Patents by Inventor Dharma K. Shukla

Dharma K. Shukla has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10447684
    Abstract: An application host (such as a web application server) may execute a set of applications on behalf of a set of users. Such applications may not be fully trusted, and a two-way isolation of the distributed resources of an application (e.g., the executing application, the application user interface on the user's computer, and server- and client-side stored resources) from other applications may be desirable. This isolation may be promoted utilizing the cross-domain restriction policies of each user's computer by allocating a distinct subdomain of the application host for each application. The routing of network requests to a large number of distinct subdomains may be economized by mapping all distinct subdomains to the address of the domain of the application host. Moreover, the application user interfaces may be embedded in an isolation construct (e.g., an IFRAME HTML element) to promote two-way isolation among application user interfaces and client-side application resources.
    Type: Grant
    Filed: November 19, 2015
    Date of Patent: October 15, 2019
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Arash Ghanaie-Sichanie, Matthew S. Augustine, Dharma K. Shukla, Hari Krishnan, Matthew J. Burdick
  • Patent number: 9967258
    Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g.
    Type: Grant
    Filed: August 30, 2016
    Date of Patent: May 8, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Abolade Gbadegesin, Dharma K. Shukla, Thomas A. Galvin, David R. Reed, Nikolay Smolyanskiy, Eric Fleischman, Roman Batoukov
  • Patent number: 9930039
    Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g.
    Type: Grant
    Filed: April 11, 2016
    Date of Patent: March 27, 2018
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Abolade Gbadegesin, Dharma K. Shukla, Thomas A. Galvin, David R. Reed, Nikolay Smolyanskiy, Eric Fleischman, Roman Batoukov
  • Publication number: 20160373451
    Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g.
    Type: Application
    Filed: August 30, 2016
    Publication date: December 22, 2016
    Inventors: Abolade Gbadegesin, Dharma K. Shukla, Thomas A. Galvin, David R. Reed, Nikolay Smolyanskiy, Eric Fleischman, Roman Batoukov
  • Patent number: 9461985
    Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g.
    Type: Grant
    Filed: March 25, 2013
    Date of Patent: October 4, 2016
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Abolade Gbadegesin, Dharma K. Shukla, Thomas A. Galvin, David R. Reed, Nikolay Smolyanskiy, Eric Fleischman, Roman Batoukov
  • Publication number: 20160226875
    Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g.
    Type: Application
    Filed: April 11, 2016
    Publication date: August 4, 2016
    Inventors: Abolade Gbadegesin, Dharma K. Shukla, Thomas A. Galvin, David R. Reed, Nikolay Smolyanskiy, Eric Fleischman, Roman Batoukov
  • Publication number: 20160080358
    Abstract: An application host (such as a web application server) may execute a set of applications on behalf of a set of users. Such applications may not be fully trusted, and a two-way isolation of the distributed resources of an application (e.g., the executing application, the application user interface on the user's computer, and server- and client-side stored resources) from other applications may be desirable. This isolation may be promoted utilizing the cross-domain restriction policies of each user's computer by allocating a distinct subdomain of the application host for each application. The routing of network requests to a large number of distinct subdomains may be economized by mapping all distinct subdomains to the address of the domain of the application host. Moreover, the application user interfaces may be embedded in an isolation construct (e.g., an IFRAME HTML element) to promote two-way isolation among application user interfaces and client-side application resources.
    Type: Application
    Filed: November 19, 2015
    Publication date: March 17, 2016
    Inventors: Arash Ghanaie-Sichanie, Matthew S. Augustine, Dharma K. Shukla, Hari Krishnan, Matthew J. Burdick
  • Patent number: 9197417
    Abstract: An application host (such as a web application server) may execute a set of applications on behalf of a set of users. Such applications may not be fully trusted, and a two-way isolation of the distributed resources of an application (e.g., the executing application, the application user interface on the user's computer, and server- and client-side stored resources) from other applications may be desirable. This isolation may be promoted utilizing the cross-domain restriction policies of each user's computer by allocating a distinct subdomain of the application host for each application. The routing of network requests to a large number of distinct subdomains may be economized by mapping all distinct subdomains to the address of the domain of the application host. Moreover, the application user interfaces may be embedded in an isolation construct (e.g., an IFRAME HTML element) to promote two-way isolation among application user interfaces and client-side application resources.
    Type: Grant
    Filed: April 24, 2009
    Date of Patent: November 24, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Arash Ghanaie-Sichanie, Matthew S. Augustine, Dharma K. Shukla, Hari Krishnan S, Matthew J. Burdick
  • Patent number: 9003059
    Abstract: Systems and methods for implementing online and offline applications are described. Such systems and methods may in some cases provide the same programming interface, regardless of whether the application is online or offline. Such systems and methods may also or instead in some cases provide additional or other possible capabilities, including installation without elevated privileges, simplified data synchronization, sharing of applications and application data, access to data from other applications, and richer client functionality than may be provided by an application such as a web browser.
