Isolation of application-specific data within a user account

US 20070033638A1
Filed: 11/15/2005
Published: 02/08/2007
Est. Priority Date: 07/15/2005
Status: Active Grant

First Claim

Patent Images

1. In a computing system associating multiple applications with a same user account, a method for isolating data specific to a first application from a second application, wherein the first application and the second application share the same user account, comprising:

loading the data upon receiving a request for the data from the first application;

creating a handle to the data;

passing the handle to the first application; and

denying access request for the data from the second application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism is provided for isolating application-specific data in an environment where multiple applications share a same user account. This mechanism enables data specific to an application to be accessed only by the application. When an application requests application-specific data, the data is loaded and a handle to the data is returned to the application. Access to the data is allowed only though the handle. Therefore, only the application possessing the handle can access the data. A counter may be associated with the loaded data. The counter'"'"'s value is incremented whenever a handle is created for the data and decremented whenever a handle for the data is terminated. When the value of the counter reaches zero, the data is automatically unloaded.

Citations

14 Claims

1. In a computing system associating multiple applications with a same user account, a method for isolating data specific to a first application from a second application, wherein the first application and the second application share the same user account, comprising:
- loading the data upon receiving a request for the data from the first application;
  
  creating a handle to the data;
  
  passing the handle to the first application; and
  
  denying access request for the data from the second application.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein loading the data includes:
    - creating a unique identifier for the data;
      
      generating an access path for the data, using the unique identifier; and
      
      loading the data to a location specified by the access path.
  - 3. The method of claim 1, further comprising:
    - creating a counter for the data after loading the data, wherein the value of the counter is initialized to zero;
      
      incrementing the value of the counter when the handle is created for the data; and
      
      decrementing the value of the counter when the handle is terminated.
  - 4. The method of claim 3, further comprising:
    - unloading the data when the value of the counter reaches zero.
  - 5. The method of claim 1, wherein the computing system includes a Microsoft Windows®
    - registry, and wherein the data are one or more hives of the Windows®
      
      registry.

6. An application programming interface embodied on one or more computer-readable media, comprising a function related to providing application-specific data access in an environment where multiple applications share a same user account, wherein the faction provides access to a data object upon receiving an access request from a computing process, and wherein the function can be configured so the data object can only be accessed by the computing process.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The application programming interface of claim 6, wherein the function includes a configurable parameter indicating whether access to the data object is limited to the computing process calling the faction.
  - 8. The application programming interface of claim 6, wherein, upon being called by the computing process, the function:
    - creates a unique identifier for the data object;
      
      generates a path using the unique identifier; and
      
      loads the data object to a location indicated by the path.
  - 9. The application programming interface of claim 8, wherein the faction returns to the computing process a handle to the data object.
  - 10. The application programming interface of claim 9, wherein the faction:
    - closes the handle when the computing process finishes using the handle; and
      
      unloads the data object when no handle is associated with the data object.

11. A computer-implemented method for isolating data specific to an application from other applications sharing a same user account with the application, comprising:
- upon receiving an access request from the application for the data, loading the data;
  
  creating a handle to the data;
  
  passing the handle to the application; and
  
  denying any access request to the data from the other applications.
- View Dependent Claims (12, 13, 14)
- - 12. The computer-implemented method of claim 11, wherein loading the data includes:
    - generating a unique identifier for the data;
      
      generating an access path for the data using the unique identifier; and
      
      loading the data to a location specified by the access path.
  - 13. The computer-implemented method of claim 11, further comprising:
    - upon loading the data, creating a counter for the data, wherein value of the counter is initialized to zero;
      
      incrementing the value of the counter whenever a handle is created for the data; and
      
      decrementing the value of the counter whenever the handle is terminated.
  - 14. The computer-implemented method of claim 13, further comprising:
    - unloading the data when the value of the counter reaches zero.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Ward, Richard, Sambotin, Dragos, Thirumalai, Karthik

Granted Patent

US 8,074,288 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/2
CPC Class Codes

G06F 21/6227 where protection concerns t...

G06F 2221/2147 Locking files

Isolation of application-specific data within a user account

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Isolation of application-specific data within a user account

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links