Authenticating device for controlling application security environments

US 20090260050A1
Filed: 04/14/2008
Published: 10/15/2009
Est. Priority Date: 04/14/2008
Status: Abandoned Application

First Claim

Patent Images

1. A method for implementing security in Application Security Environments in computers where an Application Security Environment is an environment in which one or more processes/tasks can be run and each Application Security Environment is owned by a user or a user group, and more particularly, a method for controlling privileged operations and access to mass-memory devices from processes/tasks/threads running in an Application Security Environment by:

i. Using a device supporting user authentication and supporting one or more Application Security Environments and one or more states for each supported Application Security Environment;

This device is referred to as an Authenticating Application Security Environment Protection Device or AASEPDevice;

The state of an Application Security Environment is referred to as Application Security Environment State.ii. The state of an AASEPDevice corresponding to an Application Security Environment is controlled by manual action by a user;

The manual action by a user on the AASEPDevice is referred to as Application Security Environment Protection Manual Action or ASEPManualAction;

iii. The AASEPDevice authenticating the user who entered an ASEPManualAction;

The AASEPDevice discarding/rejecting the operation requested by an ASEPManualAction if the authentication of the user fails;

iv. The AASEPDevice discarding/rejecting the operation requested through an ASEPManualAction if the user who performed the ASEPManualAction does not have enough privilege to perform the operation requested through the ASEPManualAction;

v. Where each state of an Application Security Environment corresponds to or maps to a set of privileges that the processes/tasks/threads running in that Application Security Environment have when that Application Security Environment is in that state. This mapping is referred to as Application Security Environment State Mapping.vi. The user or members of the user group who own an Application Security Environment are referred to as Application Security Environment Owners or ASEOs.vii. Preferably, in addition to supporting an ASEPManualAction that allows a user to the change the state of an Application Security Environment, an AASEPDevice supporting an ASEPManualAction that allows a user to;

a. Create or delete one or more users orb. Create or delete one or more user groups orc. Create or delete one or more Application Security Environments for a user or a user group ord. Create or delete one or more Application Security Environment States for an Application Security Environment ore. Add users to or remove users from a user group orf. Divide mass-memories into Regions which can be protected by AASEPDevices org. Assign privileges to users and user groups including access to Regions of mass-memories orh. Create or modify or delete one or more Application Security Environment State Mappings for an Application Security Environment;

viii. Every Application Security Environment being uniquely identifiable;

Preferably, each Application Security Environment having a unique identifier in a computer;

ix. A software in the computer to which the AASEPDevice is attached processing requests from the AASEPDevice;

This software is referred to as ASEPSoftware;

x. The ASEPSoftware or the AASEPDevice validating an operation requested by a user by performing an ASEPManualAction and discarding/rejecting the operation if it is not a valid operation;

xi. If an operation attempts to create or modify an Application Security Environment State Mapping in such a way that the privileges corresponding to or mapping to the Application Security Environment State exceed the privileges of the user or the user group who owns the Application Security Environment, it is an invalid operation;

xii. The ASEPSoftware or the AASEPDevice verifying whether an operation requested by a user by performing an ASEPManualAction has conflict with any of the ongoing operations, employing a conflict resolution strategy as applicable such that no operations which are active at the same time have conflicts with each other;

The conflict resolution strategy may involve discarding some operations or queuing some operations or marking some operations for discarding at a later time.xiii. The AASEPDevice communicating the operation requested by an ASEPManualAction and any status changes to the operations requested by the ASEPManualAction to the ASEPSoftware using registers/memory readable by the computer to which the AASEPDevice is attached;

Preferably, these registers/memory are not writable by the computer;

xiv. The ASEPSoftware sending commands to the AASEPDevice by writing into registers/memory in the AASEPDevice where these registers/memory are writable by the computer to which the AASEPDevice is attached;

xv. Preferably, the AASEPDevice and ASEPSoftware using a unique identifier to identify an operation requested by an ASEPManualAction;

xvi. Preferably, an AASEPDevice device driver processing the interrupts from one or more AASEPDevices and reading the operation requested or any status change for the operation requested by each ASEPManualAction from an AASEPDevice by reading registers/memory in the AASEPDevice;

The AASEPDevice device driver sending the operation requested or any status change for the operation requested by each ASEPManualAction along with the unique identifier for the operation requested by the ASEPManualAction to the ASEPSoftware;

