US20180183803A1 - Secure computing system record access control - Google Patents
Secure computing system record access control Download PDFInfo
- Publication number
- US20180183803A1 US20180183803A1 US15/805,207 US201715805207A US2018183803A1 US 20180183803 A1 US20180183803 A1 US 20180183803A1 US 201715805207 A US201715805207 A US 201715805207A US 2018183803 A1 US2018183803 A1 US 2018183803A1
- Authority
- US
- United States
- Prior art keywords
- record
- owner
- user
- event
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/109—Time management, e.g. calendars, reminders, meetings or time accounting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/109—Time management, e.g. calendars, reminders, meetings or time accounting
- G06Q10/1093—Calendar-based scheduling for persons or groups
- G06Q10/1095—Meeting or appointment
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/16—Arrangements for providing special services to substations
- H04L12/18—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
- H04L12/1813—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast for computer conferences, e.g. chat rooms
- H04L12/1822—Conducting the conference, e.g. admission, detection, selection or grouping of participants, correlating users to one or more conference sessions, prioritising transmission
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/126—Applying verification of the received information the source of the received data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Definitions
- a computing system stores data as entities or other data records, and commonly includes process functionality that facilitates performing various processes or tasks on the data. Users log into or otherwise access the computing system in order to perform the processes and tasks.
- the data can include user data as well as entities or records that are used to describe various aspects of the computing system.
- the data records can be of any of a variety of different types.
- a record can comprise data for an organization.
- Some examples include sales records, customer records, opportunity records, employee records, etc.
- an event record includes data for a particular event, such as a meeting.
- a meeting record can define a date, time, location, subject matter or description, as well as associated users or invitees for a meeting event.
- a computing system record security architecture comprises, in one example, a record generation component configured to generate a record in a computing system, the record identifying a set of users associated with the record, and having an owner property that identifies a first user as an owner of the record, a co-owner assignment component configured to receive a co-owner assignment request, from the first user, to assign a second user to the record as a co-owner, and a record security component configured to receive a record modification request, from the second user, that requests a modification to the record, and to propagate the record modification request to the set of users with a unique identifier that identifies the first user.
- FIG. 1 is a block diagram of one example of a computing system record security architecture.
- FIG. 2 illustrates one example of a meeting record.
- FIG. 3 illustrates one example of an email header having a set of fields.
- FIG. 4 is a flow diagram illustrating one example of a method for generating a record.
- FIGS. 5-1 and 5-2 are a flow diagram of one example of a method for receiving and processing an event message.
- FIGS. 6-1 and 6-2 is a flow diagram of one example of a method for transferring ownership of a record.
- FIG. 7 illustrates one example of a user interface display for a calendar event record.
- FIG. 8 illustrates one example of a record owner transfer initiation user interface display.
- FIG. 9 illustrates a set of record properties for reflecting a proposed ownership change, in one example.
- FIG. 10 illustrates one example of a set of properties for an ownership transfer request email.
- FIG. 11 illustrates one example of a record transfer acceptance user interface display.
- FIG. 12 is a flow diagram of one example of a method for assigning co-ownership to a record.
- FIG. 13 illustrates one example of a co-owner assignment user interface display.
- FIG. 14 illustrates one example of a user interface display that is presented to a proposed co-owner.
- FIG. 15 illustrates a set of record properties, in one example.
- FIG. 16 is a flow diagram of one example of a method in which a co-owner initiates a record modification.
- FIG. 17 is a flow diagram of one example of a method for receiving a record modification request from a co-owner and propagating the modification request to other associated user(s).
- FIG. 18 is a block diagram of one example of an architecture in which users utilize different server systems.
- FIG. 19 is a block diagram showing one example of the architecture illustrated in FIG. 1 , deployed in a cloud computing architecture.
- FIGS. 20-22 show various examples of mobile devices that can be used with the architecture shown in FIG. 1 .
- FIG. 23 is a block diagram of one example computing environment.
- the present disclosure generally relates to a security architecture for creating computing system records and enforcing record ownership privileges.
- a first user creates an event record (e.g., a meeting record) by defining a set of attributes, including a set of invitees and other event data such as location, data, time, etc.
- This event record is stored in the first user's system, and an event message comprising a record generation request is sent to the invitees.
- the first user's email server sends an email to the email server(s) of the invitees to replicate the event record in the invitees' system(s) as well.
- This type of architecture is often referred to as an email replication system, as opposed to a system that uses cross-server calls directly between servers. It is noted that the mailboxes of the invitees can be on the same server and/or different servers from the first user.
- the first user is considered the event organizer, and thus the owner of the event record.
- the organizer, or owner has a set of ownership privileges over the record which allows the organizer to modify the record, including updating and/or deleting the record.
- the invitees can accept or decline the event invitation.
- copies of the event record are created and stored within the invitees' system(s).
- the invitee users do not access the owner's event record directly, but rather copies of the event record created in the invitee's mailbox or other server component.
- a non-owner invitee user when a non-owner invitee user declines or rejects the event invitation, or attempts to modify the event record data (e.g., changing the time or location), the user's client sends out an event message that is improperly asserted or interpreted as an event modification or cancellation request, as if the non-owner invitee were actually the owner of the event record. That is, the non-owner invitee asserts ownership privileges over the record resulting in the record being inadvertently modified or cancelled. This is often referred to as “hijacking” the event record from the owner. Record hijacking may occur unintentionally, or intentionally (e.g., a non-owner user intentionally generates an event message in an attempt to hijack the event record from the owner). In either case, the system does not accurately determine whether it was the owner or organizer of the event who sent out the update or cancellation request, and thus may honor unauthorized requests.
- FIG. 1 is a block diagram of one example of a computing system record security architecture 100 configured to prevent record hijacking, regardless of whether the hijack attempts are intentional or unintentional.
- FIG. 1 is a block diagram of one example of a computing system record security architecture 100 configured to prevent record hijacking, regardless of whether the hijack attempts are intentional or unintentional.
- event records e.g., meeting records
- associated users e.g., invitees
- email messages e.g., email messages.
- Architecture 100 includes a computing system 102 that is accessible by one or more users through one or more user interface displays.
- users 104 , 106 , and 108 are illustrated accessing computing system 102 using respective client devices 110 , 112 , and 114 .
- Client devices 110 , 112 , and 114 can be any of a wide variety of computing devices including, but not limited to, desktop computers, laptop computers, personal digital assistance, mobile phones, tablet computers, e-reader devices, etc. Further, a given user may access architecture 100 using a plurality of different user devices.
- user 104 interacts with user interface display(s) 116 with user input mechanism(s) 118
- user 106 interacts with user interface display(s) 120 having user input mechanism(s) 122
- user 108 interacts with user interface display(s) 124 having user input mechanism(s) 126 .
- FIG. 1 three users are illustrated interacting with computing system 102 , for sake of illustration. However, in other examples, any number of users may interact with computing system 102 . Further, computing system 102 may interact with other system(s) 128 used by other users.
- Users 104 , 106 , and 108 can access computing system 102 locally or remotely.
- users 104 , 106 , and 108 use respective client devices that communicate with computing system 102 over a wide area network, such as the Internet.
- users 104 , 106 and 108 utilize their client devices to store and retrieve data relative to “cloud-based” servers.
- components can be run at least partially from client devices 110 , 112 , and 114 .
- the users interact with the user input mechanisms in order to control and manipulate computing system 102 .
- the users can access data in a data store 130 and/or implement functionality of a record generation and processing system 132 and a messaging system 134 .
- User interface displays 116 , 120 and 124 can be generated in any of a variety of different ways.
- computing system 102 includes a display system 136 having a user interface component 138 , one or more sensors 140 , and can include other components 142 as well.
- User interface component 138 is configured to generate user interface displays that are rendered on a client device, for a web browser or other interface. For instance, web pages can be requested, dynamically generated, and transmitted for rendering on the client devices.
- Sensor(s) 140 are configured to detect inputs to display system 136 .
- systems 132 and 134 can include sensors configured to detect inputs to those systems.
- one or more of client devices 110 , 112 , and 114 have client applications installed thereon to generate the respective user interface displays and detect inputs from the user.
- User input mechanisms 118 , 122 , and 126 sense physical activities, for example by generating the user interface displays that are used to sense user interaction with computing system 102 .
- the user interface displays can include user input mechanisms that sense user input in a wide variety of different ways, such as point and click devices (e.g., a computer mouse or track ball), a keyboard (either virtual or hardware) and/or a keypad.
- point and click devices e.g., a computer mouse or track ball
- a keyboard either virtual or hardware
- a keypad e.g., a keyboard
- the inputs can be provided as touch gestures.
- the user inputs can be provided by voice inputs or other natural user interface input mechanisms as well.
- Computing system 102 also includes one or more communication interfaces 144 , one or more processors 146 , and can include other components 148 as well.
- Communication interface(s) are configured to communicate with client devices 110 , 112 , and 114 , as well as other system(s) 128 .
- Processor(s) 146 comprises a computer processor with associated memory and timing circuitry (not shown).
- the processor is illustratively a functional part of system 102 and is activated by, and facilitates the functionality of, other systems, components and items in computing system 102 .
- FIG. 1 shows a variety of different functional blocks, it will be noted that the blocks can be consolidated so that more functionality is performed by each block, or they can be divided so that their functionality is further distributed.
- data store 130 can be any of a variety of different types of data stores. Further, data store 130 can be stored in multiple data stores. Also, the data store(s) can be local to the environments, agents, modules, and/or components that access them, or they can be remote therefrom and accessed by those environments, agents, modules and/or components. Similarly, some can be local while others are remote.
- Computing system 102 can include applications that are executed using an application component that facilitates functionality within computing system 102 .
- an application component can access information in data store 130 .
- data store 130 can store data and metadata.
- the data and metadata can define workflows, processes, entities and a wide variety of other information.
- entities stored in data store 130 can comprise or otherwise define items within computing system 102 .
- entities in an enterprise system can include account entities that define various features of an account, customer entities that define various features of a customer, sales entities that define various features of sales that can occur during a sales process, and many other types of entities or objects.
- the entities can include or other define events, such as meetings.
- entities can comprise documents, such as articles and emails, to name a few.
- the entities can be stored in data store 130 as records 150 .
- Data store 130 can include user profiles 151 , and can include other items 152 as well.
- Record generation and processing system 132 is illustratively configured to generate and process records, such as records for meetings or other events.
- system 132 comprises one or more calendar servers.
- System 132 includes a record generation component 154 , a record modification component 156 , a record owner identification component 158 , a record security component 160 , a display system controller 162 , and can include other items 164 as well.
- record generation component 154 can control display system 136 to generate and render user interface displays that receive record generation requests to generate records 150 in data store 130 . For instance, through the user interface displays, user 104 defines a meeting event for which a record 150 is stored in data store 130 .
- FIG. 2 illustrates one example of a meeting record 200 .
- Meeting record 200 comprises a plurality of fields 201 storing attributes for the meeting record including, but not limited to, a meeting title property 202 , a date property 204 , a time property 206 , a location property 208 , an owner or organizer email address (or ID) property 210 , an owner or organizer unique identifier property 212 , and associated users or invitees property 214 , a description property 216 , a meeting ID field 218 that uniquely identifies the meeting, and can include other properties 220 as well.
- Meeting record 200 can be stored in any suitable form including, but not limited to, a table.
- record modification component 156 is configured to modify records 150 stored in data store 130 .
- an owner of a given event record may issue a modification request to update the event record (e.g., cancel the event, change the location or time of the event, add additional recipients, etc.).
- Record owner identification component 158 is configured to identify the owner of a given record and record security component 160 is configured to enforce ownership or other privileges on records 150 .
- record security component 160 includes a record hijack prevention component 166 that is configured to prevent record hijacking by unauthorized users. This is discussed in further detail below.
- architecture 100 uses email (or other messaging) to replicate records for associated users (e.g., meeting invitees).
- system 132 includes a record replication component 168 having a messaging system controller 170 configured to control messaging system 134 .
- record replication component 168 operates to replicate that record for associated users.
- messaging system controller 170 controls messaging system 134 to generate and send a message (i.e., an email in the present example) to each of the invitee users such that the record is replicated in those user's systems as well.
- a message i.e., an email in the present example
- the invitee users can reside on the same system (e.g., the same email server) as the owner who generated the record or a different system or server (e.g., such as systems 128 ).
- Messaging system 134 comprises, in one example, one or more email servers. As shown in FIG. 1 , messaging system 134 includes a message generation component 172 , a message processing component 174 , one or more mailboxes 176 , a display system controller 178 , and can include other components 180 as well.
- Display system controller 178 is configured to control display system 136 to generate user interface displays that facilitate functionality for a user to create, edit, and send emails using component 172 , as well as to view emails received in the user's mailbox 176 .
- Message processing component 174 is configured to process messages received by messaging system 134 , such as to parse an email to identify various properties and other data.
- message generation component 172 includes a unique identifier generator 182 that uses an identifier generation algorithm 184 to generate unique identifiers for users of architecture 100 . This is discussed in further detail below.
- the unique identifiers can be stored in user profiles 151 .
- systems 132 and 134 include calendar server(s) and email server(s) configured to perform various email processing and calendaring operations described herein. Although illustrated as separate components in FIG. 1 , the calendar and email servers can be the same server or set of servers. A user may utilize a same account for managing both email and calendar data.
- architecture 100 generates and associates a unique identifier for each record 150 that identifies the owner of the record.
- record generation component 154 receives a record generation request that includes a set of attributes and generates a record 150 based on the request.
- an event record includes a set of attributes that define an event, such as a set of invitees. This set of attributes is stored in record 150 along with a unique identifier that uniquely identifies the user as the owner of the record.
- This unique identifier is utilized by component 160 to control and provide security with respect to subsequent event messages to prevent non-owner users from taking ownership of the record incorrectly, thereby hijacking the event record from the actual owner.
- the unique identifier can be provided as a property that is added to an email transport header of the event messages.
- the unique property is, in one example, a protected property which cannot be spoofed. Spoofing refers to a practice of forging source address and/or related message information to misrepresent an email identity. By changing the information, an individual can make an email message appear to originate from a trusted source when it in fact originates elsewhere.
- FIG. 3 illustrates one example of an email header 300 having a set of fields 302 .
- header 300 can be stored as a row in a header table, where the row includes a variety of information about the message in an account corresponding to a particular user.
- some or all fields 302 are controlled by the sending email server such that they cannot be set or spoofed by client devices 110 , 112 , and/or 114 . That is, if client device 110 , under the control of user 104 , attempts to set the fields in header 300 , message generation component 172 will overwrite these fields when sending messages to the associated users.
- fields 302 includes a from field 304 , a to field 306 , a cc field 308 , a subject field 310 , a date field 312 , a return path field 314 , a unique identifier field 316 , a message ID field 318 , a verification value field 320 , and can include other fields 322 as well.
- the from field 304 identifies the email address of the sender
- the to field identifies the email address of the recipient
- the cc field identifies email addresses of any users that are “carbon copied” on the email.
- Subject field 310 includes the subject of the email
- date field 312 includes a date when the email was sent
- the return path field 314 identifies the path for sending a return email
- message ID field 318 provides a unique identifier for the message.
- message ID field 318 includes a system time and/or a sequence number.
- Unique identifier field 316 comprises the unique identifier for the user for which the email is being sent.
- Field 316 thus comprises data obtained and stamped by the email server and is outside the control of an email sender who may be engaged in spoofing.
- the recipient cannot use the unique identifier to hijack the meeting record because the recipient's email server will override this field of the email if the recipient attempts to spoof the unique identifier in a record hijack attempt.
- the unique identifier comprises or is based in part on the user's email address (or ID). In another example, the unique identifier is different than and/or generated independent from the user's email address.
- a user's email address may change over time, in some scenarios. For instance, a user of an organization may be given a new alias, for example if the user's name changes or they are given a different position. Further, email addresses are generally known by others and could be a target during a meeting hijack attempt.
- unique identifier generator 182 uses algorithm 184 to generate a unique identifier for the user that is immutable with respect to the user. As such, even if the user's mailbox 176 is moved or the user is assigned a new email address (e.g., the user's alias changes), the unique identifier of the user does not change.
- the unique identifier generated by unique identifier generator 182 for user 104 is based on a unique identifier of the mailbox 176 assigned to user 104 .
- a mailbox globally unique identifier can be used.
- the mailbox GUID comprises a value set in computing system 102 when the mailbox is created, and remains the same for the lifetime of the mailbox.
- the mailbox GUID comprises a primary key for the mailbox, and is a unique value that distinguishes the individual mailbox from all other mailboxes.
- the unique identifier generated by unique identifier generator 182 can be based on a unique object distinguished name that is defined when the mailbox is created.
- the unique identifier comprises a plurality of attributes that have mutually exclusive situations in which the attributes can change.
- the unique identifier can comprise a combination of a first attribute (e.g., mailbox GUID) and a second attribute (e.g., unique object distinguished name that is assigned to the mailbox).
- a first attribute e.g., mailbox GUID
- a second attribute e.g., unique object distinguished name that is assigned to the mailbox.
- identifier generation algorithm 184 is an example of identifier generation algorithm 184 . Any suitable unique identifiers can be utilized.
- architecture 100 includes a verification component that is configured to ensure that the unique identifier of the sender in field 316 is valid and has not been modified prior to being received.
- the verification component is configured to detect if a user or system attempts to tamper with the unique identifier in field 316 .
- the verification component can use encryption, a hash function, and/or check sum generation that uses a check sum function or algorithm that is known to the sending and receiving email servers.
- message generation component 172 includes a verification value generator 186 and message processing component 174 includes a verification value analyzer 188 .
- Verification value generator 186 is configured to generate a check sum or hash value based on some or all of the email header.
- the verification value can comprise a check sum generated on the unique identifier in field 316 of example email header 300 .
- the verification value can be stored in verification value field 320 shown in FIG. 3 .
- Verification value analyzer 188 corresponds to generator 186 and is configured to determine whether the verification value in field 320 is valid and indicates that the unique identifier in field 316 is not erroneous and has not been tampered with.
- FIG. 4 is a flow diagram illustrating one example of a method 400 for generating a record.
