Computing systems are currently in wide use. As one example, a computing system stores data as entities or other data records, and commonly includes process functionality that facilitates performing various processes or tasks on the data. Users log into or otherwise access the computing system in order to perform the processes and tasks. The data can include user data as well as entities or records that are used to describe various aspects of the computing system.
The data records (or entities) can be of any of a variety of different types. For example, in an enterprise system such as a customer resource management (CRM) or enterprise resource planning (ERP) system, a record can comprise data for an organization. Some examples include sales records, customer records, opportunity records, employee records, etc. In the context of a calendaring application, for example, an event record includes data for a particular event, such as a meeting. In one particular example, a meeting record can define a date, time, location, subject matter or description, as well as associated users or invitees for a meeting event.
The discussion above is merely provided for general background information and is not intended to be used as an aid in determining the scope of the claimed subject matter.
A computing system record security architecture comprises, in one example, a record generation component configured to generate a record in a computing system, the record having an owner property that identifies a first user as an owner of the record, a record security component configured to control modification of the record based on the owner property of the record, and a record ownership transfer component configured to receive an indication of an ownership transfer of the record from the first user to a second user and to modify the owner property to identify the second user as the owner of the record.
This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter. The claimed subject matter is not limited to implementations that solve any or all disadvantages noted in the background.
The present disclosure generally relates to a security architecture for creating computing system records and enforcing record ownership privileges. Before describing embodiments of the security architecture in detail, a brief overview of record creation and ownership will be provided for the sake of illustration, but not by limitation.
In one particular example, a first user creates an event record (e.g., a meeting record) by defining a set of attributes, including a set of invitees and other event data such as location, data, time, etc. This event record is stored in the first user's system, and an event message comprising a record generation request is sent to the invitees. For instance, the first user's email server sends an email to the email server(s) of the invitees to replicate the event record in the invitees' system(s) as well. This type of architecture is often referred to as an email replication system, as opposed to a system that uses cross-server calls directly between servers. It is noted that the mailboxes of the invitees can be on the same server and/or different servers from the first user.
The first user is considered the event organizer, and thus the owner of the event record. The organizer, or owner, has a set of ownership privileges over the record which allows the organizer to modify the record, including updating and/or deleting the record.
In response to the requests sent by the first user, the invitees can accept or decline the event invitation. In this example, copies of the event record are created and stored within the invitees' system(s). Thus, the invitee users do not access the owner's event record directly, but rather copies of the event record created in the invitee's mailbox or other server component.
In some scenarios, when a non-owner invitee user declines or rejects the event invitation, or attempts to modify the event record data (e.g., changing the time or location), the user's client sends out an event message that is improperly asserted or interpreted as an event modification or cancellation request, as if the non-owner invitee were actually the owner of the event record. That is, the non-owner invitee asserts ownership privileges over the record resulting in the record being inadvertently modified or cancelled. This is often referred to as “hijacking” the event record from the owner. Record hijacking may occur unintentionally, or intentionally (e.g., a non-owner user intentionally generates an event message in an attempt to hijack the event record from the owner). In either case, the system does not accurately determine whether it was the owner or organizer of the event who sent out the update or cancellation request, and thus may honor unauthorized requests.
Architecture 100 includes a computing system 102 that is accessible by one or more users through one or more user interface displays. In the illustrated example, users 104, 106, and 108 are illustrated accessing computing system 102 using respective client devices 110, 112, and 114. Client devices 110, 112, and 114 can be any of a wide variety of computing devices including, but not limited to, desktop computers, laptop computers, personal digital assistance, mobile phones, tablet computers, e-reader devices, etc. Further, a given user may access architecture 100 using a plurality of different user devices.
As illustrated, user 104 interacts with user interface display(s) 116 with user input mechanism(s) 118, user 106 interacts with user interface display(s) 120 having user input mechanism(s) 122, and user 108 interacts with user interface display(s) 124 having user input mechanism(s) 126. In
Users 104, 106, and 108 can access computing system 102 locally or remotely. In the illustrated example, users 104, 106, and 108 use respective client devices that communicate with computing system 102 over a wide area network, such as the Internet. In one implementation, users 104, 106 and 108 utilize their client devices to store and retrieve data relative to “cloud-based” servers. In another example, components can be run at least partially from client devices 110, 112, and 114.
The users interact with the user input mechanisms in order to control and manipulate computing system 102. For example, using the user input mechanisms, the users can access data in a data store 130 and/or implement functionality of a record generation and processing system 132 and a messaging system 134.
User interface displays 116, 120 and 124 can be generated in any of a variety of different ways. In one example, computing system 102 includes a display system 136 having a user interface component 138, one or more sensors 140, and can include other components 142 as well. User interface component 138 is configured to generate user interface displays that are rendered on a client device, for a web browser or other interface. For instance, web pages can be requested, dynamically generated, and transmitted for rendering on the client devices. Sensor(s) 140 are configured to detect inputs to display system 136. In one example, systems 132 and 134 can include sensors configured to detect inputs to those systems.
In another example, one or more of client devices 110, 112, and 114 have client applications installed thereon to generate the respective user interface displays and detect inputs from the user.
User input mechanisms 118, 122, and 126 sense physical activities, for example by generating the user interface displays that are used to sense user interaction with computing system 102. The user interface displays can include user input mechanisms that sense user input in a wide variety of different ways, such as point and click devices (e.g., a computer mouse or track ball), a keyboard (either virtual or hardware) and/or a keypad. Where the user device used to display the user interface display is a touch-sensitive display, the inputs can be provided as touch gestures. Similarly, the user inputs can be provided by voice inputs or other natural user interface input mechanisms as well.
