Isolated persistent storage

US 7,620,731 B1
Filed: 02/21/2001
Issued: 11/17/2009
Est. Priority Date: 02/21/2001
Status: Active Grant

First Claim

Patent Images

1. A computer readable-storage medium which stores a set of instructions which when executed by a computer system causes the computer system to perform a method for identifying an isolated persistent storage region in the computer system, the isolated persistent storage region being accessible by one or more applications, the method executed by the set of instructions comprising:

receiving, at an isolating storage interface of the computer system, a first request to access the isolated persistent storage region of the computer system, wherein receiving the first request to access the isolated persistent storage region includes receiving the first request from a first requesting application via a first requesting component of the first requesting application;

preventing access to the isolated persistent storage region if access is not requested through the isolating storage interface, wherein preventing access to the isolated persistent storage region is accomplished by a security architecture of a runtime environment;

determining a first requesting component identity of the first requesting component that is used by the first requesting application to request access to the isolated persistent storage region;

determining a first requesting application identity of the first requesting application that is using the first requesting component to request access to the isolated persistent storage region; and

constructing a first path name to a first persistent storage location in a plurality of persistent storage locations in the isolated persistent storage region based on the first requesting component identity and the first requesting application identity, wherein access is only enabled to the first persistent storage location in the plurality of isolated persistent storage locations using the first path name, wherein at least one of a different requesting application and a different requesting component results in construction of a different path name, and wherein the different path name enables access only to a second persistent storage location in the plurality of persistent storage locations, wherein the constructing operation comprises;

determining an application identity type and an application name, based on the first requesting application identity;

determining a component identity type and a component name, based on the first requesting component identity; and

combining the application identity type, the application name, the component identity type, and the component name into the first path name to the first persistent storage location in the plurality of persistent storage locations in the isolated persistent storage region;

accessing the first persistent storage location in the plurality of persistent storage locations based on the path name;

wherein determining the first requesting component identity comprises;

identifying one or more possible component identities based on the first requesting component; and

selecting one of the possible component identities as the first requesting component identity;

receiving at the isolating storage interface of the computer system a second request to access the isolated persistent storage region, wherein receiving the second request to access the isolated persistent storage region includes receiving the second request from a second requesting application, wherein the second requesting application uses a second requesting component to access the isolated persistent storage region, and wherein the second request from the second requesting application is received at the isolating storage interface via the second requesting component;

determining a second requesting component identity of the second requesting component that is used by the second requesting application to request access to the isolated persistent storage region;

determining a second requesting application identity of the second requesting application that is using the second requesting component to request access to the isolated persistent storage region; and

constructing a second path name to a second persistent storage location in the isolated persistent storage region based on the second requesting component identity and the second requesting application identity;

wherein the second persistent storage location is accessible only through the second path name and is not accessible from any other path name.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An isolated persistent storage object accesses an isolated persistent storage region using identities of the application, an underlying component of the application, and optionally the user. Direct access to the isolated persistent storage region is available only to the isolated persistent storage object and is unavailable to other components. Accordingly, other components access the isolated persistent storage region through the isolated persistent storage object, which determines the specific location (e.g., specified by an internally constructed path name) and performs the access operation on behalf of the calling component. The application identity and the component identity are converted to typed identity names for use in the construction of the path name.

50 Citations

View as Search Results

10 Claims

1. A computer readable-storage medium which stores a set of instructions which when executed by a computer system causes the computer system to perform a method for identifying an isolated persistent storage region in the computer system, the isolated persistent storage region being accessible by one or more applications, the method executed by the set of instructions comprising:
- receiving, at an isolating storage interface of the computer system, a first request to access the isolated persistent storage region of the computer system, wherein receiving the first request to access the isolated persistent storage region includes receiving the first request from a first requesting application via a first requesting component of the first requesting application;
  
  preventing access to the isolated persistent storage region if access is not requested through the isolating storage interface, wherein preventing access to the isolated persistent storage region is accomplished by a security architecture of a runtime environment;
  
  determining a first requesting component identity of the first requesting component that is used by the first requesting application to request access to the isolated persistent storage region;
  
