CONTROLLING ACCESS TO RESOURCES BY HOSTED ENTITIES

US 20100319051A1
Filed: 06/15/2009
Published: 12/16/2010
Est. Priority Date: 06/15/2009
Status: Active Grant

First Claim

Patent Images

1. A system for including context in an access policy on a mobile computing device, said system comprising:

a memory area for storing a policy set specifying an application program identifier of an application program executing on the mobile computing device, a resource identifier for a resource associated with a mobile computing device, and access rights, wherein the application program identifier or the resource identifier includes an entity identifier associated with an entity hosted by the application program, and wherein the access rights define access by the entity to the resource; and

a processor programmed to;

receive the access rights by the entity to the resource;

associate the entity identifier with the application program identifier or the resource identifier;

associate the received access rights with the application program identifier and the resource identifier to create the policy set; and

store the created policy set in the memory area.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Controlling resource access by entities hosted by an execution extension environment via entity identifiers associated with the resources or with the execution extension environment. Policy sets define the access to the resources. Each policy set includes a principal identifier for execution extension environment, a resource identifier for one of the resources, and access rights. The principal identifier or the resource identifier includes one of the entity identifiers. Access requests from entities are evaluated by comparing the entity identifiers to the policy sets. In some embodiments, the policy sets implement access control for web browsers hosting executable code that attempts to access resources on a computing device.

Citations

20 Claims

1. A system for including context in an access policy on a mobile computing device, said system comprising:
- a memory area for storing a policy set specifying an application program identifier of an application program executing on the mobile computing device, a resource identifier for a resource associated with a mobile computing device, and access rights, wherein the application program identifier or the resource identifier includes an entity identifier associated with an entity hosted by the application program, and wherein the access rights define access by the entity to the resource; and
  
  a processor programmed to;
  
  receive the access rights by the entity to the resource;
  
  associate the entity identifier with the application program identifier or the resource identifier;
  
  associate the received access rights with the application program identifier and the resource identifier to create the policy set; and
  
  store the created policy set in the memory area.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the application program comprises a browser, the entity comprises a web page and associated scripts, and the resource comprises location information associated with the mobile computing device.
  - 3. The system of claim 1, wherein the processor is further programmed to associate an expiration value for the access rights, said expiration value being associated with the application program identifier or the resource identifier.
  - 4. The system of claim 1, wherein the access rights include data defining information to be collected by the entity and a purpose for the information to be collected.
  - 5. The system of claim 1, further comprising means for controlling access by the entity to the resource.
  - 6. The system of claim 1, further comprising means for managing the created policy set in the memory area.
  - 7. The system of claim 1, further comprising a user interface configured to request user input to define the access rights.
  - 8. The system of claim 1, further comprising a user interface configured to receive user input to define a plurality of the policy sets.

9. A method comprising:
- identifying a policy set, said policy set defining access to a resource by an entity associated with at least one execution extension environment, said policy set including a principal identifier for the execution extension environment, a resource identifier for the resource, and access rights, wherein the principal identifier or the resource identifier includes an entity identifier associated with the entity;
  
  receiving a request for the resource from the entity;
  
  comparing the received request to the identified policy set; and
  
  granting the entity access to the resource based on said comparing.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The method of claim 9, further comprising receiving user input to define the access rights.
  - 11. The method of claim 9, wherein the execution extension environment includes a runtime framework hosting the entity.
  - 12. The method of claim 9, wherein the identified policy set is user-defined.
  - 13. The method of claim 9, further comprising:
    - associating an expiration value with the access rights; and
      
      associating the expiration value with the principal identifier or the resource identifier.
  - 14. The method of claim 9, wherein the execution extension environment comprises a browser, the entity comprises a web page, and the resource comprises location information associated with a mobile computing device.
  - 15. The method of claim 9, further comprising accessing a 3-tuple representing the policy set, said 3-tuple including the principal identifier, the resource identifier, and the access rights.
  - 16. The method of claim 15, wherein the resource identifier further identifies a principal associated with the entity.

17. One or more computer-readable media having computer-executable components, said components comprising:
- an interface component for receiving user input to define access rights by an entity to a resource, said entity being associated with at least one execution extension environment;
  
  a policy component for receiving a policy set, said policy set defining access to the resource by the entity, said policy set including a principal identifier for the execution extension environment, a resource identifier for the resource, and the access rights defined by the interface component, wherein the principal identifier or the resource identifier includes an entity identifier associated with the entity; and
  
  an access component for receiving a request for the resource from the entity, comparing the received request to the policy set received by the policy component, and granting the entity access to the resource based on said comparing.
- View Dependent Claims (18, 19, 20)
- - 18. The computer-readable media of claim 17, wherein the interface component further comprises requesting user input to define an expiration value for the access rights, and wherein the policy component stores the expiration value in the policy set.
  - 19. The computer-readable media of claim 17, wherein the execution extension environment comprises a browser, the entity comprises a web page, and the resource comprises location information associated with the mobile computing device.
  - 20. The computer-readable media of claim 17, wherein the entity is hosted by the execution extension environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Liu, Xin, Bruner, John David, Bafna, Sapna Mahendra, Jaffri, Taqi

Granted Patent

US 8,590,003 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 47/824   Applicable to portable or m...

H04L 63/102   Entity profiles

H04L 63/108   when the policy decisions a...

H04L 63/20   for managing network securi...

CONTROLLING ACCESS TO RESOURCES BY HOSTED ENTITIES

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

CONTROLLING ACCESS TO RESOURCES BY HOSTED ENTITIES

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links