Rights-context elevator
First Claim
Patent Images
1. A method implemented at least in part by a computer, comprising:
- intercepting, by one of a controlled-access application or operating system security, a first task comprising a non-user initiated attempt to install an application downloaded over the internet prior to the first task being performed, in order to check the first task against rights of a user;
identifying a second task;
calling, by one of the controlled-access application or the operating system security, a rights elevator to begin a process of user rights elevation;
receiving, from the user currently logged on to a computer operating system with a single user account having both a limited-rights context and a higher-rights context and while the single user account is operating within the limited-rights context that has rights insufficient to permit the first task and the second task, the user'"'"'s assent to perform a task not permitted by the limited-rights context, wherein the user'"'"'s assent is indicated by user entry of a secure access sequence comprising a simultaneous keystroke activation of more than one key to elevate the rights of the single user account to the higher rights context of the single user account;
following entry of the secure access sequence and prior to an act of elevating the context of the single user account, enabling the assent via receiving a user entry in addition to the secure access sequence;
responsive to the entry of the secure access sequence, initiating a process to minimally elevate rights of the single user account to the higher-rights context of the single user account, wherein the higher-rights context of the single user account minimally permits the first task without elevating the rights to another higher-rights context that would minimally permit the second task; and
elevating the context of the single user account from the limited-rights context to the higher-rights context effective to permit the first task, following entry of the secure access sequence and completion of the process to minimally elevate rights.
2 Assignments
0 Petitions
Accused Products
Abstract
System(s), techniques, and/or method(s) (“tools”) are described that enable a user to elevate his or her rights. The tools may do so by switching a user to an account having higher rights or a different, higher-rights context of a same account. The tools may elevate a user'"'"'s rights after a user enters a secure access sequence, such as Control+Alt+Delete, clicks on a button, or enters credentials. The tools may also enable a user to identify tasks that need higher rights to be performed by visually correlating graphic indicia with these tasks.
-
Citations
20 Claims
-
1. A method implemented at least in part by a computer, comprising:
-
intercepting, by one of a controlled-access application or operating system security, a first task comprising a non-user initiated attempt to install an application downloaded over the internet prior to the first task being performed, in order to check the first task against rights of a user; identifying a second task; calling, by one of the controlled-access application or the operating system security, a rights elevator to begin a process of user rights elevation; receiving, from the user currently logged on to a computer operating system with a single user account having both a limited-rights context and a higher-rights context and while the single user account is operating within the limited-rights context that has rights insufficient to permit the first task and the second task, the user'"'"'s assent to perform a task not permitted by the limited-rights context, wherein the user'"'"'s assent is indicated by user entry of a secure access sequence comprising a simultaneous keystroke activation of more than one key to elevate the rights of the single user account to the higher rights context of the single user account; following entry of the secure access sequence and prior to an act of elevating the context of the single user account, enabling the assent via receiving a user entry in addition to the secure access sequence; responsive to the entry of the secure access sequence, initiating a process to minimally elevate rights of the single user account to the higher-rights context of the single user account, wherein the higher-rights context of the single user account minimally permits the first task without elevating the rights to another higher-rights context that would minimally permit the second task; and elevating the context of the single user account from the limited-rights context to the higher-rights context effective to permit the first task, following entry of the secure access sequence and completion of the process to minimally elevate rights. - View Dependent Claims (2, 3, 4, 5, 6, 19)
-
-
7. A method implemented at least in part by a computer, comprising:
-
on a display device, presenting a user interface for a currently logged on user account, the user interface simultaneously representing; a first task comprising a non-user initiated attempt to execute instructions from the internet; a second task; and an icon that indicates that the first task is not being permitted without elevation of rights associated with the user account; determining whether the user account is a multi-rights account; and in an event that the user account is a multi-rights account, presenting, if the currently logged on user account is currently logged on to a computer'"'"'s operating system in a limited-rights context of the multi-rights account, a selectable graphic enabling assent to elevate the currently logged on user account context to a minimally higher-rights context of the multi-rights account, the minimally higher-rights context of the multi-rights account being effective to permit the first task and not sufficient to permit the second task, or in an event that the user account is not a multi-rights account, presenting, if the currently logged on user account is currently logged on to a computer'"'"'s operating system with a limited-rights account, a higher-rights account that has rights minimally sufficient to permit the first task and not the second task and a region for entry of credentials for authenticating a user for the higher-rights account. - View Dependent Claims (8, 9, 10, 11, 12, 20)
-
-
13. A system comprising:
-
a processor; a computer-readable storage media operatively coupled to the processor, the memory having computer-executable instructions encoded thereon, such that execution of the computer-executable instructions by the processor configures the system to perform operations comprising; intercepting, by operating system security, a first task comprising a non-user initiated attempt to execute instructions from the internet prior to the first task being performed, in order to check the first task against the rights of a currently active user account; determining the first task is not permitted by a limited-rights context of the currently active user account; calling, by the operating system security, a rights elevator to begin a process of user account rights elevation; receiving, from the currently active user account logged on to a computer operating system, the currently active user account having the limited-rights context and a higher-rights context and while the currently active user account is operating within the limited-rights context, assent for the currently active user account to perform the first task not permitted by the limited-rights context, wherein the assent for the currently active user account is achieved by receiving entry of a secure access sequence comprising a simultaneous activation of more than one key of an input device; following entry of the secure access sequence and prior to an act of elevating the context of the user account, enabling the assent via an entry in addition to the secure access sequence; responsive to the entry of the secure access sequence, initiating a process to elevate rights of the currently active user account currently logged on to the computer'"'"'s operating system to the higher-rights context of the currently active user account, wherein the higher-rights context of the currently active user account minimally permits the first task without elevating the rights to another higher-rights context that would minimally permit a second task; and elevating, responsive to receiving the assent, the currently active user account context from the limited-rights context to the higher-rights context effective to permit the first task, wherein the higher-rights context of the currently active user account effective to permit the first task is not sufficient to permit the second task. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification