Host agnostic integration and interoperation system

US 9,319,469 B2
Filed: 12/19/2011
Issued: 04/19/2016
Est. Priority Date: 09/27/2011
Status: Active Grant

First Claim

Patent Images

1. A method for securely communicating between a host and a service application running on a selected external application server to allow a service application running on the external application server to access a document maintained by the host, said method comprising the steps of:

initiating a transaction, by the host, with the selected external application server by transmitting an action request from the host to the service application running on the selected external application server, the action request being against an entry point address associated with the service application;

initiating a communication with the selected external application server to obtain a proof key adapted to validate a proof signature;

receiving said proof key in response to said communication;

providing the selected external application server with an access token and a document identifier for use in fulfilling said action request;

receiving a metadata request comprising said access token and said document identifier;

validating said access token prior to responding to said metadata request;

sending a metadata response comprising selected metadata based on said action request when said access token is valid;

receiving a content request comprising said access token and said document identifier;

validating said access token prior to responding to said content request; and

sending a content response comprising content from the document identified by said document identifier when said access token is valid.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A host agnostic integration and interoperation system. The host agnostic integration and interoperation system includes an open platform interface and the associated conventions that define the roles of and direct operations between a host and a service application running on an external application server and allow the host to discover and integrate the functionality provided by the service application. The open platform interface employs a limited number of easily implemented semantic methods allowing a host to expose and integrate the ability to view, edit, or otherwise manipulate a document using the host supported functionality of the service application from a standard user agent. The host agnostic integration and interoperation system handles user authentication at the host using an access token and establishes a trust relationship between the host and the external application server using a lightweight but secure proof key system.

Citations

20 Claims

1. A method for securely communicating between a host and a service application running on a selected external application server to allow a service application running on the external application server to access a document maintained by the host, said method comprising the steps of:
- initiating a transaction, by the host, with the selected external application server by transmitting an action request from the host to the service application running on the selected external application server, the action request being against an entry point address associated with the service application;
  
  initiating a communication with the selected external application server to obtain a proof key adapted to validate a proof signature;
  
  receiving said proof key in response to said communication;
  
  providing the selected external application server with an access token and a document identifier for use in fulfilling said action request;
  
  receiving a metadata request comprising said access token and said document identifier;
  
  validating said access token prior to responding to said metadata request;
  
  sending a metadata response comprising selected metadata based on said action request when said access token is valid;
  
  receiving a content request comprising said access token and said document identifier;
  
  validating said access token prior to responding to said content request; and
  
  sending a content response comprising content from the document identified by said document identifier when said access token is valid.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1 further comprising the step of generating said access token prior to said step of providing the selected external application server with said access token and said document identifier.
  - 3. The method of claim 1 characterized in that at least one of said access token and said document identifier are provided in said action request.
  - 4. The method of claim 3 characterized in that the document is protected, said method further comprising the steps of:
    - notifying the external application server that said content request must be a secure request in response to said step of receiving a metadata request;
      
      receiving a proof signature in said content request; and
      
      validating said proof signature using said proof key prior to responding to said content request.
  - 5. The method of claim 1, wherein the proof key is generated by the selected external application server, said proof signature uniquely identifying the selected external application server.
  - 6. The method of claim 5 characterized in that said metadata request and said content request each further comprises a proof signature adapted to be validated using said proof key.
  - 7. The method of claim 5 further comprising the step of:
    - verifying that said metadata request was sent from the selected external application server prior to responding to said metadata request; and
      
      verifying that said content request was sent from the selected external application server prior to responding to said content request.
  - 8. The method of claim 1 characterized in that said step of initiating a transaction with a selected external application server occurs in response to the step of navigating a user agent to an endpoint address on said host in response to an instruction from a user via a user agent.
  - 9. The method of claim 1 characterized in that said step of initiating a transaction with a selected external application server occurs in response to the step of programmatically instructing the host to initiate the transaction without navigating a user agent to an endpoint address on said host.

10. A computer storage device containing computer executable instructions which when executed by a computer perform a method for communicating between a host and a service application running on a selected external application server to allow a service application running on the external application server to access a document maintained by the host, said method comprising the steps of:
- providing a host with a proof key uniquely identifying an external application server in response to a discovery request from the host;
  
  receiving at the service application running on the external application server an action, an access token, a metadata address, and a document identifier transmitted by the host to the service application running on the external application server;
  
  invoking said service application on said external application server in response to receipt of said action;
  
  sending a metadata request comprising a proof signature generated using said proof key, said access token, and said document identifier to said metadata address;
  
  receiving a metadata response comprising information related to a document identified by said document identifier, said information selected based on said action;
  
  sending a document content request comprising said proof signature, said access token, and said document identifier to a document access address; and
  
  receiving a content response comprising the content of the document.
- View Dependent Claims (11, 12)
- - 11. The computer storage device of claim 10 characterized in that said method further comprises the step of initiating a method call to the host in response to an action request initiated by a user via a user agent, said method call providing said access token and said document identifier to the host.
  - 12. The computer storage device of claim 10 characterized in that said method further comprises the step of initiating a method call to the host programmatically without navigating a user agent to an endpoint address on said host, said method call providing said access token and said document identifier to the host.