The AASEPDevice device driver sending commands from the ASEPSoftware to an AASEPDevice by writing into the AASEPDevice registers/memory;

Where the AASEPDevice device driver is the software component that controls the AASEPDevice;

xvii. The ASEPSoftware sending a command to perform or discard/reject an operation;

If the ASEPSoftware commands the AASEPDevice to perform an operation, the AASEPDevice performing an operation provided it is not marked for discarding due to conflict with an operation from another ASEPManualAction;

If the ASEPSoftware commands the AASEPDevice to discard the operation, the AASEPDevice discarding the operation;

xviii. The ASEPSoftware sending a command to discard/reject an operation in the case where the ASEPSoftware is doing validation of the operation and the operation is invalid or in the case where ASEPSoftware is doing operation conflict resolution and the operation has conflict with another operation and the operation is selected for discarding/rejection by the operation conflict resolution strategy;

xix. The ASEPSoftware performing clean up required for an operation if it is not identified for discarding/rejection;

The clean up involves blocking all processes/tasks that may impact the clean state from running and updating buffers and data structures;

xx. The ASEPSoftware sending a command to perform an operation to the AASEPDevice if the operation is not discarded/rejected and the clean up for the operation is completed;

xxi. The AASEPDevice updating its registers/memory readable by the computer to which it is attached, when an operation is rejected or completed indicating status;

xxii. The ASEPSoftware releasing the block for processes/tasks which were blocked from running for an operation to complete, after that operation is completed or discarded/rejected by the AASEPDevice;

xxiii. The configuration used by the ASEPSoftware and AASEPDevices consisting of;

a. The list of users;

b. The list of user groups;

c. The list of users in each user group;

d. The privileges for each user and each user group;

e. The list of Application Security Environments owned by each user or user group;

f. The list of states for each Application Security Environment;

g. The list of Regions of mass-memories protected by the AASEPDevices;

h. The Application Security Environment State Mapping for each Application Security Environment State;

xxiv. Preferably, the configuration is stored in the AASEPDevices and the AASEPDevices are capable of identifying the current set of privileges of an Application Security Environment based on the current state of that Application Security Environment;

xxv. Preferably, a computer software module that enforces access restrictions, reading AASEPDevice registers/memory to verify whether a privileged operation requested by a process/task/thread running in an Application Security Environment is permissible as per the Application Security Environment State Mapping for the current state of that Application Security Environment;

These software modules that use the privileges corresponding to or mapped to the current state of an Application Security Environment to implement access protection are referred to as ASEPImplementers;

xxvi. Optionally, the ASEPImplementers reading AASEPDevice registers/memory to fetch the current state of the Application Security Environment and the configuration containing the Application Security Environment State Mapping for the current state of the Application Security Environment and enforcing privileges based the current state of the Application Security Environment and the configuration;

xxvii. Preferably, the ASEPImplementers reading the AASEPDevice registers/memory to read the current set of privileges that the processes/tasks/threads running in the Application Security Environment have corresponding to the current state of that Application Security Environment;

xxviii. When the configuration corresponding to the current state of the Application Security Environment does not allow a privileged operation requested by a process/task/thread in the Application Security Environment, the ASEPImplementer putting that process/task/thread in an error state;

xxix. When the configuration corresponding to the current state of the Application Security Environment allows a privileged operation requested by a process/task/thread in the Application Security Environment, the ASEPImplementer allowing the process/task/thread to perform the privileged operation;

xxx. Preferably, mass-memories are divided into Regions such that read or write access to these Regions are part of privileges that can be mapped to an Application Security Environment State;

xxxi. A user or a user group having access to one or more of these Regions of a mass memory or mass memories;

The access being further restricted to processes/tasks/threads in Application Security Environments owned by the user or the user group based on the current state of the Application Security Environment and the privileges corresponding to that current Application Security Environment State;

xxxii. Preferably, when a process/task/thread in an Application Security Environment does a file operation permitted by file permissions and the operation maps to a read or write operation to a buffer in the file system buffer cache, the file system verifying whether the read or write access to the Region of mass-memory required by the file operation is permitted by the current set of privileges corresponding to the current state of the Application Security Environment;

If the access is not permitted to the Region of mass-memory, the file system returning an error to the process/task/thread that attempted to do the file operation;