- method 400 will be described in the context of generating an event record in architecture 100 .
- record generation component 154 receives a record generation request from a first user (e.g., user 104 ). For example, in the request user 104 identifies email addresses of a set of event invitees (e.g., users 106 , 108 , and/or users of system(s) 128 ).
- the record comprises a meeting or other event having a set of event attributes 404 , associated users (e.g., event invitees) 406 , and can include other data 408 as well.
- event attributes include, but are not limited to, location, time, subject matter/topic information, etc.
- the event invitees are identified by their user email addresses selected by the first user in the record generation request.
- the method identifies the first user as the record owner (e.g., the event organizer) and, at block 412 , unique identifier generator 182 generates a unique identifier of the record owner.
- the unique identifier is immutable and uniquely identifies the owner user (user 104 in the present example) from among all other users of architecture 100 .
- record generation component 154 generates and stores the record with the event attributes 404 and the unique identifier generated at block 412 .
- record replication component 168 replicates the records for each of the associated users (i.e., event invitees in the present example).
- messaging system controller 170 controls messaging system 134 to generate an email comprising an event invitation for the invitee user.
- the event invitation can include the event attributes 404 and/or associated users 406 .
- the unique identifier generated at block 412 is added to a protected header (or other portion) of the email.
- a verification value is generated based at least in part on the unique identifier. This is represented at block 422 .
- the verification value is added to the header (or other portion) of the email and the email is sent to the invitee user at block 426 .
- the method determines whether the owner modifies the record. For example, the owner may decide to change the location or time of the event, cancel the event, and/or add invitees to the event. For instance, the owner may decide to forward the event to one or more additional users to be invited to the event.
- the method verifies the owner by comparing the owner identifier to the event record.
- the record is updated and blocks 416 - 426 can be repeated to replicate the updated record for the other users.
- FIGS. 5-1 and 5-2 are a flow diagram of one example of a method 500 for receiving and processing an event message.
- method 500 will be described in the context of record security component 160 processing an email pertaining to an event in architecture 100 .
- message processing component 174 receives an email (or other message) for a given user pertaining to an event.
- the method determines whether the event record exists. If not, the event record is created in data store 130 . This is represented by block 506 . It is noted that the event creation at block 506 can be automatic. This is represented by block 508 . Alternatively, the user can be prompted for confirmation of the event record creation. This is represented by block 510 .
- message processing component 174 parses the email to identify the unique identifier of the owner and the event attributes. In the example of FIG. 3 , the unique identifier is obtained from field 316 which indicates the sender of the email for which the event record is created.
- the method can use a verification value provided in the email to verify the unique identifier upon which the unique identifier and attributes are stored in the event record. This is represented by block 516 .
- the method proceeds to block 518 in which the method determines whether the email comprises an event message asserting owner privileges. For instance, in one example the method determines whether the email purports to update the meeting attributes, or to cancel the meeting. If the event message does not assert owner privileges (e.g., it is simply an email message from an invitee with information about the event), the method proceeds to block 520 in which the email is delivered to the recipient.
- the email comprises an event message asserting owner privileges. For instance, in one example the method determines whether the email purports to update the meeting attributes, or to cancel the meeting. If the event message does not assert owner privileges (e.g., it is simply an email message from an invitee with information about the event), the method proceeds to block 520 in which the email is delivered to the recipient.
- message processing component 174 parses the email to identify the unique identifier of the sender (e.g., field 316 in FIG. 3 ) and/or a verification value based on the unique identifier (e.g., field 320 in FIG. 3 ).
- the method uses the verification value to verify the unique identifier extracted from the email. This is represented by block 524 . This verification can validate the unique identifier to ensure that it has not been corrupted or tampered with since the email message was generated from the sending email server.
- the method proceeds to block 528 which prevents the event message from modifying the event record. For instance, the email can be blocked or discarded. This is represented by block 530 . In another example, the email is marked at out-of-date or already processed to prevent processing of the message against the event record. This is represented by block 532 . Alternatively, or in addition, a non-delivery report (NDR) or “bounce” message can be sent to the sender of the email to indicate that it has not been processed at the recipient end. This is represented by block 534 .
- NDR non-delivery report
- the method proceeds to block 536 in which the event record is accessed.
- the email received at block 502 can include a meeting identifier that is matched against a meeting ID field 218 for the corresponding record.
- the method determines whether the unique identifier extracted at block 522 corresponds to (e.g., matches) the unique identifier of the owner from the event record. If not, the method proceeds to block 528 to prevent the event message from modifying the event record.
- the method proceeds to block 540 in which the event message is processed to modify the event record. This can be done automatically, which is represented by block 542 . Alternatively, or in addition, the recipient user can be prompted for confirmation as to whether the event message should be processed against the user's event record. This is represented by block 544 .
- system 134 includes a record ownership transfer component 190 configured to facilitate transfer of record ownership within architecture 100 .
- Component 190 includes a messaging system controller 192 , a display system controller 194 , and an ownership discrepancy identification and correction component 196 .
- Messaging system controller 192 is configured to control messaging system 134 , which is discussed in further detail below.
- Display system controller 194 is configured to control display system 136 to generate and render user interface displays that receive user inputs to perform a record ownership transfer.
- Component 190 can include other items 198 as well.
- transfer of record ownership is desired in a variety of different scenarios. For instance, a user who owns a record 150 may leave an organization or change teams within the organization, or may be absent for an extended period of time. In the case of a calendar event, the other event invitees may still conduct the meeting without the owner who originally organized the event. Further, the other event invitees may desire to change the date or time, or add additional invitees to the event, even though the owner is not available to modify the record.
- Record ownership transfer component 190 facilitates transfer of record ownership within security architecture 100 .
- Record ownership can be transfer from the record owner to a user who is currently associated with the record (e.g., a meeting invitee), as well as to a user who is not currently associated with the record (e.g., a user other than a meeting invitee).
- a user who is currently associated with the record e.g., a meeting invitee
- a user who is not currently associated with the record e.g., a user other than a meeting invitee
- an administrator can use record ownership transfer component 190 to access the record 150 and directly change the owner property. This can be done in any of a variety of ways including, but not limited to, a script or other code that is executed at the direction of the administrator. In another example, record ownership transfer can be initiated and performed by the record owner using component 190 .
- FIGS. 6-1 and 6-2 (collectively referred to as FIG. 6 ) is a flow diagram of one example of a method 550 for transferring ownership of a record.
- method 550 will be described in the context of transferring an event record using component 190 in architecture 100 .
- a user interface display is generated for a first user, for a given record, with user input mechanisms.
- the user input mechanisms can comprise mechanisms for modifying details of the record. This is represented by block 554 .
- the user input mechanisms facilitate adding associated users or event invitees, cancelling the event, changing a location or time of the event, etc.
- the user input mechanisms also include user input mechanisms to transfer ownership of the given record. This is represented by block 556 .
- FIG. 7 illustrates one example of a user interface display 600 for a calendar event record.
- User interface display 600 includes a plurality of editable fields 602 for editing details of the record.
- fields 602 includes a people field 604 for adding invitees to the calendar event, date/time fields 606 for setting a date and time of the event and a message field 607 for authoring a message to the invitees.
- User interface display 600 also includes a transfer ownership user input mechanism 608 that is actuatable to initiate a transfer of ownership.
- a user interaction with the user input mechanisms is detected indicating a desire of the first user to transfer ownership of the record to a second user.
- block 558 detects user actuation of user input mechanism 608 and confirms that the first user, who is using user interface display 600 , is actually the owner of the given record. This can be done by accessing the owner property stored on the event record.
- FIG. 8 illustrates one example of a user interface display 610 that is displayed at block 560 .
- User interface display 610 includes a display portion or window 612 that includes a recipient field 614 for receiving an identification of the user to which ownership transfer is being proposed.
- the ownership transfer request is sent to the second user as an email (or other communication).
- a recipient field 614 receives an email address, or other identifier, of the second user.
- Display window 612 also includes a message portion 616 for receiving a textual message (or other content) to be sent to the second user and a user input mechanism 618 for sending the transfer request.
- method 550 detects a user interaction (e.g., with field 614 in FIG. 8 ) that identifies the second user to which record ownership is to be transferred.
- the record of the first user is modified to reflect the proposed ownership change. This can include setting a transfer pending property or flag (represented by block 566 ), storing the unique identifier of the proposed owner (represented by block 568 ), and/or storing a unique identifier of the previous owner (represented by block 570 ).
- FIG. 9 illustrates a set of record properties 620 used to store the information at block 564 , in one example.
- Properties 620 includes a proposed owner property 622 , an owner transfer pending property 624 , and a previous owner property 626 .
- the proposed owner property 622 stores a unique identifier of the proposed owner (i.e., the second user in the example of FIG. 6 ) and the previous owner property 626 stores the unique identifier of the previous owner of the record (i.e., the first user in the present example) from which the ownership is being transferred.
- the owner transfer pending property 624 indicates whether an ownership transfer is pending for the record.
- property 624 can comprise a Boolean value that is set to “true” to indicate that the current owner has initiated an ownership transfer of the record to another user. As discussed in further detail below, property 624 can be subsequently used when a response to the request is received from the proposed owner to verify that the current owner has, in fact, initiated the ownership transfer.
- an email (or other communication) is sent to the second user requesting acceptance of the ownership transfer.
- the email includes the unique identifier of the sender and a request type that is set to indicate that the ownership transfer is in a “proposal” state. This is represented by block 574 .
- FIG. 10 illustrates one example of the set of properties 630 that are included in an ownership transfer request email sent at block 572 .
- the set of properties 630 can be stored, in one example, in a header of the email.
- the set of properties 630 can be stored and sent in another ways as well.
- the set of properties 630 includes a proposed owner property 632 that includes a unique identifier of the user to which the ownership transfer is proposed, and an ownership transfer request type property 634 .
- Property 634 indicates the current status of the ownership transfer, and is used by the recipient's system to facilitate a response to the sender.
- property 634 is set as “proposal” to indicate that the proposed owner identified by property 632 is the proposed owner and the message requires a response to accept or decline the proposed ownership transfer.
- FIG. 11 illustrates one example of a user interface display 640 that can be displayed at block 576 .
- User interface display 640 includes a display portion 642 that identifies details of the record, as well as user input mechanisms 646 for the proposed owner to accept or decline the transfer of ownership.
- a user interaction with the user input mechanisms is detected indicating whether ownership transfer is accepted by the proposed owner.
- the second user can select user input mechanism 648 , shown in FIG. 11 , to accept the ownership transfer.
- an email (or other communication) is sent to the first user indicating whether the ownership transfer is accepted or declined by the proposed owner. This is represented by block 580 .
- the system of the first user receives the email sent at block 580 , and confirms that the email is received from the second user and that the transfer request type is set such that it indicates that an ownership transfer is pending.
- block 582 confirms that the sender of the email from block 580 matches the proposed owner property 622 and the ownership transfer pending property 624 is set to “true”, thereby indicating that the current owner has in fact initiated the ownership transfer. As such, this can prevent a non-owner user from unilaterally initiating and performing an ownership transfer of a record without knowledge of or input by actual current owner of the record.
- the method proceeds to block 586 in which the record of the first user is updated. In one example, this includes setting the owner property 212 in the example of FIG. 2 , to indicate the second user as the new owner of the record and changing the owner transfer pending property 624 to indicate that an ownership transfer is no longer pending.
- an email (or other communication) is sent to each of the associated users (i.e., the event invitees) to update those user's records as well, to reflect the ownership change.
- the email sent at block 588 includes the set of properties 630 , with the new owner (i.e., the second user) identified by property 632 and the ownership transfer request type property 634 set as “enacting”, to distinguish the message from the initial ownership transfer message sent at block 572 . This is represented by block 590 .
- the associated users' system(s) process the email sent at block 588 to compare the unique identifier of the sender to the current owner property to verify that the transfer request came from the current owner of the record (i.e., the first user in the present example). In response to this comparison, the users' system(s) modify the record to change to owner property to reflect the new user as the record owner.
- the ownership transfer can be initiated by the non-owner second user. That is, in this example method 550 begins at block 580 in which the second user indicates a desire to take ownership of the record, upon which the second user's system sends an email (or other communication) to the first user requesting that the first user transfer record ownership to the second user.
- ownership discrepancy identification and correction component 196 is configured to identify discrepancies in record ownership between the associated users.
- the email sent at block 588 may fail for some or all of the event invitees, resulting in a failure of the records of those invitee(s) to update to reflect the new record owner.
- the records for some invitee users may properly indicate the second user as the owner of the record, while the records of other invitees may continue to improperly list the first user as still being the owner of the record.
- Component 196 is configured to analyze or otherwise access the records of each user and to correct a discrepancy in record ownership.
- component 196 is configured to roll back the owner property using the previous owner property 626 illustrated in the example of FIG. 9 .
- system 134 includes a record co-owner assignment component 191 configured to facilitate assignment of co-ownership within architecture 100 .
- Component 191 includes a messaging system controller 193 , a display system controller 195 , and can include other items 197 as well.
- Messaging system controller 193 is configured to control messaging system 134 , which is discussed in further detail below.
- Display system controller 195 is configured to control display system 136 to generate and render user interface displays that receive user inputs to perform a record co-ownership assignment.
- co-ownership of a record is desired in a variety of different scenarios.
- a first user creates a record, such as a calendar event record, and desires that one or more other users, such as event invitees, have co-ownership over the record.
- a co-owner is a user who has at least a basic or primitive set of privileges over the record.
- a co-owner can have a same, full set of ownership privileges as the owner (e.g., privileges to create, update, and delete the record), or can have a reduced set of privileges (e.g., privileges to only update the record, a specific type of update privilege, etc.).
- a co-owner in the illustrated example, is not required to have the same ownership privileges as the original owner of the record.
- multiple users can be assigned as co-owners with different sets of privileges. For instance, one user can be assigned as a co-owner with update privileges that allow the user to update the event record and to add additional associated users or invitees, and another user can be assigned as a co-owner with privileges that allow the user to delete the event record. This, of course, is by way of example only.
- FIG. 12 is a flow diagram of one example of a method 650 for assigning co-owner(s) to a record.
- method 650 will be described in the context of assigning a co-owner to a record using component 191 in architecture 100 .
- an indication is detected that the owner of a particular record desires for a co-ownership assignment of the particular record. For instance, a first user 104 who is the owner of a given calendar event record desires to assign co-ownership to a second user 106 . In one example, the first user selects a user input mechanism 609 illustrated in FIG. 7 to initiate co-ownership assignment of the displayed record.
- a co-owner assignment user interface display is generated with co-owner assignment user input mechanism(s). This is represented by block 654 in FIG. 12 .
- user interaction with the co-owner assignment user input mechanism(s) is detected assigning co-owner(s) to the particular record. This can include selecting one or more users at block 658 and defining a set of one or more privileges for each of the users at block 660 .
- FIG. 13 illustrates one example of a co-owner assignment user interface display 700 that is displayed at block 654 .
- User interface display 700 includes fields 702 that display details of the record (i.e., a calendar event record in the present example).
- User interface display 700 also includes user input mechanisms 704 for assigning one or more co-owners to the given record.
- User input mechanisms 704 include a user field 706 for entering or otherwise selecting a user to assign to the record as a co-owner.
- field 706 comprises a drop down menu that lists a set of selectable users. For instance, the set of users can comprise invitees of the calendar event.
- a set of ownership privileges user input mechanisms 708 are provided allowing the user to select which ownership privileges the co-owner will be granted. For instance, the user can grant the co-owner all ownership privileges using input mechanisms 710 , a change location ownership privilege 711 that allows the co-owner to change the location of the calendar event, a change date/time ownership privilege 712 that allows the co-owner to change the date and/or time of the calendar event, and a modify invitee(s) ownership privilege 713 that allows the co-owner to modify invitees of the calendar event.
- Other ownership privileges 714 can be provided as well. These, of course, are examples only.
- the user can actuate element 715 to add the user to the list 716 of assigned co-owners. From list 716 , the user can edit the assigned co-owners and their associated privileges as well as delete a co-owner using the corresponding delete user input mechanisms 717 or 718 .
- an email (or other communication) is sent to each of the selected users prompting the user to accept the co-owner assignment.
- a co-owner assignment pending property or flag can be set on the record to indicate that the co-owner assignment is pending. This is represented by block 664 .
- the co-owner assignment pending property can be used by the owner's system to verify that the co-owner assignment was initiated by the owner and is currently pending in order to process the responses received from the proposed co-owners.
- FIG. 14 illustrates one example of a user interface display 720 that is presented to a proposed co-owner and prompts the proposed co-owner to accept the co-owner assignment.
- User interface display 720 includes a display portion 722 that identifies details of the record, as well as user input mechanisms 724 for the proposed co-owner to accept or decline the co-owner assignment.
- user interface display 720 can display the particular set of ownership privileges to be granted to the co-owner in a display portion 726 .
- response(s) are received from the proposed co-owner(s).
- the responses are verified, for example by determining that the co-owner assignment pending property indicates that the co-owner assignment is pending (block 670 ) and verifying the sender (block 672 ).
- the owner's system analyzes the received response to locate an identifier of the sender and compare the identifier to a co-owner property on the owner's record. In other words, block 668 verifies that the co-owner acceptance is received from the proper user.
- the owner's record is modified to reflect the co-owner(s) and their associated privilege(s).
- FIG. 15 illustrates a set of record properties 740 used to store the information at block 674 , in one example.
- Properties 740 includes a co-owner assignment pending property, which can be set at block 664 in FIG. 12 .
- Properties 740 also includes a co-owner property 744 that identifies an assigned co-owner to the record, and an associated privileges property 746 that identifies the privileges granted to the co-owner identified by property 744 . If more than one user is assigned as a co-owner, properties 740 can include an additional co-owner property 748 and associated privileges properties 750 . Of course, more than two users can be assigned as co-owners to a given record.
- property 744 identities user 106 and property 746 indicates that user 106 has privileges to update the details of the record, but not to delete the record
- property 748 identifies that user 108 is a co-owner of the record
- properties 750 indicates that user 108 can delete the record.
- the owner can remove one or more of the co-owners from the record, if desired.
