CONTROL OF APPLICATION ACCESS TO SYSTEM RESOURCES

US 20070199057A1
Filed: 10/16/2006
Published: 08/23/2007
Est. Priority Date: 10/14/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method of transferring a computer program product from at least one first computer to at least one second computer connected to the at least one first computer through a communication medium, the method comprising the steps of:

(a) accessing, on the at least one first computer, computer-executable instructions that, when executed in a system having a security mechanism that determines access to system resources based on information in an access token against security information associated with each of the resources, perform at least the steps of;

(1) accessing data related to access by an application to at least one of the system resources;

(2) receiving a request to run the application;

(3) creating a first access token having a first set of attributes enabling access to at least one of the system resources and selected based on the data, the first token being based on a second access token having a second set of the attributes, wherein the first-set attributes are fewer in number than the second-set attributes; and

(4) associating the first token with the application; and

(b) transferring the computer-executable instructions from the at least one first computer to the at least one second computer through the communications medium.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of controlling the access by an application to system resources includes accessing data related to access by the application to at least one of the system resources. A request to run the application is received. A first access token is created and has a first set of attributes that enable access to at least one of the system resources and that are selected based on the data. The first token is based on a second access token having a second set of the attributes. The first-set attributes are fewer in number than the second-set attributes. The first token is then associated with the application.

Citations

18 Claims

1. A method of transferring a computer program product from at least one first computer to at least one second computer connected to the at least one first computer through a communication medium, the method comprising the steps of:
- (a) accessing, on the at least one first computer, computer-executable instructions that, when executed in a system having a security mechanism that determines access to system resources based on information in an access token against security information associated with each of the resources, perform at least the steps of;
  
  (1) accessing data related to access by an application to at least one of the system resources;
  
  (2) receiving a request to run the application;
  
  (3) creating a first access token having a first set of attributes enabling access to at least one of the system resources and selected based on the data, the first token being based on a second access token having a second set of the attributes, wherein the first-set attributes are fewer in number than the second-set attributes; and
  
  (4) associating the first token with the application; and
  
  (b) transferring the computer-executable instructions from the at least one first computer to the at least one second computer through the communications medium.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1 wherein the first token, with respect to the second token, provides access to fewer of the system resources.
  - 3. The method of claim 1 wherein at least one of the attributes comprises a privilege.
  - 4. The method of claim 1 wherein at least one of the attributes comprises a group identifier.
  - 5. The method of claim 1 wherein the data comprises a list of at least one of the attributes.
  - 6. The method of claim 1 wherein the first-set attributes comprise at least one access-restricting attribute.

7. A computer-readable medium having computer-executable instructions that, when executed in a system having a security mechanism that determines access to system resources based on information in an access token against security information associated with each of the resources, perform at least the steps of:
- receiving a request to run an application;
  
  launching the application subject to a first access token providing access to a first set of the system resources;
  
  creating a second access token providing access to a second set of the system resources different from the first set; and
  
  associating the second access token with the application, wherein the application runs subject to the second access token without re-launching the application.
- View Dependent Claims (8, 9, 10, 11, 12, 13)
- - 8. The medium of claim 7, wherein the instructions further perform the step of creating a duplicate of the first access token.
  - 9. The medium of claim 8, wherein the instructions further perform the step of storing the duplicate.
  - 10. The medium of claim 7, wherein the instructions further perform the step of storing the first access token.
  - 11. The medium of claim 10, wherein the instructions further perform the step of:
    - after associating the second access token with the application, associating the first access token with the application, wherein the application runs subject to the first access token without re-launching the application.
  - 12. The medium of claim 7 wherein the second access token is based on the first access token.
  - 13. The medium of claim 7 wherein the second token, with respect to the first token, provides access to fewer of the system resources.

14. A computer-readable medium having computer-executable instructions that, when executed in a system having a security mechanism that determines access to system resources based on information in an access token against security information associated with each of the resources, perform at least the steps of:
- receiving a request to run an application;
  
  launching the application subject to a first access token providing access to a first set of the system resources;
  
  retrieving from a memory a second access token providing access to a second set of the system resources different from the first set; and
  
  associating the second access token with the application, wherein the application runs subject to the second access token without re-launching the application.

15. A computer-readable medium having computer-executable instructions that, when executed in a system having a security mechanism that determines access to system resources based on information in an access token against security information associated with each of the resources, perform at least the steps of:
- running an application subject to a first access token providing access to a first set of the system resources;
  
  retrieving from a memory a second access token providing access to a second set of the system resources different from the first set; and
  
  associating the second access token with the application, wherein the application runs subject to the second access token without re-launching the application.

16. A computer-readable medium having computer-executable instructions that, when executed in a system having a security mechanism that determines access to system resources based on information in an access token against security information associated with each of the resources, perform at least the steps of:
- detecting a request to run an application associated with a first access token providing access to a first set of the system resources;
  
  creating a second access token providing access to a second set of the system resources different from the first set; and
  
  after creating the second access token, launching the application subject to the second access token, wherein at least one thread of execution of the application runs subject to the second access token.
- View Dependent Claims (17, 18)
- - 17. The medium of claim 16, wherein the instructions further perform the step of storing the first access token.
  - 18. The medium of claim 17, wherein the instructions further perform the step of:
    - after associating the second access token with the application, associating the first access token with the application, wherein at least one thread of execution of the application runs subject to the first access token without re-launching the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SDC Software, Inc.
Original Assignee
Softwareonline LLC
Inventors
Plummer, David

Application Number

US11/549,783
Publication Number

US 20070199057A1
Time in Patent Office

Days
Field of Search
US Class Current

726/9
CPC Class Codes

G06F 21/52 during program execution, e...

G06F 2221/2149 Restricted operating enviro...

CONTROL OF APPLICATION ACCESS TO SYSTEM RESOURCES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

CONTROL OF APPLICATION ACCESS TO SYSTEM RESOURCES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links