If the access is permitted, the file system allowing the operation to continue;

xxxiii. Preferably, a file system tagging a read or write request to read or write to a Region in a mass-memory with an identifier for the Application Security Environment so that the storage components below the file system or mass-memory device controllers can verify whether that Application Security Environment has sufficient privileges to do the operation in its current state;

xxxiv. Preferably, when a process/task/thread in an Application Security Environment performs a raw disk read or write, the operating system tagging the raw disk read or write request with the identifier of the Application Security Environment so that storage components or a mass-memory device controller can enforce access protection based on the current state of that Application Security Environment;

xxxv. Optionally, an AASEPDevice being capable of emulating ASEPManualAction and is also allows scripting.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Computer protection is weak with the methods currently available and there are risks of malicious users getting access to computers, corrupting important data, including system data. We are proposing a method for improving access protection, more particularly, by adding a device capable of user authentication that will enable or disable protection for applications as required. The device supports one or more users, none or more user groups, none or one or more Application Security Environments for each user or user group and one or more states for each Application Security Environment. The state of the hardware is manually controlled by the users. Depending on the configuration, each hardware state corresponding to an Application Security Environment corresponds to a set of privileges for processes running in that Application Security Environment while that Application Security Environment is in that state.

26 Citations

View as Search Results

29 Claims

1. A method for implementing security in Application Security Environments in computers where an Application Security Environment is an environment in which one or more processes/tasks can be run and each Application Security Environment is owned by a user or a user group, and more particularly, a method for controlling privileged operations and access to mass-memory devices from processes/tasks/threads running in an Application Security Environment by:
- i. Using a device supporting user authentication and supporting one or more Application Security Environments and one or more states for each supported Application Security Environment;
  
  This device is referred to as an Authenticating Application Security Environment Protection Device or AASEPDevice;
  
  The state of an Application Security Environment is referred to as Application Security Environment State.ii. The state of an AASEPDevice corresponding to an Application Security Environment is controlled by manual action by a user;
  
  The manual action by a user on the AASEPDevice is referred to as Application Security Environment Protection Manual Action or ASEPManualAction;
  
  iii. The AASEPDevice authenticating the user who entered an ASEPManualAction;
  
  The AASEPDevice discarding/rejecting the operation requested by an ASEPManualAction if the authentication of the user fails;
  
  iv. The AASEPDevice discarding/rejecting the operation requested through an ASEPManualAction if the user who performed the ASEPManualAction does not have enough privilege to perform the operation requested through the ASEPManualAction;
  
  v. Where each state of an Application Security Environment corresponds to or maps to a set of privileges that the processes/tasks/threads running in that Application Security Environment have when that Application Security Environment is in that state. This mapping is referred to as Application Security Environment State Mapping.vi. The user or members of the user group who own an Application Security Environment are referred to as Application Security Environment Owners or ASEOs.vii. Preferably, in addition to supporting an ASEPManualAction that allows a user to the change the state of an Application Security Environment, an AASEPDevice supporting an ASEPManualAction that allows a user to;
  
  a. Create or delete one or more users orb. Create or delete one or more user groups orc. Create or delete one or more Application Security Environments for a user or a user group ord. Create or delete one or more Application Security Environment States for an Application Security Environment ore. Add users to or remove users from a user group orf. Divide mass-memories into Regions which can be protected by AASEPDevices org. Assign privileges to users and user groups including access to Regions of mass-memories orh. Create or modify or delete one or more Application Security Environment State Mappings for an Application Security Environment;
  
  viii. Every Application Security Environment being uniquely identifiable;
  
  Preferably, each Application Security Environment having a unique identifier in a computer;
  
  ix. A software in the computer to which the AASEPDevice is attached processing requests from the AASEPDevice;
  
  This software is referred to as ASEPSoftware;
  
  x. The ASEPSoftware or the AASEPDevice validating an operation requested by a user by performing an ASEPManualAction and discarding/rejecting the operation if it is not a valid operation;
  
  xi. If an operation attempts to create or modify an Application Security Environment State Mapping in such a way that the privileges corresponding to or mapping to the Application Security Environment State exceed the privileges of the user or the user group who owns the Application Security Environment, it is an invalid operation;
  
  xii. The ASEPSoftware or the AASEPDevice verifying whether an operation requested by a user by performing an ASEPManualAction has conflict with any of the ongoing operations, employing a conflict resolution strategy as applicable such that no operations which are active at the same time have conflicts with each other;
  
  The conflict resolution strategy may involve discarding some operations or queuing some operations or marking some operations for discarding at a later time.xiii. The AASEPDevice communicating the operation requested by an ASEPManualAction and any status changes to the operations requested by the ASEPManualAction to the ASEPSoftware using registers/memory readable by the computer to which the AASEPDevice is attached;
  