- the owner may desire to remove the first co-owner identified in property 746 . If so, the method modifies the record to reflect this change by removing the co-owner from the record. In this manner, an owner can easily remove a co-owner from the record by, in this example, only changing the owner's record without having to propagate the change to all of the associated users. This can enhance security and reduce latency for co-ownership changes.
- FIG. 16 is a flow diagram of one example of a method 760 in which a co-owner initiates a record modification.
- method 760 will be described in the context of record generation and processing system 134 of architecture 100 .
- a user interface display is generated for the co-owner user (e.g., user 106 ), for a given record, with user input mechanisms.
- the user input mechanisms can comprise mechanisms for modifying details of the record. This is represented by block 764 . For instance, in the case of a calendar event record, the user input mechanisms facilitate adding associated users or event invitees, cancelling the event, changing a location or time of the event, etc.
- the user input mechanisms can also include mechanisms for transferring ownership of the given record or inviting additional co-owners to be assigned to the record. This is represented by block 766 .
- the display generated at block 762 can be similar to user interface display 600 , illustrated in FIG. 7 .
- a user interaction is detected that modifies the given record.
- the co-owner can update the record (block 770 ) or delete the record (block 772 ).
- the system of the co-owner identifies the owner of the given record.
- the system analyzes the owner property (e.g., owner property 212 in the example of FIG. 12 ). Then, the system sends an email (or other communication) to the owner with a record modification request that is based on the detected modification at block 768 . This is represented by block 776 .
- FIG. 17 is a flow diagram of one example of a method 800 for receiving a record modification request from a co-owner and propagating the modification request to associated users.
- method 800 will be described in the context of a record modification request for a calendar event record, having a set of event invitees.
- the request is received by an owner user (e.g., user 104 ) from a co-owner user (e.g., user 106 ).
- the record modification request sent by the co-owner at block 776 in FIG. 16 is received by the system of the owner.
- the record modification request us analyzed to identify the identity of the sender (e.g., to identify that user 106 sent the request).
- block 804 analyzes a protected email header to identify the sender of the request.
- Block 804 also identifies the particular record to which the record modification request pertains.
- the method determines whether the sender of the request is identified as a co-owner of the particular record for which the record modification request pertains. In one example, block 806 compares the unique identifier of the sender to the co-owner property stored in association with the particular record. If the sender is not a co-owner of the record, the method proceeds to block 808 in which the request is prevented from modifying the record. For instance, the email can be blocked or discarded, or marked out of date or already processed.
- the method proceeds to block 810 in which the method determines whether the co-owner has the requested privileges. For instance, if the received request requests cancellation of the event record, block 810 determines whether the co-owner has been granted ownership privileges that allow the user to cancel the record.
- the owner can be prompted to moderate the request.
- a user interface display can be presented to the owner that allows the owner to accept the modification (block 813 ), modify the proposed record modification (block 814 ), or to delete the request (block 815 ).
- a co-owner sends a request to change the time of an event record from 2:00 PM to 4:00 PM.
- the owner can modify this request by changing the time to 3:00 PM.
- a co-owner sends a request to add three invitees to the event record.
- the owner can accept remove one of the invitees while accepting the other two invitees to the event record.
- the owner's record is modified based on the request, and the request is propagated to the associated users at block 818 .
- the request is propagated by the owner's system generating an email (or other communication) that is sent to all of the associated users (e.g., event invitees) to replicate the record modification in the system(s) of those users.
- One example of replicating a record for associated users is illustrated at blocks 418 - 426 in FIG. 4 .
- the request to the associated users includes the unique identifier of the owner of the record owner. This is represented by block 819 . In this manner, the associated users' system(s) identify the record modification request as coming from the original owner and process the request accordingly.
- FIG. 18 is a block diagram of one example of an architecture 820 in which users utilize different server systems.
- user 104 uses client device 110 and user 108 uses client device 114 to access a server system 822 .
- Server system 822 includes a calendar server 824 and an email server 826 which are, in one example, similar to systems 132 and 134 discussed above with respect to FIG. 1 .
- a data store 828 stores event records 830 for users 104 and 108 .
- Server system 822 communicates with a server system 832 over a network 835 , such as the Internet.
- Server system 832 is accessed by a user 834 using a client device 836 and user 838 using a client device 840 .
- Server system 832 includes a calendar server 842 and an email server 844 which are, in one example, similar to systems 132 and 134 discussed above with respect to FIG. 1 .
- a data store 846 stores event records 848 for users 834 and 838 .
- the present discussion provides significant technical advantages.
- the security architecture provides protection to prevent users from taking ownership of the records incorrectly, thereby hijacking the records to assert ownership privileges to which the users should not have access to.
- the architecture prevents users from being incorrectly recognized as the event organizer, or record owner, and validates meeting messages to prevent the messages from being processed against the event records if the meeting message is not coming from a legitimate owner of the record. This keeps the records secure while reducing or preventing inadvertent data loss, for example by preventing meetings from being erroneously cancelled or modified.
- the architecture provides a framework to protect the transmission of the unique identifiers to prevent the identifier from being spoofed.
- processors and servers include computer processors with associated memory and timing circuitry, not separately shown. They are functional parts of the systems or devices to which they belong and are activated by, and facilitate the functionality of the other components or items in those systems.
- the user actuatable input mechanisms can be text boxes, check boxes, icons, links, drop-down menus, search boxes, et cetera. They can also be actuated in a wide variety of different ways. For instance, they can be actuated using a point and click device (such as a track ball or mouse). They can be actuated using hardware buttons, switches, a joystick or keyboard, thumb switches or thumb pads, et cetera. They can also be actuated using a virtual keyboard or other virtual actuators. In addition, where the screen on which they are displayed is a touch sensitive screen, they can be actuated using touch gestures. Also, where the device that displays them has speech recognition components, they can be actuated using speech commands.
- a number of data stores have also been discussed. It will be noted they can each be broken into multiple data stores. All can be local to the systems accessing them, all can be remote, or some can be local while others are remote. All of these configurations are contemplated herein.
- the figures show a number of blocks with functionality ascribed to each block. It will be noted that fewer blocks can be used so the functionality is performed by fewer components. Also, more blocks can be used with the functionality distributed among more components.
- FIG. 19 is a block diagram of a cloud computing architecture 850 .
- Cloud computing provides computation, software, data access, and storage services that do not require end-user knowledge of the physical location or configuration of the system that delivers the services.
- cloud computing delivers the services over a wide area network, such as the internet, using appropriate protocols.
- cloud computing providers deliver applications over a wide area network and they can be accessed through a web browser or any other computing component.
- Software or components of architecture 100 as well as the corresponding data can be stored on servers at a remote location.
- the computing resources in a cloud computing environment can be consolidated at a remote data center location or they can be dispersed.
- Cloud computing infrastructures can deliver services through shared data centers, even though they appear as a single point of access for the user.
- the components and functions described herein can be provided from a service provider at a remote location using a cloud computing architecture.
- they can be provided from a conventional server, or they can be installed on client devices directly, or in other ways.
- Cloud computing both public and private provides substantially seamless pooling of resources, as well as a reduced need to manage and configure underlying hardware infrastructure.
- a public cloud is managed by a vendor and typically supports multiple consumers using the same infrastructure. Also, a public cloud, as opposed to a private cloud, can free up the end users from managing the hardware.
- a private cloud may be managed by the organization itself and the infrastructure is typically not shared with other organizations. The organization still maintains the hardware to some extent, such as installations and repairs, et cetera.
- FIG. 19 specifically shows that some or all components of architecture 100 are located in cloud 852 (which can be public, private, or a combination where portions are public while others are private). Therefore, user 854 (e.g., users 104 , 106 , and/or 108 ) uses a user device 856 (e.g., client devices 110 , 112 , and/or 114 ) to access those components through cloud 852 .
- cloud 852 which can be public, private, or a combination where portions are public while others are private. Therefore, user 854 (e.g., users 104 , 106 , and/or 108 ) uses a user device 856 (e.g., client devices 110 , 112 , and/or 114 ) to access those components through cloud 852 .
- user device 856 e.g., client devices 110 , 112 , and/or 114
- FIG. 19 also depicts another embodiment of a cloud architecture.
- FIG. 19 shows that it is also contemplated that some elements of architecture 100 are disposed in cloud 852 while others are not.
- data store 130 can be disposed outside of cloud 852 , and accessed through cloud 852 .
- record generation and processing system 132 can be disposed outside of cloud 852 , and accessed through cloud 852 .
- messaging system 134 can be disposed outside of cloud 852 , and accessed through cloud 852 .
- display system 136 can be disposed outside of cloud 852 , and accessed through cloud 852 .
- at least some components of computing system 102 can be disposed on user device 856 . This is represented by block 858 .
- the elements of architecture 100 can be accessed directly by device 856 , through a network (either a wide area network or a local area network), they can be hosted at a remote site by a service, or they can be provided as a service through a cloud or accessed by a connection service that resides in the cloud. All of these architectures are contemplated herein.
- architecture 100 can be disposed on a wide variety of different devices. Some of those devices include servers, desktop computers, laptop computers, tablet computers, or other mobile devices, such as palm top computers, cell phones, smart phones, multimedia players, personal digital assistants, et cetera.
- FIG. 20 is a simplified block diagram of one illustrative embodiment of a handheld or mobile computing device that can be used as a user's or client's hand held device 16 , in which the present system (or parts of it) can be deployed.
- FIGS. 21-22 are examples of handheld or mobile devices.
- FIG. 20 provides a general block diagram of the components of a client device 16 that can run components of architecture 100 or that interacts with architecture 100 , or both.
- a communications link 13 is provided that allows the handheld device to communicate with other computing devices and under some embodiments provides a channel for receiving information automatically, such as by scanning.
- Examples of communications link 13 include an infrared port, a serial/USB port, a cable network port such as an Ethernet port, and a wireless network port allowing communication though one or more communication protocols including General Packet Radio Service (GPRS), LTE, HSPA, HSPA+ and other 3G and 4G radio protocols, 1Xrtt, and Short Message Service, which are wireless services used to provide cellular access to a network, as well as 802.11 and 802.11b (Wi-Fi) protocols, and Bluetooth protocol, which provide local wireless connections to networks.
- GPRS General Packet Radio Service
- LTE Long Term Evolution
- HSPA High Speed Packet Access
- HSPA+ High Speed Packet Access Plus
- 1Xrtt 3G and 4G radio protocols
- 1Xrtt 1Xrtt
- Short Message Service Short Message Service
- SD card interface 15 Secure Digital
- communication links 13 communicate with a processor 17 along a bus 19 that is also connected to memory 21 and input/output (I/O) components 23 , as well as clock 25 and location system 27 .
- I/O input/output
- I/O components 23 are provided to facilitate input and output operations.
- I/O components 23 for various embodiments of the device 16 can include input components such as buttons, touch sensors, multi-touch sensors, optical or video sensors, voice sensors, touch screens, proximity sensors, microphones, tilt sensors, and gravity switches and output components such as a display device, a speaker, and or a printer port.
- Other I/O components 23 can be used as well.
- Clock 25 illustratively comprises a real time clock component that outputs a time and date. It can also, illustratively, provide timing functions for processor 17 .
- Location system 27 illustratively includes a component that outputs a current geographical location of device 16 .
- This can include, for instance, a global positioning system (GPS) receiver, a LORAN system, a dead reckoning system, a cellular triangulation system, or other positioning system. It can also include, for example, mapping software or navigation software that generates desired maps, navigation routes and other geographic functions.
- GPS global positioning system
- Memory 21 stores operating system 29 , network settings 31 , applications 33 , application configuration settings 35 , data store 37 , communication drivers 39 , and communication configuration settings 41 .
- Memory 21 can include all types of tangible volatile and non-volatile computer-readable memory devices. It can also include computer storage media (described below).
- Memory 21 stores computer readable instructions that, when executed by processor 17 , cause the processor to perform computer-implemented steps or functions according to the instructions. Items in data store 128 , for example, can reside in memory 21 .
- device 16 can have a client system 24 which can run various business applications. Processor 17 can be activated by other components to facilitate their functionality as well.
- Examples of the network settings 31 include things such as proxy information, Internet connection information, and mappings.
- Application configuration settings 35 include settings that tailor the application for a specific enterprise or user.
- Communication configuration settings 41 provide parameters for communicating with other computers and include items such as GPRS parameters, SMS parameters, connection user names and passwords.
- Applications 33 can be applications that have previously been stored on the device 16 or applications that are installed during use, although these can be part of operating system 29 , or hosted external to device 16 , as well.
- FIG. 21 shows one embodiment in which device 16 is a tablet computer 890 .
- computer 890 is shown with user interface display displayed on the display screen 892 .
- Screen 892 can be a touch screen (so touch gestures from a user's finger can be used to interact with the application) or a pen-enabled interface that receives inputs from a pen or stylus. It can also use an on-screen virtual keyboard. Of course, it might also be attached to a keyboard or other user input device through a suitable attachment mechanism, such as a wireless link or USB port, for instance.
- Computer 890 can also illustratively receive voice inputs as well.
- Device 16 can be a feature phone, smart phone or mobile phone.
- the phone includes a set of keypads for dialing phone numbers, a display capable of displaying images including application images, icons, web pages, photographs, and video, and control buttons for selecting items shown on the display.
- the phone includes an antenna for receiving cellular phone signals such as General Packet Radio Service (GPRS) and 1Xrtt, and Short Message Service (SMS) signals.
- GPRS General Packet Radio Service
- 1Xrtt 1Xrtt
- SMS Short Message Service
- phone also includes a Secure Digital (SD) card slot that accepts a SD card.
- SD Secure Digital
- the mobile device can be personal digital assistant (PDA) or a multimedia player or a tablet computing device, et cetera (hereinafter referred to as a PDA).
- PDA personal digital assistant
- the PDA can include an inductive screen that senses the position of a stylus (or other pointers, such as a user's finger) when the stylus is positioned over the screen. This allows the user to select, highlight, and move items on the screen as well as draw and write.
- the PDA also includes a number of user input keys or buttons which allow the user to scroll through menu options or other display options which are displayed on the display, and allow the user to change applications or select user input functions, without contacting the display.
- the PDA can include an internal antenna and an infrared transmitter/receiver that allow for wireless communication with other computers as well as connection ports that allow for hardware connections to other computing devices. Such hardware connections are typically made through a cradle that connects to the other computer through a serial or USB port. As such, these connections are non-network connections.
- mobile device also includes a SD card slot that accepts a SD card.
- FIG. 22 shows that the phone is a smart phone 71 .
- Smart phone 71 has a touch sensitive display 73 that displays icons or tiles or other user input mechanisms 75 .
- Mechanisms 75 can be used by a user to run applications, make calls, perform data transfer operations, et cetera.
- smart phone 71 is built on a mobile operating system and offers more advanced computing capability and connectivity than a feature phone.
- FIG. 23 is one embodiment of a computing environment in which architecture 100 , or parts of it, (for example) can be deployed.
- an exemplary system for implementing some embodiments includes a general-purpose computing device in the form of a computer 910 .
- Components of computer 910 may include, but are not limited to, a processing unit 920 , a system memory 930 , and a system bus 921 that couples various system components including the system memory to the processing unit 920 .
- the system bus 921 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures.
- such architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus also known as Mezzanine bus.
- ISA Industry Standard Architecture
- MCA Micro Channel Architecture
- EISA Enhanced ISA
- VESA Video Electronics Standards Association
- PCI Peripheral Component Interconnect
- Computer 910 typically includes a variety of computer readable media.
- Computer readable media can be any available media that can be accessed by computer 910 and includes both volatile and nonvolatile media, removable and non-removable media.
- Computer readable media may comprise computer storage media and communication media.
- Computer storage media is different from, and does not include, a modulated data signal or carrier wave. It includes hardware storage media including both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data.
- Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed by computer 910 .
- Communication media typically embodies computer readable instructions, data structures, program modules or other data in a transport mechanism and includes any information delivery media.
- modulated data signal means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal.
- communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of any of the above should also be included within the scope of computer readable media.
- the system memory 930 includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) 931 and random access memory (RAM) 932 .
- ROM read only memory
- RAM random access memory
- BIOS basic input/output system
- RAM 932 typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processing unit 920 .
- FIG. 23 illustrates operating system 934 , application programs 935 , other program modules 936 , and program data 937 .
- the computer 910 may also include other removable/non-removable volatile/nonvolatile computer storage media.
- FIG. 23 illustrates a hard disk drive 941 that reads from or writes to non-removable, nonvolatile magnetic media, a magnetic disk drive 951 that reads from or writes to a removable, nonvolatile magnetic disk 952 , and an optical disk drive 955 that reads from or writes to a removable, nonvolatile optical disk 956 such as a CD ROM or other optical media.
- removable/non-removable, volatile/nonvolatile computer storage media that can be used in the exemplary operating environment include, but are not limited to, magnetic tape cassettes, flash memory cards, digital versatile disks, digital video tape, solid state RAM, solid state ROM, and the like.
- the hard disk drive 941 is typically connected to the system bus 921 through a non-removable memory interface such as interface 940
- magnetic disk drive 951 and optical disk drive 955 are typically connected to the system bus 921 by a removable memory interface, such as interface 950 .
- the functionality described herein can be performed, at least in part, by one or more hardware logic components.
- illustrative types of hardware logic components include Field-programmable Gate Arrays (FPGAs), Program-specific Integrated Circuits (ASICs), Program-specific Standard Products (ASSPs), System-on-a-chip systems (SOCs), Complex Programmable Logic Devices (CPLDs), et cetera.
- FPGAs Field-programmable Gate Arrays
- ASICs Program-specific Integrated Circuits
- ASSPs Program-specific Standard Products
- SOCs System-on-a-chip systems
- CPLDs Complex Programmable Logic Devices
- the drives and their associated computer storage media discussed above and illustrated in FIG. 23 provide storage of computer readable instructions, data structures, program modules and other data for the computer 910 .
- hard disk drive 941 is illustrated as storing operating system 944 , application programs 945 , other program modules 946 , and program data 947 .
