System method and model for social security interoperability among intermittently connected interoperating devices

US 7,600,252 B2
Filed: 06/08/2005
Issued: 10/06/2009
Est. Priority Date: 06/08/2004
Status: Expired due to Fees

First Claim

Patent Images

1. A method for automatically and transitively spreading the access rights and credentials for a plurality of application instances of a single self-distributed interoperability application package that makes use of combined resources of teamed interoperability devices as if they were one device between the teamed interoperability devices, the method comprising:

(1) assigning to each interoperability device a unique identifier (id);

(2) assigning to each interoperability device an initial set of access rights, the access rights identifying application instances which are allowed to run on the interoperability device to which the initial access rights are assigned and when allowed to run, further identifying content and application program interfaces the application instance is permitted to access on the interoperability device;

(3) assigning to each interoperability software application package including at least one independently executable application package image as part of the interoperability software package one or more unique ids and embedding in the interoperability software package the sets of unique ids and associated access rights needed by all and or each independently executable application package image that are part of the interoperability application package;

(4) establishing a communication over a communication channel between first and second interoperability devices and comparing the existing access rights between the first and the second interoperability devices; and

(5) modifying the access rights of the communicating first and the second interoperability devices to synchronize the access rights for the interaction between the first and the second interoperability devices so that the access rights for the interaction for device teams or applications associated with the unique ids that are no more restrictive than those existing for the interoperability of the two devices on either device.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

System, device, method, and computer program and computer program products for providing communicating between devices having similar or dissimilar characteristics and facilitating seamless interoperability between them. Computer program software and methods of and systems and devices for sharing of content, applications, resources and control across similar and dissimilar permanently or intermittently connected electronic devices. Devices, systems, appliances, and the like communicating and/or interoperating within the framework provided. Social security interoperability model and method, such as Dart Social Security Interoperability, provide particularly method for forming webs of security between teams of intermittently connected devices. Foundation for social security is use of social synchronization to spread unique identifiers along with allowed access rights which travel transitively from device to device. Devices which have never communicated will find that they are part of team which are allowed to interoperate with certain access rights without need for further gathering permissions.

Citations

16 Claims

1. A method for automatically and transitively spreading the access rights and credentials for a plurality of application instances of a single self-distributed interoperability application package that makes use of combined resources of teamed interoperability devices as if they were one device between the teamed interoperability devices, the method comprising:
- (1) assigning to each interoperability device a unique identifier (id);
  
  (2) assigning to each interoperability device an initial set of access rights, the access rights identifying application instances which are allowed to run on the interoperability device to which the initial access rights are assigned and when allowed to run, further identifying content and application program interfaces the application instance is permitted to access on the interoperability device;
  
  (3) assigning to each interoperability software application package including at least one independently executable application package image as part of the interoperability software package one or more unique ids and embedding in the interoperability software package the sets of unique ids and associated access rights needed by all and or each independently executable application package image that are part of the interoperability application package;
  
  (4) establishing a communication over a communication channel between first and second interoperability devices and comparing the existing access rights between the first and the second interoperability devices; and
  
  (5) modifying the access rights of the communicating first and the second interoperability devices to synchronize the access rights for the interaction between the first and the second interoperability devices so that the access rights for the interaction for device teams or applications associated with the unique ids that are no more restrictive than those existing for the interoperability of the two devices on either device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein one or more of the following are true:
    - (1) the interoperability device comprises a Dart device;
      
      (2) the basis for the unique ids are an interoperability security procedure;
      
      (3) the access rights identify application instances which are allowed to run on the interoperability device to which the initial access rights are assigned and when allowed to run, and identify content and application program interfaces the application instance is permitted to use on the interoperability device;
      
      (4) the package is an interoperability software package and/or a Dart;
      
      (5) the opening of a communication channel is initiated as part of a device recruitment procedure; and
      
      (6) the access rights are synchronized using a social synchronization procedure.
  - 3. The method of claim 1, wherein the method is carried out in the following steps:
    - (1) initiating a communication session from an interoperability software package running on an initiating interoperability device to a target interoperability device in order to carry out a particular interoperability purpose;
      
      (2) determining if proper access rights exist between and among the devices for the intended purpose; and
      