Computing system 102 also includes one or more communication interfaces 144, one or more processors 146, and can include other components 148 as well. Communication interface(s) are configured to communicate with client devices 110, 112, and 114, as well as other system(s) 128.
Processor(s) 146 comprises a computer processor with associated memory and timing circuitry (not shown). The processor is illustratively a functional part of system 102 and is activated by, and facilitates the functionality of, other systems, components and items in computing system 102.
While
Computing system 102 can include applications that are executed using an application component that facilitates functionality within computing system 102. By way of example, an application component can access information in data store 130. For example, data store 130 can store data and metadata. The data and metadata can define workflows, processes, entities and a wide variety of other information. By way of example, entities stored in data store 130 can comprise or otherwise define items within computing system 102. For instance, entities in an enterprise system can include account entities that define various features of an account, customer entities that define various features of a customer, sales entities that define various features of sales that can occur during a sales process, and many other types of entities or objects. For instance, the entities can include or other define events, such as meetings. Further yet, entities can comprise documents, such as articles and emails, to name a few. The entities can be stored in data store 130 as records 150. Data store 130 can include user profiles 151, and can include other items 152 as well.
Record generation and processing system 132 is illustratively configured to generate and process records, such as records for meetings or other events. In one example, system 132 comprises one or more calendar servers.
System 132 includes a record generation component 154, a record modification component 156, a record owner identification component 158, a record security component 160, a display system controller 162, and can include other items 164 as well. Using display system controller 162, record generation component 154 can control display system 136 to generate and render user interface displays that receive record generation requests to generate records 150 in data store 130. For instance, through the user interface displays, user 104 defines a meeting event for which a record 150 is stored in data store 130.
Referring again to
In the illustrated example, architecture 100 uses email (or other messaging) to replicate records for associated users (e.g., meeting invitees). As shown in
Messaging system 134 comprises, in one example, one or more email servers. As shown in
In the illustrated example, message generation component 172 includes a unique identifier generator 182 that uses an identifier generation algorithm 184 to generate unique identifiers for users of architecture 100. This is discussed in further detail below. In one example, the unique identifiers can be stored in user profiles 151.
As discussed above, in one example, systems 132 and 134 include calendar server(s) and email server(s) configured to perform various email processing and calendaring operations described herein. Although illustrated as separate components in
In the illustrated example of
In one example, which is discussed in further detail below, the unique identifier can be provided as a property that is added to an email transport header of the event messages. The unique property is, in one example, a protected property which cannot be spoofed. Spoofing refers to a practice of forging source address and/or related message information to misrepresent an email identity. By changing the information, an individual can make an email message appear to originate from a trusted source when it in fact originates elsewhere.
In the illustrated example, fields 302 includes a from field 304, a to field 306, a cc field 308, a subject field 310, a date field 312, a return path field 314, a unique identifier field 316, a message ID field 318, a verification value field 320, and can include other fields 322 as well. For sake of illustration, the from field 304 identifies the email address of the sender, the to field identifies the email address of the recipient, and the cc field identifies email addresses of any users that are “carbon copied” on the email. Subject field 310 includes the subject of the email, date field 312 includes a date when the email was sent, the return path field 314 identifies the path for sending a return email, and message ID field 318 provides a unique identifier for the message. In one example, message ID field 318 includes a system time and/or a sequence number.
Unique identifier field 316 comprises the unique identifier for the user for which the email is being sent. Field 316 thus comprises data obtained and stamped by the email server and is outside the control of an email sender who may be engaged in spoofing. Thus, even if a recipient of an email is able to view the transport header and identify the unique identifier in field 316, the recipient cannot use the unique identifier to hijack the meeting record because the recipient's email server will override this field of the email if the recipient attempts to spoof the unique identifier in a record hijack attempt.
In one example, the unique identifier comprises or is based in part on the user's email address (or ID). In another example, the unique identifier is different than and/or generated independent from the user's email address.
A user's email address may change over time, in some scenarios. For instance, a user of an organization may be given a new alias, for example if the user's name changes or they are given a different position. Further, email addresses are generally known by others and could be a target during a meeting hijack attempt. In one example, unique identifier generator 182 uses algorithm 184 to generate a unique identifier for the user that is immutable with respect to the user. As such, even if the user's mailbox 176 is moved or the user is assigned a new email address (e.g., the user's alias changes), the unique identifier of the user does not change.
In one particular example, the unique identifier generated by unique identifier generator 182 for user 104 is based on a unique identifier of the mailbox 176 assigned to user 104. For instance, a mailbox globally unique identifier (GUID) can be used. The mailbox GUID comprises a value set in computing system 102 when the mailbox is created, and remains the same for the lifetime of the mailbox. In other words, the mailbox GUID comprises a primary key for the mailbox, and is a unique value that distinguishes the individual mailbox from all other mailboxes. Alternatively, or in addition, the unique identifier generated by unique identifier generator 182 can be based on a unique object distinguished name that is defined when the mailbox is created.
In one particular example, the unique identifier comprises a plurality of attributes that have mutually exclusive situations in which the attributes can change. For instance, the unique identifier can comprise a combination of a first attribute (e.g., mailbox GUID) and a second attribute (e.g., unique object distinguished name that is assigned to the mailbox). As such, even if one of the attributes changes over time, the other attribute will not, thus resulting in the unique identifier remaining immutable with respect to the user.
These, of course, are examples of identifier generation algorithm 184. Any suitable unique identifiers can be utilized.