  Preferably, these registers/memory are not writable by the computer;
  
  xiv. The ASEPSoftware sending commands to the AASEPDevice by writing into registers/memory in the AASEPDevice where these registers/memory are writable by the computer to which the AASEPDevice is attached;
  
  xv. Preferably, the AASEPDevice and ASEPSoftware using a unique identifier to identify an operation requested by an ASEPManualAction;
  
  xvi. Preferably, an AASEPDevice device driver processing the interrupts from one or more AASEPDevices and reading the operation requested or any status change for the operation requested by each ASEPManualAction from an AASEPDevice by reading registers/memory in the AASEPDevice;
  
  The AASEPDevice device driver sending the operation requested or any status change for the operation requested by each ASEPManualAction along with the unique identifier for the operation requested by the ASEPManualAction to the ASEPSoftware;
  
  The AASEPDevice device driver sending commands from the ASEPSoftware to an AASEPDevice by writing into the AASEPDevice registers/memory;
  
  Where the AASEPDevice device driver is the software component that controls the AASEPDevice;
  
  xvii. The ASEPSoftware sending a command to perform or discard/reject an operation;
  
  If the ASEPSoftware commands the AASEPDevice to perform an operation, the AASEPDevice performing an operation provided it is not marked for discarding due to conflict with an operation from another ASEPManualAction;
  
  If the ASEPSoftware commands the AASEPDevice to discard the operation, the AASEPDevice discarding the operation;
  
  xviii. The ASEPSoftware sending a command to discard/reject an operation in the case where the ASEPSoftware is doing validation of the operation and the operation is invalid or in the case where ASEPSoftware is doing operation conflict resolution and the operation has conflict with another operation and the operation is selected for discarding/rejection by the operation conflict resolution strategy;
  
  xix. The ASEPSoftware performing clean up required for an operation if it is not identified for discarding/rejection;
  
  The clean up involves blocking all processes/tasks that may impact the clean state from running and updating buffers and data structures;
  
  xx. The ASEPSoftware sending a command to perform an operation to the AASEPDevice if the operation is not discarded/rejected and the clean up for the operation is completed;
  
  xxi. The AASEPDevice updating its registers/memory readable by the computer to which it is attached, when an operation is rejected or completed indicating status;
  
  xxii. The ASEPSoftware releasing the block for processes/tasks which were blocked from running for an operation to complete, after that operation is completed or discarded/rejected by the AASEPDevice;
  
  xxiii. The configuration used by the ASEPSoftware and AASEPDevices consisting of;
  
  a. The list of users;
  
  b. The list of user groups;
  
  c. The list of users in each user group;
  
  d. The privileges for each user and each user group;
  
  e. The list of Application Security Environments owned by each user or user group;
  
  f. The list of states for each Application Security Environment;
  
  g. The list of Regions of mass-memories protected by the AASEPDevices;
  
  h. The Application Security Environment State Mapping for each Application Security Environment State;
  
  xxiv. Preferably, the configuration is stored in the AASEPDevices and the AASEPDevices are capable of identifying the current set of privileges of an Application Security Environment based on the current state of that Application Security Environment;
  
  xxv. Preferably, a computer software module that enforces access restrictions, reading AASEPDevice registers/memory to verify whether a privileged operation requested by a process/task/thread running in an Application Security Environment is permissible as per the Application Security Environment State Mapping for the current state of that Application Security Environment;
  
  These software modules that use the privileges corresponding to or mapped to the current state of an Application Security Environment to implement access protection are referred to as ASEPImplementers;
  
  xxvi. Optionally, the ASEPImplementers reading AASEPDevice registers/memory to fetch the current state of the Application Security Environment and the configuration containing the Application Security Environment State Mapping for the current state of the Application Security Environment and enforcing privileges based the current state of the Application Security Environment and the configuration;
  
  xxvii. Preferably, the ASEPImplementers reading the AASEPDevice registers/memory to read the current set of privileges that the processes/tasks/threads running in the Application Security Environment have corresponding to the current state of that Application Security Environment;
  
  xxviii. When the configuration corresponding to the current state of the Application Security Environment does not allow a privileged operation requested by a process/task/thread in the Application Security Environment, the ASEPImplementer putting that process/task/thread in an error state;
  
  xxix. When the configuration corresponding to the current state of the Application Security Environment allows a privileged operation requested by a process/task/thread in the Application Security Environment, the ASEPImplementer allowing the process/task/thread to perform the privileged operation;
  
  xxx. Preferably, mass-memories are divided into Regions such that read or write access to these Regions are part of privileges that can be mapped to an Application Security Environment State;
  
  xxxi. A user or a user group having access to one or more of these Regions of a mass memory or mass memories;
  
