Trusted communications with child processes
First Claim
1. A method to identify a child process to a parent process on an operating system in computer software using impersonation of a requestor process, the method comprising:
- obtaining a token from the operating system, the token obtained by the parent process;
creating a communications endpoint by the parent process and establishing a parent server for processing requests;
spawning, by the parent process, a child process and passing the endpoint to the child process wherein access to the child process is limited, the child process having a child security identifier;
receiving a requestor-initiated request to communicate with the parent process, the request including a security identifier for a requestor process;
impersonating the requestor process by the parent process, the operating system providing a security identifier that identifies the requestor process to the parent process;
comparing the requestor process security identifier with the child security identifier, thereby identifying the requestor process as a child process spawned by the parent process; and
responding, by the parent process, to the requestor-initiated request if the comparison is a match of security identifiers.
2 Assignments
0 Petitions
Accused Products
Abstract
A method to identify a child process to a parent process in an operating system includes obtaining a token and login identifier from the operating system. The parent process creates a remote procedure call communications endpoint to communicate with the child process. Thereafter, a child process is spawned by the parent process. A child-initiated request to communicate with the parent process is then received by the parent process. In order to verify the identity of the child-initiated request, the parent process impersonates the child process and receives as identifier that identifies the requestor child process. The requestor process identifier and the spawned child identifier are compared. Based on the comparison, the parent process responds to the child-initiated request. In another embodiment, process identifiers are used by the parent process to verify the identity of a child process the requests communication with the parent process.
12 Citations
20 Claims
-
1. A method to identify a child process to a parent process on an operating system in computer software using impersonation of a requestor process, the method comprising:
-
obtaining a token from the operating system, the token obtained by the parent process; creating a communications endpoint by the parent process and establishing a parent server for processing requests; spawning, by the parent process, a child process and passing the endpoint to the child process wherein access to the child process is limited, the child process having a child security identifier; receiving a requestor-initiated request to communicate with the parent process, the request including a security identifier for a requestor process; impersonating the requestor process by the parent process, the operating system providing a security identifier that identifies the requestor process to the parent process; comparing the requestor process security identifier with the child security identifier, thereby identifying the requestor process as a child process spawned by the parent process; and responding, by the parent process, to the requestor-initiated request if the comparison is a match of security identifiers. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method to identify a child process to a parent process in an operating system in computer software using a process identifier, the method comprising:
-
obtaining a token from the operating system, the token obtained by the parent process; creating a communications endpoint by the parent process and establishing a parent server for process responses; spawning, by the parent process, a child process and passing the endpoint to the child process wherein access to the child process is limited, the spawning also producing a child process identifier; receiving a requestor-initiated request to communicate with the parent process, the request made to the endpoint and including a requestor process identifier; querying the operating system, by the parent process, for a spawned child process identifier, the operating system providing the spawned child process identifier; comparing the requestor-initiated process identifier with the spawned child process identifier;
thereby identifying a requesting process as the child process spawned by the parent process; andresponding, by the parent process, to the requestor-initiated request if the comparison is a match of process identifiers. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
-
Specification