Referring again to
In the illustrated example, message generation component 172 includes a verification value generator 186 and message processing component 174 includes a verification value analyzer 188. Verification value generator 186 is configured to generate a check sum or hash value based on some or all of the email header. For instance, the verification value can comprise a check sum generated on the unique identifier in field 316 of example email header 300. The verification value can be stored in verification value field 320 shown in
Verification value analyzer 188 corresponds to generator 186 and is configured to determine whether the verification value in field 320 is valid and indicates that the unique identifier in field 316 is not erroneous and has not been tampered with.
At block 402, record generation component 154 receives a record generation request from a first user (e.g., user 104). For example, in the request user 104 identifies email addresses of a set of event invitees (e.g., users 106, 108, and/or users of system(s) 128). The record comprises a meeting or other event having a set of event attributes 404, associated users (e.g., event invitees) 406, and can include other data 408 as well. Examples of event attributes include, but are not limited to, location, time, subject matter/topic information, etc. In one example, the event invitees are identified by their user email addresses selected by the first user in the record generation request.
At block 410, the method identifies the first user as the record owner (e.g., the event organizer) and, at block 412, unique identifier generator 182 generates a unique identifier of the record owner. In one example, the unique identifier is immutable and uniquely identifies the owner user (user 104 in the present example) from among all other users of architecture 100.
At block 414, record generation component 154 generates and stores the record with the event attributes 404 and the unique identifier generated at block 412.
At block 416, record replication component 168 replicates the records for each of the associated users (i.e., event invitees in the present example). In one example, for each invitee user, messaging system controller 170 controls messaging system 134 to generate an email comprising an event invitation for the invitee user. This is represented at block 418. The event invitation can include the event attributes 404 and/or associated users 406. At block 420, the unique identifier generated at block 412 is added to a protected header (or other portion) of the email. A verification value is generated based at least in part on the unique identifier. This is represented at block 422. At block 424, the verification value is added to the header (or other portion) of the email and the email is sent to the invitee user at block 426.
At block 428, the method determines whether the owner modifies the record. For example, the owner may decide to change the location or time of the event, cancel the event, and/or add invitees to the event. For instance, the owner may decide to forward the event to one or more additional users to be invited to the event.
If so, at block 430 the method verifies the owner by comparing the owner identifier to the event record. At block 432, the record is updated and blocks 416-426 can be repeated to replicate the updated record for the other users.
At block 502, message processing component 174 receives an email (or other message) for a given user pertaining to an event. At block 504, the method determines whether the event record exists. If not, the event record is created in data store 130. This is represented by block 506. It is noted that the event creation at block 506 can be automatic. This is represented by block 508. Alternatively, the user can be prompted for confirmation of the event record creation. This is represented by block 510. At block 512, message processing component 174 parses the email to identify the unique identifier of the owner and the event attributes. In the example of
At block 514, the method can use a verification value provided in the email to verify the unique identifier upon which the unique identifier and attributes are stored in the event record. This is represented by block 516.
If the event record does exist at block 504, the method proceeds to block 518 in which the method determines whether the email comprises an event message asserting owner privileges. For instance, in one example the method determines whether the email purports to update the meeting attributes, or to cancel the meeting. If the event message does not assert owner privileges (e.g., it is simply an email message from an invitee with information about the event), the method proceeds to block 520 in which the email is delivered to the recipient.
At block 522, message processing component 174 parses the email to identify the unique identifier of the sender (e.g., field 316 in
At block 526, if the unique identifier is not verified, indicating that it is erroneous or corrupted, the method proceeds to block 528 which prevents the event message from modifying the event record. For instance, the email can be blocked or discarded. This is represented by block 530. In another example, the email is marked at out-of-date or already processed to prevent processing of the message against the event record. This is represented by block 532. Alternatively, or in addition, a non-delivery report (NDR) or “bounce” message can be sent to the sender of the email to indicate that it has not been processed at the recipient end. This is represented by block 534.
If the unique identifier is verified, the method proceeds to block 536 in which the event record is accessed. For example, the email received at block 502 can include a meeting identifier that is matched against a meeting ID field 218 for the corresponding record.
At block 538, the method determines whether the unique identifier extracted at block 522 corresponds to (e.g., matches) the unique identifier of the owner from the event record. If not, the method proceeds to block 528 to prevent the event message from modifying the event record.
If the unique identifier from the email corresponds to the event record, the method proceeds to block 540 in which the event message is processed to modify the event record. This can be done automatically, which is represented by block 542. Alternatively, or in addition, the recipient user can be prompted for confirmation as to whether the event message should be processed against the user's event record. This is represented by block 544.
Referring again to
By way of example, transfer of record ownership is desired in a variety of different scenarios. For instance, a user who owns a record 150 may leave an organization or change teams within the organization, or may be absent for an extended period of time. In the case of a calendar event, the other event invitees may still conduct the meeting without the owner who originally organized the event. Further, the other event invitees may desire to change the date or time, or add additional invitees to the event, even though the owner is not available to modify the record. Record ownership transfer component 190 facilitates transfer of record ownership within security architecture 100. Record ownership can be transfer from the record owner to a user who is currently associated with the record (e.g., a meeting invitee), as well as to a user who is not currently associated with the record (e.g., a user other than a meeting invitee).
In one example, an administrator can use record ownership transfer component 190 to access the record 150 and directly change the owner property. This can be done in any of a variety of ways including, but not limited to, a script or other code that is executed at the direction of the administrator. In another example, record ownership transfer can be initiated and performed by the record owner using component 190.
At block 552, a user interface display is generated for a first user, for a given record, with user input mechanisms. The user input mechanisms can comprise mechanisms for modifying details of the record. This is represented by block 554. For instance, in the case of a calendar event record, the user input mechanisms facilitate adding associated users or event invitees, cancelling the event, changing a location or time of the event, etc. The user input mechanisms also include user input mechanisms to transfer ownership of the given record. This is represented by block 556.