  determining a first requesting application identity of the first requesting application that is using the first requesting component to request access to the isolated persistent storage region; and
  
  constructing a first path name to a first persistent storage location in a plurality of persistent storage locations in the isolated persistent storage region based on the first requesting component identity and the first requesting application identity, wherein access is only enabled to the first persistent storage location in the plurality of isolated persistent storage locations using the first path name, wherein at least one of a different requesting application and a different requesting component results in construction of a different path name, and wherein the different path name enables access only to a second persistent storage location in the plurality of persistent storage locations, wherein the constructing operation comprises;
  
  determining an application identity type and an application name, based on the first requesting application identity;
  
  determining a component identity type and a component name, based on the first requesting component identity; and
  
  combining the application identity type, the application name, the component identity type, and the component name into the first path name to the first persistent storage location in the plurality of persistent storage locations in the isolated persistent storage region;
  
  accessing the first persistent storage location in the plurality of persistent storage locations based on the path name;
  
  wherein determining the first requesting component identity comprises;
  
  identifying one or more possible component identities based on the first requesting component; and
  
  selecting one of the possible component identities as the first requesting component identity;
  
  receiving at the isolating storage interface of the computer system a second request to access the isolated persistent storage region, wherein receiving the second request to access the isolated persistent storage region includes receiving the second request from a second requesting application, wherein the second requesting application uses a second requesting component to access the isolated persistent storage region, and wherein the second request from the second requesting application is received at the isolating storage interface via the second requesting component;
  
  determining a second requesting component identity of the second requesting component that is used by the second requesting application to request access to the isolated persistent storage region;
  
  determining a second requesting application identity of the second requesting application that is using the second requesting component to request access to the isolated persistent storage region; and
  
  constructing a second path name to a second persistent storage location in the isolated persistent storage region based on the second requesting component identity and the second requesting application identity;
  
  wherein the second persistent storage location is accessible only through the second path name and is not accessible from any other path name.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The computer-readable storage medium of claim 1 wherein the operation of determining a requesting application identity comprises:
    - querying a domain of the first requesting application for one or more possible requesting application identities; and
      
      selecting one of the possible requesting application identities as the first requesting application identity.
  - 3. The computer-readable storage medium of claim 2 wherein the selecting operation comprises:
    - selecting the first requesting application identity based on one or more security characteristics associated with the first requesting application identity.
  - 4. The computer-readable storage medium of claim 1 wherein the operation of determining a first requesting application identity comprises:
    - determining a public key associated with the first requesting application.
  - 5. The computer-readable storage medium of claim 1 wherein the operation of determining a first requesting application identity comprises:
    - determining a site indicator associated with the first requesting application.
  - 6. The computer-readable storage medium of claim 1 wherein the operation of determining a first requesting application identity comprises:
    - determining a publisher associated with the first requesting application.
  - 7. The computer-readable storage medium of claim 1 wherein the operation of determining a first requesting component identity comprises:
    - determining a public key of associated with the first requesting component.
  - 8. The computer-readable storage medium of claim 1 wherein the operation of determining a first requesting component identity comprises:
    - determining a site indicator associated with the first requesting component.
  - 9. The computer-readable storage medium of claim 1 wherein the operation of determining a first requesting component identity comprises:
    - determining a publisher associated with the first requesting component.
  - 10. The computer-readable storage medium of claim 9 wherein the selecting operation comprises:
    - selecting the first requesting component identity based on security characteristics of the requesting component identity.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Dasan, Shajan, Toutonghi, Michael J., Kohnfelder, Loren M.
Primary Examiner(s)
Lin; Kenny
Assistant Examiner(s)
Truong; Lan-Dai T

Application Number

US09/790,840
Time in Patent Office

3,191 Days
Field of Search

709/229, 709/226, 709/203, 709/206, 709/217, 709/238, 709/239
US Class Current

709/239
CPC Class Codes

G06F 9/52 Program synchronisation; Mu...

Isolated persistent storage

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

Isolated persistent storage

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links