Isolation of application-specific data within a user account

US 8,074,288 B2
Filed: 11/15/2005
Issued: 12/06/2011
Est. Priority Date: 07/15/2005
Status: Active Grant

First Claim

Patent Images

1. In a computing system associating multiple applications with a same user account, a method for isolating data specific to a first application from a second application that share the same user account, the data being native to a central repository of application settings for applications sharing the same user account, the method comprising:

loading the data native to the central repository of application settings, upon receiving a request for the data from the first application, from the central repository of application settings for applications sharing the same user account to a location specified by an access path;

creating a handle to the data native to the central repository of application settings, at the location specified by the access path;

passing the handle to the first application;

determining whether the data native to the central repository of application settings is designated as application-specific data for the first application that is inaccessible to other applications;

when it is determined that the data native to the central repository of application settings is designated as application-specific data for the first application, preventing creation of handles to the data other than the handle passed to the first application and denying one or more access requests that do not use the handle, from the second application sharing the same user account as the first application, for the data native to the central repository of application settings for applications sharing the same user account because the second application does not possess the handle, and;

when it is determined the data native to the central repository of application settings is not designated as application-specific data for the first application, allowing the one or more access requests for the data native to the central repository of application settings from the second application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism is provided for isolating application-specific data in an environment where multiple applications share a same user account. This mechanism enables data specific to an application to be accessed only by the application. When an application requests application-specific data, the data is loaded and a handle to the data is returned to the application. Access to the data is allowed only though the handle. Therefore, only the application possessing the handle can access the data. A counter may be associated with the loaded data. The counter'"'"'s value is incremented whenever a handle is created for the data and decremented whenever a handle for the data is terminated. When the value of the counter reaches zero, the data is automatically unloaded.

Citations

14 Claims

1. In a computing system associating multiple applications with a same user account, a method for isolating data specific to a first application from a second application that share the same user account, the data being native to a central repository of application settings for applications sharing the same user account, the method comprising:
- loading the data native to the central repository of application settings, upon receiving a request for the data from the first application, from the central repository of application settings for applications sharing the same user account to a location specified by an access path;
  
  creating a handle to the data native to the central repository of application settings, at the location specified by the access path;
  
  passing the handle to the first application;
  
  determining whether the data native to the central repository of application settings is designated as application-specific data for the first application that is inaccessible to other applications;
  
  when it is determined that the data native to the central repository of application settings is designated as application-specific data for the first application, preventing creation of handles to the data other than the handle passed to the first application and denying one or more access requests that do not use the handle, from the second application sharing the same user account as the first application, for the data native to the central repository of application settings for applications sharing the same user account because the second application does not possess the handle, and;
  
  when it is determined the data native to the central repository of application settings is not designated as application-specific data for the first application, allowing the one or more access requests for the data native to the central repository of application settings from the second application.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the loading includes:
    - creating a unique identifier for the data native to the central repository of application settings;
      
      generating the access path for the data native to the central repository of application settings, using the unique identifier; and
      
      loading the data native to the central repository of application settings to the location specified by the access path.
  - 3. The method of claim 1, further comprising:
    - creating a counter for the data native to the central repository of application settings after loading the data native to the central repository of application settings, wherein a value of the counter is initialized to zero;
      
      incrementing the value of the counter when the handle is created for the data native to the central repository of application settings; and
      
      decrementing the value of the counter when the handle is terminated.
  - 4. The method of claim 3, further comprising:
    - unloading the data native to the central repository of application settings when the value of the counter reaches zero.
  - 5. The method of claim 1, wherein the computing system includes an operating system registry, and wherein the data are one or more hives of the registry.