- operating system 944 application programs 945 , other program modules 946 , and program data 947 are given different numbers here to illustrate that, at a minimum, they are different copies.
- a user may enter commands and information into the computer 910 through input devices such as a keyboard 962 , a microphone 963 , and a pointing device 961 , such as a mouse, trackball or touch pad.
- Other input devices may include a joystick, game pad, satellite dish, scanner, or the like.
- These and other input devices are often connected to the processing unit 920 through a user input interface 960 that is coupled to the system bus, but may be connected by other interface and bus structures, such as a parallel port, game port or a universal serial bus (USB).
- a visual display 991 or other type of display device is also connected to the system bus 921 via an interface, such as a video interface 990 .
- computers may also include other peripheral output devices such as speakers 997 and printer 996 , which may be connected through an output peripheral interface 995 .
- the computer 910 is operated in a networked environment using logical connections to one or more remote computers, such as a remote computer 980 .
- the remote computer 980 may be a personal computer, a hand-held device, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to the computer 910 .
- the logical connections depicted in FIG. 23 include a local area network (LAN) 971 and a wide area network (WAN) 973 , but may also include other networks.
- LAN local area network
- WAN wide area network
- Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet.
- the computer 910 When used in a LAN networking environment, the computer 910 is connected to the LAN 971 through a network interface or adapter 970 .
- the computer 910 When used in a WAN networking environment, the computer 910 typically includes a modem 972 or other means for establishing communications over the WAN 973 , such as the Internet.
- the modem 972 which may be internal or external, may be connected to the system bus 921 via the user input interface 960 , or other appropriate mechanism.
- program modules depicted relative to the computer 910 may be stored in the remote memory storage device.
- FIG. 23 illustrates remote application programs 985 as residing on remote computer 980 . It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used.
- Example 1 is a computing system record security architecture comprising a record generation component configured to generate a record in a computing system, the record identifying a set of users associated with the record, and having an owner property that identifies a first user as an owner of the record, a co-owner assignment component configured to receive a co-owner assignment request, from the first user, to assign a second user to the record as a co-owner, and a record security component configured to receive a record modification request, from the second user, that requests a modification to the record, and to propagate the record modification request to the set of users with a unique identifier that identifies the first user.
- Example 2 is the computing system record security architecture of any or all previous examples, wherein the unique identifier identifies the first user as a sender of the record modification request.
- Example 3 is the computing system record security architecture of any or all previous examples, wherein the co-owner assignment component is configured to store a co-owner property in association with the record that identifies the second user as a co-owner of the record, and the record security component is configured to process the record modification request, received from the second user, by analyzing an identifier in the record modification request relative to the co-owner property.
- the co-owner assignment component is configured to store a co-owner property in association with the record that identifies the second user as a co-owner of the record
- the record security component is configured to process the record modification request, received from the second user, by analyzing an identifier in the record modification request relative to the co-owner property.
- Example 4 is the computing system record security architecture of any or all previous examples, wherein the co-owner assignment component is configured to receive a request, from the first user, to remove the second user as a co-owner of the record and, in response, modify the co-owner property associated with the record.
- Example 5 is the computing system record security architecture of any or all previous examples, wherein the owner property comprises the unique identifier of the first user.
- Example 6 is the computing system record security architecture of any or all previous examples, and further comprising a record replication component configured to send a record replication request to the set of users associated with the record, wherein the record replication request includes a set of attributes for the record and the unique identifier that uniquely identifies the first user as the owner of the record.
- a record replication component configured to send a record replication request to the set of users associated with the record, wherein the record replication request includes a set of attributes for the record and the unique identifier that uniquely identifies the first user as the owner of the record.
- Example 7 is the computing system record security architecture of any or all previous examples, wherein the requested modification to the record comprises at least one of updating the record or deleting the record.
- Example 8 is the computing system record security architecture of any or all previous examples, wherein the record security component is configured to control modification of the record based on the owner property of the record.
- Example 9 is the computing system record security architecture of any or all previous examples, wherein the record security component is configured to prevent the requested modification to the record based on a comparison of the owner property and an identifier in the record modification request from the second user.
- Example 10 is the computing system record security architecture of any or all previous examples, wherein the record security component is configured to propagate the record modification request to the set of users by sending an email to each of the associated users, the email including a protected header that is controlled by an email server and includes the unique identifier of the first user.
- Example 11 is the computing system record security architecture of any or all previous examples, wherein the record comprises an event record and the set of users comprise event invitees.
- Example 12 is the computing system record security architecture of any or all previous examples, wherein the set of users includes the second user.
- Example 13 is the computing system record security architecture of any or all previous examples, and further comprising a display system configured to generate a co-owner assignment user interface display with a co-owner assignment user input mechanism, and to detect user interaction with the co-owner assignment user input mechanism that identifies the second user to assign to the record as a co-owner.
- Example 14 is the computing system record security architecture of any or all previous examples, wherein the co-owner assignment user interface display includes an ownership privileges user input mechanism configured to receive a user input from the first user that identifies ownership privileges of the second user relative to the record.
- the co-owner assignment user interface display includes an ownership privileges user input mechanism configured to receive a user input from the first user that identifies ownership privileges of the second user relative to the record.
- Example 15 is the computing system record security architecture of any or all previous examples, wherein the first user has a first set of ownership privileges relative to the record, and the co-owner has a second set of the ownership privileges that is different than the first set of ownership privileges.
- Example 16 is the computing system record security architecture of any or all previous examples, wherein the second set of ownership privileges comprises a subset of the first set of ownership privileges.
- Example 17 is a computer-implemented method comprising generating a record in a computing system, the record identifying a set of users associated with the record, and having an owner property that identifies a first user as an owner of the record, receiving a request, from the first user, to assign a second user to the record as a co-owner, and receiving a record modification request, from the second user, that requests a modification to the record, and propagating the record modification request to the set of users with a unique identifier that identifies the first user as a sender of the record modification request.
- Example 18 is the computer-implemented method of any or all previous, and further comprising storing a co-owner property in association with the record that identifies the second user as a co-owner of the record, and processing the record modification request, received from the second user, by analyzing an identifier in the record modification request relative to the co-owner property.
- Example 19 is the computer-implemented method of any or all previous, and further comprising receiving a request, from the first user, to remove the second user as a co-owner of the record and, in response, modifying the co-owner property associated with the record.
- Example 20 is a computing system record security architecture comprising a record generation component configured to generate a record in a computing system, the record identifying a set of users associated with the record, and having an owner property that identifies a first user as an owner of the record, a co-owner assignment component configured to receive a request, from the first user, to assign a second user to the record as a co-owner, and to store a co-owner property in association with the record that identifies the second user as a co-owner of the record, and a record security component configured to receive a record modification request, from the second user, that requests a modification to the record, and to propagate the record modification request to the set of users with a unique identifier that identifies the first user, wherein the co-owner assignment component is configured to receive a request, from the first user, to remove the second user as a co-owner of the record and, in response, modify the co-owner property associated with the record.
- a record generation component configured to generate a record in a computing
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Entrepreneurship & Innovation (AREA)
- Strategic Management (AREA)
- Signal Processing (AREA)
- Computer Networks & Wireless Communication (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Bioethics (AREA)
- Computing Systems (AREA)
- Software Systems (AREA)
- Economics (AREA)
- Marketing (AREA)
- Operations Research (AREA)
- Quality & Reliability (AREA)
- Tourism & Hospitality (AREA)
- General Business, Economics & Management (AREA)
- Data Mining & Analysis (AREA)
- Medical Informatics (AREA)
- Databases & Information Systems (AREA)
- Multimedia (AREA)
- Information Transfer Between Computers (AREA)
Abstract
A computing system record security architecture comprises, in one example, a record generation component configured to generate a record in a computing system, the record identifying a set of users associated with the record, and having an owner property that identifies a first user as an owner of the record, a co-owner assignment component configured to receive a co-owner assignment request, from the first user, to assign a second user to the record as a co-owner, and a record security component configured to receive a record modification request, from the second user, that requests a modification to the record, and to propagate the record modification request to the set of users with a unique identifier that identifies the first user.
Description
- The present application is a continuation of and claims priority of U.S. patent application Ser. No. 14/850,466, filed Sep. 10, 2015, which is based on and claims the benefit of U.S. provisional patent application Ser. No. 62/211,283, filed Aug. 28, 2015, the contents of which are hereby incorporated by reference in their entirety.
- Computing systems are currently in wide use. As one example, a computing system stores data as entities or other data records, and commonly includes process functionality that facilitates performing various processes or tasks on the data. Users log into or otherwise access the computing system in order to perform the processes and tasks. The data can include user data as well as entities or records that are used to describe various aspects of the computing system.
- The data records (or entities) can be of any of a variety of different types. For example, in an enterprise system such as a customer resource management (CRM) or enterprise resource planning (ERP) system, a record can comprise data for an organization. Some examples include sales records, customer records, opportunity records, employee records, etc. In the context of a calendaring application, for example, an event record includes data for a particular event, such as a meeting. In one particular example, a meeting record can define a date, time, location, subject matter or description, as well as associated users or invitees for a meeting event.
- The discussion above is merely provided for general background information and is not intended to be used as an aid in determining the scope of the claimed subject matter.
- A computing system record security architecture comprises, in one example, a record generation component configured to generate a record in a computing system, the record identifying a set of users associated with the record, and having an owner property that identifies a first user as an owner of the record, a co-owner assignment component configured to receive a co-owner assignment request, from the first user, to assign a second user to the record as a co-owner, and a record security component configured to receive a record modification request, from the second user, that requests a modification to the record, and to propagate the record modification request to the set of users with a unique identifier that identifies the first user.
- This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter. The claimed subject matter is not limited to implementations that solve any or all disadvantages noted in the background.
-
FIG. 1 is a block diagram of one example of a computing system record security architecture. -
FIG. 2 illustrates one example of a meeting record. -
FIG. 3 illustrates one example of an email header having a set of fields. -
FIG. 4 is a flow diagram illustrating one example of a method for generating a record. -
FIGS. 5-1 and 5-2 are a flow diagram of one example of a method for receiving and processing an event message. -
FIGS. 6-1 and 6-2 is a flow diagram of one example of a method for transferring ownership of a record. -
FIG. 7 illustrates one example of a user interface display for a calendar event record. -
FIG. 8 illustrates one example of a record owner transfer initiation user interface display. -
FIG. 9 illustrates a set of record properties for reflecting a proposed ownership change, in one example. -
FIG. 10 illustrates one example of a set of properties for an ownership transfer request email. -
FIG. 11 illustrates one example of a record transfer acceptance user interface display. -
FIG. 12 is a flow diagram of one example of a method for assigning co-ownership to a record. -
FIG. 13 illustrates one example of a co-owner assignment user interface display. -
FIG. 14 illustrates one example of a user interface display that is presented to a proposed co-owner. -
FIG. 15 illustrates a set of record properties, in one example. -
FIG. 16 is a flow diagram of one example of a method in which a co-owner initiates a record modification. -
FIG. 17 is a flow diagram of one example of a method for receiving a record modification request from a co-owner and propagating the modification request to other associated user(s). -
FIG. 18 is a block diagram of one example of an architecture in which users utilize different server systems. -
FIG. 19 is a block diagram showing one example of the architecture illustrated inFIG. 1 , deployed in a cloud computing architecture. -
FIGS. 20-22 show various examples of mobile devices that can be used with the architecture shown inFIG. 1 . -
FIG. 23 is a block diagram of one example computing environment. - The present disclosure generally relates to a security architecture for creating computing system records and enforcing record ownership privileges. Before describing embodiments of the security architecture in detail, a brief overview of record creation and ownership will be provided for the sake of illustration, but not by limitation.
- In one particular example, a first user creates an event record (e.g., a meeting record) by defining a set of attributes, including a set of invitees and other event data such as location, data, time, etc. This event record is stored in the first user's system, and an event message comprising a record generation request is sent to the invitees. For instance, the first user's email server sends an email to the email server(s) of the invitees to replicate the event record in the invitees' system(s) as well. This type of architecture is often referred to as an email replication system, as opposed to a system that uses cross-server calls directly between servers. It is noted that the mailboxes of the invitees can be on the same server and/or different servers from the first user.
- The first user is considered the event organizer, and thus the owner of the event record. The organizer, or owner, has a set of ownership privileges over the record which allows the organizer to modify the record, including updating and/or deleting the record.
- In response to the requests sent by the first user, the invitees can accept or decline the event invitation. In this example, copies of the event record are created and stored within the invitees' system(s). Thus, the invitee users do not access the owner's event record directly, but rather copies of the event record created in the invitee's mailbox or other server component.
- In some scenarios, when a non-owner invitee user declines or rejects the event invitation, or attempts to modify the event record data (e.g., changing the time or location), the user's client sends out an event message that is improperly asserted or interpreted as an event modification or cancellation request, as if the non-owner invitee were actually the owner of the event record. That is, the non-owner invitee asserts ownership privileges over the record resulting in the record being inadvertently modified or cancelled. This is often referred to as “hijacking” the event record from the owner. Record hijacking may occur unintentionally, or intentionally (e.g., a non-owner user intentionally generates an event message in an attempt to hijack the event record from the owner). In either case, the system does not accurately determine whether it was the owner or organizer of the event who sent out the update or cancellation request, and thus may honor unauthorized requests.
-
FIG. 1 is a block diagram of one example of a computing systemrecord security architecture 100 configured to prevent record hijacking, regardless of whether the hijack attempts are intentional or unintentional. Before describingarchitecture 100 in further detail, it is noted that for the sake of illustration, but not by limitation, examples will be described herein in the context of event records (e.g., meeting records), and replicating or synchronizing the records between associated users (e.g., invitees) using email messages. However, this is by way of example only, other types of records and systems for communicating records to associated users are within the scope of the described subject matter. -
Architecture 100 includes acomputing system 102 that is accessible by one or more users through one or more user interface displays. In the illustrated example,users computing system 102 usingrespective client devices Client devices architecture 100 using a plurality of different user devices. - As illustrated,
user 104 interacts with user interface display(s) 116 with user input mechanism(s) 118,user 106 interacts with user interface display(s) 120 having user input mechanism(s) 122, anduser 108 interacts with user interface display(s) 124 having user input mechanism(s) 126. InFIG. 1 , three users are illustrated interacting withcomputing system 102, for sake of illustration. However, in other examples, any number of users may interact withcomputing system 102. Further,computing system 102 may interact with other system(s) 128 used by other users. -
Users computing system 102 locally or remotely. In the illustrated example,users computing system 102 over a wide area network, such as the Internet. In one implementation,users client devices - The users interact with the user input mechanisms in order to control and manipulate
computing system 102. For example, using the user input mechanisms, the users can access data in adata store 130 and/or implement functionality of a record generation andprocessing system 132 and amessaging system 134. - User interface displays 116, 120 and 124 can be generated in any of a variety of different ways. In one example,
computing system 102 includes adisplay system 136 having auser interface component 138, one ormore sensors 140, and can includeother components 142 as well.User interface component 138 is configured to generate user interface displays that are rendered on a client device, for a web browser or other interface. For instance, web pages can be requested, dynamically generated, and transmitted for rendering on the client devices. Sensor(s) 140 are configured to detect inputs to displaysystem 136. In one example,systems - In another example, one or more of
client devices -
User input mechanisms computing system 102. The user interface displays can include user input mechanisms that sense user input in a wide variety of different ways, such as point and click devices (e.g., a computer mouse or track ball), a keyboard (either virtual or hardware) and/or a keypad. Where the user device used to display the user interface display is a touch-sensitive display, the inputs can be provided as touch gestures. Similarly, the user inputs can be provided by voice inputs or other natural user interface input mechanisms as well. -
Computing system 102 also includes one ormore communication interfaces 144, one ormore processors 146, and can includeother components 148 as well. Communication interface(s) are configured to communicate withclient devices - Processor(s) 146 comprises a computer processor with associated memory and timing circuitry (not shown). The processor is illustratively a functional part of
system 102 and is activated by, and facilitates the functionality of, other systems, components and items incomputing system 102. - While
FIG. 1 shows a variety of different functional blocks, it will be noted that the blocks can be consolidated so that more functionality is performed by each block, or they can be divided so that their functionality is further distributed. It should also be noted thatdata store 130 can be any of a variety of different types of data stores. Further,data store 130 can be stored in multiple data stores. Also, the data store(s) can be local to the environments, agents, modules, and/or components that access them, or they can be remote therefrom and accessed by those environments, agents, modules and/or components. Similarly, some can be local while others are remote. -
Computing system 102 can include applications that are executed using an application component that facilitates functionality withincomputing system 102. By way of example, an application component can access information indata store 130. For example,data store 130 can store data and metadata. The data and metadata can define workflows, processes, entities and a wide variety of other information. By way of example, entities stored indata store 130 can comprise or otherwise define items withincomputing system 102. For instance, entities in an enterprise system can include account entities that define various features of an account, customer entities that define various features of a customer, sales entities that define various features of sales that can occur during a sales process, and many other types of entities or objects. For instance, the entities can include or other define events, such as meetings. Further yet, entities can comprise documents, such as articles and emails, to name a few. The entities can be stored indata store 130 asrecords 150.Data store 130 can includeuser profiles 151, and can includeother items 152 as well. - Record generation and
processing system 132 is illustratively configured to generate and process records, such as records for meetings or other events. In one example,system 132 comprises one or more calendar servers. -
System 132 includes arecord generation component 154, arecord modification component 156, a recordowner identification component 158, arecord security component 160, adisplay system controller 162, and can includeother items 164 as well. Usingdisplay system controller 162,record generation component 154 can controldisplay system 136 to generate and render user interface displays that receive record generation requests to generaterecords 150 indata store 130. For instance, through the user interface displays,user 104 defines a meeting event for which arecord 150 is stored indata store 130. -
FIG. 2 illustrates one example of ameeting record 200.Meeting record 200 comprises a plurality offields 201 storing attributes for the meeting record including, but not limited to, ameeting title property 202, adate property 204, atime property 206, alocation property 208, an owner or organizer email address (or ID)property 210, an owner or organizerunique identifier property 212, and associated users orinvitees property 214, adescription property 216, ameeting ID field 218 that uniquely identifies the meeting, and can includeother properties 220 as well.Meeting record 200 can be stored in any suitable form including, but not limited to, a table. - Referring again to
FIG. 1 ,record modification component 156 is configured to modifyrecords 150 stored indata store 130. For instance, an owner of a given event record may issue a modification request to update the event record (e.g., cancel the event, change the location or time of the event, add additional recipients, etc.). Recordowner identification component 158 is configured to identify the owner of a given record andrecord security component 160 is configured to enforce ownership or other privileges onrecords 150. For instance,record security component 160 includes a record hijackprevention component 166 that is configured to prevent record hijacking by unauthorized users. This is discussed in further detail below. - In the illustrated example,
architecture 100 uses email (or other messaging) to replicate records for associated users (e.g., meeting invitees). As shown inFIG. 1 ,system 132 includes arecord replication component 168 having amessaging system controller 170 configured to controlmessaging system 134. This is discussed in further detail below. Briefly, however, when a user (e.g., user 104) generates or modifies arecord 150 usingcomponents 154 and/or 156,record replication component 168 operates to replicate that record for associated users. In the case of a event record having a set of invitees,messaging system controller 170controls messaging system 134 to generate and send a message (i.e., an email in the present example) to each of the invitee users such that the record is replicated in those user's systems as well. It is noted that the invitee users can reside on the same system (e.g., the same email server) as the owner who generated the record or a different system or server (e.g., such as systems 128). -
Messaging system 134 comprises, in one example, one or more email servers. As shown inFIG. 1 ,messaging system 134 includes amessage generation component 172, amessage processing component 174, one ormore mailboxes 176, adisplay system controller 178, and can includeother components 180 as well.Display system controller 178 is configured to controldisplay system 136 to generate user interface displays that facilitate functionality for a user to create, edit, and sendemails using component 172, as well as to view emails received in the user'smailbox 176.Message processing component 174 is configured to process messages received bymessaging system 134, such as to parse an email to identify various properties and other data. - In the illustrated example,
message generation component 172 includes aunique identifier generator 182 that uses anidentifier generation algorithm 184 to generate unique identifiers for users ofarchitecture 100. This is discussed in further detail below. In one example, the unique identifiers can be stored in user profiles 151. - As discussed above, in one example,
systems FIG. 1 , the calendar and email servers can be the same server or set of servers. A user may utilize a same account for managing both email and calendar data. - In the illustrated example of
FIG. 1 ,architecture 100 generates and associates a unique identifier for each record 150 that identifies the owner of the record. In one example,record generation component 154 receives a record generation request that includes a set of attributes and generates arecord 150 based on the request. For instance, an event record includes a set of attributes that define an event, such as a set of invitees. This set of attributes is stored inrecord 150 along with a unique identifier that uniquely identifies the user as the owner of the record. This unique identifier is utilized bycomponent 160 to control and provide security with respect to subsequent event messages to prevent non-owner users from taking ownership of the record incorrectly, thereby hijacking the event record from the actual owner. - In one example, which is discussed in further detail below, the unique identifier can be provided as a property that is added to an email transport header of the event messages. The unique property is, in one example, a protected property which cannot be spoofed. Spoofing refers to a practice of forging source address and/or related message information to misrepresent an email identity. By changing the information, an individual can make an email message appear to originate from a trusted source when it in fact originates elsewhere.
