Reputation-based authorization decisions
First Claim
Patent Images
1. One or more computer-readable storage devices having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising:
- allowing a software application to run on a client computing device, the software application, when running, being an executing software application;
receiving, from the executing software application that is allowed to run on the client computing device, a request to perform a particular operation on a file on the client computing device;
receiving an authorization input, the authorization input including a reputation value indicative of the executing software application'"'"'s reputation;
comparing the authorization input including the reputation value to an authorization rule;
in response to the comparing, outputting a granular authorization decision pertaining to the requested particular operation on the file on the client computing device, wherein the reputation value comprises a single reputation value aggregated from a plurality of reputation metadata from a plurality of different reputation metadata providers; and
wherein the reputation value is based on;
(i) input received from a group of human users indicating each human user'"'"'s experience with the executing software application, and (ii) input received from a group of computing entities indicating each computing entity'"'"'s review or analysis of the executing software application;
wherein;
in an event the authorization input meets or exceeds an authorization rule of a first type, in accordance with the authorization rule of the first type, the granular authorization decision allows the executing software application to perform the particular operation requested to be performed on the file on the client computing device;
in an event the authorization input meets or exceeds an authorization rule of a second type, in accordance with the authorization rule of the second type, the granular authorization decision presents a prompt for user input acceding to the executing software application performing the particular operation requested to be performed on the file on the client computing device; and
in an event the authorization input does not meet either the authorization rule of the first type or the authorization rule of the second type, in accordance with a third authorization rule, the granular authorization decision blocks the executing software application from performing the particular operation requested to be performed on the file on the client computing device.
3 Assignments
0 Petitions
Accused Products
Abstract
This document describes tools capable of receiving reputation metadata effective to enable better decision making about whether or not to authorize operations. The tools may build a reputation value from this reputation metadata and, based on this value and an authorization rule, better decide whether or not to authorize an operation requested by some program, application, or other actor.
28 Citations
14 Claims
-
1. One or more computer-readable storage devices having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising:
-
allowing a software application to run on a client computing device, the software application, when running, being an executing software application; receiving, from the executing software application that is allowed to run on the client computing device, a request to perform a particular operation on a file on the client computing device; receiving an authorization input, the authorization input including a reputation value indicative of the executing software application'"'"'s reputation; comparing the authorization input including the reputation value to an authorization rule; in response to the comparing, outputting a granular authorization decision pertaining to the requested particular operation on the file on the client computing device, wherein the reputation value comprises a single reputation value aggregated from a plurality of reputation metadata from a plurality of different reputation metadata providers; and wherein the reputation value is based on;
(i) input received from a group of human users indicating each human user'"'"'s experience with the executing software application, and (ii) input received from a group of computing entities indicating each computing entity'"'"'s review or analysis of the executing software application;
wherein;in an event the authorization input meets or exceeds an authorization rule of a first type, in accordance with the authorization rule of the first type, the granular authorization decision allows the executing software application to perform the particular operation requested to be performed on the file on the client computing device; in an event the authorization input meets or exceeds an authorization rule of a second type, in accordance with the authorization rule of the second type, the granular authorization decision presents a prompt for user input acceding to the executing software application performing the particular operation requested to be performed on the file on the client computing device; and in an event the authorization input does not meet either the authorization rule of the first type or the authorization rule of the second type, in accordance with a third authorization rule, the granular authorization decision blocks the executing software application from performing the particular operation requested to be performed on the file on the client computing device. - View Dependent Claims (2, 3, 4, 5)
-
-
6. One or more computer-readable storage devices having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising:
-