6. At least one computer-readable memory device encoded with a plurality of computer-executable instructions that, when executed, perform a method for providing application-specific data access in an environment where multiple applications share a same user account, the method comprising:
- receiving an access request from a first computing process for data native to a central repository of application settings for applications sharing the same user account;
  
  based at least on information received with the access request, determining whether access to the data native to the central repository of application settings should be limited to the first computing process including at least determining whether the first computing process has exclusive access to the data as application-specific data that is inaccessible to other processes; and
  
  when it is determined that access should be limited, creating a handle through which the first computing process can exclusively access the data and denying access to the data native to the central repository of application settings to any other computing process sharing the same user account as the first computing process that does not possess the handle, such that the data native to the central repository of application settings for applications sharing the same user account can only be accessed by the first computing process through the handle; and
  
  when it is determined that access should not be limited, allowing multiple computing processes to share access to the data native to the central repository of application settings.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The at least one computer-readable memory device of claim 6, wherein the information received with the access request comprises a configurable function parameter indicating whether access to the data native to the central repository of application settings should be limited to the first computing process.
  - 8. The at least one computer-readable memory device of claim 6, wherein the method further comprises:
    - creating a unique identifier for the data native to the central repository of application settings;
      
      generating a path using the unique identifier; and
      
      loading the data native to the central repository of application settings to a location indicated by the path.
  - 9. The at least one computer-readable memory device of claim 8, wherein the method further comprises returning to the first computing process the handle to the data native to the central repository of application settings.
  - 10. The at least one computer-readable memory device of claim 9, wherein the method further comprises:
    - closing the handle when the first computing process finishes using the handle; and
      
      unloading the data native to the central repository of application settings when no handle is associated with the data native to the central repository of application settings.

11. A computer-implemented method for isolating data specific to a first application from other applications sharing a same user account with the first application, the data native to a central repository of application settings for applications sharing the same user account, the method comprising:
- upon receiving an access request from the first application for the data native to the central repository of application settings, loading the data native to the central repository of application settings from the central repository of application settings for applications sharing the same user account to a location specified by an access path;
  
  creating a handle to the data native to the central repository of application settings, at the location specified by the access path;
  
  passing the handle to the first application;
  
  based at least on information received with the access request, determining whether the data native to the central repository of application settings is designated as inaccessible to applications other than the first application; and
  
  when it is determined that the data native to the central repository of application settings is designated as inaccessible to applications other than the first application, preventing creation of handles to the data other than the handle passed to the first application and denying any access request, from the other applications sharing the same user account with the first application that does not possess the handle, for the data native to the central repository of application settings for applications sharing the same user account because the access requests do not use the handle and;
  
  when it is determined that the data native to the central repository of application settings is not designated as inaccessible to applications other than the first application, enabling creation of additional handles to the data other than the handle passed to the first application and allowing access requests to the data native to the central repository of application settings from the other applications through respective handles.
- View Dependent Claims (12, 13, 14)
- - 12. The computer-implemented method of claim 11, wherein the loading includes:
    - generating a unique identifier for the data native to the central repository of application settings;
      
      generating the access path for the data native to the central repository of application settings using the unique identifier; and
      
      loading the data native to the central repository of application settings to the location specified by the access path.
  - 13. The computer-implemented method of claim 11, further comprising:
    - upon loading the data native to the central repository of application settings, creating a counter for the data native to the central repository of application settings, wherein a value of the counter is initialized to zero;
      
      incrementing the value of the counter whenever a handle is created for the data native to the central repository of application settings; and
      
      decrementing the value of the counter whenever the handle is terminated.
  - 14. The computer-implemented method of claim 13, further comprising:
    - unloading the data native to the central repository of application settings when the value of the counter reaches zero.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Microsoft Technology Licensing LLC (Microsoft Corporation)
Original Assignee
Microsoft Corporation
Inventors
Sambotin, Dragos, Thirumalai, Karthik, Ward, Richard B
Primary Examiner(s)
PYZOCHA, MICHAEL J

Application Number

US11/274,023
Publication Number

US 20070033638A1
Time in Patent Office

2,212 Days
Field of Search

726/21, 726/30, 713/193, 713164-167
US Class Current

726/30
CPC Class Codes

G06F 21/6227 where protection concerns t...

G06F 2221/2147 Locking files

Isolation of application-specific data within a user account

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Isolation of application-specific data within a user account

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links