Client-server input method editor architecture

US 8,904,012 B2
Filed: 11/24/2010
Issued: 12/02/2014
Est. Priority Date: 11/27/2009
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

receiving an input method editor (IME) server request, the IME server request including one or more tokens and requesting that an IME server be instantiated, the IME server executing one or more IME functions based on a key event sent from an IME client, wherein the IME server is a stateful server that stores both requests and responses of a communication session between the IME server and the IME client;

determining that the IME server is authorized to be instantiated in a restrictive environment based on the one or more tokens, wherein each of the one or more of tokens corresponds to a respective restriction level of functionality provided by the restrictive environment;

instantiating the IME server in the restrictive environment in response to determining that the IME server is authorized to be instantiated in the restrictive environment based on the one or more tokens;

responsive to instantiating the IME server, generating a randomly generated path name for communication between the IME client and the IME server, wherein the path name comprises a named pipe;

storing the path name in a user profile directory, wherein access to the user profile directory is enabled by verification of a security token provided by the IME client;

generating a unique session identifier (SID) for a session associated with a user at the IME client; and

transmitting the unique SID to the IME client using a connection that is established based on the path name.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In general, one innovative aspect of the subject matter described in this specification can be embodied in methods that include the actions of receiving an input method editor (IME) server request, the IME server request including one or more tokens and requesting that an IME server be instantiated, the IME server executing one or more IME functions based on a key event sent from an IME client, wherein the IME server is a stateful server that stores both requests and responses of a communication session between the IME server and the IME client, determining that the IME server can be instantiated in a restrictive environment based on the one or more tokens, and instantiating the IME server in the restrictive environment. Other embodiments of this aspect include corresponding systems, apparatus, and computer programs, configured to perform the actions of the methods, encoded on computer storage devices.

16 Citations

22 Claims

1. A computer-implemented method, comprising:
- receiving an input method editor (IME) server request, the IME server request including one or more tokens and requesting that an IME server be instantiated, the IME server executing one or more IME functions based on a key event sent from an IME client, wherein the IME server is a stateful server that stores both requests and responses of a communication session between the IME server and the IME client;
  
  determining that the IME server is authorized to be instantiated in a restrictive environment based on the one or more tokens, wherein each of the one or more of tokens corresponds to a respective restriction level of functionality provided by the restrictive environment;
  
  instantiating the IME server in the restrictive environment in response to determining that the IME server is authorized to be instantiated in the restrictive environment based on the one or more tokens;
  
  responsive to instantiating the IME server, generating a randomly generated path name for communication between the IME client and the IME server, wherein the path name comprises a named pipe;
  
  storing the path name in a user profile directory, wherein access to the user profile directory is enabled by verification of a security token provided by the IME client;
  
  generating a unique session identifier (SID) for a session associated with a user at the IME client; and
  
  transmitting the unique SID to the IME client using a connection that is established based on the path name.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computer-implemented method of claim 1, further comprising:
    - executing one or more checks that verify that the IME server is instantiated in the restrictive environment;
      
      determining that the IME server is not executing in the restrictive environment based on the one or more checks; and
      
      halting the IME server in response to determining that the IME server is not executing in the restrictive environment.
  - 3. The computer-implemented method of claim 2, wherein the one or more checks include at least one of comparing a token value to an expected value, comparing a session identification of the IME server to an expected identification, and determining that the IME server has system privileges.
  - 4. The computer-implemented method of claim 1, further comprising:
    - executing one or more checks that verify that the IME server is instantiated in the restrictive environment; and
      
      determining that the IME server is executing in the restrictive environment based on the one or more checks.
  - 5. The computer-implemented method of claim 1, wherein the restrictive environment limits types of data that the IME server is authorized to write to memory.
  - 6. The computer-implemented method of claim 1, wherein the IME server request is generated by the IME client, and the IME client is a stateless IME client that stores only requests that the IME client issues to the IME server.
  - 7. The computer-implemented method of claim 1, further comprising:
    - instantiating the restrictive environment based on a first token to provide a first restriction level of the restrictive environment;
      
      executing the IME server within the restrictive environment at the first restriction level;
      
      calling a function;
      
      re-instantiating the restrictive environment based on a second token to provide a second restriction level in response to the function.
  - 8. The computer-implemented method of claim 7, wherein the first restriction level is different from the second restriction level.
  - 9. The computer-implemented method of claim 1, wherein the IME client and the IME server are executed on a common device.
  - 10. The computer-implemented method of claim 1, wherein the one or more tokens comprises a security token that corresponds to the path name for communication between the IME server and the IME client.
  - 11. The computer-implemented method of claim 10, wherein the security token further corresponds to a process identifier (PID) of the path name.
  - 12. The computer-implemented method of claim 1, wherein the path name comprises a randomized multi-bit path name.