    Type: Grant
    Filed: March 31, 2008
    Date of Patent: April 7, 2015
    Assignee: Microsoft Technology Licensing, LLC
    Inventors: Raymond E. Ozzie, Jack E. Ozzie, George P. Moromisato, Raman Narayanan, Matthew S. Augustine, Dharma K. Shukla, Ori M. Amiga, Ming Liu, Arash Ghanaie-Sichanie
  • Patent number: 8533666
    Abstract: In scenarios involving a data set accessible through a protocol, operations sets may be formulated for performing various operations on the data set, and may be expressed as resource scripts according to a scripting language. However, such resource scripts may be difficult to design due to the complicated aspects of the interaction, such as asynchrony, network transport, the syntax of the scripting language, and the details of the protocol. A design environment may be devised to facilitate designers in generating resource scripts, e.g., through the manipulation of visual elements. The design environment may abstract the lower-level working details of the resource scripts, and may allow designers to focus on the logical designing of the operations set. The design environment may then automatically generate the resource script from the operations set in accordance with the constraints of the script language and the protocol.
    Type: Grant
    Filed: October 17, 2008
    Date of Patent: September 10, 2013
    Assignee: Microsoft Corporation
    Inventors: Dharma K. Shukla, Aditya G. Bhandarkar, Shelly Guo, Abhay Parasnis, Ori M. Amiga, Raymond E. Endres, George M. Moore
  • Patent number: 8505084
    Abstract: Portions of a computing environment (such as a user's mesh) may restrict accessing to particular types of access by particular applications. The computer may support applications executing within a virtual environment (such as a web browser) by brokering such access through a token-based system. When an application requests a particular type of access (e.g., writing to a particular data object), the computer may contact an authorization server with the credentials of the application to request the specified access, and may receive and store an authorization token. The computer may then access the computing environment with the authorization token, and may return the results to the application within the virtual environment. Additional features may further support such applications; e.g., a programmatic interface may be provided in a familiar language, such as JavaScript, whereby applications can request access to particular data objects and identify authorized access capabilities.
    Type: Grant
    Filed: April 6, 2009
    Date of Patent: August 6, 2013
    Assignee: Microsoft Corporation
    Inventors: Dharma K. Shukla, Matthew J. Burdick, Arash Ghanaie-Sichanie, Matthew S. Augustine, Hari Krishnan
  • Patent number: 8412930
    Abstract: A deployable computing environment may facilitate interaction and data sharing between users and devices. Users, devices, and relationships between the users and devices may be represented within the deployable computing environment. A relationship between a user and a device may specify that the device is owned by the user and that the device is authorized to perform operations within the deployable computing environment on behalf of the user. Secure authentication of devices and users for interaction within the deployable computing environment is achieved by authenticating tickets corresponding to the user, the device, and the relationship. A device identification ticket and a user identification ticket are used to authenticate the device and user for interaction within the deployable computing environment. A device claim ticket allows the device to perform delegated operations (e.g., data synchronization, peer connectivity, etc.) on behalf of the user without the user's credentials (e.g.
    Type: Grant
    Filed: October 9, 2008
    Date of Patent: April 2, 2013
    Assignee: Microsoft Corporation
    Inventors: Abolade Gbadegesin, Dharma K. Shukla, Thomas A. Galvin, David R. Reed, Nikolay Smolyanskiy, Eric Fleischman, Roman Batoukov
  • Patent number: 8170901
    Abstract: A user interface for building a componentized workflow model. Each step of the workflow is modeled as an activity that has metadata to describe design time aspects, compile time aspects, and runtime aspects of the workflow step. A user selects and arranges the activities to create the workflow via the user interface. The metadata associated with each of the activities in the workflow is collected to create a persistent representation of the workflow. Users extend the workflow model by authoring custom activities.
    Type: Grant
    Filed: January 31, 2005
    Date of Patent: May 1, 2012
    Assignee: Microsoft Corporation
    Inventors: Dharma K. Shukla, Aditya G. Bhandarkar, Akash J. Sagar, Sergey Chub, Mayank Mehta, Dennis Pilarinos, Eli Hisdai, Abhay Vinayak Parasnis
  • Publication number: 20120078677
    Abstract: Designing and executing a workflow having flow-based and constraint-based regions. A user selects one or more activities to be part of a constraint-based region. Each constraint-based region has a constraint associated therewith. The workflow is executed by executing the flow-based region and the constraint-based region. The flow-based region executes sequentially. The constraint is evaluated, and the constraint-based region executes responsive to the evaluated constraint.
