Access Unit Switching Through Physical Mediation

US 20070143839A1
Filed: 12/15/2005
Published: 06/21/2007
Est. Priority Date: 12/15/2005
Status: Active Grant

First Claim

Patent Images

1. A computer comprising:

a processor; and

a fast trusted access unit switch module executable on the processor to allow a user whose identity has been authenticated to switch between a plurality of access units running on the computer based on a physical action attributable to the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A plurality of access units may be established with varying levels of privilege and access rights, such that the user may perform tasks carrying with them a high risk of viral infection in an access unit with a low level of privilege and access rights. When an authenticated user desires to perform tasks requiring a higher level of privilege and access rights, the user may switch to an access unit having a higher privilege and access rights level by instigating a physical action. The physical action may include selecting a button (included in either a UI or on a peripheral device), or inputting biometric data to switch among running access units. A signal instigated by the physical action is transmitted along a trusted path between the isolation kernel and where the physical action was instigated.

53 Citations

View as Search Results

20 Claims

1. A computer comprising:
- a processor; and
  
  a fast trusted access unit switch module executable on the processor to allow a user whose identity has been authenticated to switch between a plurality of access units running on the computer based on a physical action attributable to the user.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer of claim 1, wherein the physical action comprises the selection of a button presented on a user interface.
  - 3. The computer of claim 1, wherein the fast trusted access unit switch module only allows the user to run access units having levels of privilege and access rights at or below the maximum level of privilege and access rights associated with the user.
  - 4. The computer of claim 1, wherein the fast trusted access unit switch module resides in one of an operating system and a virtual machine monitor.
  - 5. The computer of claim 1, wherein the physical action comprises the selection of a button presented on a peripheral device.

6. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising:
- verifying the identity of a user;
  
  determining a maximum level of allowable privilege and access rights which can be afforded to the user;
  
  establishing a plurality of access units with varying levels of privilege and access rights given the maximum level of allowable privilege and access rights which can be afforded to the user; and
  
  allowing the user to switch between access units by registering a physical action made by the user.
- View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
- - 7. The one or more computer-readable media as recited in claim 6, wherein establishing a plurality of access units comprises allowing the user to choose from among a plurality of at least partially preset access units having levels of privilege and access rights not exceeding the maximum level of allowable privilege and access rights which can be afforded to the user.
  - 8. The one or more computer-readable media as recited in claim 6, wherein establishing a plurality of access units comprises allowing the user to create a plurality of access units having levels of privilege and access rights not exceeding the maximum level of allowable privilege and access rights which can be afforded to the user.
  - 9. The one or more computer-readable media as recited in claim 6, wherein each access unit comprises an instance of an operating system.
  - 10. The one or more computer-readable media as recited in claim 6, wherein each access unit comprises a collection of interactive programs that are being used by the user.
  - 11. The one or more computer-readable media as recited in claim 6, wherein the physical action comprises selection of an on-screen option.
  - 12. The one or more computer-readable media as recited in claim 6, further comprising instructions therein that, when executed by a computing device, cause the computing device to display an access unit selection user interface allowing the user to see and select between all open access units.
  - 13. The one or more computer-readable media as recited in claim 6, wherein allowing the user to switch between access units comprises receiving data from a peripheral device.

14. A computer-implemented method, comprising:
- allowing a user to authenticate the user'"'"'s identity to a computer;
  
  creating a plurality of access units on the computer based on privilege and access rights information contained in an account for the user, with each access unit having a set level of privilege and access rights; and
  
  allowing the user to switch among access units by registering a physical action made by the user in a secure environment.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The method of claim 14, wherein creating further comprises enabling the user to choose from a selection of available access units given the privilege and access rights information in the user'"'"'s account.
  - 16. The method of claim 14, wherein allowing comprises registering a key sequence entered by the user on a keyboard.
  - 17. The method of claim 14, wherein allowing comprises registering interaction with a user interface presented on a video monitor.
  - 18. The method of claim 14, wherein allowing comprises registering the entry of biometric data into a biometric reading device.
  - 19. The method of claim 14, wherein allowing comprises registering the entry of data into a keypad.
  - 20. The method of claim 14, wherein creating comprises examining the access unit for the user and deciphering the allowable levels of privilege and access rights to afforded to the user based on the privilege and access rights groups to which the user is a member.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Chen, Yuqun, Peinado, Marcus

Granted Patent

US 8,146,138 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/17
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/629   to features or functions of...

Access Unit Switching Through Physical Mediation

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

53 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Access Unit Switching Through Physical Mediation

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

53 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links