  The access being further restricted to processes/tasks/threads in Application Security Environments owned by the user or the user group based on the current state of the Application Security Environment and the privileges corresponding to that current Application Security Environment State;
  
  xxxii. Preferably, when a process/task/thread in an Application Security Environment does a file operation permitted by file permissions and the operation maps to a read or write operation to a buffer in the file system buffer cache, the file system verifying whether the read or write access to the Region of mass-memory required by the file operation is permitted by the current set of privileges corresponding to the current state of the Application Security Environment;
  
  If the access is not permitted to the Region of mass-memory, the file system returning an error to the process/task/thread that attempted to do the file operation;
  
  If the access is permitted, the file system allowing the operation to continue;
  
  xxxiii. Preferably, a file system tagging a read or write request to read or write to a Region in a mass-memory with an identifier for the Application Security Environment so that the storage components below the file system or mass-memory device controllers can verify whether that Application Security Environment has sufficient privileges to do the operation in its current state;
  
  xxxiv. Preferably, when a process/task/thread in an Application Security Environment performs a raw disk read or write, the operating system tagging the raw disk read or write request with the identifier of the Application Security Environment so that storage components or a mass-memory device controller can enforce access protection based on the current state of that Application Security Environment;
  
  xxxv. Optionally, an AASEPDevice being capable of emulating ASEPManualAction and is also allows scripting.
- View Dependent Claims (2, 3, 4, 5, 7, 8, 9, 10, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 29)
- - 2. An Application Security Environment of claim (1), capable of supporting more than one state such that the privileges of the processes/tasks/threads in an Application Security Environment are dependent on the state of the Application Security Environment;
    - Where an Application Security Environment is an environment in which one or more processes/tasks can be run.
  - 3. An AASEPDevice of claim (1), capable of authenticating a user who performed an ASEPManualAction on that AASEPDevice and also capable of supporting one or more Application Security Environments and one or more states for each Application Security Environment.
  - 4. An AASEPDevice of claim (1), may be made up of hardware or hardware and firmware.
  - 5. The mechanism used by an AASEPDevice of claim (1) for authenticating a user who performed an ASEPManualAction on that AASEPDevice may be based on finger print and/or retina and/or password and/or user name and/or other current or future technologies for user authentication.
  - 7. Preferably, computer readable registers and/or memory in an AASEPDevice of claim (1) containing one or more operations, each requested by a user by performing an ASEPManualAction and the current status of these operations are not writable by the computer.
  - 8. Preferably, computer readable registers and/or memory in an AASEPDevice of claim (1) containing all or part of the configuration are not writable by the computer.
  - 9. Preferably, all or part of the configuration of claim (1) is kept in an AASEPDevice.
  - 10. Preferably, some information relating to an operation requested by an ASEPManualAction of claim (1) such as the next state or a new Application Security Environment State Mapping, can be hidden from the computer to which the AASEPDevice is attached until the operation is completed.
  - 12. Preferably, an operation requested by an ASEPManualAction of claim (1) is such that the operation is either allowed or not allowed by the configuration.
  - 14. Optionally, an AASEPDevice of claim (1) using a timeout and if the ASEPSoftware does not complete cleanup before the timeout expires, the user being given an option to abort or continue the operation;
    - Optionally, the AASEPDevice allows the user who performed the ASEPManualAction to set this timeout.
  - 15. Preferably, a part of an AASEPDevice of claim (1) is embedded in each peripheral device which is being protected;
    - The peripheral device which has an embedded part of an AASEPDevice may be a mass-memory device;
      
      In this case, the controller/firmware of the mass-memory device protecting access to the mass-memory based on the state of Application Security Environments.
  - 16. The configuration of claim (1) being stored in one or more AASEPDevices or one or more other devices attached to the computer to which an AASEPDevice is attached;
    - The configuration may be distributed among different devices;
      
      Copies of the configuration may be stored on different devices;
      