    Type: Application
    Filed: December 9, 2011
    Publication date: March 29, 2012
    Applicant: MICROSOFT CORPORATION
    Inventors: David G. Green, Bimal K. Mehta, Satish R. Thatte, Dharma K. Shukla, Abhay Vinayak Parasnis
  • Patent number: 8103536
    Abstract: Designing and executing a workflow having flow-based and constraint-based regions. A user selects one or more activities to be part of a constraint-based region. Each constraint-based region has a constraint associated therewith. The workflow is executed by executing the flow-based region and the constraint-based region. The flow-based region executes sequentially. The constraint is evaluated, and the constraint-based region executes responsive to the evaluated constraint.
    Type: Grant
    Filed: August 13, 2010
    Date of Patent: January 24, 2012
    Assignee: Microsoft Corporation
    Inventors: David G. Green, Bimal K. Mehta, Satish R. Thatte, Dharma K. Shukla, Abhay Vinayak Parasnis
  • Patent number: 8090610
    Abstract: A user interface for building a componentized workflow model. Each step of the workflow is modeled as an activity that has metadata to describe design time aspects, compile time aspects, and runtime aspects of the workflow step. A user selects and arranges the activities to create the workflow via the user interface. The metadata associated with each of the activities in the workflow is collected to create a persistent representation of the workflow. Users extend the workflow model by authoring custom activities.
    Type: Grant
    Filed: January 31, 2005
    Date of Patent: January 3, 2012
    Assignee: Microsoft Corporation
    Inventors: Dharma K. Shukla, Aditya G. Bhandarkar, Akash J. Sagar, Sergey Chub, Mayank Mehta, Dennis Pilarinos, Eli Hisdai, Abhay Vinayak Parasnis
  • Patent number: 8069439
    Abstract: Enabling creation of control flow patterns in a workflow via continuations. Each continuation represents an activity execution context for an activity executing in the workflow by a workflow engine virtualizing a managed execution environment. Responsive to a request, the activity execution context is recreated via the continuation and the activity is executed within the recreated context.
    Type: Grant
    Filed: March 30, 2006
    Date of Patent: November 29, 2011
    Assignee: Microsoft Corporation
    Inventors: Dharma K. Shukla, Robert B. Schmidt, Mayank Mehta, Akash J. Sagar, Karthik Raman, Nathan Talbert
  • Publication number: 20100306000
    Abstract: Designing and executing a workflow having flow-based and constraint-based regions. A user selects one or more activities to be part of a constraint-based region. Each constraint-based region has a constraint associated therewith. The workflow is executed by executing the flow-based region and the constraint-based region. The flow-based region executes sequentially. The constraint is evaluated, and the constraint-based region executes responsive to the evaluated constraint.
    Type: Application
    Filed: August 13, 2010
    Publication date: December 2, 2010
    Applicant: MICROSOFT CORPORATION
    Inventors: David G. Green, Bimal K. Mehta, Satish R. Thatte, Dharma K. Shukla, Abhay Vinayak Parasnis
  • Publication number: 20100274910
    Abstract: An application host (such as a web application server) may execute a set of applications on behalf of a set of users. Such applications may not be fully trusted, and a two-way isolation of the distributed resources of an application (e.g., the executing application, the application user interface on the user's computer, and server- and client-side stored resources) from other applications may be desirable. This isolation may be promoted utilizing the cross-domain restriction policies of each user's computer by allocating a distinct subdomain of the application host for each application. The routing of network requests to a large number of distinct subdomains may be economized by mapping all distinct subdomains to the address of the domain of the application host. Moreover, the application user interfaces may be embedded in an isolation construct (e.g., an IFRAME HTML element) to promote two-way isolation among application user interfaces and client-side application resources.
    Type: Application
    Filed: April 24, 2009
    Publication date: October 28, 2010
    Applicant: Microsoft Corporation
    Inventors: Arash Ghanaie-Sichanie, Matthew S. Augustine, Dharma K. Shukla, Hari Krishnan S., Matthew J. Burdick
  • Publication number: 20100257578
    Abstract: Portions of a computing environment (such as a user's mesh) may restrict accessing to particular types of access by particular applications. The computer may support applications executing within a virtual environment (such as a web browser) by brokering such access through a token-based system. When an application requests a particular type of access (e.g., writing to a particular data object), the computer may contact an authorization server with the credentials of the application to request the specified access, and may receive and store an authorization token. The computer may then access the computing environment with the authorization token, and may return the results to the application within the virtual environment. Additional features may further support such applications; e.g., a programmatic interface may be provided in a familiar language, such as JavaScript, whereby applications can request access to particular data objects and identify authorized access capabilities.
    Type: Application
    Filed: April 6, 2009
    Publication date: October 7, 2010
    Applicant: Microsoft Corporation
    Inventors: Dharma K. Shukla, Matthew J. Burdick, Arash Ghanaie-Sichanie, Matthew S Augustine, Hari Krishnan