USER-DRIVEN ACCESS CONTROL

US 20130117840A1
Filed: 11/09/2011
Published: 05/09/2013
Est. Priority Date: 11/09/2011
Status: Active Grant

First Claim

Patent Images

1. A method, implemented by computing functionality, for granting an application module access to a user-owned resource, comprising:

receiving an instruction to embed a gadget within an application user interface, the application module controlling the application user interface, and the gadget being associated with the user-owned resource;

associating the gadget with a provider module, the provider module controlling the gadget;

displaying the application user interface and the gadget to a user on a display mechanism of a user device, the gadget being embedded as an integral part of the application user interface;

receiving an indication that the user has interacted with the gadget; and

in response to receiving the indication, granting the application module access to the user-owned resource,the application module otherwise lacking rights to access user-owned resources in accordance with a least-privilege access paradigm.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An access system is described herein which allows an application module to access a user-owned resource based on an indication of a user'"'"'s intent to interact with the user-owned resource. For example, the application module can provide an application user interface which embeds a gadget associated with a particular user-owned resource. The access system can interpret the user'"'"'s interaction with the gadget as conferring implicit permission to the application module to access the user-owned resource associated with the gadget. In addition, or alternatively, the user may make a telltale gesture in the course of interacting with the application module. The access system can interpret this gesture as conferring implicit permission to the application module to access a user-owned resource that is associated with the gesture.

Citations

20 Claims

1. A method, implemented by computing functionality, for granting an application module access to a user-owned resource, comprising:
- receiving an instruction to embed a gadget within an application user interface, the application module controlling the application user interface, and the gadget being associated with the user-owned resource;
  
  associating the gadget with a provider module, the provider module controlling the gadget;
  
  displaying the application user interface and the gadget to a user on a display mechanism of a user device, the gadget being embedded as an integral part of the application user interface;
  
  receiving an indication that the user has interacted with the gadget; and
  
  in response to receiving the indication, granting the application module access to the user-owned resource,the application module otherwise lacking rights to access user-owned resources in accordance with a least-privilege access paradigm.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the user-owned resource comprises functionality associated with the user device, comprising:
    - a camera resource;
      
      a microphone resource;
      
      ora GPS device resource.
  - 3. The method of claim 1, wherein the user-owned resource comprises data that is associated with a source entity.
  - 4. The method of claim 1, wherein the instruction comprises a system call, triggered by the application module, which specifies a location at which to present the gadget within the application user interface.
  - 5. The method of claim 4, wherein the instruction also specifies:
    - a type of the gadget; and
      
      an identity of the user-owned resource.
  - 6. The method of claim 1, wherein the gadget includes at least one user interface control mechanism, and wherein the user interacts with the gadget by activating the user interface control mechanism.
  - 7. The method of claim 1, wherein said granting comprises:
    - providing a command, by the provider module, directly to the user-owned resource; and
      
      in response to the command, changing, by the user-owned resource, a status of the user-owned resource.
  - 8. The method of claim 1, wherein said granting comprises:
    - sending a grant call to an operating system of the user device; and
      
      in response to the grant call, setting, by the operating system, a state entry in an access control module, the state entry enabling the application module to access the user-owned resource for a specified scope of access.
  - 9. The method of claim 1, wherein said granting comprises:
    - sending a grant call to an operating system of the user device; and
      
      in response to the grant call, issuing a pull upcall to a source entity, requesting the source entity to provide data; and
      
      issuing a push upcall to a target entity, requesting the destination entity to accept the data that is provided by the source entity,wherein either the source entity or the destination entity is the user-owned resource.
  - 10. The method of claim 1, further comprising:
    - detecting, by an operating system of the user device, that a user has performed a gesture using an input mechanism of the user device; and
      
      in response to said detecting, granting, by the operating system, the application module access to a user-owned resource that is associated with the gesture.
  - 11. The method of claim 10, wherein the user-owned resource that the operating system provides access to is a clipboard resource, and wherein the gesture is associated with either:
    - a copy operation whereby data from the application module is copied into the clipboard resource, ora paste operation whereby data from the clipboard resource is pasted into the application module.

