CONTROL OF APPLICATION ACCESS TO SYSTEM RESOURCES
First Claim
1. A method of transferring a computer program product from at least one first computer to at least one second computer connected to the at least one first computer through a communication medium, the method comprising the steps of:
- (a) accessing, on the at least one first computer, computer-executable instructions that, when executed in a system having a security mechanism that determines access to system resources based on information in an access token against security information associated with each of the resources, perform at least the steps of;
(1) accessing data related to access by an application to at least one of the system resources;
(2) receiving a request to run the application;
(3) creating a first access token having a first set of attributes enabling access to at least one of the system resources and selected based on the data, the first token being based on a second access token having a second set of the attributes, wherein the first-set attributes are fewer in number than the second-set attributes; and
(4) associating the first token with the application; and
(b) transferring the computer-executable instructions from the at least one first computer to the at least one second computer through the communications medium.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of controlling the access by an application to system resources includes accessing data related to access by the application to at least one of the system resources. A request to run the application is received. A first access token is created and has a first set of attributes that enable access to at least one of the system resources and that are selected based on the data. The first token is based on a second access token having a second set of the attributes. The first-set attributes are fewer in number than the second-set attributes. The first token is then associated with the application.
-
Citations
18 Claims
-
1. A method of transferring a computer program product from at least one first computer to at least one second computer connected to the at least one first computer through a communication medium, the method comprising the steps of:
-
(a) accessing, on the at least one first computer, computer-executable instructions that, when executed in a system having a security mechanism that determines access to system resources based on information in an access token against security information associated with each of the resources, perform at least the steps of;
(1) accessing data related to access by an application to at least one of the system resources;
(2) receiving a request to run the application;
(3) creating a first access token having a first set of attributes enabling access to at least one of the system resources and selected based on the data, the first token being based on a second access token having a second set of the attributes, wherein the first-set attributes are fewer in number than the second-set attributes; and
(4) associating the first token with the application; and
(b) transferring the computer-executable instructions from the at least one first computer to the at least one second computer through the communications medium. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer-readable medium having computer-executable instructions that, when executed in a system having a security mechanism that determines access to system resources based on information in an access token against security information associated with each of the resources, perform at least the steps of:
-
receiving a request to run an application;
launching the application subject to a first access token providing access to a first set of the system resources;
creating a second access token providing access to a second set of the system resources different from the first set; and
associating the second access token with the application, wherein the application runs subject to the second access token without re-launching the application. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A computer-readable medium having computer-executable instructions that, when executed in a system having a security mechanism that determines access to system resources based on information in an access token against security information associated with each of the resources, perform at least the steps of:
-
receiving a request to run an application;
launching the application subject to a first access token providing access to a first set of the system resources;
retrieving from a memory a second access token providing access to a second set of the system resources different from the first set; and
associating the second access token with the application, wherein the application runs subject to the second access token without re-launching the application.
-
-
15. A computer-readable medium having computer-executable instructions that, when executed in a system having a security mechanism that determines access to system resources based on information in an access token against security information associated with each of the resources, perform at least the steps of:
-
running an application subject to a first access token providing access to a first set of the system resources;
retrieving from a memory a second access token providing access to a second set of the system resources different from the first set; and
associating the second access token with the application, wherein the application runs subject to the second access token without re-launching the application.
-
-
16. A computer-readable medium having computer-executable instructions that, when executed in a system having a security mechanism that determines access to system resources based on information in an access token against security information associated with each of the resources, perform at least the steps of:
-
detecting a request to run an application associated with a first access token providing access to a first set of the system resources;
creating a second access token providing access to a second set of the system resources different from the first set; and
after creating the second access token, launching the application subject to the second access token, wherein at least one thread of execution of the application runs subject to the second access token. - View Dependent Claims (17, 18)
-
Specification