13. A system, comprising:
- a computer-readable storage medium having instructions stored thereon; and
  
  a device including one or more data processing apparatus that execute the instructions to cause the one or more data processing apparatus to perform operations comprising;
  
  receiving an input method editor (IME) server request, the IME server request including one or more tokens and requesting that an IME server be instantiated, the IME server executing one or more IME functions based on a key event sent from an IME client, wherein the IME server is a stateful server that stores both requests and responses of a communication session between the IME server and the IME client;
  
  determining that the IME server is authorized to be instantiated in a restrictive environment based on the one or more tokens, wherein each of the one or more tokens corresponds to a respective restriction level of functionality provided by the restrictive environment;
  
  instantiating the IME server in the restrictive environment in response to determining that the IME server is authorized to be instantiated in the restrictive environment based on the one or more tokens;
  
  responsive to instantiating the IME server, generating a randomly generated path name for communication between the IME client and the IME server, wherein the path name comprises a named pipe;
  
  storing the path name in a user profile directory, wherein access to the user profile directory is enabled by verification of a security token provided by the IME client;
  
  generating a unique session identifier (SID) for a session associated with a user at the IME client; and
  
  transmitting the unique SID to the IME client using a connection that is established based on the path name.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The system of claim 13, wherein the operations further comprise:
    - executing one or more checks;
      
      determining that the IME server is not executing in the restrictive environment based on the one or more checks; and
      
      halting the IME server in response to determining that the IME server is not executing in the restrictive environment.
  - 15. The system of claim 14, wherein the one or more checks include at least one of comparing a token value to an expected value, comparing a session identification of the IME server to an expected identification, and determining that the IME server has system privileges.
  - 16. The system of claim 13, wherein the operations further comprise:
    - executing one or more checks that verify that the IME server is instantiated in the restrictive environment; and
      
      determining that the IME server is executing in the restrictive environment based on the one or more checks.
  - 17. The system of claim 13, wherein the restrictive environment limits types of data that the IME server is authorized to write to memory.
  - 18. The system of claim 13, wherein the IME server request is generated by the IME client, and the IME client is a stateless IME client that stores only requests that the IME client issues to the IME server.
  - 19. The system of claim 13, wherein the operations further comprise:
    - instantiating the restrictive environment based on a first token to provide a first restriction level of the restrictive environment;
      
      executing the IME server within the restrictive environment at the first restriction level;
      
      calling a function;
      
      re-instantiating the restrictive environment based on a second token to provide a second restriction level in response to the function.
  - 20. The system of claim 19, wherein the first restriction level is different than the second restriction level.

21. A computer-implemented method, comprising:
- receiving an input method editor (IME) server request, the IME server request including one or more tokens and requesting that an IME server be instantiated, the IME server executing one or more IME functions based on a key event sent from an IME client, wherein the IME server is a stateful server that stores both requests and responses of a communication session between the IME server and the IME client;
  
  determining that the IME server is authorized to be instantiated based on the one or more tokens, wherein each of the one or more tokens corresponds to a respective restriction level of functionality provided by a restrictive environment;
  
  instantiating the IME server in the restrictive environment in response to determining that the IME server is authorized to be instantiated based on the one or more tokens, the restrictive environment limiting the functionality of the IME server;
  
  responsive to instantiating the IME server, generating a randomly generated path name for communication between the IME client and the IME server, wherein the path name comprises a named pipe;
  
  storing the path name in a user profile directory, wherein access to the user profile directory is enabled by verification of a security token provided by the IME client;
  
  generating a unique session identifier (SID) for a session associated with a user at the IME client; and
  
  transmitting the unique SID to the IME client using a connection that is established based on the path name.

22. A system, comprising:
- a computer-readable storage medium having instructions stored thereon; and
  
  a device including one or more data processing apparatus that execute the instructions to cause the one or more data processing apparatus to perform operations comprising;
  
  receiving an input method editor (IME) server request, the IME server request including one or more tokens and requesting that an IME server be instantiated, the IME server executing one or more IME functions based on a key event sent from an IME client, wherein the IME server is a stateful server that stores both requests and responses of a communication session between the IME server and the IME client;
  
  determining that the IME server is authorized to be instantiated based on the one or more tokens, wherein each of the one or more tokens corresponds to a respective restriction level of functionality provided by a restrictive environment;
  
  instantiating the IME server in the restrictive environment in response to determining that the IME server is authorized to be instantiated based on the one or more tokens, the restrictive environment limiting the functionality of the IME server;
  
  responsive to instantiating the IME server, generating a randomly generated path name for communication between the IME client and the IME server, wherein the path name comprises a named pipe;
  
  storing the path name in a user profile directory, wherein access to the user profile directory is enabled by verification of a security token provided by the IME client;
  
  generating a unique session identifier (SID) for a session associated with a user at the IME client; and
  
  transmitting the unique SID to the IME client using a connection that is established based on the path name.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Google LLC (Alphabet Inc.)
Original Assignee
Google Inc. (Alphabet Inc.)
Inventors
Hamura, Daigo, Komatsu, Hiroyuki, Mukai, Jun, Kudo, Taku, Oikawa, Takuya, Hanaoka, Toshiyuki, Matsuda, Yasuhiro, Yukawa, Yohei, Tabata, Yusuke
Primary Examiner(s)
Wang, Liangche A
Assistant Examiner(s)
ALRIYASHI, ABDULKADER MOHAMED

Application Number

US12/953,896
Publication Number

US 20110131642A1
Time in Patent Office

1,469 Days
Field of Search

726/20, 726 27- 30, 726/2, 709223-226, 709/203, 709/229, 709/227
US Class Current

709/227
CPC Class Codes

G06F 2209/541   Client-server

G06F 9/54   Interprogram communication

H04L 67/01   Protocols

H04L 67/1091   Interfacing with client-ser...

H04L 67/14   Session management for real...

H04L 67/2866   Architectures; Arrangements

H04W 4/20   Services signaling; Auxilia...

Client-server input method editor architecture

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

Client-server input method editor architecture

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links