Access Unit Switching Through Physical Mediation
First Claim
1. A computer comprising:
- a processor; and
a fast trusted access unit switch module executable on the processor to allow a user whose identity has been authenticated to switch between a plurality of access units running on the computer based on a physical action attributable to the user.
2 Assignments
0 Petitions
Accused Products
Abstract
A plurality of access units may be established with varying levels of privilege and access rights, such that the user may perform tasks carrying with them a high risk of viral infection in an access unit with a low level of privilege and access rights. When an authenticated user desires to perform tasks requiring a higher level of privilege and access rights, the user may switch to an access unit having a higher privilege and access rights level by instigating a physical action. The physical action may include selecting a button (included in either a UI or on a peripheral device), or inputting biometric data to switch among running access units. A signal instigated by the physical action is transmitted along a trusted path between the isolation kernel and where the physical action was instigated.
53 Citations
20 Claims
-
1. A computer comprising:
-
a processor; and
a fast trusted access unit switch module executable on the processor to allow a user whose identity has been authenticated to switch between a plurality of access units running on the computer based on a physical action attributable to the user. - View Dependent Claims (2, 3, 4, 5)
-
-
6. One or more computer-readable media having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising:
-
verifying the identity of a user;
determining a maximum level of allowable privilege and access rights which can be afforded to the user;
establishing a plurality of access units with varying levels of privilege and access rights given the maximum level of allowable privilege and access rights which can be afforded to the user; and
allowing the user to switch between access units by registering a physical action made by the user. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-implemented method, comprising:
-
allowing a user to authenticate the user'"'"'s identity to a computer;
creating a plurality of access units on the computer based on privilege and access rights information contained in an account for the user, with each access unit having a set level of privilege and access rights; and
allowing the user to switch among access units by registering a physical action made by the user in a secure environment. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
Specification