      The devices attached to the computer storing the configuration may be mass-memories;
  - 17. Optionally, the ASEPImplementers of claim (1) reading AASEPDevice registers/memory to fetch the current state of an Application Security Environment and the configuration containing the Application Security Environment State Mapping for the current state and enforcing privileges based the current state of that Application Security Environment and the configuration.
  - 18. Optionally, only some of the operations below are done by doing an ASEPManualAction on an AASEPDevice of claim (1) by a user:
    - i. Create or delete a user;
      
      ii. Create or delete a user group;
      
      iii. Create or delete an Application Security Environment for a user or a user group;
      
      iv. Create or delete an Application Security Environment State for an Application Security Environment;
      
      v. Add users to or remove users from a user group;
      
      vi. Divide mass-memories into Regions which can be protected by AASEPDevices;
      
      vii. Assign privileges to users and user groups including access to Regions of mass-memories;
      
      viii. Create or modify or delete an Application Security Environment State Mapping for an Application Security Environment.
  - 19. The ASEPImplementers and ASEPSoftware of claim (1) may use interfaces provided by the AASEPDevice device driver or read AASEPDevice registers/memory directly.
  - 20. Optionally, when the configuration of claim (1) is stored in mass-memories, the Regions of mass-memories where the configuration is stored should be writable only by ASEPSoftware.
  - 21. Preferably, the operation conflict resolution strategies used by an AASEPDevice or ASEPSoftware of claim (1) may result in all new operations which have conflict with ongoing operations to be discarded/rejected.
  - 22. Optionally, the operation conflict resolution strategies used by an AASEPDevice or ASEPSoftware of claim (1) may use priorities for operations such that a new higher priority operation may cause lower priority operations to be discarded/rejected.
  - 23. Optionally, the operation conflict resolution strategies used by an AASEPDevice or ASEPSoftware of claim (1) may result in all new operations that conflict with ongoing operations to be queued for processing until the conflicting operations complete.
  - 24. Optionally, an AASEPDevice and ASEPSoftware of claim (1) have only a subset of the functionalities described in claim (1). For example, an implementation may not use user authentication and/or verify whether the user has enough privilege to perform the operation requested through an ASEPManualAction and/or operation validation and/or operation conflict resolution.
  - 25. Preferably, an AASEPDevice of claim (1) is attached directly or indirectly to the motherboard of a computer. Optionally, an AASEPDevice could be a peripheral device such as a PCI or PCI-X or PCI Express device.
  - 26. Optionally, an AASEPDevice of claim (1) presents itself as a memory to a computer.
  - 27. Preferably, an AASEPDevice of claim (1) will use interrupts to indicate new operations and status changes to the computer to which it is attached.
  - 29. Optionally, an AASEPDevice of claim (1) allows scripting and the AASEPDevice is capable of emulating ASEPManualActions as directed by scripts. Optionally, scripts can direct an ASEPManualAction to be emulated by an AASEPDevice at periodic intervals or at a specified date and time.

6. An device capable of user authentication as claimed in (1) allowing a user to perform all or some of the following operations by performing an ASEPManualAction:
- i. Create or delete one or more users orii. Create or delete one or more user groups oriii. Create or delete one or more Application Security Environments owned by a user or a user group oriv. Create or delete one or more Application Security Environment States for an Application Security Environment orv. Add users to or remove users from a user group orvi. Divide mass-memories into Regions which can be protected by AASEPDevices orvii. Assign privileges to users and user groups including access to Regions of mass-memories orviii. Create or modify or delete Application Security Environment State Mappings for an Application Security Environment;

11. A method as claimed in (1), where the ASEPManualAction is a manual action on an AASEPDevice to perform an operation;
- The ASEPManualAction on an AASEPDevice may be pressing one or more buttons and/or toggling the position of one or more switches and/or turning a wheel and/or changing one or more jumper positions and/or any other manual action accepted by the AASEPDevice.

13. A method as claimed in (1), where the operation request through each ASEPManualAction is assigned a unique identifier.

28. Optionally, an AASEPDevice is such that it allows an ASEPManualAction to change the privileges of an Application Security Environment and does not use Application Security Environment States.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
George Madathilparambil George, Nikhil George
Original Assignee
George Madathilparambil George, Nikhil George
Inventors
George, Nikhil, George, George Madathilparambil

Application Number

US12/082,606
Publication Number

US 20090260050A1
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/53 by executing in a restricte...

Authenticating device for controlling application security environments

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

26 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Authenticating device for controlling application security environments

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links