Referring again to
At block 560, a record owner transfer initiation user interface display is generated with user input mechanisms.
Referring again to
Referring again to
The set of properties 630 includes a proposed owner property 632 that includes a unique identifier of the user to which the ownership transfer is proposed, and an ownership transfer request type property 634. Property 634 indicates the current status of the ownership transfer, and is used by the recipient's system to facilitate a response to the sender. In the present example, at block 572, property 634 is set as “proposal” to indicate that the proposed owner identified by property 632 is the proposed owner and the message requires a response to accept or decline the proposed ownership transfer.
Referring again to
Referring again to
At block 582, the system of the first user receives the email sent at block 580, and confirms that the email is received from the second user and that the transfer request type is set such that it indicates that an ownership transfer is pending. In the example of
If the ownership transfer is accepted at block 584, the method proceeds to block 586 in which the record of the first user is updated. In one example, this includes setting the owner property 212 in the example of
In one example, the email sent at block 588 includes the set of properties 630, with the new owner (i.e., the second user) identified by property 632 and the ownership transfer request type property 634 set as “enacting”, to distinguish the message from the initial ownership transfer message sent at block 572. This is represented by block 590.
At block 592, the associated users' system(s) process the email sent at block 588 to compare the unique identifier of the sender to the current owner property to verify that the transfer request came from the current owner of the record (i.e., the first user in the present example). In response to this comparison, the users' system(s) modify the record to change to owner property to reflect the new user as the record owner.
It is noted that in another example of method 550, the ownership transfer can be initiated by the non-owner second user. That is, in this example method 550 begins at block 580 in which the second user indicates a desire to take ownership of the record, upon which the second user's system sends an email (or other communication) to the first user requesting that the first user transfer record ownership to the second user.
Referring again to
Server system 652 communicates with a server system 662 over a network 665, such as the Internet. Server system 662 is accessed by a user 664 using a client device 666 and user 668 using a client device 670. Server system 662 includes a calendar server 672 and an email server 674 which are, in one example, similar to systems 132 and 134 discussed above with respect to
It can thus be seen that the present discussion provides significant technical advantages. For example, it provides a record security architecture that securely manages and controls record generation and modification to enforce ownership privileges over the records. The security architecture provides protection to prevent users from taking ownership of the records incorrectly, thereby hijacking the records to assert ownership privileges to which the users should not have access to. The architecture prevents users from being incorrectly recognized as the event organizer, or record owner, and validates meeting messages to prevent the messages from being processed against the event records if the meeting message is not coming from a legitimate owner of the record. This keeps the records secure while reducing or preventing inadvertent data loss, for example by preventing meetings from being erroneously cancelled or modified. Further yet, the architecture provides a framework to protect the transmission of the unique identifiers to prevent the identifier from being spoofed.
The present discussion has mentioned processors and servers. In one embodiment, the processors and servers include computer processors with associated memory and timing circuitry, not separately shown. They are functional parts of the systems or devices to which they belong and are activated by, and facilitate the functionality of the other components or items in those systems.
Also, a number of user interface displays have been discussed. They can take a wide variety of different forms and can have a wide variety of different user actuatable input mechanisms disposed thereon. For instance, the user actuatable input mechanisms can be text boxes, check boxes, icons, links, drop-down menus, search boxes, et cetera. They can also be actuated in a wide variety of different ways. For instance, they can be actuated using a point and click device (such as a track ball or mouse). They can be actuated using hardware buttons, switches, a joystick or keyboard, thumb switches or thumb pads, et cetera. They can also be actuated using a virtual keyboard or other virtual actuators. In addition, where the screen on which they are displayed is a touch sensitive screen, they can be actuated using touch gestures. Also, where the device that displays them has speech recognition components, they can be actuated using speech commands.
A number of data stores have also been discussed. It will be noted they can each be broken into multiple data stores. All can be local to the systems accessing them, all can be remote, or some can be local while others are remote. All of these configurations are contemplated herein.
Also, the figures show a number of blocks with functionality ascribed to each block. It will be noted that fewer blocks can be used so the functionality is performed by fewer components. Also, more blocks can be used with the functionality distributed among more components.
The description is intended to include both public cloud computing and private cloud computing. Cloud computing (both public and private) provides substantially seamless pooling of resources, as well as a reduced need to manage and configure underlying hardware infrastructure.
A public cloud is managed by a vendor and typically supports multiple consumers using the same infrastructure. Also, a public cloud, as opposed to a private cloud, can free up the end users from managing the hardware. A private cloud may be managed by the organization itself and the infrastructure is typically not shared with other organizations. The organization still maintains the hardware to some extent, such as installations and repairs, et cetera.
In the embodiment shown in
It will also be noted that architecture 100, or portions of it, can be disposed on a wide variety of different devices. Some of those devices include servers, desktop computers, laptop computers, tablet computers, or other mobile devices, such as palm top computers, cell phones, smart phones, multimedia players, personal digital assistants, et cetera.
Under other embodiments, applications or systems are received on a removable Secure Digital (SD) card that is connected to a SD card interface 15. SD card interface 15 and communication links 13 communicate with a processor 17 along a bus 19 that is also connected to memory 21 and input/output (I/O) components 23, as well as clock 25 and location system 27.
I/O components 23, in one embodiment, are provided to facilitate input and output operations. I/O components 23 for various embodiments of the device 16 can include input components such as buttons, touch sensors, multi-touch sensors, optical or video sensors, voice sensors, touch screens, proximity sensors, microphones, tilt sensors, and gravity switches and output components such as a display device, a speaker, and or a printer port. Other I/O components 23 can be used as well.
