  
  run the multiple applications on the computing device and enforce security boundaries isolating each of the multiple applications from the other;
  
  detect a gesture made by a user, the gesture requesting to enable communication between a first of the multiple applications and a second of the multiple applications and across a security boundary there between; and
  
  enable the communication between the first and the second application and across the security boundary there between at least partly in response to the detecting of the gesture and without prompting the user for permission.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A system as recited in claim 8, wherein:
    - the request to enable the communication comprises a request to move data from the first application to the second application; and
      
      the gesture comprises a gesture that is uninterrupted and continuous from selection of the first application as a source of the data and selection of the second application as a destination of the data.
  - 10. A system as recited in claim 8, wherein the gesture comprises a drag-and-drop gesture dragging data from a window associated with the first application and dropping the data into a window associated with the second application.
  - 11. A system as recited in claim 8, wherein:
    - the gesture specifies a direction of the communication between the first and the second application; and
      
      the operating system is executable by the one or more processors to enable the communication between the first and the second application in the specified direction while refraining from enabling communication in an opposite direction.
  - 12. A system as recited in claim 8, wherein:
    - the request to enable the communication comprises a request to move data from the first application to the second application; and
      
      the operating system is executable by the one or more processors to enable the communication by;
      
      copying out a value of the data from the first application; and
      
      copying the value of the data into the second application while refraining from copying in an address of the data.
  - 13. A system as recited in claim 8, wherein the operating system is further executable by the one or more processors to:
    - refrain from imparting a future permission to the first and the second applications to communicate with one another across the security boundary there between at a later time.
  - 14. A system as recited in claim 8, wherein the security boundary between the first and the second application comprises a bilateral security boundary that prevents communications from the first application to the second application and communications from the second application to the first application.

15. A method implemented at least in part by a computing device, the method comprising:
- detecting a predefined gesture that specifies an intent of a user to move data from a first application to a second application and across a security boundary there between;
  
  moving the data from the first application to the second application and across the security boundary there between at least partly in response to the detecting of the gesture and without prompting the user for permission;
  
  again detecting the predefined gesture, the again detected gesture specifying an intent of the user to move different data from a third application to a fourth application and across a security boundary there between; and
  
  moving the different data from the third application to the fourth application and across the security boundary there between at least partly in response to the again detecting of the gesture and without prompting the user for permission.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. A method as recited in claim 15, wherein the predefined gesture comprises a gesture that is uninterrupted and continuous from selection of a source of data to be moved through selection of a destination of the data to be moved.
  - 17. A method as recited in claim 15, wherein:
    - the moving of the data from the first application to the second application comprises obtaining a constant object representing the data from the first application and providing the constant object representing the data to the second application; and
      
      the moving of the different data from the third application to the fourth application comprises obtaining a constant object representing the different data from the third application and providing the constant object representing the different data to the fourth application.
  - 18. A method as recited in claim 15, wherein the data is stored at a particular address on a file system and the different data is stored at a different particular address on the file system, and wherein:
    - the moving of the data from the first application to the second application comprises refraining from providing the particular address of the data on the file system to the second application; and
      
      .the moving of the different data from the third application to the fourth application comprises refraining from providing the different particular address of the different data on the file system to the fourth application.
  - 19. A method as recited in claim 15, wherein:
    - the moving of the data from the first application to the second application is free from granting the second application future access to the data from the first application; and
      
      the moving of the different data from the third application to the fourth application is free from granting the fourth application future access to the data from the third application.
  - 20. A method as recited in claim 15, wherein the data from the first application is from a file associated with a particular format, and the different data from the third application is from a different file associated with a different particular format.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Douceur, John R., Howell, Jonathan R.

Granted Patent

US 8,335,991 B2
Time in Patent Office

Days
Field of Search
US Class Current

715/769
CPC Class Codes

G06F 3/0486 Drag-and-drop

Secure Application Interoperation via User Interface Gestures

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

78 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Secure Application Interoperation via User Interface Gestures

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

78 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others