System and method for identity decisions and invalidation

US 20060218389A1
Filed: 03/22/2005
Published: 09/28/2006
Est. Priority Date: 03/22/2005
Status: Active Grant

First Claim

Patent Images

1. A method for identity decisions, comprising:

registering to receive change notifications; and

upon receiving a change notification, invalidating the identity that is cached for an object.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for identity decisions and invalidation. Modified objects (e.g., files, executables, etc.) are flagged for reevaluation. Privileges associated with the object are only persisted if the modifications are determined to be authorized (e.g., updates and patches). In one embodiment, a tagging system registers to be notified of all writes, renames, truncations, moves, deletions, or any other relevant modifications to objects. If the tagging system detects a modification operation targeting the object, it invalidates all identity decisions cached with the object. The next time the object runs, the system does not recognize the object and it is forced to reevaluate its identity. Thus, patching and other write operations are still permitted, but the system detects the changed object and reevaluates the identity.

Citations

20 Claims

1. A method for identity decisions, comprising:
- registering to receive change notifications; and
  
  upon receiving a change notification, invalidating the identity that is cached for an object.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein modifications to an object which can trigger change notifications comprise one or more of writes, renames, truncations, moves, or deletions.
  - 3. The method of claim 1, wherein after the identity is invalidated, the identity is recomputed.
  - 4. The method of claim 1, wherein if a modification to an object which triggered a change notification is determined to be authorized, then the privileges associated with the object are persisted.
  - 5. The method of claim 1, wherein for a removable media, if the system does not support media-removed change notifications, then the object is copied locally and the identity is computed on the local copy.
  - 6. The method of claim 1, wherein for a network volume, if the network volume is not trusted then the object is copied locally.
  - 7. The method of claim 1, wherein for a multi-boot system, an identification for the current executing operating system is stored and when the system accesses the stored data for the object, the currently executing operating system identification is checked against the stored operating system identification, and if there is a mismatch of operating system identifications, then the stored identity for the object is invalidated.

8. A system for identity decisions, comprising:
- a cache for caching identities for objects; and
  
  an invalidation engine for invalidating identities cached for objects when modifications are detected to the objects.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The system of claim 8, wherein the cache receives metadata from metadata providers.
  - 10. The system of claim 9, wherein the system further comprises an identity engine which generates identities.
  - 11. The system of claim 10, wherein the system further comprises decision makers which receive information regarding objects and identities from the identity engine and which provide information regarding the identities to the cache and which retrieve metadata from the cache.
  - 12. The system of claim 11, wherein the system maintains a per-identity table which associates providers with sequence numbers and decision metadata.
  - 13. The system of claim 12, wherein the system maintains a global current sequence number table which associates providers with current sequence numbers.
  - 14. The system of claim 13, wherein in order to obtain valid decision metadata for an identity, a provider'"'"'s metadata sequence number is obtained from the per-identity table and is compared with the current sequence number for the provider from the global table, and if the sequence numbers do not match, the provider is invoked to generate current metadata for the identity.

15. One or more computer-readable media for enabling a computer program segment to perform identity decisions, said media comprising:
- a set of computer-usable instructions to invalidate an identity cached for an object when a modification is detected to the object.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The media of claim 15, wherein modifications to the object may comprise one or more of writes, renames, truncations, moves, or deletions.
  - 17. The media of claim 15, wherein after the identity is invalidated, the identity is recomputed.
  - 18. The media of claim 15, wherein for a removable media, if the system does not support media-removed change notifications, then the object is copied locally, and the identity is computed on the local copy.
  - 19. The media of claim 15, wherein for a network volume, if the network volume is not trusted then the object is copied locally.
  - 20. The media of claim 15, wherein for a multi-boot system, the current executing operating system'"'"'s identification is stored, and when the system accesses the stored data for the object, the currently executing operating system identification is checked against the stored operating system identification, and if there is a mismatch, then the system invalidates the stored identity for the object.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Fernandes, Genevieve, Li, Eric, Probert, David B., Rector, John

Granted Patent

US 7,756,841 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/150
CPC Class Codes

G06F 21/52 during program execution, e...

System and method for identity decisions and invalidation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for identity decisions and invalidation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links