Resource based dynamic security authorization

US 20070050854A1
Filed: 09/01/2005
Published: 03/01/2007
Est. Priority Date: 09/01/2005
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing access to a resource by sandboxed code included on a client, the method comprising:

establishing a service connection between the resource and the client;

comparing evidence of the sandboxed code against a resource based policy associated with the resource; and

providing the sandboxed code access to the resource when the evidence is determined as sufficient according to the resource based policy.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Access to a resource by sandboxed code is dynamically authorized by a client security system based on a resource based policy. A sandboxed application running on a client is granted access to a resource based on a resource based policy despite denial of the access based on a static policy associated with the client security system. The granting of access coincides with the determination that the threat to a user or the user'"'"'s information is not increased should the access be granted.

Citations

20 Claims

1. A computer-implemented method for managing access to a resource by sandboxed code included on a client, the method comprising:
- establishing a service connection between the resource and the client;
  
  comparing evidence of the sandboxed code against a resource based policy associated with the resource; and
  
  providing the sandboxed code access to the resource when the evidence is determined as sufficient according to the resource based policy.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The computer-implemented method of claim 1, wherein the evidence is determined as sufficient according to the resource based policy when granting the sandboxed code access to the resource does not increase a threat level to user data.
  - 3. The computer-implemented method of claim 2, wherein granting the sandboxed code access to the resource does not increase a threat level to user data when the resource is affiliated with a source resource that provided the sandboxed code to the client.
  - 4. The computer-implemented method of claim 1, wherein the evidence is transmitted to the resource for comparing the evidence against the resource based policy.
  - 5. The computer-implemented method of claim 1, wherein the resource based policy is transmitted to the client for comparing the evidence against the resource based policy.
  - 6. The computer-implemented method of claim 1, further comprising alternatively denying access by the sandboxed code to the resource when the resource based policy dictates that access to the resource should be denied and the access to the resource is otherwise allowed.
  - 7. The computer-implemented method of claim 1, wherein the resource based policy is applied for managing access to the resource along with a static policy.
  - 8. The computer-implemented method of claim 1, wherein the service connection corresponds to a communication connect other than an unrestricted connection.
  - 9. A computer-readable medium having stored thereon instructions that when executed implement the computer-implemented method of claim 1.

10. A system, comprising:
- a sandboxed application that is included on a client;
  
  a resource, wherein the resource is unaccessible to the sandboxed application according to a static policy;
  
  a resource based policy, wherein the resource based policy is associated with resource;
  
  a client security system that is configured to evaluate evidence of the authenticity of the sandboxed application, wherein the client security system grants the sandboxed code access to the resource when the evidence is sufficient according to the resource based policy.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The system of claim 10, wherein the static policy is supplied by the client security system.
  - 12. The system of claim 10, wherein the client security system is further configured to determine that the evidence is sufficient according to the resource based policy when granting the sandboxed code access to the resource does not increase a threat level to user data.
  - 13. The system of claim 10, further comprising a service connection that is configured to transmit data between the resource and the sandboxed application for the purposes of evaluating the evidence against the resource based policy.
  - 14. The system of claim 13, wherein the service connection is further configured to transmit the evidence to the resource for the evaluation.
  - 15. The system of claim 13, wherein the service connection is further configured to transmit the resource based policy to the client security system for the evaluation.
  - 16. The system of claim 10, wherein the resource corresponds to web server.
  - 17. The system of claim 10, wherein the resource corresponds to database server.
  - 18. The system of claim 10, wherein the client security system is further configured to determine that the evidence is sufficient according to the resource based policy when the sandboxed application is identified as associated with a source resource that is affiliated with the resource.
  - 19. A computer-readable medium having stored thereon instructions that when executed implement the system of claim 10.

20. A computer-readable medium having stored thereon computer-executable instructions for dynamically managing access to a resource by sandboxed code included on a client, the computer-executable instructions comprising:
- establishing a service connection between the resource and the client, wherein the service connection is separate from an unrestricted connection;
  
  comparing evidence of the sandboxed code against a resource based policy associated with the resource; and
  
  dynamically providing the sandboxed code access to the resource when the evidence is determined as sufficient according to the resource based policy, wherein the evidence is determined as sufficient when granting the sandboxed code access to the resource does not increase a threat level to a user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Hawkins, John, Goldfeder, Aaron, Fee, Gregory, Kudallur, Venkatraman, Cooperstein, Jeffrey

Granted Patent

US 8,245,270 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/30
CPC Class Codes

G06F 21/53 by executing in a restricte...

Resource based dynamic security authorization

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Resource based dynamic security authorization

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links