-
FIG. 3 illustrates one example of anemail header 300 having a set offields 302. In one example,header 300 can be stored as a row in a header table, where the row includes a variety of information about the message in an account corresponding to a particular user. In the illustrated example, some or allfields 302 are controlled by the sending email server such that they cannot be set or spoofed byclient devices client device 110, under the control ofuser 104, attempts to set the fields inheader 300,message generation component 172 will overwrite these fields when sending messages to the associated users. - In the illustrated example, fields 302 includes a from
field 304, a tofield 306, acc field 308, asubject field 310, adate field 312, areturn path field 314, aunique identifier field 316, amessage ID field 318, averification value field 320, and can includeother fields 322 as well. For sake of illustration, the fromfield 304 identifies the email address of the sender, the to field identifies the email address of the recipient, and the cc field identifies email addresses of any users that are “carbon copied” on the email.Subject field 310 includes the subject of the email,date field 312 includes a date when the email was sent, thereturn path field 314 identifies the path for sending a return email, andmessage ID field 318 provides a unique identifier for the message. In one example,message ID field 318 includes a system time and/or a sequence number. -
Unique identifier field 316 comprises the unique identifier for the user for which the email is being sent.Field 316 thus comprises data obtained and stamped by the email server and is outside the control of an email sender who may be engaged in spoofing. Thus, even if a recipient of an email is able to view the transport header and identify the unique identifier infield 316, the recipient cannot use the unique identifier to hijack the meeting record because the recipient's email server will override this field of the email if the recipient attempts to spoof the unique identifier in a record hijack attempt. - In one example, the unique identifier comprises or is based in part on the user's email address (or ID). In another example, the unique identifier is different than and/or generated independent from the user's email address.
- A user's email address may change over time, in some scenarios. For instance, a user of an organization may be given a new alias, for example if the user's name changes or they are given a different position. Further, email addresses are generally known by others and could be a target during a meeting hijack attempt. In one example,
unique identifier generator 182 usesalgorithm 184 to generate a unique identifier for the user that is immutable with respect to the user. As such, even if the user'smailbox 176 is moved or the user is assigned a new email address (e.g., the user's alias changes), the unique identifier of the user does not change. - In one particular example, the unique identifier generated by
unique identifier generator 182 foruser 104 is based on a unique identifier of themailbox 176 assigned touser 104. For instance, a mailbox globally unique identifier (GUID) can be used. The mailbox GUID comprises a value set incomputing system 102 when the mailbox is created, and remains the same for the lifetime of the mailbox. In other words, the mailbox GUID comprises a primary key for the mailbox, and is a unique value that distinguishes the individual mailbox from all other mailboxes. Alternatively, or in addition, the unique identifier generated byunique identifier generator 182 can be based on a unique object distinguished name that is defined when the mailbox is created. - In one particular example, the unique identifier comprises a plurality of attributes that have mutually exclusive situations in which the attributes can change. For instance, the unique identifier can comprise a combination of a first attribute (e.g., mailbox GUID) and a second attribute (e.g., unique object distinguished name that is assigned to the mailbox). As such, even if one of the attributes changes over time, the other attribute will not, thus resulting in the unique identifier remaining immutable with respect to the user.
- These, of course, are examples of
identifier generation algorithm 184. Any suitable unique identifiers can be utilized. - Referring again to
FIG. 1 ,architecture 100 includes a verification component that is configured to ensure that the unique identifier of the sender infield 316 is valid and has not been modified prior to being received. For instance, the verification component is configured to detect if a user or system attempts to tamper with the unique identifier infield 316. For example, but not by limitation, the verification component can use encryption, a hash function, and/or check sum generation that uses a check sum function or algorithm that is known to the sending and receiving email servers. - In the illustrated example,
message generation component 172 includes averification value generator 186 andmessage processing component 174 includes averification value analyzer 188.Verification value generator 186 is configured to generate a check sum or hash value based on some or all of the email header. For instance, the verification value can comprise a check sum generated on the unique identifier infield 316 ofexample email header 300. The verification value can be stored inverification value field 320 shown inFIG. 3 . -
Verification value analyzer 188 corresponds togenerator 186 and is configured to determine whether the verification value infield 320 is valid and indicates that the unique identifier infield 316 is not erroneous and has not been tampered with. -
FIG. 4 is a flow diagram illustrating one example of amethod 400 for generating a record. For sake of illustration, but not by limitation,method 400 will be described in the context of generating an event record inarchitecture 100. - At
block 402,record generation component 154 receives a record generation request from a first user (e.g., user 104). For example, in therequest user 104 identifies email addresses of a set of event invitees (e.g.,users other data 408 as well. Examples of event attributes include, but are not limited to, location, time, subject matter/topic information, etc. In one example, the event invitees are identified by their user email addresses selected by the first user in the record generation request. - At
block 410, the method identifies the first user as the record owner (e.g., the event organizer) and, atblock 412,unique identifier generator 182 generates a unique identifier of the record owner. In one example, the unique identifier is immutable and uniquely identifies the owner user (user 104 in the present example) from among all other users ofarchitecture 100. - At
block 414,record generation component 154 generates and stores the record with the event attributes 404 and the unique identifier generated atblock 412. - At
block 416,record replication component 168 replicates the records for each of the associated users (i.e., event invitees in the present example). In one example, for each invitee user,messaging system controller 170controls messaging system 134 to generate an email comprising an event invitation for the invitee user. This is represented atblock 418. The event invitation can include the event attributes 404 and/or associatedusers 406. Atblock 420, the unique identifier generated atblock 412 is added to a protected header (or other portion) of the email. A verification value is generated based at least in part on the unique identifier. This is represented atblock 422. Atblock 424, the verification value is added to the header (or other portion) of the email and the email is sent to the invitee user atblock 426. - At
block 428, the method determines whether the owner modifies the record. For example, the owner may decide to change the location or time of the event, cancel the event, and/or add invitees to the event. For instance, the owner may decide to forward the event to one or more additional users to be invited to the event. - If so, at
block 430 the method verifies the owner by comparing the owner identifier to the event record. Atblock 432, the record is updated and blocks 416-426 can be repeated to replicate the updated record for the other users. -
FIGS. 5-1 and 5-2 (collectively referred to asFIG. 5 ) are a flow diagram of one example of amethod 500 for receiving and processing an event message. For sake of illustration, but not by limitation,method 500 will be described in the context ofrecord security component 160 processing an email pertaining to an event inarchitecture 100. - At
block 502,message processing component 174 receives an email (or other message) for a given user pertaining to an event. Atblock 504, the method determines whether the event record exists. If not, the event record is created indata store 130. This is represented byblock 506. It is noted that the event creation atblock 506 can be automatic. This is represented byblock 508. Alternatively, the user can be prompted for confirmation of the event record creation. This is represented by block 510. Atblock 512,message processing component 174 parses the email to identify the unique identifier of the owner and the event attributes. In the example ofFIG. 3 , the unique identifier is obtained fromfield 316 which indicates the sender of the email for which the event record is created. - At
block 514, the method can use a verification value provided in the email to verify the unique identifier upon which the unique identifier and attributes are stored in the event record. This is represented byblock 516. - If the event record does exist at
block 504, the method proceeds to block 518 in which the method determines whether the email comprises an event message asserting owner privileges. For instance, in one example the method determines whether the email purports to update the meeting attributes, or to cancel the meeting. If the event message does not assert owner privileges (e.g., it is simply an email message from an invitee with information about the event), the method proceeds to block 520 in which the email is delivered to the recipient. - At
block 522,message processing component 174 parses the email to identify the unique identifier of the sender (e.g.,field 316 inFIG. 3 ) and/or a verification value based on the unique identifier (e.g.,field 320 inFIG. 3 ). The method uses the verification value to verify the unique identifier extracted from the email. This is represented byblock 524. This verification can validate the unique identifier to ensure that it has not been corrupted or tampered with since the email message was generated from the sending email server. - At
block 526, if the unique identifier is not verified, indicating that it is erroneous or corrupted, the method proceeds to block 528 which prevents the event message from modifying the event record. For instance, the email can be blocked or discarded. This is represented byblock 530. In another example, the email is marked at out-of-date or already processed to prevent processing of the message against the event record. This is represented byblock 532. Alternatively, or in addition, a non-delivery report (NDR) or “bounce” message can be sent to the sender of the email to indicate that it has not been processed at the recipient end. This is represented byblock 534. - If the unique identifier is verified, the method proceeds to block 536 in which the event record is accessed. For example, the email received at
block 502 can include a meeting identifier that is matched against ameeting ID field 218 for the corresponding record. - At
block 538, the method determines whether the unique identifier extracted atblock 522 corresponds to (e.g., matches) the unique identifier of the owner from the event record. If not, the method proceeds to block 528 to prevent the event message from modifying the event record. - If the unique identifier from the email corresponds to the event record, the method proceeds to block 540 in which the event message is processed to modify the event record. This can be done automatically, which is represented by
block 542. Alternatively, or in addition, the recipient user can be prompted for confirmation as to whether the event message should be processed against the user's event record. This is represented byblock 544. - Referring again to
FIG. 1 , in the illustratedexample system 134 includes a recordownership transfer component 190 configured to facilitate transfer of record ownership withinarchitecture 100.Component 190 includes amessaging system controller 192, adisplay system controller 194, and an ownership discrepancy identification andcorrection component 196.Messaging system controller 192 is configured to controlmessaging system 134, which is discussed in further detail below.Display system controller 194 is configured to controldisplay system 136 to generate and render user interface displays that receive user inputs to perform a record ownership transfer.Component 190 can includeother items 198 as well. - By way of example, transfer of record ownership is desired in a variety of different scenarios. For instance, a user who owns a
record 150 may leave an organization or change teams within the organization, or may be absent for an extended period of time. In the case of a calendar event, the other event invitees may still conduct the meeting without the owner who originally organized the event. Further, the other event invitees may desire to change the date or time, or add additional invitees to the event, even though the owner is not available to modify the record. Recordownership transfer component 190 facilitates transfer of record ownership withinsecurity architecture 100. Record ownership can be transfer from the record owner to a user who is currently associated with the record (e.g., a meeting invitee), as well as to a user who is not currently associated with the record (e.g., a user other than a meeting invitee). - In one example, an administrator can use record
ownership transfer component 190 to access therecord 150 and directly change the owner property. This can be done in any of a variety of ways including, but not limited to, a script or other code that is executed at the direction of the administrator. In another example, record ownership transfer can be initiated and performed by the recordowner using component 190. -
FIGS. 6-1 and 6-2 (collectively referred to asFIG. 6 ) is a flow diagram of one example of amethod 550 for transferring ownership of a record. For sake of illustration, but not by limitation,method 550 will be described in the context of transferring an eventrecord using component 190 inarchitecture 100. - At
block 552, a user interface display is generated for a first user, for a given record, with user input mechanisms. The user input mechanisms can comprise mechanisms for modifying details of the record. This is represented byblock 554. For instance, in the case of a calendar event record, the user input mechanisms facilitate adding associated users or event invitees, cancelling the event, changing a location or time of the event, etc. The user input mechanisms also include user input mechanisms to transfer ownership of the given record. This is represented byblock 556. -
FIG. 7 illustrates one example of auser interface display 600 for a calendar event record.User interface display 600 includes a plurality ofeditable fields 602 for editing details of the record. For example, fields 602 includes a people field 604 for adding invitees to the calendar event, date/time fields 606 for setting a date and time of the event and amessage field 607 for authoring a message to the invitees.User interface display 600 also includes a transfer ownershipuser input mechanism 608 that is actuatable to initiate a transfer of ownership. - Referring again to
FIG. 6 , at block 558 a user interaction with the user input mechanisms is detected indicating a desire of the first user to transfer ownership of the record to a second user. For instance, in the example ofFIG. 7 block 558 detects user actuation ofuser input mechanism 608 and confirms that the first user, who is usinguser interface display 600, is actually the owner of the given record. This can be done by accessing the owner property stored on the event record. - At
block 560, a record owner transfer initiation user interface display is generated with user input mechanisms.FIG. 8 illustrates one example of auser interface display 610 that is displayed atblock 560.User interface display 610 includes a display portion orwindow 612 that includes arecipient field 614 for receiving an identification of the user to which ownership transfer is being proposed. In the present example, the ownership transfer request is sent to the second user as an email (or other communication). In this manner, arecipient field 614 receives an email address, or other identifier, of the second user.Display window 612 also includes amessage portion 616 for receiving a textual message (or other content) to be sent to the second user and auser input mechanism 618 for sending the transfer request. - Referring again to
FIG. 6 , atblock 562,method 550 detects a user interaction (e.g., withfield 614 inFIG. 8 ) that identifies the second user to which record ownership is to be transferred. Atblock 564, the record of the first user is modified to reflect the proposed ownership change. This can include setting a transfer pending property or flag (represented by block 566), storing the unique identifier of the proposed owner (represented by block 568), and/or storing a unique identifier of the previous owner (represented by block 570). -
FIG. 9 illustrates a set ofrecord properties 620 used to store the information atblock 564, in one example.Properties 620 includes a proposedowner property 622, an ownertransfer pending property 624, and aprevious owner property 626. The proposedowner property 622 stores a unique identifier of the proposed owner (i.e., the second user in the example ofFIG. 6 ) and theprevious owner property 626 stores the unique identifier of the previous owner of the record (i.e., the first user in the present example) from which the ownership is being transferred. The ownertransfer pending property 624 indicates whether an ownership transfer is pending for the record. That is,property 624 can comprise a Boolean value that is set to “true” to indicate that the current owner has initiated an ownership transfer of the record to another user. As discussed in further detail below,property 624 can be subsequently used when a response to the request is received from the proposed owner to verify that the current owner has, in fact, initiated the ownership transfer. - Referring again to
FIG. 6 , atblock 572, an email (or other communication) is sent to the second user requesting acceptance of the ownership transfer. In one example, the email includes the unique identifier of the sender and a request type that is set to indicate that the ownership transfer is in a “proposal” state. This is represented byblock 574. -
FIG. 10 illustrates one example of the set ofproperties 630 that are included in an ownership transfer request email sent atblock 572. The set ofproperties 630 can be stored, in one example, in a header of the email. Of course, the set ofproperties 630 can be stored and sent in another ways as well. - The set of
properties 630 includes a proposedowner property 632 that includes a unique identifier of the user to which the ownership transfer is proposed, and an ownership transferrequest type property 634.Property 634 indicates the current status of the ownership transfer, and is used by the recipient's system to facilitate a response to the sender. In the present example, atblock 572,property 634 is set as “proposal” to indicate that the proposed owner identified byproperty 632 is the proposed owner and the message requires a response to accept or decline the proposed ownership transfer. - Referring again to
FIG. 6 , atblock 576, a record transfer acceptance user interface display is generated with user input mechanisms.FIG. 11 illustrates one example of auser interface display 640 that can be displayed atblock 576.User interface display 640 includes adisplay portion 642 that identifies details of the record, as well asuser input mechanisms 646 for the proposed owner to accept or decline the transfer of ownership. - Referring again to
FIG. 6 , atblock 578, a user interaction with the user input mechanisms is detected indicating whether ownership transfer is accepted by the proposed owner. For instance, the second user can selectuser input mechanism 648, shown inFIG. 11 , to accept the ownership transfer. In response, an email (or other communication) is sent to the first user indicating whether the ownership transfer is accepted or declined by the proposed owner. This is represented byblock 580. - At
block 582, the system of the first user receives the email sent atblock 580, and confirms that the email is received from the second user and that the transfer request type is set such that it indicates that an ownership transfer is pending. In the example ofFIG. 9 , block 582 confirms that the sender of the email fromblock 580 matches the proposedowner property 622 and the ownershiptransfer pending property 624 is set to “true”, thereby indicating that the current owner has in fact initiated the ownership transfer. As such, this can prevent a non-owner user from unilaterally initiating and performing an ownership transfer of a record without knowledge of or input by actual current owner of the record. - If the ownership transfer is accepted at
block 584, the method proceeds to block 586 in which the record of the first user is updated. In one example, this includes setting theowner property 212 in the example ofFIG. 2 , to indicate the second user as the new owner of the record and changing the ownertransfer pending property 624 to indicate that an ownership transfer is no longer pending. Atblock 588, an email (or other communication) is sent to each of the associated users (i.e., the event invitees) to update those user's records as well, to reflect the ownership change. - In one example, the email sent at
block 588 includes the set ofproperties 630, with the new owner (i.e., the second user) identified byproperty 632 and the ownership transferrequest type property 634 set as “enacting”, to distinguish the message from the initial ownership transfer message sent atblock 572. This is represented byblock 590. - At
block 592, the associated users' system(s) process the email sent atblock 588 to compare the unique identifier of the sender to the current owner property to verify that the transfer request came from the current owner of the record (i.e., the first user in the present example). In response to this comparison, the users' system(s) modify the record to change to owner property to reflect the new user as the record owner. - It is noted that in another example of
method 550, the ownership transfer can be initiated by the non-owner second user. That is, in thisexample method 550 begins atblock 580 in which the second user indicates a desire to take ownership of the record, upon which the second user's system sends an email (or other communication) to the first user requesting that the first user transfer record ownership to the second user. - Referring again to
FIG. 1 , ownership discrepancy identification andcorrection component 196 is configured to identify discrepancies in record ownership between the associated users. By way of example, in one scenario the email sent atblock 588 may fail for some or all of the event invitees, resulting in a failure of the records of those invitee(s) to update to reflect the new record owner. In other words, the records for some invitee users may properly indicate the second user as the owner of the record, while the records of other invitees may continue to improperly list the first user as still being the owner of the record.Component 196 is configured to analyze or otherwise access the records of each user and to correct a discrepancy in record ownership. In one example,component 196 is configured to roll back the owner property using theprevious owner property 626 illustrated in the example ofFIG. 9 . - Referring again to
FIG. 1 , in the illustratedexample system 134 includes a recordco-owner assignment component 191 configured to facilitate assignment of co-ownership withinarchitecture 100.Component 191 includes amessaging system controller 193, adisplay system controller 195, and can includeother items 197 as well.Messaging system controller 193 is configured to controlmessaging system 134, which is discussed in further detail below.Display system controller 195 is configured to controldisplay system 136 to generate and render user interface displays that receive user inputs to perform a record co-ownership assignment. - By way of example, co-ownership of a record is desired in a variety of different scenarios. For instance, a first user creates a record, such as a calendar event record, and desires that one or more other users, such as event invitees, have co-ownership over the record. Herein, a co-owner is a user who has at least a basic or primitive set of privileges over the record. A co-owner can have a same, full set of ownership privileges as the owner (e.g., privileges to create, update, and delete the record), or can have a reduced set of privileges (e.g., privileges to only update the record, a specific type of update privilege, etc.). As such, a co-owner, in the illustrated example, is not required to have the same ownership privileges as the original owner of the record.
