Abstract: A schema-based service for Internet access to per-user services data, wherein access to data is based on each user's identity. The service includes a schema that defines rules and a structure for each user's data, and also includes methods that provide access to the data in a defined way. The services schema thus corresponds to a logical document containing the data for each user. The user manipulates (e.g., reads or writes) data in the logical document by data access requests through defined methods. In one implementation, the services schemas are arranged as XML documents, and the services provide methods that control access to the data based on the requesting user's identification, defined role and scope for that role. In this way, data can be accessed by its owner, and shared to an extent determined by the owner.

Abstract: A system and method for controlling access to a computer provides for loose security within a local network while retaining strong security against external access to the network. In one embodiment, a user has access to trusted nodes in a secured group within an unmanaged network, without being required to choose, enter and remember a login password. To establish such a secure blank password or one-click logon account for the user on a computer, a strong random password is generated and stored, and the account is designated as a blank password account. If the device is part of a secured network group, the strong random password is replicated to the other trusted nodes. When a user with a blank password account wishes to log in to a computer, the stored strong random password is retrieved and the user is authenticated.

Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

Abstract: A distributed security system is provided. The distributed security system uses a security policy that is written in a policy language that is transport and security protocol independent as well as independent of cryptographic technologies. This security policy can be expressed using the language to create different security components allowing for greater scalability and flexibility. By abstracting underlying protocols and technologies, multiple environments and platforms can be supported.

Abstract: A device control model provides an integrated set of addressing, naming, discovery and description processes that enables automatic, dynamic and ad-hoc self-setup by devices to interoperate with other devices on a network. This permits a computing device when introduced into a network to automatically configure so as to connect and interact with other computing devices available on the network, without a user installation experience and without downloading driver software or persisting a configuration setup for connecting and interacting with such other computing devices. Upon completing interaction with such other devices, the computing device automatically releases the setup for such other devices so as to avoid persistent device configurations that might create a configuration maintenance and management burden.

Abstract: A universal plug and play (UPnP) device makes itself known through a set of processes—discovery, description, control, eventing, and presentation. Following discovery of a UPnP device, an entity can learn more about the device and its capabilities by retrieving the device's description. The description includes vendor-specific manufacturer information like the model name and number, serial number, manufacturer name, URLs to vendor-specific Web sites, etc. The description also includes a list of any embedded devices or services, as well as URLs for control, eventing, and presentation. The description is written by a vendor, and is usually based on a device template produced by a UPnP forum working committee. The template is derived from a template language that is used to define elements to describe the device and any services supported by the device. The template language is written using an XML-based syntax that organizes and structures the elements.

Abstract: The present invention relates to a system and methodology to facilitate security for data items residing within (or associated with) a hierarchical database or storage structure. A database security system is provided having a hierarchical data structure associated with one or more data items. The system includes a security component that applies a security policy to the data items from a global location or region associated with a database. Various components and processes are employed to enable explicit and/or inherited security properties to be received by and propagated to the data items depending on the type of data structure encountered or processed.

Abstract: Processing a response to a network request using information that was transplanted into the response from a specific portion of the request. A requesting computer system generates an electronic request that includes the specific portion. The requesting computer system then submits the request to a responding computer system, which processes the request to form a response to the request. During processing of the request, the responding system transplants the specific portion of the request to the response. The responding computer system then transmits the response to the request to a processing computer system that processes the request. The processing computer system receives the response and extracts the information from the specific portion of the response. The processing computer system then uses the extracted information to process the request.

Abstract: A universal plug and play (UPnP) device makes itself known through a set of processes—discovery, description, control, eventing, and presentation. Following discovery of a UPnP device, an entity can learn more about the device and its capabilities by retrieving the device's description. The description includes vendor-specific manufacturer information like the model name and number, serial number, manufacturer name, URLs to vendor-specific Web sites, etc. The description also includes a list of any embedded devices or services, as well as URLs for control, eventing, and presentation. The description is written by a vendor, and is usually based on a device template produced by a UPnP forum working committee. The template is derived from a template language that is used to define elements to describe the device and any services supported by the device. The template language is written using an XML-based syntax that organizes and structures the elements.

Abstract: A method for generating an index to be provided by data sources or lower level index servers to higher order index servers is suited for use in connection with a distributed directory service comprising a hierarchical arrangement of data sources, data servers and index servers. The method involves determining the amount of data to be indexed, and comparing the amount of data to be indexed to a predefined maximum index size. An index of reduced size is generated if the amount of data to be indexed is greater than the maximum index size, and then this index is provided to higher order index servers. The index is formed by parsing the data in accordance with a prescribed data hierarchy (e.g., left or right) and using portions of the data while omitting other portions of the data. The index is formed such that it will meet the criteria of (a) producing no false negatives when queried and (b) comprising less data than the data to be indexed.

Abstract: A distributed directory service includes data sources (DS#1 through DS#5), index servers (IS#1, IS#2 and IS#3) and a client. The data sources generate an index of their data as well as a listing of their schema and a mapping from their schema to their index server's schema. This information is then transmitted to the index server for each data source, which repeats the process by providing an index and mapping information to its index server(s), if any.

