| 发明名称 |
Statistical security for anonymous mesh-up oriented online services |
| 摘要 |
Web pages and applications commonly consume functionality provided by services to provide users with a rich experience. For example, a backend mapping service may provide access to these services. However, the users and application consuming the services may be anonymous and unverified. Accordingly, a two ticket validation technique is provided to validate service execution requests from anonymous applications. In particular, a user is provided with a client ticket comprising a reputation. The reputation may be adjusted over time based upon how the user consumes services. An application may request access to a service by providing the client ticket and an application ticket for validation. The reputation of the user may be used to determine an access level at which the application may access the service. Users with a high reputation may receive high quality access to the service, while users with a low reputation may receive lower quality access. |
| 申请公布号 |
US9160737(B2) |
申请公布日期 |
2015.10.13 |
| 申请号 |
US201012713431 |
申请日期 |
2010.02.26 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Herzog Shai;Shklarski Gil |
| 分类号 |
G06F7/04;H04L9/32;H04L29/06 |
主分类号 |
G06F7/04 |
| 代理机构 |
|
代理人 |
Spellman Steven;Johnston-Holmes Danielle;Minhas Micky |
| 主权项 |
1. A system for validating service execution requests, comprising:
one or more processing units; and memory comprising instructions that when executed by at least some of the one or more processing units perform operations, comprising:
providing, to an anonymous user, a client ticket comprising a reputation for the anonymous user that is automatically determined based upon user interaction with one or more services through one or more applications;receiving a service execution request from an application with which the anonymous user is engaged, the service execution request comprising:
the client ticket;an application ticket comprising an application identification (ID) identifying the application; anda request for execution of a service;identifying a service policy corresponding to the service;determining, from the service policy, a set of reputation thresholds based upon the application ID;comparing the reputation, comprised within the client ticket, to the set of reputation thresholds to determine an access level provided to the application by the service; andproviding the application with access to the service according to the access level. |
| 地址 |
Redmond WA US |