- Further, multiple users can be assigned as co-owners with different sets of privileges. For instance, one user can be assigned as a co-owner with update privileges that allow the user to update the event record and to add additional associated users or invitees, and another user can be assigned as a co-owner with privileges that allow the user to delete the event record. This, of course, is by way of example only.
-
FIG. 12 is a flow diagram of one example of amethod 650 for assigning co-owner(s) to a record. For sake of illustration, but not by limitation,method 650 will be described in the context of assigning a co-owner to arecord using component 191 inarchitecture 100. - At
block 652, an indication is detected that the owner of a particular record desires for a co-ownership assignment of the particular record. For instance, afirst user 104 who is the owner of a given calendar event record desires to assign co-ownership to asecond user 106. In one example, the first user selects auser input mechanism 609 illustrated inFIG. 7 to initiate co-ownership assignment of the displayed record. - In response, a co-owner assignment user interface display is generated with co-owner assignment user input mechanism(s). This is represented by
block 654 inFIG. 12 . Atblock 656, user interaction with the co-owner assignment user input mechanism(s) is detected assigning co-owner(s) to the particular record. This can include selecting one or more users atblock 658 and defining a set of one or more privileges for each of the users atblock 660. -
FIG. 13 illustrates one example of a co-owner assignmentuser interface display 700 that is displayed atblock 654.User interface display 700 includesfields 702 that display details of the record (i.e., a calendar event record in the present example).User interface display 700 also includesuser input mechanisms 704 for assigning one or more co-owners to the given record.User input mechanisms 704 include auser field 706 for entering or otherwise selecting a user to assign to the record as a co-owner. In one particular example,field 706 comprises a drop down menu that lists a set of selectable users. For instance, the set of users can comprise invitees of the calendar event. - For the selected user, a set of ownership privileges
user input mechanisms 708 are provided allowing the user to select which ownership privileges the co-owner will be granted. For instance, the user can grant the co-owner all ownership privileges usinginput mechanisms 710, a changelocation ownership privilege 711 that allows the co-owner to change the location of the calendar event, a change date/time ownership privilege 712 that allows the co-owner to change the date and/or time of the calendar event, and a modify invitee(s)ownership privilege 713 that allows the co-owner to modify invitees of the calendar event.Other ownership privileges 714 can be provided as well. These, of course, are examples only. - Once the user and the associated ownership privileges are selected using
mechanisms element 715 to add the user to thelist 716 of assigned co-owners. Fromlist 716, the user can edit the assigned co-owners and their associated privileges as well as delete a co-owner using the corresponding deleteuser input mechanisms - Referring again to
FIG. 12 , atblock 662, an email (or other communication) is sent to each of the selected users prompting the user to accept the co-owner assignment. In one example, a co-owner assignment pending property or flag can be set on the record to indicate that the co-owner assignment is pending. This is represented byblock 664. The co-owner assignment pending property can be used by the owner's system to verify that the co-owner assignment was initiated by the owner and is currently pending in order to process the responses received from the proposed co-owners. -
FIG. 14 illustrates one example of auser interface display 720 that is presented to a proposed co-owner and prompts the proposed co-owner to accept the co-owner assignment.User interface display 720 includes adisplay portion 722 that identifies details of the record, as well asuser input mechanisms 724 for the proposed co-owner to accept or decline the co-owner assignment. In the illustrated example,user interface display 720 can display the particular set of ownership privileges to be granted to the co-owner in adisplay portion 726. - Referring again to
FIG. 12 , atblock 666 response(s) are received from the proposed co-owner(s). Atblock 668, the responses are verified, for example by determining that the co-owner assignment pending property indicates that the co-owner assignment is pending (block 670) and verifying the sender (block 672). In one example ofblock 672, the owner's system analyzes the received response to locate an identifier of the sender and compare the identifier to a co-owner property on the owner's record. In other words, block 668 verifies that the co-owner acceptance is received from the proper user. Atblock 674, the owner's record is modified to reflect the co-owner(s) and their associated privilege(s). -
FIG. 15 illustrates a set ofrecord properties 740 used to store the information atblock 674, in one example.Properties 740 includes a co-owner assignment pending property, which can be set atblock 664 inFIG. 12 . -
Properties 740 also includes aco-owner property 744 that identifies an assigned co-owner to the record, and an associatedprivileges property 746 that identifies the privileges granted to the co-owner identified byproperty 744. If more than one user is assigned as a co-owner,properties 740 can include anadditional co-owner property 748 and associatedprivileges properties 750. Of course, more than two users can be assigned as co-owners to a given record. - In one particular example,
property 744identities user 106 andproperty 746 indicates thatuser 106 has privileges to update the details of the record, but not to delete the record, andproperty 748 identifies thatuser 108 is a co-owner of the record andproperties 750 indicates thatuser 108 can delete the record. - Referring again to
FIG. 12 , atblock 676 the owner can remove one or more of the co-owners from the record, if desired. In the example ofFIG. 15 , the owner may desire to remove the first co-owner identified inproperty 746. If so, the method modifies the record to reflect this change by removing the co-owner from the record. In this manner, an owner can easily remove a co-owner from the record by, in this example, only changing the owner's record without having to propagate the change to all of the associated users. This can enhance security and reduce latency for co-ownership changes. -
FIG. 16 is a flow diagram of one example of amethod 760 in which a co-owner initiates a record modification. For sake of illustration, but not by limitation,method 760 will be described in the context of record generation andprocessing system 134 ofarchitecture 100. - At
block 762, a user interface display is generated for the co-owner user (e.g., user 106), for a given record, with user input mechanisms. The user input mechanisms can comprise mechanisms for modifying details of the record. This is represented byblock 764. For instance, in the case of a calendar event record, the user input mechanisms facilitate adding associated users or event invitees, cancelling the event, changing a location or time of the event, etc. The user input mechanisms can also include mechanisms for transferring ownership of the given record or inviting additional co-owners to be assigned to the record. This is represented byblock 766. In one example, the display generated atblock 762 can be similar touser interface display 600, illustrated inFIG. 7 . - At
block 768, a user interaction is detected that modifies the given record. For example, the co-owner can update the record (block 770) or delete the record (block 772). - At
block 774, the system of the co-owner identifies the owner of the given record. In one example, the system analyzes the owner property (e.g.,owner property 212 in the example ofFIG. 12 ). Then, the system sends an email (or other communication) to the owner with a record modification request that is based on the detected modification atblock 768. This is represented byblock 776. -
FIG. 17 is a flow diagram of one example of amethod 800 for receiving a record modification request from a co-owner and propagating the modification request to associated users. For sake of illustration, but not by limitation,method 800 will be described in the context of a record modification request for a calendar event record, having a set of event invitees. The request is received by an owner user (e.g., user 104) from a co-owner user (e.g., user 106). - At
block 802, the record modification request sent by the co-owner atblock 776 inFIG. 16 is received by the system of the owner. Atblock 804, the record modification request us analyzed to identify the identity of the sender (e.g., to identify thatuser 106 sent the request). In one particular example, block 804 analyzes a protected email header to identify the sender of the request. Block 804 also identifies the particular record to which the record modification request pertains. - At
block 806, the method determines whether the sender of the request is identified as a co-owner of the particular record for which the record modification request pertains. In one example, block 806 compares the unique identifier of the sender to the co-owner property stored in association with the particular record. If the sender is not a co-owner of the record, the method proceeds to block 808 in which the request is prevented from modifying the record. For instance, the email can be blocked or discarded, or marked out of date or already processed. - If the sender is identified as a co-owner of the record, the method proceeds to block 810 in which the method determines whether the co-owner has the requested privileges. For instance, if the received request requests cancellation of the event record, block 810 determines whether the co-owner has been granted ownership privileges that allow the user to cancel the record.
- In one example, at
block 812 the owner can be prompted to moderate the request. For instance, a user interface display can be presented to the owner that allows the owner to accept the modification (block 813), modify the proposed record modification (block 814), or to delete the request (block 815). For instance, in one example a co-owner sends a request to change the time of an event record from 2:00 PM to 4:00 PM. Atblock 812, the owner can modify this request by changing the time to 3:00 PM. In another example, a co-owner sends a request to add three invitees to the event record. Atblock 812, the owner can accept remove one of the invitees while accepting the other two invitees to the event record. - At
block 816, the owner's record is modified based on the request, and the request is propagated to the associated users atblock 818. In one example the request is propagated by the owner's system generating an email (or other communication) that is sent to all of the associated users (e.g., event invitees) to replicate the record modification in the system(s) of those users. One example of replicating a record for associated users is illustrated at blocks 418-426 inFIG. 4 . In the illustrated example, the request to the associated users includes the unique identifier of the owner of the record owner. This is represented byblock 819. In this manner, the associated users' system(s) identify the record modification request as coming from the original owner and process the request accordingly. -
FIG. 18 is a block diagram of one example of anarchitecture 820 in which users utilize different server systems. For example,user 104 usesclient device 110 anduser 108 usesclient device 114 to access aserver system 822.Server system 822 includes acalendar server 824 and anemail server 826 which are, in one example, similar tosystems FIG. 1 . Adata store 828stores event records 830 forusers -
Server system 822 communicates with aserver system 832 over anetwork 835, such as the Internet.Server system 832 is accessed by auser 834 using aclient device 836 anduser 838 using aclient device 840.Server system 832 includes acalendar server 842 and anemail server 844 which are, in one example, similar tosystems FIG. 1 . Adata store 846stores event records 848 forusers - It can thus be seen that the present discussion provides significant technical advantages. For example, it provides a record security architecture that securely manages and controls record generation and modification to enforce ownership privileges over the records. The security architecture provides protection to prevent users from taking ownership of the records incorrectly, thereby hijacking the records to assert ownership privileges to which the users should not have access to. The architecture prevents users from being incorrectly recognized as the event organizer, or record owner, and validates meeting messages to prevent the messages from being processed against the event records if the meeting message is not coming from a legitimate owner of the record. This keeps the records secure while reducing or preventing inadvertent data loss, for example by preventing meetings from being erroneously cancelled or modified. Further yet, the architecture provides a framework to protect the transmission of the unique identifiers to prevent the identifier from being spoofed.
- The present discussion has mentioned processors and servers. In one embodiment, the processors and servers include computer processors with associated memory and timing circuitry, not separately shown. They are functional parts of the systems or devices to which they belong and are activated by, and facilitate the functionality of the other components or items in those systems.
- Also, a number of user interface displays have been discussed. They can take a wide variety of different forms and can have a wide variety of different user actuatable input mechanisms disposed thereon. For instance, the user actuatable input mechanisms can be text boxes, check boxes, icons, links, drop-down menus, search boxes, et cetera. They can also be actuated in a wide variety of different ways. For instance, they can be actuated using a point and click device (such as a track ball or mouse). They can be actuated using hardware buttons, switches, a joystick or keyboard, thumb switches or thumb pads, et cetera. They can also be actuated using a virtual keyboard or other virtual actuators. In addition, where the screen on which they are displayed is a touch sensitive screen, they can be actuated using touch gestures. Also, where the device that displays them has speech recognition components, they can be actuated using speech commands.
- A number of data stores have also been discussed. It will be noted they can each be broken into multiple data stores. All can be local to the systems accessing them, all can be remote, or some can be local while others are remote. All of these configurations are contemplated herein.
- Also, the figures show a number of blocks with functionality ascribed to each block. It will be noted that fewer blocks can be used so the functionality is performed by fewer components. Also, more blocks can be used with the functionality distributed among more components.
-
FIG. 19 is a block diagram of acloud computing architecture 850. Cloud computing provides computation, software, data access, and storage services that do not require end-user knowledge of the physical location or configuration of the system that delivers the services. In various embodiments, cloud computing delivers the services over a wide area network, such as the internet, using appropriate protocols. For instance, cloud computing providers deliver applications over a wide area network and they can be accessed through a web browser or any other computing component. Software or components ofarchitecture 100 as well as the corresponding data, can be stored on servers at a remote location. The computing resources in a cloud computing environment can be consolidated at a remote data center location or they can be dispersed. Cloud computing infrastructures can deliver services through shared data centers, even though they appear as a single point of access for the user. Thus, the components and functions described herein can be provided from a service provider at a remote location using a cloud computing architecture. Alternatively, they can be provided from a conventional server, or they can be installed on client devices directly, or in other ways. - The description is intended to include both public cloud computing and private cloud computing. Cloud computing (both public and private) provides substantially seamless pooling of resources, as well as a reduced need to manage and configure underlying hardware infrastructure.
- A public cloud is managed by a vendor and typically supports multiple consumers using the same infrastructure. Also, a public cloud, as opposed to a private cloud, can free up the end users from managing the hardware. A private cloud may be managed by the organization itself and the infrastructure is typically not shared with other organizations. The organization still maintains the hardware to some extent, such as installations and repairs, et cetera.