Clock 25 illustratively comprises a real time clock component that outputs a time and date. It can also, illustratively, provide timing functions for processor 17.
Location system 27 illustratively includes a component that outputs a current geographical location of device 16. This can include, for instance, a global positioning system (GPS) receiver, a LORAN system, a dead reckoning system, a cellular triangulation system, or other positioning system. It can also include, for example, mapping software or navigation software that generates desired maps, navigation routes and other geographic functions.
Memory 21 stores operating system 29, network settings 31, applications 33, application configuration settings 35, data store 37, communication drivers 39, and communication configuration settings 41. Memory 21 can include all types of tangible volatile and non-volatile computer-readable memory devices. It can also include computer storage media (described below). Memory 21 stores computer readable instructions that, when executed by processor 17, cause the processor to perform computer-implemented steps or functions according to the instructions. Items in data store 128, for example, can reside in memory 21. Similarly, device 16 can have a client system 24 which can run various business applications. Processor 17 can be activated by other components to facilitate their functionality as well.
Examples of the network settings 31 include things such as proxy information, Internet connection information, and mappings. Application configuration settings 35 include settings that tailor the application for a specific enterprise or user. Communication configuration settings 41 provide parameters for communicating with other computers and include items such as GPRS parameters, SMS parameters, connection user names and passwords.
Applications 33 can be applications that have previously been stored on the device 16 or applications that are installed during use, although these can be part of operating system 29, or hosted external to device 16, as well.
Additional examples of devices 16 can be used, as well. Device 16 can be a feature phone, smart phone or mobile phone. The phone includes a set of keypads for dialing phone numbers, a display capable of displaying images including application images, icons, web pages, photographs, and video, and control buttons for selecting items shown on the display. The phone includes an antenna for receiving cellular phone signals such as General Packet Radio Service (GPRS) and 1×rtt, and Short Message Service (SMS) signals. In some embodiments, phone also includes a Secure Digital (SD) card slot that accepts a SD card.
The mobile device can be personal digital assistant (PDA) or a multimedia player or a tablet computing device, et cetera (hereinafter referred to as a PDA). The PDA can include an inductive screen that senses the position of a stylus (or other pointers, such as a user's finger) when the stylus is positioned over the screen. This allows the user to select, highlight, and move items on the screen as well as draw and write. The PDA also includes a number of user input keys or buttons which allow the user to scroll through menu options or other display options which are displayed on the display, and allow the user to change applications or select user input functions, without contacting the display. Although not shown, The PDA can include an internal antenna and an infrared transmitter/receiver that allow for wireless communication with other computers as well as connection ports that allow for hardware connections to other computing devices. Such hardware connections are typically made through a cradle that connects to the other computer through a serial or USB port. As such, these connections are non-network connections. In one embodiment, mobile device also includes a SD card slot that accepts a SD card.
Note that other forms of the devices 16 are possible.
Computer 910 typically includes a variety of computer readable media. Computer readable media can be any available media that can be accessed by computer 910 and includes both volatile and nonvolatile media, removable and non-removable media. By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer storage media is different from, and does not include, a modulated data signal or carrier wave. It includes hardware storage media including both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by computer 910. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a transport mechanism and includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of any of the above should also be included within the scope of computer readable media.
The system memory 930 includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) 931 and random access memory (RAM) 932. A basic input/output system 933 (BIOS), containing the basic routines that help to transfer information between elements within computer 910, such as during start-up, is typically stored in ROM 931. RAM 932 typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processing unit 920. By way of example, and not limitation,
The computer 910 may also include other removable/non-removable volatile/nonvolatile computer storage media. By way of example only,
Alternatively, or in addition, the functionality described herein can be performed, at least in part, by one or more hardware logic components. For example, and without limitation, illustrative types of hardware logic components that can be used include Field-programmable Gate Arrays (FPGAs), Program-specific Integrated Circuits (ASICs), Program-specific Standard Products (ASSPs), System-on-a-chip systems (SOCs), Complex Programmable Logic Devices (CPLDs), et cetera.
The drives and their associated computer storage media discussed above and illustrated in
A user may enter commands and information into the computer 910 through input devices such as a keyboard 962, a microphone 963, and a pointing device 961, such as a mouse, trackball or touch pad. Other input devices (not shown) may include a joystick, game pad, satellite dish, scanner, or the like. These and other input devices are often connected to the processing unit 920 through a user input interface 960 that is coupled to the system bus, but may be connected by other interface and bus structures, such as a parallel port, game port or a universal serial bus (USB). A visual display 991 or other type of display device is also connected to the system bus 921 via an interface, such as a video interface 990. In addition to the monitor, computers may also include other peripheral output devices such as speakers 997 and printer 996, which may be connected through an output peripheral interface 995.
The computer 910 is operated in a networked environment using logical connections to one or more remote computers, such as a remote computer 980. The remote computer 980 may be a personal computer, a hand-held device, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer 910. The logical connections depicted in
When used in a LAN networking environment, the computer 910 is connected to the LAN 971 through a network interface or adapter 970. When used in a WAN networking environment, the computer 910 typically includes a modem 972 or other means for establishing communications over the WAN 973, such as the Internet. The modem 972, which may be internal or external, may be connected to the system bus 921 via the user input interface 960, or other appropriate mechanism. In a networked environment, program modules depicted relative to the computer 910, or portions thereof, may be stored in the remote memory storage device. By way of example, and not limitation,
It should also be noted that the different embodiments described herein can be combined in different ways. That is, parts of one or more embodiments can be combined with parts of one or more other embodiments. All of this is contemplated herein.
