System and method for providing application services with controlled access into privileged processes

US 7,716,719 B2
Filed: 04/21/2005
Issued: 05/11/2010
Est. Priority Date: 01/28/2000
Status: Expired due to Term

First Claim

Patent Images

1. A system for providing application services in a computing environment having both user-mode processes and privileged-mode processes, the system comprising:

a processor;

a user-mode component having an interface configured to access an exposed privileged-mode interface;

a configuration component specifying a list of installable code components that are authorized for installation, wherein privileged-mode functions will only be executed in response to accesses by the user-mode code component when the installable code component is represented on the list;

wherein the user-mode component comprises an application software installation wizard;

wherein specifications are included within the configuration component specifying instructions for installing program components into an operating system;

wherein the configuration component includes a definition of an application software installation wizard to be created and an initialization file embedded within a cabinet file, the initialization file represented in a plain text format and comprising a plurality of sections each including attribute specifications, the initialization file including an AutoRegister section, an AutoUnregister section, and an allowAdmin section.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for providing application services in a computing environment having both user-mode processes and privileged-mode processes. A user-mode component is provided with an interface configured to access an exposed privileged-mode interface. A configuration component specifies a list of installable code components that are authorized for installation, wherein privileged-mode functions will only be executed in response to accesses by the user-mode code component when the installable code component is represented on the list.

Citations

26 Claims

1. A system for providing application services in a computing environment having both user-mode processes and privileged-mode processes, the system comprising:
- a processor;
  
  a user-mode component having an interface configured to access an exposed privileged-mode interface;
  
  a configuration component specifying a list of installable code components that are authorized for installation, wherein privileged-mode functions will only be executed in response to accesses by the user-mode code component when the installable code component is represented on the list;
  
  wherein the user-mode component comprises an application software installation wizard;
  
  wherein specifications are included within the configuration component specifying instructions for installing program components into an operating system;
  
  wherein the configuration component includes a definition of an application software installation wizard to be created and an initialization file embedded within a cabinet file, the initialization file represented in a plain text format and comprising a plurality of sections each including attribute specifications, the initialization file including an AutoRegister section, an AutoUnregister section, and an allowAdmin section.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The system of claim 1 wherein the configuration component includes a digital signature.
  - 3. The system of claim 1 further comprising a user interface implemented within the user-mode component.
  - 4. The system of claim 1 wherein specifications are included within the configuration component specifying a list of objects that are permitted to be created and creation of any object is prevented unless it is specified on the list of objects.
  - 5. The system of claim 1 wherein the configuration component includes a cabinet (.cab) file.
  - 6. The system of claim 1 wherein the application software installation wizard is executed utilizing a network browser program.
  - 7. The system of claim 1 wherein the application software installation wizard includes a scripted user interface for supplying and obtaining user-specific information including a name and licensing information.
  - 8. The system of claim 1 wherein the application software installation wizard makes a call to a create object program component including an executable function defined in a dynamic link library (.dll) file, and the create object program component executes in a user-mode for sending a message including an identification of the configuration component.
  - 9. The system of claim 1 wherein the AutoRegister section includes a listing of file names associated with instructions used to register an associated file with the operating system, and the AutoUnregister section includes a listing of file names associated with instructions required to remove the associated file from a registry.

10. A method for managing privileges in a computing environment having both user-mode processes and privileged-mode processes, the method comprising:
- exposing a privileged-mode interface to user-mode processes;
  
  accessing the exposed interface using a user-mode component;
  
  specifying a list of authorized code components in a configuration file;
  
  authenticating that the configuration file comes from a trusted source; and
  
  executing privileged-mode processes specified by the configuration file in response to access by the user-mode code component only when the configuration file is authenticated as coming from a trusted source;
  
  wherein the user-mode component comprises an application software installation wizard;
  
  wherein specifications are included within the configuration file specifying instructions for installing program components into an operating system;
  
  wherein an instance of the application software installation wizard is creatable in accordance with a definition supplied in the configuration file; and
  
  wherein the configuration file includes an initialization file embedded within a cabinet file, the initialization file represented in a plain text format and comprising a plurality of sections each including attribute specifications, the initialization file including an AutoRegister section, an AutoUnregister section, and an allowAdmin section.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 11. The method of claim 10 further comprising specifying a digital signature within the configuration file.
  - 12. The method of claim 11 wherein the digital signature is authenticated.
  - 13. The method of claim 10 further comprising implementing a user interface implemented within the user-mode component.
  - 14. The method of claim 10 wherein a list of objects is specified within the configuration file that are permitted to be created;
    - wherein, in response to the list of objects, creation of any object is prevented unless it is specified on the list of objects.
  - 15. The method of claim 10 wherein the cabinet (.cab) file is compressed.
  - 16. The method of claim 10 wherein the application software installation wizard is executed utilizing a network browser program.
  - 17. The method of claim 10 wherein the application software installation wizard includes a scripted user interface for supplying and obtaining user-specific information including a name and licensing information.
  - 18. The method of claim 10 wherein the application software installation wizard makes a call to a create object program component including an executable function defined in a dynamic link library (.dll) file, and the create object program component executes in a user-mode for sending a message including an identification of the configuration component.
  - 19. The method of claim 10 wherein the AutoRegister section includes a listing of file names associated with instructions used to register an associated file with the operating system, and the AutoUnregister section includes a listing of file names associated with instructions required to remove the associated file from a registry.

20. A system for providing application services in a computing environment having both user-mode processes and privileged-mode processes, the system comprising:
- a processor;
  
  a user-mode component having an interface configured to access an exposed privileged-mode interface; and
  
  a configuration component specifying a list of installable code components that are authorized for installation, wherein privileged-mode functions will only be executed in response to accesses by the user-mode code component when the installable code component is represented on the list;
  
  wherein the configuration component includes an initialization file embedded within a cabinet file, the initialization file represented in a plain text format and comprising a plurality of sections each including attribute specifications, the initialization file including an AutoRegister section, an AutoUnregister section, and an allowAdmin section.
- View Dependent Claims (21, 22, 23, 24, 25, 26)
- - 21. The system of claim 20 further comprising specifying a digital signature within the configuration component.
  - 22. The system of claim 21 wherein the digital signature is authenticated.
  - 23. The system of claim 20 further comprising implementing a user interface implemented within the user-mode component.
  - 24. The system of claim 20 wherein a list of objects is specified within the configuration component that are permitted to be created;
    - wherein, in response to the list of objects, creation of any object is prevented unless it is specified on the list of objects.
  - 25. The system of claim 20 wherein the cabinet (.cab) file is compressed.
  - 26. The system of claim 20 wherein the AutoRegister section includes a listing of file names associated with instructions used to register an associated file with an operating system, and the AutoUnregister section includes a listing of file names associated with instructions required to remove the associated file from a registry.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Musarubra US LLC (Musarubra US SellCo LLC)
Original Assignee
McAfee, Inc. (McAfee, LLC)
Inventors
Melchione, Dan, Fallenstedt, Martin, Kouznetsov, Victor
Primary Examiner(s)
NGUYEN, MINH DIEU T

Application Number

US11/110,747
Publication Number

US 20050188370A1
Time in Patent Office

1,846 Days
Field of Search

713/168, 726 2- 4, 726/17, 726/21, 726 26- 27, 705/67, 709220-222, 717168-178
US Class Current

726/2
CPC Class Codes

G06F 21/52   during program execution, e...

G06F 2221/2105   Dual mode as a secondary as...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 9/468   Specific access rights for ...

System and method for providing application services with controlled access into privileged processes

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for providing application services with controlled access into privileged processes

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links