- In the embodiment shown in
FIG. 19 , some items are similar to those shown inFIG. 1 and they are similarly numbered.FIG. 19 specifically shows that some or all components ofarchitecture 100 are located in cloud 852 (which can be public, private, or a combination where portions are public while others are private). Therefore, user 854 (e.g.,users client devices cloud 852. -
FIG. 19 also depicts another embodiment of a cloud architecture.FIG. 19 shows that it is also contemplated that some elements ofarchitecture 100 are disposed incloud 852 while others are not. In one example,data store 130 can be disposed outside ofcloud 852, and accessed throughcloud 852. In another example, record generation andprocessing system 132 can be disposed outside ofcloud 852, and accessed throughcloud 852. In another example,messaging system 134 can be disposed outside ofcloud 852, and accessed throughcloud 852. In another example,display system 136 can be disposed outside ofcloud 852, and accessed throughcloud 852. In another example, at least some components ofcomputing system 102 can be disposed onuser device 856. This is represented byblock 858. Regardless of where they are located, the elements ofarchitecture 100 can be accessed directly bydevice 856, through a network (either a wide area network or a local area network), they can be hosted at a remote site by a service, or they can be provided as a service through a cloud or accessed by a connection service that resides in the cloud. All of these architectures are contemplated herein. - It will also be noted that
architecture 100, or portions of it, can be disposed on a wide variety of different devices. Some of those devices include servers, desktop computers, laptop computers, tablet computers, or other mobile devices, such as palm top computers, cell phones, smart phones, multimedia players, personal digital assistants, et cetera. -
FIG. 20 is a simplified block diagram of one illustrative embodiment of a handheld or mobile computing device that can be used as a user's or client's hand helddevice 16, in which the present system (or parts of it) can be deployed.FIGS. 21-22 are examples of handheld or mobile devices. -
FIG. 20 provides a general block diagram of the components of aclient device 16 that can run components ofarchitecture 100 or that interacts witharchitecture 100, or both. In thedevice 16, acommunications link 13 is provided that allows the handheld device to communicate with other computing devices and under some embodiments provides a channel for receiving information automatically, such as by scanning. Examples of communications link 13 include an infrared port, a serial/USB port, a cable network port such as an Ethernet port, and a wireless network port allowing communication though one or more communication protocols including General Packet Radio Service (GPRS), LTE, HSPA, HSPA+ and other 3G and 4G radio protocols, 1Xrtt, and Short Message Service, which are wireless services used to provide cellular access to a network, as well as 802.11 and 802.11b (Wi-Fi) protocols, and Bluetooth protocol, which provide local wireless connections to networks. - Under other embodiments, applications or systems are received on a removable Secure Digital (SD) card that is connected to a
SD card interface 15.SD card interface 15 andcommunication links 13 communicate with aprocessor 17 along abus 19 that is also connected tomemory 21 and input/output (I/O)components 23, as well asclock 25 andlocation system 27. - I/
O components 23, in one embodiment, are provided to facilitate input and output operations. I/O components 23 for various embodiments of thedevice 16 can include input components such as buttons, touch sensors, multi-touch sensors, optical or video sensors, voice sensors, touch screens, proximity sensors, microphones, tilt sensors, and gravity switches and output components such as a display device, a speaker, and or a printer port. Other I/O components 23 can be used as well. -
Clock 25 illustratively comprises a real time clock component that outputs a time and date. It can also, illustratively, provide timing functions forprocessor 17. -
Location system 27 illustratively includes a component that outputs a current geographical location ofdevice 16. This can include, for instance, a global positioning system (GPS) receiver, a LORAN system, a dead reckoning system, a cellular triangulation system, or other positioning system. It can also include, for example, mapping software or navigation software that generates desired maps, navigation routes and other geographic functions. -
Memory 21stores operating system 29, network settings 31,applications 33, application configuration settings 35,data store 37,communication drivers 39, and communication configuration settings 41.Memory 21 can include all types of tangible volatile and non-volatile computer-readable memory devices. It can also include computer storage media (described below).Memory 21 stores computer readable instructions that, when executed byprocessor 17, cause the processor to perform computer-implemented steps or functions according to the instructions. Items indata store 128, for example, can reside inmemory 21. Similarly,device 16 can have aclient system 24 which can run various business applications.Processor 17 can be activated by other components to facilitate their functionality as well. - Examples of the network settings 31 include things such as proxy information, Internet connection information, and mappings. Application configuration settings 35 include settings that tailor the application for a specific enterprise or user. Communication configuration settings 41 provide parameters for communicating with other computers and include items such as GPRS parameters, SMS parameters, connection user names and passwords.
-
Applications 33 can be applications that have previously been stored on thedevice 16 or applications that are installed during use, although these can be part ofoperating system 29, or hosted external todevice 16, as well. -
FIG. 21 shows one embodiment in whichdevice 16 is atablet computer 890. InFIG. 21 ,computer 890 is shown with user interface display displayed on thedisplay screen 892.Screen 892 can be a touch screen (so touch gestures from a user's finger can be used to interact with the application) or a pen-enabled interface that receives inputs from a pen or stylus. It can also use an on-screen virtual keyboard. Of course, it might also be attached to a keyboard or other user input device through a suitable attachment mechanism, such as a wireless link or USB port, for instance.Computer 890 can also illustratively receive voice inputs as well. - Additional examples of
devices 16 can be used, as well.Device 16 can be a feature phone, smart phone or mobile phone. The phone includes a set of keypads for dialing phone numbers, a display capable of displaying images including application images, icons, web pages, photographs, and video, and control buttons for selecting items shown on the display. The phone includes an antenna for receiving cellular phone signals such as General Packet Radio Service (GPRS) and 1Xrtt, and Short Message Service (SMS) signals. In some embodiments, phone also includes a Secure Digital (SD) card slot that accepts a SD card. - The mobile device can be personal digital assistant (PDA) or a multimedia player or a tablet computing device, et cetera (hereinafter referred to as a PDA). The PDA can include an inductive screen that senses the position of a stylus (or other pointers, such as a user's finger) when the stylus is positioned over the screen. This allows the user to select, highlight, and move items on the screen as well as draw and write. The PDA also includes a number of user input keys or buttons which allow the user to scroll through menu options or other display options which are displayed on the display, and allow the user to change applications or select user input functions, without contacting the display. Although not shown, The PDA can include an internal antenna and an infrared transmitter/receiver that allow for wireless communication with other computers as well as connection ports that allow for hardware connections to other computing devices. Such hardware connections are typically made through a cradle that connects to the other computer through a serial or USB port. As such, these connections are non-network connections. In one embodiment, mobile device also includes a SD card slot that accepts a SD card.
-
FIG. 22 shows that the phone is asmart phone 71.Smart phone 71 has a touchsensitive display 73 that displays icons or tiles or otheruser input mechanisms 75.Mechanisms 75 can be used by a user to run applications, make calls, perform data transfer operations, et cetera. In general,smart phone 71 is built on a mobile operating system and offers more advanced computing capability and connectivity than a feature phone. - Note that other forms of the
devices 16 are possible. -
FIG. 23 is one embodiment of a computing environment in whicharchitecture 100, or parts of it, (for example) can be deployed. With reference toFIG. 23 , an exemplary system for implementing some embodiments includes a general-purpose computing device in the form of acomputer 910. Components ofcomputer 910 may include, but are not limited to, aprocessing unit 920, asystem memory 930, and asystem bus 921 that couples various system components including the system memory to theprocessing unit 920. Thesystem bus 921 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus, and a local bus using any of a variety of bus architectures. By way of example, and not limitation, such architectures include Industry Standard Architecture (ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA) bus, Video Electronics Standards Association (VESA) local bus, and Peripheral Component Interconnect (PCI) bus also known as Mezzanine bus. Memory and programs described with respect toFIG. 1 can be deployed in corresponding portions ofFIG. 23 . -
Computer 910 typically includes a variety of computer readable media. Computer readable media can be any available media that can be accessed bycomputer 910 and includes both volatile and nonvolatile media, removable and non-removable media. By way of example, and not limitation, computer readable media may comprise computer storage media and communication media. Computer storage media is different from, and does not include, a modulated data signal or carrier wave. It includes hardware storage media including both volatile and nonvolatile, removable and non-removable media implemented in any method or technology for storage of information such as computer readable instructions, data structures, program modules or other data. Computer storage media includes, but is not limited to, RAM, ROM, EEPROM, flash memory or other memory technology, CD-ROM, digital versatile disks (DVD) or other optical disk storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other medium which can be used to store the desired information and which can be accessed bycomputer 910. Communication media typically embodies computer readable instructions, data structures, program modules or other data in a transport mechanism and includes any information delivery media. The term “modulated data signal” means a signal that has one or more of its characteristics set or changed in such a manner as to encode information in the signal. By way of example, and not limitation, communication media includes wired media such as a wired network or direct-wired connection, and wireless media such as acoustic, RF, infrared and other wireless media. Combinations of any of the above should also be included within the scope of computer readable media. - The
system memory 930 includes computer storage media in the form of volatile and/or nonvolatile memory such as read only memory (ROM) 931 and random access memory (RAM) 932. A basic input/output system 933 (BIOS), containing the basic routines that help to transfer information between elements withincomputer 910, such as during start-up, is typically stored in ROM 931.RAM 932 typically contains data and/or program modules that are immediately accessible to and/or presently being operated on by processingunit 920. By way of example, and not limitation,FIG. 23 illustratesoperating system 934,application programs 935,other program modules 936, andprogram data 937. - The
computer 910 may also include other removable/non-removable volatile/nonvolatile computer storage media. By way of example only,FIG. 23 illustrates ahard disk drive 941 that reads from or writes to non-removable, nonvolatile magnetic media, a magnetic disk drive 951 that reads from or writes to a removable, nonvolatile magnetic disk 952, and anoptical disk drive 955 that reads from or writes to a removable, nonvolatileoptical disk 956 such as a CD ROM or other optical media. Other removable/non-removable, volatile/nonvolatile computer storage media that can be used in the exemplary operating environment include, but are not limited to, magnetic tape cassettes, flash memory cards, digital versatile disks, digital video tape, solid state RAM, solid state ROM, and the like. Thehard disk drive 941 is typically connected to thesystem bus 921 through a non-removable memory interface such asinterface 940, and magnetic disk drive 951 andoptical disk drive 955 are typically connected to thesystem bus 921 by a removable memory interface, such asinterface 950. - Alternatively, or in addition, the functionality described herein can be performed, at least in part, by one or more hardware logic components. For example, and without limitation, illustrative types of hardware logic components that can be used include Field-programmable Gate Arrays (FPGAs), Program-specific Integrated Circuits (ASICs), Program-specific Standard Products (ASSPs), System-on-a-chip systems (SOCs), Complex Programmable Logic Devices (CPLDs), et cetera.
- The drives and their associated computer storage media discussed above and illustrated in
FIG. 23 , provide storage of computer readable instructions, data structures, program modules and other data for thecomputer 910. InFIG. 23 , for example,hard disk drive 941 is illustrated as storingoperating system 944,application programs 945,other program modules 946, andprogram data 947. Note that these components can either be the same as or different fromoperating system 934,application programs 935,other program modules 936, andprogram data 937.Operating system 944,application programs 945,other program modules 946, andprogram data 947 are given different numbers here to illustrate that, at a minimum, they are different copies. - A user may enter commands and information into the
computer 910 through input devices such as akeyboard 962, amicrophone 963, and apointing device 961, such as a mouse, trackball or touch pad. Other input devices (not shown) may include a joystick, game pad, satellite dish, scanner, or the like. These and other input devices are often connected to theprocessing unit 920 through auser input interface 960 that is coupled to the system bus, but may be connected by other interface and bus structures, such as a parallel port, game port or a universal serial bus (USB). Avisual display 991 or other type of display device is also connected to thesystem bus 921 via an interface, such as avideo interface 990. In addition to the monitor, computers may also include other peripheral output devices such asspeakers 997 andprinter 996, which may be connected through an outputperipheral interface 995. - The
computer 910 is operated in a networked environment using logical connections to one or more remote computers, such as aremote computer 980. Theremote computer 980 may be a personal computer, a hand-held device, a server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above relative to thecomputer 910. The logical connections depicted inFIG. 23 include a local area network (LAN) 971 and a wide area network (WAN) 973, but may also include other networks. Such networking environments are commonplace in offices, enterprise-wide computer networks, intranets and the Internet. - When used in a LAN networking environment, the
computer 910 is connected to theLAN 971 through a network interface or adapter 970. When used in a WAN networking environment, thecomputer 910 typically includes amodem 972 or other means for establishing communications over theWAN 973, such as the Internet. Themodem 972, which may be internal or external, may be connected to thesystem bus 921 via theuser input interface 960, or other appropriate mechanism. In a networked environment, program modules depicted relative to thecomputer 910, or portions thereof, may be stored in the remote memory storage device. By way of example, and not limitation,FIG. 23 illustratesremote application programs 985 as residing onremote computer 980. It will be appreciated that the network connections shown are exemplary and other means of establishing a communications link between the computers may be used. - It should also be noted that the different embodiments described herein can be combined in different ways. That is, parts of one or more embodiments can be combined with parts of one or more other embodiments. All of this is contemplated herein.
- Example 1 is a computing system record security architecture comprising a record generation component configured to generate a record in a computing system, the record identifying a set of users associated with the record, and having an owner property that identifies a first user as an owner of the record, a co-owner assignment component configured to receive a co-owner assignment request, from the first user, to assign a second user to the record as a co-owner, and a record security component configured to receive a record modification request, from the second user, that requests a modification to the record, and to propagate the record modification request to the set of users with a unique identifier that identifies the first user.
- Example 2 is the computing system record security architecture of any or all previous examples, wherein the unique identifier identifies the first user as a sender of the record modification request.
- Example 3 is the computing system record security architecture of any or all previous examples, wherein the co-owner assignment component is configured to store a co-owner property in association with the record that identifies the second user as a co-owner of the record, and the record security component is configured to process the record modification request, received from the second user, by analyzing an identifier in the record modification request relative to the co-owner property.
- Example 4 is the computing system record security architecture of any or all previous examples, wherein the co-owner assignment component is configured to receive a request, from the first user, to remove the second user as a co-owner of the record and, in response, modify the co-owner property associated with the record.
- Example 5 is the computing system record security architecture of any or all previous examples, wherein the owner property comprises the unique identifier of the first user.
- Example 6 is the computing system record security architecture of any or all previous examples, and further comprising a record replication component configured to send a record replication request to the set of users associated with the record, wherein the record replication request includes a set of attributes for the record and the unique identifier that uniquely identifies the first user as the owner of the record.
- Example 7 is the computing system record security architecture of any or all previous examples, wherein the requested modification to the record comprises at least one of updating the record or deleting the record.
- Example 8 is the computing system record security architecture of any or all previous examples, wherein the record security component is configured to control modification of the record based on the owner property of the record.
- Example 9 is the computing system record security architecture of any or all previous examples, wherein the record security component is configured to prevent the requested modification to the record based on a comparison of the owner property and an identifier in the record modification request from the second user.
- Example 10 is the computing system record security architecture of any or all previous examples, wherein the record security component is configured to propagate the record modification request to the set of users by sending an email to each of the associated users, the email including a protected header that is controlled by an email server and includes the unique identifier of the first user.
- Example 11 is the computing system record security architecture of any or all previous examples, wherein the record comprises an event record and the set of users comprise event invitees.
- Example 12 is the computing system record security architecture of any or all previous examples, wherein the set of users includes the second user.
- Example 13 is the computing system record security architecture of any or all previous examples, and further comprising a display system configured to generate a co-owner assignment user interface display with a co-owner assignment user input mechanism, and to detect user interaction with the co-owner assignment user input mechanism that identifies the second user to assign to the record as a co-owner.
- Example 14 is the computing system record security architecture of any or all previous examples, wherein the co-owner assignment user interface display includes an ownership privileges user input mechanism configured to receive a user input from the first user that identifies ownership privileges of the second user relative to the record.
- Example 15 is the computing system record security architecture of any or all previous examples, wherein the first user has a first set of ownership privileges relative to the record, and the co-owner has a second set of the ownership privileges that is different than the first set of ownership privileges.
- Example 16 is the computing system record security architecture of any or all previous examples, wherein the second set of ownership privileges comprises a subset of the first set of ownership privileges.
- Example 17 is a computer-implemented method comprising generating a record in a computing system, the record identifying a set of users associated with the record, and having an owner property that identifies a first user as an owner of the record, receiving a request, from the first user, to assign a second user to the record as a co-owner, and receiving a record modification request, from the second user, that requests a modification to the record, and propagating the record modification request to the set of users with a unique identifier that identifies the first user as a sender of the record modification request.
- Example 18 is the computer-implemented method of any or all previous, and further comprising storing a co-owner property in association with the record that identifies the second user as a co-owner of the record, and processing the record modification request, received from the second user, by analyzing an identifier in the record modification request relative to the co-owner property.
- Example 19 is the computer-implemented method of any or all previous, and further comprising receiving a request, from the first user, to remove the second user as a co-owner of the record and, in response, modifying the co-owner property associated with the record.
- Example 20 is a computing system record security architecture comprising a record generation component configured to generate a record in a computing system, the record identifying a set of users associated with the record, and having an owner property that identifies a first user as an owner of the record, a co-owner assignment component configured to receive a request, from the first user, to assign a second user to the record as a co-owner, and to store a co-owner property in association with the record that identifies the second user as a co-owner of the record, and a record security component configured to receive a record modification request, from the second user, that requests a modification to the record, and to propagate the record modification request to the set of users with a unique identifier that identifies the first user, wherein the co-owner assignment component is configured to receive a request, from the first user, to remove the second user as a co-owner of the record and, in response, modify the co-owner property associated with the record.
- Although the subject matter has been described in language specific to structural features and/or methodological acts, it is to be understood that the subject matter defined in the appended claims is not necessarily limited to the specific features or acts described above. Rather, the specific features and acts described above are disclosed as example forms of implementing the claims and other equivalent features and acts are intended to be within the scope of the claims.
Claims (21)
1-20. (canceled)
21. A computer-implemented method comprising:
generating a record that defines an event and identifies a set of users associated with the event, the record including an owner property that identifies a first user as an owner of the record;
receiving a co-owner assignment request, that is associated with the first user, to assign a second user to the record as a co-owner;
based on the co-owner assignment request, generating a co-owner property on the record that identifies the second user as a co-owner of the record;
receiving a record modification request that requests a modification to the record, and identifies a requestor associated with the record modification request;
based on a comparison of the co-owner property and the requestor associated with the record modification request, propagating the record modification request to the set of users by:
for each respective user in the set of users,
sending a structured electronic message to the respective user, the structured electronic message identifying the requested modification and having a protected header field that is generated by an electronic messaging server and includes a unique identifier that identifies the first user as a sender of the structured electronic message, wherein the protected header field is protected through control of the protected header field by the electronic messaging server.
22. A computer-implemented method of claim 21 , wherein the structured electronic message comprises an email and the electronic messaging system comprises an email server.
23. A computer-implemented method of claim 22 , and further comprising:
sending a separate email to each respective user, the email including a protected email header that is controlled by the email server and includes the unique identifier of the first user.
24. A computer-implemented method of claim 21 , wherein the co-owner assignment request defines an ownership privilege of the second user relative to the record.
25. A computer-implemented method of claim 24 , wherein the first user has a first set of ownership privileges relative to the record, and the co-owner has a second set of the ownership privileges that is different than the first set of ownership privileges.
