Controlling execution of computer applications

US 20070186112A1
Filed: 01/28/2005
Published: 08/09/2007
Est. Priority Date: 01/28/2005
Status: Active Grant

First Claim

Patent Images

1. One or more computer-readable media comprising computer-executable instructions for executing an application, the computer-executable instructions comprising instructions for:

identifying an application ID associated with the application;

verifying the application ID; and

creating a new process in response to successful verification of the application ID.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods are described that control attempts made by an application to access data. In one embodiment, the application is associated with a security token that includes an application ID. In operation, the system receives a request, initiated by the application, for access to the data. The system is configured to evaluate the request for access based in part on comparison of the security token and a listing of approved application IDs associated with the data.

89 Citations

View as Search Results

20 Claims

1. One or more computer-readable media comprising computer-executable instructions for executing an application, the computer-executable instructions comprising instructions for:
- identifying an application ID associated with the application;
  
  verifying the application ID; and
  
  creating a new process in response to successful verification of the application ID.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The one or more computer-readable medium as recited in claim 1, wherein identifying the application ID associated with the application comprises instructions for:
    - identifying a strong application ID.
  - 3. The one or more computer-readable medium as recited in claim 1, wherein identifying the application ID associated with the application comprises instructions for:
    - querying a database containing data associated with approved applications.
  - 4. The one or more computer-readable medium as recited in claim 1, wherein verifying the application ID comprises instructions for:
    - utilizing cryptography to verify the application ID is a strong application ID.
  - 5. The one or more computer-readable medium as recited in claim 1, wherein creating the new process comprises instructions for:
    - requiring that a code image to be used is part of the application associated with the verified application ID.
  - 6. The one or more computer-readable medium as recited in claim 1, additionally comprising instructions for:
    - asking a user to perform a validation of the application, if the application ID could not be verified.
  - 7. The one or more computer-readable medium as recited in claim 1, additionally comprising instructions for:
    - asking a user to provide access permissions to be granted to the new process, if the application ID was not verified.
  - 8. The one or more computer-readable medium as recited in claim 1, additionally comprising instructions for:
    - allocating resources to the new process upon execution; and
      
      basing the resources allocated at least in part on whether of the application ID is verified as a strong application ID or a weak application ID.

9. One or more computer-readable media comprising computer-executable instructions for identifying an application as a prerequisite for execution of the application, the computer-executable instructions comprising instructions for:
- receiving a request to execute the application;
  
  identifying an application ID associated with the application;
  
  attempting to verify the application ID; and
  
  where the application ID was verified, executing the application.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The one or more computer-readable medium as recited in claim 9, wherein identifying the application ID associated with the application comprises instructions for:
    - querying a database containing data comprising strong application IDs and weak application IDs associated with approved applications.
  - 11. The one or more computer-readable medium as recited in claim 9, wherein executing the application comprises instructions for:
    - allocating more resources to the application where a strong application ID was established than where a weak application ID was established.
  - 12. The one or more computer-readable medium as recited in claim 9, wherein executing the application comprises instructions for:
    - requiring that a code image to be used in the execution is part of the application associated with the verified application ID.
  - 13. The one or more computer-readable medium as recited in claim 9, additionally comprising instructions for:
    - asking a user to perform a validation of the application, if the application ID was not verified.
  - 14. The one or more computer-readable medium as recited in claim 9, additionally comprising instructions for:
    - asking a user to provide access permissions to be granted to the application, if the application ID was not verified.
  - 15. The one or more computer-readable medium as recited in claim 9, additionally comprising instructions for:
    - conferring ownership of objects to an application running in a new process upon execution and allowing the new process to update files owned by the application.

16. A system for executing an application, comprising:
- an environment within which a new process may be created;
  
  an application ID associated with the application; and
  
  a process-identifying security function configured to make a decision to allow or prevent creation of the new process, wherein the decision is made based on verification of the application ID.
- View Dependent Claims (17, 18, 19, 20)
- - 17. The system as recited in claim 16, wherein the application ID associated with the application comprises:
    - a strong application ID; and
      
      wherein the process-identifying security function utilizes cryptography to verify the strong application ID.
  - 18. The system as recited in claim 16, wherein the process-identifying security function is additionally configured to query a database containing data associated with approved applications.
  - 19. The system as recited in claim 16, wherein the process-identifying security function is additionally configured to query a user to perform a verification of the application ID when the application ID is not otherwise verifiable.
  - 20. The system as recited in claim 16, additionally comprising:
    - a create process function configured to create the new process only in response to the decision by the process-identifying security function; and
      
      wherein the create process function is additionally configured to require that a code image to be used is part of the application associated with the verification of the application ID.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Jones, Thomas, Schutz, Klaus, Leach, Paul, Brundrett, Peter, Perlin, Eric

Granted Patent

US 7,810,153 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/182
CPC Class Codes

G06F 21/31   User authentication

G06F 21/54   by adding security routines...

G06F 21/62   Protecting access to data v...

G06F 2221/2141   Access rights, e.g. capabil...

Controlling execution of computer applications

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

89 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Controlling execution of computer applications

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

89 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links