allowing code to run on a client computing device; receiving, from the code that is allowed to run on the client computing device, a request to perform a particular operation on an object on the client computing device; receiving an authorization input from an access control module, the authorization input including a single reputation value indicative of the code'"'"'s reputation, the single reputation value being aggregated from a plurality of reputation metadata from a plurality of different reputation metadata providers, and representing at least; reputation metadata input received from a group of human users indicating an experience of the human users with the code, and reputation metadata input received from a group of computing entities indicating a review or analysis by the computing entities of the code; comparing the authorization input including the reputation value to an authorization rule; and in response to the comparing, outputting a granular authorization decision pertaining to the particular requested operation on the object on the client computing device, wherein; in an event the authorization input meets or exceeds an authorization rule of a first type, in accordance with the authorization rule of the first type, the granular authorization decision allows the code to perform the particular operation requested to be performed on the object on the client computing device; in an event the authorization input meets or exceeds an authorization rule of a second type, in accordance with the authorization rule of the second type, the granular authorization decision presents a prompt for user input acceding to the code performing the particular operation requested to be performed on the object on the client computing device; and in an event the authorization input does not meet either the authorization rule of the first type or the authorization rule of the second type, in accordance with a third authorization rule, the granular authorization decision blocks the code from performing the particular operation requested to be performed on the object on the client computing device. - View Dependent Claims (7, 8, 9, 10)
-
-
11. One or more computer-readable storage devices having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising:
-
allowing code to run on a client computing device; receiving, from the code that is allowed to run on the client computing device, a request to perform a particular operation on an object on the client computing device; receiving an authorization input from an access control module, the authorization input including a single reputation value indicative of the code'"'"'s reputation aggregated from a plurality of reputation metadata from a plurality of different reputation metadata providers, the single reputation value being aggregated at least from; reputation metadata input received from a group of human users indicating an experience of the human users with the code, and reputation metadata input received from a group of computing entities indicating a review or analysis by the computing entities of the code; comparing the authorization input including the reputation value to an authorization rule; in response to the comparing, outputting a granular authorization decision pertaining to the particular requested operation on the object on the client computing device;
wherein;in an event the authorization input meets or exceeds an authorization rule of a first type, in accordance with the authorization rule of the first type, the granular authorization decision allows the code to perform the particular operation requested to be performed on the object on the client computing device; in an event the authorization input meets or exceeds an authorization rule of a second type, in accordance with the authorization rule of the second type, the granular authorization decision presents a prompt for user input acceding to the code performing the particular operation requested to be performed on the object on the client computing device; and in an event the authorization input does not meet either the authorization rule of the first type or the authorization rule of the second type, in accordance with a third authorization rule, the granular authorization decision blocks the code from performing the particular operation requested to be performed on the object on the client computing device.
-
-
12. One or more computer-readable storage devices having computer-readable instructions therein that, when executed by a computing device, cause the computing device to perform acts comprising:
-
allowing an actor to run on a client computing device, the actor, when running, being a running actor comprising at least one of;
a software program, an application, a dynamically linked library, an installation program, a file, a picture, a document, an applet, or an ActiveX control;receiving, from the running actor, a request to perform a particular operation on an object on the client computing device; receiving an authorization input, the authorization input including a single reputation value indicative of a reputation of the running actor that is aggregated from a plurality of reputation metadata from a plurality of different reputation metadata providers, wherein the single reputation value is aggregated at least from; reputation metadata input received from a group of human users indicating experience of the human users with the running actor, and reputation metadata input received from a group of computing entities indicating a review or analysis of the computing entities of the running actor; comparing the authorization input including the single reputation value to an authorization rule, the authorization rule being one of a plurality of types of authorization rules; in response to the comparing, outputting a granular authorization decision that controls the requested particular operation on the object on the client computing device, wherein; in an event the authorization input meets or exceeds an authorization rule of a first type, in accordance with the authorization rule of the first type, the granular authorization decision allows the running actor to perform the particular operation requested to be performed on the object on the client computing device; in an event the authorization input meets or exceeds an authorization rule of a second type, in accordance with the authorization rule of the second type, the granular authorization decision presents a prompt for user input acceding to the running actor performing the particular operation requested to be performed on the object on the client computing device; and in an event the authorization input does not meet either the authorization rule of the first type or the authorization rule of the second type, in accordance with a third authorization rule, the granular authorization decision blocks the running actor from performing the particular operation requested to be performed on the object on the client computing device. - View Dependent Claims (13, 14)
-
Specification