      (3) if the proper access rights exist, the application software package is allowed to extend its execution to the target device by sending an independently executable image to the target device and running the image in a context with the needed access rights.
  - 4. The method of claim 3, further comprising:
    - (4) if during execution the independently executable image attempts an access not allowed by the needed access rights of the context in which it is running, the execution will be terminated by the interoperability engine on the target device.
  - 5. The method of claim 4, further comprising:
    - (5) if the proper required access rights do not exist, the user or users are presented as necessary on one or both devices on a user interface requesting that the proper access rights be granted and or the proper credentials be provided.
  - 6. The method of claim 5, further comprising:
    - (6) if the proper access rights are granted and/or the proper credentials are provided, the user may optionally be requested specify if the access rights and credentials are to be stored on the devices for a period of time.
  - 7. The method of claim 6, wherein the period of time may optionally be selected from the periods of time consisting of:
    - (i) the lifetime of the current communication session, (ii) a specified period of time or target date and time when the access rights and or credentials storage and or use are to expire;
      
      (iii) for an open period of time without defined expiration, or (iv) forever or forever until revoked.
  - 8. The method of claim 6, further comprising:
    - (7) independently of whether or not the proper access rights exist or are granted and/or the proper credentials are gathered for the specific purpose and then stored the following procedure is optionally preformed;
      
      all the now stored access rights and credentials that are valid forever for all devices and interoperability applications ever stored which are no more restrictive than those for the same devices or applications as indicated by the unique ids of the devices and applications associated with the stored access rights and credentials are then synchronized across both devices.
  - 9. The method of claim 8, wherein the effect is that the access rights already gathered for devices and applications at the level or below that is now common to both devices will now be allowed without user prompting even in cases where the unique ids, access rights, and/or credentials where never directly exchanged between two interoperability devices.
  - 10. The method of claim 8, wherein the step of synchronizing across both devices access rights and credentials may be reversed such that access rights and/or credentials can be subsequently revoked by a device with the proper access rights and/or credentials and/or physical access required by the security mechanisms of the interoperability players that contain the interoperability engines running on the devices.
  - 11. The method of claim 8, wherein the number of user involvements in granting access rights between all combinations of N devices which frequently communicate to be roughly linearly proportional to the number of devices N, rather than other methods wherein the number of user involvements grows faster as N increases.
  - 12. The method of claim 5, wherein the determining if proper access rights exist between and among the devices for the intended purpose, further comprises:
    - (2a) communicating the access rights needs and credentials the software package will need to carry out the interoperability purpose by the executing software package;
      
      (2b) inspecting lists of unique ids and associated access rights and credentials stored on either one of or both devices by the interoperability engines of one or both devices to determine if the devices already have the needed access rights; and
      
      (2c) checking to determine if the access rights and/or credentials already exist on the target device and/or on the initiating device that will allow the access needed for the intended purpose.
  - 13. The method of claim 1, wherein the number of user involvements in granting access rights between all combinations of N devices which frequently communicate to be roughly linearly proportional to the number of devices N, rather than other methods wherein the number of user involvements grows faster as N increases.
  - 14. The method of claim 13, wherein the growth of interactions is substantially proportional to N while conventional other methodologies provide for interactions that are proportional to the (N Choose 2) gamma function because conventional methodologies do not have transitivity.

15. A computer program product for use in conjunction with a computer system or information appliance, the computer program product comprising a tangible computer readable storage medium and a computer program mechanism embedded therein, the computer program mechanism comprising:
- a program module that directs the computer system or information appliance to function in a specified manner for automatically and transitively spreading the access rights and credentials for a plurality of application instances of a single self-distributed interoperability application package that makes use of combined resources of teamed interoperability devices as if they were one device between the teamed interoperability devices, the program module including instructions for;
  
  (1) assigning to each interoperability device a unique id;
  
  (2) assigning to each interoperability device an initial set of access rights, the access rights identifying application instances which are allowed to run on the interoperability device to which the initial access rights are assigned and when allowed to run, further identifying content and application program interfaces the application instance is permitted to access on the interoperability device;
  
  (3) assigning to each interoperability software application package including at least one independently executable application package image as part of the interoperability software package one or more unique ids and embedding in the interoperability software package the sets of unique ids and associated access rights needed by all and or each independently executable application package image that are part of the interoperability application package;
  
  (4) establishing a communication over a communication channel between first and second interoperability devices and comparing the existing access rights between the first and the second interoperability devices; and
  
  (5) modifying the access rights of the communicating first and the second interoperability devices to synchronize the access rights for the interaction between the first and the second interoperability devices so that the access rights for the interaction for device teams or applications associated with the unique ids are no more restrictive than those existing for the interoperability of the two devices on either device.