Example 1 is a computing system record security architecture comprising a record generation component configured to generate a record in a computing system, the record having an owner property that identifies a first user as an owner of the record, a record security component configured to control modification of the record based on the owner property of the record, and a record ownership transfer component configured to receive an indication of an ownership transfer of the record from the first user to a second user and to modify the owner property to identify the second user as the owner of the record.
Example 2 is the computing system record security architecture of any or all previous examples, wherein the record ownership transfer component is configured to send a first communication to the second user requesting the ownership transfer of the record and to receive the indication from the second user in response to the first communication, the indication indicating acceptance of the ownership transfer by the second user.
Example 3 is the computing system record security architecture of any or all previous examples, wherein the record ownership transfer component is configured to automatically modify the owner property in response to the indication received from the second user.
Example 4 is the computing system record security architecture of any or all previous examples, wherein the record ownership transfer component is configured to send a second communication to a set of users associated with the record, the second communication indicating the ownership transfer of the record from the first user to the second user.
Example 5 is the computing system record security architecture of any or all previous examples, wherein the record comprises an event record and the set of users comprise event invitees.
Example 6 is the computing system record security architecture of any or all previous examples, wherein the second communication includes a unique identifier of the second user and indicates the second user as an owner of the record.
Example 7 is the computing system record security architecture of any or all previous examples, wherein the second communication comprises an ownership transfer request that is sent to each of the set of users to update records stored for the set of users, and includes a unique identifier of the first user that indicates the first user as a sender of the ownership transfer request.
Example 8 is the computing system record security architecture of any or all previous examples, and further comprising an ownership discrepancy identification and correction component configured to identify and correct ownership discrepancies between the records of the set of users.
Example 9 is the computing system record security architecture of any or all previous examples, wherein the second communication comprises an email and the unique identifier of the first user is included in a protected header of the email that is controlled by an email server.
Example 10 is the computing system record security architecture of any or all previous examples, wherein the indication of the ownership transfer comprises a communication received from the first user, and wherein the record ownership transfer component is configured to modify the owner property based on an analysis of an identifier in the communication that identifies a sender of the communication.
Example 11 is the computing system record security architecture of any or all previous examples, wherein the owner property comprises a unique identifier that identifies the first user.
Example 12 is the computing system record security architecture of any or all previous examples, wherein the communication comprises an email and the identifier is stored in a protected header of the email.
Example 13 is the computing system record security architecture of any or all previous examples, wherein the record ownership transfer component is configured to modify the owner property if the identifier in the communication matches the owner property of the record.
Example 14 is a computer-implemented method comprising receiving an electronic message related to a record stored in a computing system, the electronic message comprises an ownership transfer request to transfer ownership of the record from a first user to a second user, analyzing the electronic message to identify a sender associated with the ownership transfer request, accessing the record to identify an owner property that identifies an owner of the record, comparing the owner property and the identification of the sender, and modifying the record, based on the comparison, to transfer ownership of the record from the first user to the second user.
Example 15 is the computer-implemented method of any or all previous, wherein the electronic message comprises an email, and wherein analyzing the electronic message comprises analyzing a protected header of the email.
Example 16 is the computer-implemented method of any or all previous, wherein the record comprises an event record that defines attributes of an event.
Example 17 is the computer-implemented method of any or all previous, and further comprising receiving a record modification request that requests modification of a record stored in a computing system by asserting an ownership privilege on the record, and processing the record modification request based on the owner property of the record.
Example 18 is the computer-implemented method of any or all previous, wherein the record comprises an event record that defines attributes of an event, and wherein the requested modification comprises at least one of updating or deleting the event record.
Example 19 is a computing system record security architecture comprising a record generation component configured to generate a record in a computing system, the record having an owner property that identifies a first user as an owner of the record, and a record ownership transfer component configured to identify a second user for which ownership transfer of the record is desired by the first user, send a first ownership transfer request to the second user that prompts the second user to accept the ownership transfer, receive a communication from the second user that indicates acceptance of the ownership transfer, and in response to receiving the communication from the second user, modify the owner property to identify the second user as the owner of the record and send a second ownership transfer request to a set of users associated with the record indicating the ownership transfer of the record from the first user to the second user.
Example 20 is the computing system record security architecture of any or all previous examples, wherein the record ownership transfer component is configured to modify the record to indicate an initiation of the ownership transfer by the first user, and modify the owner property, in response to receiving the communication from the second user, based on a determination that the first user initiated the ownership transfer.
Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims and other equivalent features and acts are intended to be within the scope of the claims.
The present application is based on and claims the benefit of U.S. provisional patent application Ser. No. 62/211,297, filed Aug. 28, 2015, the content of which is hereby incorporated by reference in its entirety.