12. A physical and tangible computer readable storage medium for storing computer readable instructions, the computer readable instructions implementing a method when executed by one or more processing devices, the method comprising:
- presenting a first gadget, embedded within an application user interface, to a user, the first gadget being controlled by a provider module, and the application user interface being controlled by an application module;
  
  receiving an indication that the user has interacted with the first gadget;
  
  in response to said receiving, obtaining one or more view items associated with one or more respective data items from at least one source entity;
  
  presenting said one or more view items using a second gadget, the second gadget being embedded within the application user interface, the second gadget being controlled by the provider module;
  
  receiving an indication that the user has interacted with the second gadget by selecting at least one view item that is presented by the second gadget;
  
  in response to receiving the indication that the user has interacted with the second gadget, obtaining at least one data item which is associated with said at least one view item that has been selected; and
  
  providing said at least one data item to the application module.
- View Dependent Claims (13, 14)
- - 13. The computer readable storage medium of claim 12, wherein said obtaining one or more view items comprises identifying one or more files that are maintained by said at least one source entity.
  - 14. The computer readable storage medium of claim 12, wherein said obtaining one or more view items comprises identifying one or more search results from said at least one source entity, said one or more search results matching a search term specified via the first gadget.

15. An access system, implemented by computing functionality, for granting an application module access to a user-owned resource, comprising:
- an application module configured to control an application user interface, the access system isolating the application module from other application modules that are executable on the access system;
  
  a provider module configured to control a gadget that forms an integral part of the application user interface, the gadget being presented at a location within the application user interface that is specified by the application module;
  
  a user-owned resource associated with the provider module;
  
  an operating system which, together with the provider module, enables the application module to access the user-owned resource;
  
  an interaction detection module configured to detect when a user interacts with the gadget, to provide an indication; and
  
  an access action module configured to respond to the indication by granting the application module access to the user-owned resource, while otherwise restricting access by the application module to user-owned resources, based on a least-privilege access paradigm.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The access system of claim 15, wherein the interaction detection module is implemented by the provider module, the access action module is implemented by the operating system, and wherein the interaction detection module is configured to send a grant call to the access action module in response to the indication.
  - 17. The access system of claim 16, wherein the access action module comprises an extended access action module which comprises logic configured to set a state entry of an access control module, the state entry enabling the application module to access the user-owned resource for an extended duration of access.
  - 18. The access system of claim 17, further comprising logic for revoking the extended duration of access in response to an instruction from the user.
  - 19. The access system of claim 16, wherein the access action module comprises a discrete access action module which comprises:
    - logic configured to issue a pull upcall to a source entity, requesting the source entity to provide data; and
      
      logic configured to issue a push upcall to a destination entity, requesting the destination entity to accept the data that is provided by the source entity,wherein either the source entity or the destination entity is the user-owned resource.
  - 20. The access system of claim 15, wherein the operating system further comprises:
    - a gesture recognition module configured to detect when a user has performed a gesture using an input mechanism,wherein the access action module responds to detection of the gesture by providing the application module with access to a user-owned resource that is associated with the gesture.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Kohno, Tadayoshi, Moshchuk, Alexander, Wang, Helen J., Roesner, Franziska, Parno, Bryan J.

Granted Patent

US 9,106,650 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/17
CPC Class Codes

G06F 21/6281   at program execution time, ...

G06F 2221/2111   Location-sensitive, e.g. ge...

G06F 2221/2141   Access rights, e.g. capabil...

H04L 63/10   for controlling access to d...

H04L 63/107   wherein the security polici...

USER-DRIVEN ACCESS CONTROL

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

USER-DRIVEN ACCESS CONTROL

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links