Abstract: A method and system for aggregating objects within a computer system are provided. In a preferred embodiment, the method aggregates an enclosed object within an enclosing object. The enclosed object has an object management interface and an external interface, while the enclosing object has a controlling object management interface. The controlling object management interface and the external interface of the enclosed object have query function members for receiving an identifier of an interface and for returning a reference to the identified interface. A preferred embodiment creates an instance of an enclosing object and an object to be enclosed. In static aggregation, the controlling object management interface of the enclosing object knows in advance how to return an identifier to the external interface of the enclosed object. In dynamic aggregation, an object to be enclosed is added to the enclosing object after the enclosing object is instantiated.

Abstract: A method for generating an index to be provided by data sources or lower level index servers to higher order index servers is suited for use in connection with a distributed directory service comprising a hierarchical arrangement of data sources, data servers and index servers. The method involves determining the amount of data to be indexed, and comparing the amount of data to be indexed to a predefined maximum index size. An index of reduced size is generated if the amount of data to be indexed is greater than the maximum index size, and then this index is provided to higher order index servers. The index is formed by parsing the data in accordance with a prescribed data hierarchy (e.g., left or right) and using portions of the data while omitting other portions of the data. The index is formed such that it will meet the criteria of (a) producing no false negatives when queried and (b) comprising less data than the data to be indexed.

Abstract: A method and system for aggregating objects within a computer system are provided. In a preferred embodiment, the method aggregates an enclosed object within an enclosing object. The enclosed object has an object management interface and an external interface, while the enclosing object has a controlling object management interface. The controlling object management interface and the external interface of the enclosed object have query function members for receiving an identifier of an interface and for returning a reference to the identified interface. A preferred embodiment creates an instance of an enclosing object and an object to be enclosed. In static aggregation, the controlling object management interface of the enclosing object knows in advance how to return an identifier to the external interface of the enclosed object. In dynamic aggregation, an object to be enclosed is added to the enclosing object after the enclosing object is instantiated.

Abstract: A method and system for aggregating objects within a computer system are provided. In a preferred embodiment, the method aggregates an enclosed object within an enclosing object. The enclosed object has an object management interface and an external interface, while the enclosing object has a controlling object management interface. The controlling object management interface and the external interface of the enclosed object have query function members for receiving an identifier of an interface and for returning a reference to the identified interface. A preferred embodiment creates an instance of an enclosing object and an object to be enclosed. In static aggregation, the controlling object management interface of the enclosing object knows in advance how to return an identifier to the external interface of the enclosed object. In dynamic aggregation, an object to be enclosed is added to the enclosing object after the enclosing object is instantiated.

Abstract: A method and system that allows a client process to invoke a remote procedure. An operating system maintains a table with an entry for each remote procedure. Each entry of this table contains a signature that specifies a format in which parameters are exchanged between the client process and the remote procedure. When the client process requests the invocation of the remote procedure, the operating system creates a stack for the remote procedure. This stack is then mapped into the operating system's address space. By mapping the remote procedure's stack in this fashion, the operating system can simultaneously access the client's stack and the remote procedure's stack. The operating system then copies, in accordance with the remote procedure's signature, parameters directly from the client's stack to the remote procedure's stack. Once the parameters are copied, the remote procedure executes using the data contained on its own stack.

Abstract: A method and system for aggregating objects within a computer system are provided. In a preferred embodiment, the method aggregates an enclosed object within an enclosing object. The enclosed object has an object management interface and an external interface, while the enclosing object has a controlling object management interface. The controlling object management interface and the external interface of the enclosed object have query function members for receiving an identifier of an interface and for returning a reference to the identified interface. A preferred embodiment creates an instance of an enclosing object and an object to be enclosed. In static aggregation, the controlling object management interface of the enclosing object knows in advance how to return an identifier to the external interface of the enclosed object. In dynamic aggregation, an object to be enclosed is added to the enclosing object after the enclosing object is instantiated.

Abstract: A method and system for transparently executing code using a surrogate process is provided. In a preferred embodiment, the underlying system provides a surrogate program that can execute server dynamic-link libraries. When a client program wishes to access an object of a sharable class or a class factory object, the client program requests a service control manager to execute the server code for the sharable class. In response, the service control manager determines from a registration database whether the server code is available in the form of a server executable or a server dynamic-link library.

Abstract: A method and system for aggregating objects within a computer system are provided. In a preferred embodiment, the method aggregates an enclosed object within an enclosing object. The enclosed object has an object management interface and an external interface, while the enclosing object has a controlling object management interface. The controlling object management interface and the external interface of the enclosed object have query function members for receiving an identifier of an interface and for returning a reference to the identified interface. A preferred embodiment creates an instance of an enclosing object and an object to be enclosed. In static aggregation, the controlling object management interface of the enclosing object knows in advance how to return an identifier to the external interface of the enclosed object. In dynamic aggregation, an object to be enclosed is added to the enclosing object after the enclosing object is instantiated.

Abstract: A computer method and system for passing a pointer to an interface from a server process to a client process. In a preferred embodiment, the server process instantiates an object that has multiple interfaces. The server process identifies an interface to pass to the client process and creates a stub object for receiving a request to invoke a function member of the interface and for invoking the requested function member upon receiving the request. The server process then sends an identifier of the stub to the client process. When the client process receives the identifier of the stub, it instantiates a proxy object for receiving requests to invoke a function member of the interface and for sending the request to the identified stub. The client process can then invoke the function members of the interface by invoking function members of the proxy object. The proxy object sends a request to the identified stub. The identified stub then invokes the corresponding function member of the interface.