16. An apparatus that automatically and transitively spreads access rights and credentials for a plurality of application instances of a single self-distributed interoperability application package that makes use of combined resources of teamed interoperability devices as if they were one device between the teamed interoperability devices, the apparatus comprising:
- (1) means for assigning to each interoperability device a unique id;
  
  (2) means for assigning to each interoperability device an initial set of access rights, the access rights identifying application instances which are allowed to run on the interoperability device to which the initial access rights are assigned and when allowed to run, further identifying content and application program interfaces the application instance is permitted to access on the interoperability device;
  
  (3) means for assigning to each interoperability software application package including at least one independently executable application package image as part of the interoperability software package one or more unique ids and embedding in the interoperability software package the sets of unique ids and associated access rights needed by all and or each independently executable application package image that are part of the interoperability application package;
  
  (4) means for establishing a communication over a communication channel between first and second interoperability devices and comparing the existing access rights between the first and the second interoperability devices; and
  
  (5) means for modifying the access rights of the communicating first and the second interoperability devices to synchronize the access rights for the interaction between the first and the second interoperability devices so that the access rights for the interaction for device teams or applications associated with the unique ids are no more restrictive than those existing for the interoperability of the two devices on either device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
David E. Kahn
Original Assignee
DARTdevices Interop Corp.
Inventors
Bernstein, Bruce, Mirabella, Richard, Pieb, Wolfgang, Illowsky, Daniel, Wenocur, Michael, Tiberi, Richard, Sidney, Raymond
Primary Examiner(s)
Cervetti; David Garcia

Application Number

US11/149,075
Publication Number

US 20060015936A1
Time in Patent Office

1,581 Days
Field of Search

726/5, 726/18, 726/23, 726/25
US Class Current

726/5
CPC Class Codes

G06F 1/3203   Power management, i.e. even...

G06F 11/2082   Data synchronisation

G06F 16/2365   Ensuring data consistency a...

G06F 21/445   by mutual authentication, e...

G06F 21/6218   to a system of files or obj...

G06F 2209/5015   Service provider selection

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2149   Restricted operating enviro...

G06F 8/10   Requirements analysis; Spec...

G06F 8/20   Software design

G06F 8/24   Object-oriented

G06F 8/30   Creation or generation of s...

G06F 8/41   Compilation

G06F 8/61   Installation

G06F 8/63   Image based installation; C...

G06F 8/658   Incremental updates; Differ...

G06F 8/71   Version control security ar...

G06F 9/449   Object-oriented method invo...

G06F 9/4843   by program, e.g. task dispa...

G06F 9/5011   the resources being hardwar...

G06F 9/5027 : the resource being a machin...

G06F 9/5044 : considering hardware capabi...

G06F 9/5072 : Grid computing

G06F 9/54 : Interprogram communication

G06F 9/541 : via adapters, e.g. between ...

G06F 9/542 : Event management; Broadcast...

H04L 65/1083 : In-session procedures

H04L 65/1094 : Inter-user-equipment sessio...

H04L 65/80 : Responding to QoS

H04L 67/10 : in which an application is ...

H04L 67/104 : Peer-to-peer [P2P] networks

H04L 67/1068 : Discovery involving direct ...

H04L 67/1072 : Discovery involving ranked ...

H04L 67/1095 : Replication or mirroring of...

H04L 67/14 : Session management for real...

H04L 67/51 : Discovery or management the...

H04L 69/08 : Protocols for interworking;...

H04L 69/24 : Negotiation of communicatio...

H04L 69/328 : in the presentation layer [...

H04N 21/41265 : having a remote control dev...

Y02D 10/00 : Energy efficient computing,...

Y02D 30/00 : Reducing energy consumption...

View All

System method and model for social security interoperability among intermittently connected interoperating devices

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

System method and model for social security interoperability among intermittently connected interoperating devices

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links