13. A method for securely communicating between a host and a service application running on an external application server to allow a service application running on the external application server to access a document maintained by the host, said method comprising the steps of:
- initiating a communication with a selected external application server to obtain a proof key uniquely identifying a selected external application server, said proof key adapted for validating a proof signature generated by the selected external application server;
  
  receiving said proof key from the selected external application server;
  
  initiating, by the host, a transaction between the host and the external application server by transmitting an action request from the host to the service application running on the selected external application server, the action request being against an entry point associated with the service application;
  
  providing, by the host, the selected external application server with an access token and a document identifier for use in fulfilling said action request;
  
  generating said access token prior to said step of providing the selected external application server with said access token and a document identifier;
  
  receiving a metadata request comprising a proof signature, said access token, and said document identifier, said proof signature designed to be validated using said proof key;
  
  validating said proof signature using said proof key prior to responding to said metadata request;
  
  validating said access token prior to responding to said metadata request;
  
  sending a metadata response comprising selected metadata based on said action request when said proof signature and said access are valid;
  
  receiving a content request comprising said proof signature, said access token, and said document identifier;
  
  validating said proof signature prior to responding to said content request;
  
  validating said access token prior to responding to said content request; and
  
  sending a content response comprising content from the document identified by said document identifier when said proof signature and said access token are valid.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The method of claim 13 further comprising the step of consuming declarations for a set of method calls, each method call declared using a convention of an interface, said set of method calls comprising a method call for getting metadata about the document and a method call for getting the content of the document.
  - 15. The method of claim 14 characterized in that said set of method calls further comprises one or more method calls selected from the group consisting of method calls for getting metadata about a folder, saving the document, saving a copy of the document, enumerating the contents of a folder, deleting a file, locking a file, unlocking a file, renewing a lock on a file, unlocking and relocking a file, executing a local virtual application, and executing a remote virtual application.
  - 16. The method of claim 14 characterized in that said set of method calls is extendible by declaring an additional method call based on a selected convention of said interface understood by the external application server, said additional method call used only said selected convention is understood by both the host and the external application server.
  - 17. The method of claim 14 characterized in that a selected method call is extendible by declaring an additional metadata passed as part of said selected method call, said selected method call utilizing said additional metadata only when both the host and the external application server understand said additional metadata.
  - 18. The method of claim 14 characterized in that said metadata response to said method call for getting metadata about the document comprises metadata selected from the group consisting of a file version identifier, a base filename, an owner identifier, a file size value, and a file hash code.
  - 19. The method of claim 18 characterized in that said metadata response to said method call for getting metadata about the document further comprises metadata selected from the group consisting of a client URL used to access the document provided by the host, a download URL used to trigger the native download function of a user agent, a close URL used when the document is closed, a host view URL used to access a view page provided by the host, a host edit URL used for access to an edit page provided by the host, a user write permission flag, a read only flag, a public flag, a hide formulas flag, an update support flag, a lock support flag indicating, a virtual application support flag, a container support flag, a file URL for directly accessing a document, a privacy URL, and a terms of use URL.
  - 20. The method of claim 14 characterized in that said content response to said method call for getting metadata about the document comprises a response body comprising the binary content of the document.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Inventors
Ruhlen, Matthew James, Yuhas, Kenneth John Jr., Fields, Mark T., Abadi, Martin
Primary Examiner(s)
Kim, Tae
Assistant Examiner(s)
Gao, Shu Chun

Application Number

US13/329,964
Publication Number

US 20130080785A1
Time in Patent Office

1,583 Days
Field of Search

726/26, 726/27, 726/10, 726/9, 705/50, 705/64, 705/74, 709/223, 709/224, 709/225, 709/229, 713/176
US Class Current

1/1
CPC Class Codes

H04L 63/0807   using tickets, e.g. Kerbero...

H04L 63/105   Multiple levels of security

H04L 67/1001   for accessing one among a p...

H04L 67/51   Discovery or management the...

Host agnostic integration and interoperation system

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Host agnostic integration and interoperation system

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links