Number | Name | Date | Kind |
---|---|---|---|
4135240 | Ritchie | Jan 1979 | A |
6219694 | Lazaridis | Apr 2001 | B1 |
6411605 | Vance et al. | Jun 2002 | B1 |
6941349 | Godfrey et al. | Sep 2005 | B2 |
7200608 | Rimer | Apr 2007 | B2 |
7343008 | Frankel | Mar 2008 | B1 |
7593951 | Rimer | Sep 2009 | B2 |
7933789 | Boland et al. | Apr 2011 | B2 |
7937442 | Sekaran et al. | May 2011 | B2 |
8121953 | Orttung et al. | Feb 2012 | B1 |
8200520 | Chen et al. | Jun 2012 | B2 |
8359540 | Darling | Jan 2013 | B2 |
8583784 | Beebe et al. | Nov 2013 | B2 |
8826390 | Varda | Sep 2014 | B1 |
9106761 | Hersh | Aug 2015 | B2 |
9143542 | Tseytlin | Sep 2015 | B1 |
9325599 | Do | Apr 2016 | B2 |
9871801 | Singh et al. | Jan 2018 | B2 |
9954863 | Singh et al. | Apr 2018 | B2 |
20020184521 | Lucovsky et al. | Dec 2002 | A1 |
20030110228 | Xu | Jun 2003 | A1 |
20030163705 | Richards, Jr. | Aug 2003 | A1 |
20050034079 | Gunasekar et al. | Feb 2005 | A1 |
20050091265 | Rimer | Apr 2005 | A1 |
20050273372 | Bane et al. | Dec 2005 | A1 |
20060149828 | Kikinis | Jul 2006 | A1 |
20060265456 | Dietrich | Nov 2006 | A1 |
20070094301 | Rimer | Apr 2007 | A1 |
20070118415 | Chen et al. | May 2007 | A1 |
20070143399 | Qi | Jun 2007 | A1 |
20070162398 | Tadayon | Jul 2007 | A1 |
20070197239 | Sane | Aug 2007 | A1 |
20080235336 | Stern et al. | Sep 2008 | A1 |
20080270211 | Vander Veen et al. | Oct 2008 | A1 |
20080294999 | Bank et al. | Nov 2008 | A1 |
20090172097 | O'Sullivan et al. | Jul 2009 | A1 |
20090216837 | Rao et al. | Aug 2009 | A1 |
20090222747 | May et al. | Sep 2009 | A1 |
20090254978 | Rouskov et al. | Oct 2009 | A1 |
20090307605 | Ryan et al. | Dec 2009 | A1 |
20090319926 | Chakra et al. | Dec 2009 | A1 |
20100083134 | Gnech et al. | Apr 2010 | A1 |
20100088753 | Ayres | Apr 2010 | A1 |
20100091687 | Beers et al. | Apr 2010 | A1 |
20100106548 | Barnea et al. | Apr 2010 | A1 |
20100169145 | O'Sullivan et al. | Jul 2010 | A1 |
20100246450 | Basu et al. | Sep 2010 | A1 |
20110119598 | Traylor et al. | May 2011 | A1 |
20110161284 | Tewari | Jun 2011 | A1 |
20110258561 | Ladouceur et al. | Oct 2011 | A1 |
20110317523 | Lance et al. | Dec 2011 | A1 |
20120079038 | Hersh | Mar 2012 | A1 |
20120136689 | Ickman et al. | May 2012 | A1 |
20120173356 | Fan et al. | Jul 2012 | A1 |
20120278276 | Bailor et al. | Nov 2012 | A1 |
20130054295 | Bhogal et al. | Feb 2013 | A1 |
20130110922 | Shih et al. | May 2013 | A1 |
20130294260 | Do | Nov 2013 | A1 |
20140081688 | Kotak | Mar 2014 | A1 |
20140109210 | Borzycki et al. | Apr 2014 | A1 |
20140172799 | Dorman | Jun 2014 | A1 |
20140200944 | Henriksen et al. | Jul 2014 | A1 |
20140316872 | Lee | Oct 2014 | A1 |
20150032827 | Tyler | Jan 2015 | A1 |
20150111550 | Kaye et al. | Apr 2015 | A1 |
20150186850 | Ramji | Jul 2015 | A1 |
20150350221 | Espinosa et al. | Dec 2015 | A1 |
20160065672 | Savage et al. | Mar 2016 | A1 |
20160307162 | Bathiya | Oct 2016 | A1 |
20170063856 | Singh et al. | Mar 2017 | A1 |
20170063867 | Singh et al. | Mar 2017 | A1 |
20170300872 | Brown et al. | Oct 2017 | A1 |
20180183803 | Singh et al. | Jun 2018 | A1 |
Number | Date | Country |
---|---|---|
2096588 | Sep 2009 | EP |
2005053323 | Jun 2005 | WO |
Entry |
---|
Stead, Claire, “How to Transfer Ownership of a Google Calendar Event”, Published on: Nov. 2014 Available at: http://www.appscare.com/2014/11/how-to-transfer-ownership-of-a-google-calendar-event/. |
“Google Calendar for Administrative Assistants”, Retrieved on: Jul. 6, 2015 Available at: https://docs.google.com/document/d/1rJkSaZevyZF5hCxaoPjmnkeub8SJRPkFQx8LUUOIzU/edit?hl=en&pli=1#. |
“Make Someone Else the Host: It Cornell”, Published on: Oct. 30, 2014 Available at: http://www.it.cornell.edu/services/webconferencing/howto/webex/host.cfm. |
“dito”, Retrieved on: Jul. 6, 2015 Available at: http://www.ditoweb.com/how-to-transfer-ownership-of-a-shared-calendar/. |
“Collaboration Tools Community”, Retrieved on: Jul. 6, 2015 Available at: https://community.gotomeeting.com/gotomeeting/topics/transfer_meeting_to_new_account. |
“GoToMeeting”, Retrieved on: Jul. 6, 2015 Available at: http://support.citrixonline.com/en__US/Meeting/help_files/G2M040005?Title=Add+Co-Organizers. |
Rose, Michael, “Exchange/iOS “meeting hijack” history goes back well before iOS 6”, Published on: Oct. 4, 2012, Available at: http://www.engadget.com/2012/10/04/exchange-ios-meeting-hijack-history-goes-back-well-before-ios/. |
“Bug Report: Mobile Devices Hijacking Calendar Events”, Published on: Dec. 14, 2012, Available at: http://www.it.cornell.edu/services/guides/facstaff_email/mobile-hijack.cfm. |
“Setting Up Appointments, Meetings & Events”, Retrieved on: Jul. 6, 2015, Available at: http://guides.myonlinehelp.net/docs/ptsi.net/zevents. |