26. A computer-implemented method of claim 25 , wherein the second set of ownership privileges comprises a subset of the first set of ownership privileges.
27. The computer-implemented method of claim 21 , wherein further comprising:
based on the co-owner assignment request, setting a status attribute on the data record indicating that co-owner assignment is pending;
sending a communication to the second user indicative of the co-owner assignment request; and
based on a response to the communication received from the second user, modifying the status attribute to indicate that the co-owner assignment request is complete.
28. The computer-implemented method of claim 21 , wherein the event record comprises a calendar event record that stores at least one of time or location information associated with an event.
29. The computer-implemented method of claim 21 , and further comprising:
receiving a request, from the first user, to remove the second user as a co-owner of the record and, in response, modifying the co-owner property associated with the record.
30. A computing system comprising:
a record generation component configured to:
generate a data record that represents an event and identifies a set of users associated with the event, the data record includes an owner property that identifies a first user as an owner of the record;
a co-owner assignment component configured to:
based on a co-owner assignment request associated with the first user, generate a co-owner property on the record that identifies a second user as a co-owner of the record; and
a record security component configured to:
receive a record modification request that is indicative of a requested modification to the record, and identifies a requestor associated with the record modification request;
validate the requested modification based on the identified requestor and the co-owner property; and
based on the validation, propagate the requested modification to the set of users by:
for each respective user of the set of users, sending a structured electronic message to a separate computing system associated with the respective user, wherein
the structured electronic message identifies the requested modification; and
the separate computing system associated with the respective user maintains a separate copy of the data record and modifies the separate copy based on the requested modification identified in the structured electronic message.
31. The computing system of claim 30 , wherein the structured electronic message includes a protected header that is generated by an electronic messaging server and stores a unique identifier that identifies a sender of the structured electronic message, wherein the protected header is protected through control of the protected header by the electronic messaging server.
32. The computing system of claim 31 , wherein the structured electronic message comprises an email and the electronic messaging system comprises an email server.
33. The computing system of claim 31 , wherein the unique identifier is based on a combination of:
a mailbox identifier that identifies a mailbox assigned to the sender in the electronic messaging system; and
a unique object distinguished name that is assigned to the mailbox.
34. The computing system of claim 30 , wherein the requested modification to the record comprises at least one of updating the record or deleting the record.
35. The computing system of claim 30 , wherein the co-owner assignment component is configured to receive a request, from the first user, to remove the second user as a co-owner of the record and, in response, modify the co-owner property associated with the record.
36. The computing system of claim 30 , wherein the event record comprises a calendar event record that stores at least one of time or location information associated with a calendar event.
37. The computing system of claim 30 , wherein the record security component is configured to prevent the requested modification to the record based on the comparison of the requestor to the co-owner property.
38. The computing system of claim 30 , wherein
the co-owner assignment request identifies ownership privileges of the second user relative to the record, and
the first user has a first set of ownership privileges relative to the record, and the co-owner has a second set of the ownership privileges that is different than the first set of ownership privileges.
39. A computing system comprising:
a record generation component configured to:
generate a data record that represents a calendar event and identifies a set of users associated with the calendar event, the data record includes an owner property that identifies the first user as an owner of the data record;
a co-owner assignment component configured to:
based on a co-owner assignment request associated with the first user, generate a co-owner property on the data record that identifies a second user as a co-owner of the data record; and
a record security component configured to:
receive a record modification request that is indicative of a requested modification to the data record, and identifies a requestor associated with the record modification request;
validate the requested modification based on the identified requestor and the co-owner property; and
based on the validation, propagate the requested modification to the set of users by:
for each respective user of the set of users, instructing a first email server to send an email to a second email server that is separate from the first email server and is associated with the respective user, wherein
the email identifies the requested modification; and
a calendar server associated with the respective user maintains a separate copy of the data record and modifies the separate copy based on the requested modification identified in the email.
40. The computing system of claim 39 , wherein the first and second email servers comprise different types of email servers.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US15/805,207 US20180183803A1 (en) | 2015-08-28 | 2017-11-07 | Secure computing system record access control |
Applications Claiming Priority (3)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US201562211283P | 2015-08-28 | 2015-08-28 | |
US14/850,466 US9871801B2 (en) | 2015-08-28 | 2015-09-10 | Secure computing system record access control |
US15/805,207 US20180183803A1 (en) | 2015-08-28 | 2017-11-07 | Secure computing system record access control |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/850,466 Continuation US9871801B2 (en) | 2015-08-28 | 2015-09-10 | Secure computing system record access control |
Publications (1)
Publication Number | Publication Date |
---|---|
US20180183803A1 true US20180183803A1 (en) | 2018-06-28 |
Family
ID=58097058
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/850,466 Active US9871801B2 (en) | 2015-08-28 | 2015-09-10 | Secure computing system record access control |
US15/805,207 Abandoned US20180183803A1 (en) | 2015-08-28 | 2017-11-07 | Secure computing system record access control |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US14/850,466 Active US9871801B2 (en) | 2015-08-28 | 2015-09-10 | Secure computing system record access control |
Country Status (2)
Country | Link |
---|---|
US (2) | US9871801B2 (en) |
WO (1) | WO2017040226A1 (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10169547B2 (en) | 2015-08-28 | 2019-01-01 | Microsoft Technology Licensing, Llc | Secure computing system record transfer control |
US20220129586A1 (en) * | 2020-10-28 | 2022-04-28 | DataGrail, Inc. | Methods and systems for processing agency-initiated privacy requests |
US11526627B2 (en) | 2020-07-27 | 2022-12-13 | DataGrail, Inc. | Data discovery and generation of live data map for information privacy |
US11829507B2 (en) | 2020-04-22 | 2023-11-28 | DataGrail, Inc. | Methods and systems for privacy protection verification |
Families Citing this family (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9954863B2 (en) | 2015-08-28 | 2018-04-24 | Microsoft Technology Licensing, Llc | Computing system record security architecture |
CN108604986B (en) * | 2016-03-30 | 2022-04-19 | 惠普发展公司,有限责任合伙企业 | Conference password |
US10620789B2 (en) * | 2016-06-29 | 2020-04-14 | Microsoft Technology Licensing, Llc | User interface driven movement of data |
US11348072B2 (en) | 2016-09-26 | 2022-05-31 | Microsoft Technology Licensing, Llc | Techniques for sharing electronic calendars between mailboxes in an online application and collaboration service |
US10922661B2 (en) * | 2017-03-27 | 2021-02-16 | Microsoft Technology Licensing, Llc | Controlling a computing system to generate a pre-accept cache for calendar sharing |
US11144978B1 (en) * | 2021-02-25 | 2021-10-12 | Mythical, Inc. | Systems and methods to support custom bundling of virtual items within an online game |
Family Cites Families (58)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4135240A (en) | 1973-07-09 | 1979-01-16 | Bell Telephone Laboratories, Incorporated | Protection of data file contents |
US6463463B1 (en) | 1998-05-29 | 2002-10-08 | Research In Motion Limited | System and method for pushing calendar event messages from a host system to a mobile data communication device |
US6411605B1 (en) | 1998-07-08 | 2002-06-25 | Qwest Communications International, Inc. | Scheduler for telecommunications bridge |
US7284271B2 (en) | 2001-03-14 | 2007-10-16 | Microsoft Corporation | Authorizing a requesting entity to operate upon data structures |
US7222104B2 (en) | 2001-05-31 | 2007-05-22 | Contentguard Holdings, Inc. | Method and apparatus for transferring usage rights and digital work having transferrable usage rights |
US20030110228A1 (en) | 2001-12-12 | 2003-06-12 | Ziqiang Xu | Method and apparatus for monitoring activity and presence to optimize collaborative issue resolution |
US7062656B2 (en) | 2002-02-22 | 2006-06-13 | International Busness Machines Corporation | Method for providing secure access to information held in a shared respiratory |
US8359540B2 (en) | 2002-10-09 | 2013-01-22 | Goldman, Sachs & Co. | Apparatus, methods, and articles of manufacture for constructing and maintaining a calendaring interface |
US8140980B2 (en) | 2003-08-05 | 2012-03-20 | Verizon Business Global Llc | Method and system for providing conferencing services |
US7200608B2 (en) | 2003-10-23 | 2007-04-03 | Microsoft Corporation | Application programming interface for centralized storage of principal data |
WO2005053323A2 (en) | 2003-11-19 | 2005-06-09 | Idea Place Corporation | Groupware systems and methods |
US20050273372A1 (en) | 2004-06-03 | 2005-12-08 | International Business Machines Corporation | Integrated system for scheduling meetings and resources |
US8121953B1 (en) | 2004-12-30 | 2012-02-21 | Rearden Commerce Inc. | Intelligent meeting planner |
US20060265456A1 (en) * | 2005-05-19 | 2006-11-23 | Silicon Storage Technology, Inc. | Message authentication system and method |
US20070118415A1 (en) | 2005-10-25 | 2007-05-24 | Qualcomm Incorporated | Intelligent meeting scheduler |
US8171104B2 (en) | 2005-12-15 | 2012-05-01 | International Business Machines Corporation | Scheduling and searching meetings in a network environment |
GB0602296D0 (en) | 2006-02-04 | 2006-03-15 | Ibm | Method and system for accessing declined event invitations |
US20070197239A1 (en) | 2006-02-17 | 2007-08-23 | Global Wireless Unified Messaging Systems, Llc | Global wireless unified messaging system and method |
US7937442B2 (en) | 2006-09-22 | 2011-05-03 | Microsoft Corporation | Multipoint control unit (MCU) failure detection and rollover |
US8190878B2 (en) * | 2007-03-23 | 2012-05-29 | Microsoft Corporation | Implementation of private messaging |
US20080259824A1 (en) | 2007-04-23 | 2008-10-23 | Frankel David P | Identity-based conferencing systems and methods |
US20080270211A1 (en) | 2007-04-25 | 2008-10-30 | Raymond Vander Veen | method and system for modifying a meeting attendee list of an email calendar application |
US8484745B2 (en) | 2007-05-21 | 2013-07-09 | International Business Machines Corporation | Electronic calendar collaboration |
US8200520B2 (en) | 2007-10-03 | 2012-06-12 | International Business Machines Corporation | Methods, systems, and apparatuses for automated confirmations of meetings |
US7941399B2 (en) * | 2007-11-09 | 2011-05-10 | Microsoft Corporation | Collaborative authoring |
US9317838B2 (en) | 2007-12-31 | 2016-04-19 | International Business Machines Corporation | System and method for managing calendaring events |
US20090216837A1 (en) * | 2008-02-25 | 2009-08-27 | Microsoft Corporation | Secure reservationless conferencing |
EP2096588A1 (en) | 2008-02-29 | 2009-09-02 | Research In Motion Limited | Designation of delegate for modifying an electronic meeting definition defined using electronic calendaring software |
US20090222747A1 (en) * | 2008-02-29 | 2009-09-03 | Darrell Reginald May | Designation of delegate for modifying an electronic meeting definition defined using electronic calendaring software |
US8402508B2 (en) * | 2008-04-02 | 2013-03-19 | Microsoft Corporation | Delegated authentication for web services |
US8341532B2 (en) * | 2008-06-10 | 2012-12-25 | Microsoft Corporation | Automated set-up of a collaborative workspace |
US20090319926A1 (en) | 2008-06-18 | 2009-12-24 | International Business Machines Corporation | Calendaring system able to assign delegates to calendar events of an absent user |
US20100083134A1 (en) | 2008-09-29 | 2010-04-01 | International Business Machines Corporation | Delegation of calendar functions |
US20100088753A1 (en) * | 2008-10-03 | 2010-04-08 | Microsoft Corporation | Identity and authentication system using aliases |
US20100091687A1 (en) | 2008-10-15 | 2010-04-15 | Ted Beers | Status of events |
US20100106548A1 (en) | 2008-10-29 | 2010-04-29 | International Business Machines Corporation | Managing meeting calendar entries |
US9536230B2 (en) * | 2008-12-30 | 2017-01-03 | International Business Machines Corporation | Managing calendaring events |
US9036804B2 (en) | 2009-03-31 | 2015-05-19 | Microsoft Corporation | Extensible realtime delegation for calls, conferences and collaboration |
US8583784B2 (en) | 2009-06-05 | 2013-11-12 | Palm, Inc. | Dynamic communication integration with calendar |
EP2489177B1 (en) * | 2009-10-13 | 2020-06-17 | Cricket Media, Inc. | Dynamic collaboration in social networking environment |
US20110161284A1 (en) | 2009-12-28 | 2011-06-30 | Verizon Patent And Licensing, Inc. | Workflow systems and methods for facilitating resolution of data integration conflicts |
US20110258561A1 (en) * | 2010-04-14 | 2011-10-20 | Media Logic, Usa, Llc | Method, system and program product for participating in social media sites on behalf of entity |
US9253615B2 (en) | 2010-11-30 | 2016-02-02 | Microsoft Technology Licensing, Llc | Event planning within social networks |
US9064278B2 (en) * | 2010-12-30 | 2015-06-23 | Futurewei Technologies, Inc. | System for managing, storing and providing shared digital content to users in a user relationship defined group in a multi-platform environment |
US20130054295A1 (en) | 2011-08-29 | 2013-02-28 | International Business Machines Corporation | Providing indications by a calendaring system that a meeting has been previously rescheduled to aid in scheduling |
US9311679B2 (en) * | 2011-10-31 | 2016-04-12 | Hearsay Social, Inc. | Enterprise social media management platform with single sign-on |
US20140200944A1 (en) | 2011-11-08 | 2014-07-17 | Matchware A/S | Automation of meeting scheduling and task list access permissions within a meeting series |
US8826390B1 (en) * | 2012-05-09 | 2014-09-02 | Google Inc. | Sharing and access control |
US20140081688A1 (en) * | 2012-09-14 | 2014-03-20 | Salesforce.Com Inc. | Systems and methods for assigning account ownership in an on-demand system |
US9516022B2 (en) | 2012-10-14 | 2016-12-06 | Getgo, Inc. | Automated meeting room |
US10235383B2 (en) * | 2012-12-19 | 2019-03-19 | Box, Inc. | Method and apparatus for synchronization of items with read-only permissions in a cloud-based environment |
US20140316872A1 (en) * | 2013-03-15 | 2014-10-23 | Monster, Inc. | Systems and methods for managing endorsements |
US9143542B1 (en) * | 2013-06-05 | 2015-09-22 | Google Inc. | Media content collaboration |
US11121995B2 (en) | 2013-07-25 | 2021-09-14 | Mimecast Services Ltd. | Encoding executable instructions and computational state in email headers |
US9264550B2 (en) * | 2013-10-18 | 2016-02-16 | Plantronics, Inc. | Speaker identification for use in multi-media conference call system |
US10530854B2 (en) * | 2014-05-30 | 2020-01-07 | Box, Inc. | Synchronization of permissioned content in cloud-based environments |
US10169547B2 (en) | 2015-08-28 | 2019-01-01 | Microsoft Technology Licensing, Llc | Secure computing system record transfer control |
US9954863B2 (en) | 2015-08-28 | 2018-04-24 | Microsoft Technology Licensing, Llc | Computing system record security architecture |
-
2015
- 2015-09-10 US US14/850,466 patent/US9871801B2/en active Active
-
2016
- 2016-08-26 WO PCT/US2016/048804 patent/WO2017040226A1/en active Application Filing
-
2017
- 2017-11-07 US US15/805,207 patent/US20180183803A1/en not_active Abandoned
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US10169547B2 (en) | 2015-08-28 | 2019-01-01 | Microsoft Technology Licensing, Llc | Secure computing system record transfer control |
US11829507B2 (en) | 2020-04-22 | 2023-11-28 | DataGrail, Inc. | Methods and systems for privacy protection verification |
US11526627B2 (en) | 2020-07-27 | 2022-12-13 | DataGrail, Inc. | Data discovery and generation of live data map for information privacy |
US11841979B2 (en) | 2020-07-27 | 2023-12-12 | DataGrail, Inc. | Data discovery and generation of live data map for information privacy |
US20220129586A1 (en) * | 2020-10-28 | 2022-04-28 | DataGrail, Inc. | Methods and systems for processing agency-initiated privacy requests |
US12093427B2 (en) * | 2020-10-28 | 2024-09-17 | DataGrail, Inc. | Methods and systems for processing agency-initiated privacy requests |
Also Published As
Publication number | Publication date |
---|---|
WO2017040226A1 (en) | 2017-03-09 |
US9871801B2 (en) | 2018-01-16 |
US20170063867A1 (en) | 2017-03-02 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US9871801B2 (en) | Secure computing system record access control | |
US10936808B2 (en) | Document linking in an electronic messaging system | |
US10775956B2 (en) | Electronic data storage re-sharing notification | |
US20170012985A1 (en) | Granting permissions to an object when adding people to a conversation | |
US10944752B2 (en) | Transfer of secure external sharing link | |
US20180007022A1 (en) | Sharing content with permission control using near field communication | |
EP3631660B1 (en) | External sharing with improved security | |
US20180124155A1 (en) | Network-based group communication and file sharing system | |
US20170323086A1 (en) | Group-based external sharing of electronic data | |
US10547621B2 (en) | Persistent mutable sharing of electronic content | |
US10474323B2 (en) | Organizational external sharing of electronic data | |
US20170364692A1 (en) | Electronic file sharing link granularity | |
US20240037066A1 (en) | File access permission revocation notification | |
EP3341886B1 (en) | Secure computing system record transfer control | |
US9954863B2 (en) | Computing system record security architecture | |
US10554598B2 (en) | Accessibility processing when making content available to others | |
US20210112112A1 (en) | Surfacing sharing attributes of a link proximate a browser address bar |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: MICROSOFT TECHNOLOGY LICENSING, LLC, WASHINGTON Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SINGH, JASKARAN;MADEJCZYK, SZYMON;HAKAMI, SINA;SIGNING DATES FROM 20150908 TO 20150909;REEL/FRAME:045282/0679 |
|
STPP | Information on status: patent application and granting procedure in general |
Free format text: FINAL REJECTION MAILED |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |