Rule-based application access management

US 8,261,345 B2
Filed: 10/23/2007
Issued: 09/04/2012
Est. Priority Date: 10/23/2006
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

encapsulating resources in a software container;

establishing a DMZ virtual area using one or more of a sand-boxing runtime model, an overlaying runtime model, and a hybrid runtime model to control access to the resources;

executing an application;

receiving from the application a request for one of the resources;

providing the resource in response to the request if access is granted to the application at the DMZ virtual area.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.

287 Citations

19 Claims

1. A method, comprising:
- encapsulating resources in a software container;
  
  establishing a DMZ virtual area using one or more of a sand-boxing runtime model, an overlaying runtime model, and a hybrid runtime model to control access to the resources;
  
  executing an application;
  
  receiving from the application a request for one of the resources;
  
  providing the resource in response to the request if access is granted to the application at the DMZ virtual area.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, wherein establishing the DMZ virtual area includes managing rule-based access to the resources.
  - 3. The method of claim 1, further comprising:
    - receiving the request at the DMZ virtual area;
      
      granting access to the application at the DMZ virtual area.
  - 4. The method of claim 1, further comprising:
    - receiving the request at the DMZ virtual area, wherein the resource is not managed in the DMZ virtual area;
      
      providing the requested resource.
  - 5. The method of claim 1, further comprising:
    - receiving the request at the DMZ virtual area, wherein rule-based access is not granted;
      
      restricting access to the requested resource.
  - 6. The method of claim 1, wherein the resources comprise one or more of firmware resources, hardware resources, software components associated with firmware resources, and software components associated with hardware resources.
  - 7. The method of claim 1, wherein the application is encapsulated within the software container.
  - 8. The method of claim 1, wherein the software container is a first software container and wherein the application is associated with a second software container distinct from the first software container.
  - 9. The method of claim 1, wherein the application is associated with no software containers.
  - 10. The method of claim 1, wherein providing the resource comprises allowing the application to directly access the resource if the DMZ virtual area allows rule-based access to the resource.
  - 11. The method of claim 1, wherein providing the resource comprises sending a message to the application, the message indicating that the resource should be provided to the application.
  - 12. The method of claim 1, wherein providing the resource comprises:
    - configuring the DMZ virtual area to assign one or more file hooks to the request;
      
      configuring the DMZ virtual area to provide access to the one or more file hooks to the application.

13. A method, comprising:
- encapsulating software components associated with firmware or hardware resources in a software container;
  
  establishing a DMZ virtual area using one or more of a sand-boxing runtime model, an overlaying runtime model, and a hybrid runtime model to control access to one or more of the firmware or hardware resources;
  
  executing an application;
  
  receiving from the application a request for a selected one of the firmware or hardware resources;
  
  providing the selected resource in response to the request if access is granted to the application at the DMZ virtual area.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The method of claim 13, further comprising:
    - receiving the request at the DMZ virtual area;
      
      granting access to the application at the DMZ virtual area.
  - 15. The method of claim 13, further comprising:
    - receiving the request at the DMZ virtual area, wherein the resource is not managed in the DMZ virtual area;
      
      providing the requested resource.
  - 16. The method of claim 13, wherein providing the resource comprises allowing the application to directly access the resource if the DMZ virtual area allows rule-based access to the resource.
  - 17. The method of claim 13, wherein providing the resource comprises sending a message to the application, the message indicating that the resource should be provided to the application.
  - 18. The method of claim 13, wherein providing the resource comprises:
    - configuring the DMZ virtual area to assign one or more file hooks to the request;
      
      configuring the DMZ virtual area to provide access to the one or more file hooks to the application.

19. A system, comprising:
- software means for encapsulating software components associated with firmware or hardware resources;
  
  software means for establishing a DMZ virtual area using one or more of a sand-boxing runtime model, an overlaying runtime model, and a hybrid runtime model to control access to one or more of the firmware or hardware resources;
  
  software means for executing an application;
  
  software means for receiving from the application a request for a selected one of the firmware or hardware resources;
  
  software means for providing the selected resource in response to the request if access is granted to the application at the DMZ virtual area.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Numecent Holdings Incorporated
Original Assignee
Endeavors Technologies, Inc. (DivestCap Management, Inc.)
Inventors
Hitomi, Arthur Shingen, Tran, Robert, Pfiffner, Doug, Nguyen, Huy, Kammer, Peter Joseph
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Okeke, Izunna

Application Number

US11/977,187
Publication Number

US 20080109876A1
Time in Patent Office

1,778 Days
Field of Search

726/1, 726/2, 726/27, 726/28, 726/29, 726/30, 726/21, 713/161, 713/164, 713/165, 713/167, 713/152, 713/151, 713/193, 713/182
US Class Current

726/22
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 9/468   Specific access rights for ...

H04L 41/0813   characterised by the condit...

H04L 41/145   involving simulating, desig...

H04L 43/0823   Errors, e.g. transmission e...

H04L 63/10   for controlling access to d...

H04L 63/108   when the policy decisions a...

Rule-based application access management

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

287 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Rule-based application access management

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

287 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links