“Microsoft Exchange Server Forged Meeting Request Spoofing Vulnerability”, Published on: Mar. 10, 2015, Available at: http://tools.cisco.com/security/center/viewAlert.x?alertId=37676. |
“iOS 6.0.1 Software Update”, Published on: Nov. 1, 2012, Availabie at: https://support.apple.com/kb/DL1606?locale=en_GB. |
“Notes about Delegating Meetings”, Published on: Jan. 19, 2015 Available at: http://www.it.cornell.edu/services/webconferencing/howto/webex/delegate-notes.cfm. |
“Transfer Event Ownership”, Retrieved on: Jul. 3, 2015 Availabie at: https://support.google.com/calendar/answer/117190?hl=en. |
“Delegate Calendar Access”, Retrieved on: Jul. 3, 2015 Available at: https://support.google.com/a/answer/117596?hl=en. |
“Delegating Access to Email, Calendar and other Nexus Features using Entourage Web Services”, Retrieved on: Jul. 3, 2015 Available at: https://help.it.ox.ac.uk/nexus/entouragewebservices/delegate. |
“Share Your Calendar”, Published on: Dec. 1, 2013 Available at: http://windows.microsoft.com/en-IN/windows-live/calendar-share-calendar-with-contacts. |
Chase, Lisa, “Discover the power of Calendar Delegation in Lotus Notes”, Published on: Feb. 27, 2006 Available at: http://www.ibm.com/developerworks/lotus/library/calendar-delegation/. |
Application and Drawings for U.S. Appl. No. 14/850,466, filed Sep. 10, 2015, 66 pages. |
Application and Drawings for U.S. Appl. No. 14/839,052, filed Aug. 28, 2015, 42 pages. |
Non-Final Office Action for U.S. Appl. No. 14/850,466 dated Nov. 1, 2016, 13 pages. |
International Search Report and Written Opinion for International Patent Application No. PCT/US2016/048803, dated Oct. 20, 2016, date of filing: Aug. 26, 2016, 13 pages. |
“Amazon Simple Storage Service-Developer Guide-API Version Mar. 1, 2006”, Dec. 31, 2014, Retrieved from the Internet: <<URL:http://awsdocs.s3.amazonaws.com/S3/20060301/s3-dg-20060301.pdf>>, Retrieved on Feb. 23, 2016, 554 pages. |
“User Rights and Permissions when Accessing Resources”, In: John A Price et al.: “Mastering Active Directory for Windows Server 2008”, Jun. 30, 2008, 4 pages. |
International Search Report and Written Opinion for International Patent Application No. PCT/US2016/048804, dated Nov. 3, 2016, date of filing: Aug. 26, 2016, 12 pages. |
International Search Report and Written Opinion for International Patent Application No. PCT/US2016/048805, dated Nov. 3, 2016, date of filing: Aug. 26, 2016, 12 pages. |
Amendment for U.S. Appl. No. 14/850,466 dated Jan. 10, 2017, 11 pages. |
Final Office Action for U.S. Appl. No. 14/850,466 dated Mar. 30, 2017, 15 pages. |
Final Office Action for U.S. Appl. No. 14/839,052 dated Oct. 20, 2017, 8 pages. |
Notice of Allowance for U.S. Appl. No. 14/850,466 dated Aug. 7, 2017, 19 pages. |
Non-Final Office Action for U.S. Appl. No. 14/839,052 dated Apr. 12, 2017, 13 pages. |
Amendment with RCE for U.S. Appl. No. 14/850,466 dated Jun. 28, 2017, 16 pages. |
Second Written Opinion for International Patent Application No. PCT/US2016/048804, dated Jul. 3, 2017, filing date: Aug. 26, 2016, 5 pages. |
Amendment for U.S. Appl. No. 14/839,052 dated Jul. 11, 2017, 12 pages. |
Second Written Opinion for International Patent Application No. PCT/US2016/048805, dated Jul. 4, 2017, filing date: Aug. 26, 2016, 6 pages. |
“International Preliminary Report on Patentability Issued in PCT Application No. PCT/US2016/048805”, dated Sep. 28, 2017, 7 Pages. |
“Corrected International Preliminary Report on Patentability Issued in PCT Application No. PCT/US2016/048805”, dated Mar. 6, 2018, 4 Pages. |
“Notice on Allowance Issued in U.S. Appl. No. 14/839,052”, dated Jan. 12, 2018, 9 Pages. |
“Non Final Office Action Issued in U.S. Appl. No. 15/805,207”, dated Jun. 20, 2018, 16 Pages. |
Crocker, D. et al., “DomainKeys Identified Mail (DKIM) Signatures (No. RFC 6376)”, Retrieved From: https://tools.ietf.org/html/rfc6376, In Internet Engineering Task Force (IEFT), Sep. 2011, 76 Pages. |
“International Preliminary Report on Patentability Issued in PCT Application No. PCT/US2016/048804”, dated Sep. 28, 2017, 8 Pages. |
“It's about time”, retrieved at <<https://googleblog.blogspot.in/2006/04/its-about-time.html>>, dated Apr. 13, 2006, 2 pages. |
“Quick Tip: Create and share a Google Calendar”, retrieved at<<https://www.techrepublic.com/blog/google-in-the-enterprise/quick-tip-create-and-share-a-google-calendar/>>, dated May 9, 2013, 15 pages. |
“How to set up Calendar delegation”, YouTube: https://www.youtube.com/watch?v=7Vr01XLtHEQ, May 27, 2015, 5 pages. |
Number | Date | Country | |
---|---|---|---|
20170061104 A1 | Mar 2017 | US |
Number | Date | Country | |
---|---|---|---|
62211297 | Aug 2015 | US |