Resource authorizations dependent on emulation environment isolation policies

US 8,438,609 B2
Filed: 06/28/2007
Issued: 05/07/2013
Est. Priority Date: 03/22/2007
Status: Active Grant

First Claim

Patent Images

1. An apparatus comprising:

one or more non-transitory computer-readable storage media containing executable code to implement a method including at least;

creating multiple emulation environments including at least a virtual environment and a physical emulation environment;

selecting an emulation environment from the multiple emulation environments in response to an identified event category;

obtaining a resource authorization dependent upon at least a monitoring system output, a user input, or a system-wide policy signifying an apparent compliance with a policy of causing the selected emulation environment to isolate a first software object type from a second software object type, wherein the isolate the first software object type is at least one of a temporary isolation; and

signaling a decision whether to comply with the policy of causing the selected emulation environment to isolate the first software object type from the second software object type, wherein the policy is selectively,associated with one or more resources or resource types; and

implemented according to an apparent nature of a potential vulnerability.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system, method, computer program product, and carrier are described for obtaining a resource authorization dependent upon apparent compliance with a policy of causing an emulation environment to isolate a first software object type from a second software object type; and signaling a decision whether to comply with the policy of causing the emulation environment to isolate the first software object type from the second software object type.

Citations

26 Claims

1. An apparatus comprising:
- one or more non-transitory computer-readable storage media containing executable code to implement a method including at least;
  
  creating multiple emulation environments including at least a virtual environment and a physical emulation environment;
  
  selecting an emulation environment from the multiple emulation environments in response to an identified event category;
  
  obtaining a resource authorization dependent upon at least a monitoring system output, a user input, or a system-wide policy signifying an apparent compliance with a policy of causing the selected emulation environment to isolate a first software object type from a second software object type, wherein the isolate the first software object type is at least one of a temporary isolation; and
  
  signaling a decision whether to comply with the policy of causing the selected emulation environment to isolate the first software object type from the second software object type, wherein the policy is selectively,associated with one or more resources or resource types; and
  
  implemented according to an apparent nature of a potential vulnerability.
- View Dependent Claims (2, 3, 4)
- - 2. The apparatus of claim 1 in which the one or more non-transitory computer-readable storage media comprise:
    - an antenna-containing semiconductor chip.
  - 3. The apparatus of claim 1 in which a portion of the one or more non-transitory computer-readable storage media comprises:
    - one or more of an image projection module or a touch screen.
  - 4. The apparatus of claim 1 further comprising at least one of a satellite dish or other signal-reflective element, a transducer, an antenna, or a receiver operated to receive the device-detectable implementation.

5. An apparatus comprising:
- one or more emulation environments including at least a virtual environment and a physical emulation environment;
  
  an emulation environment selected from the multiple emulation environments in response to the specific event category identified;
  
  one or more non-transitory computer-readable storage media storing a device-detectable output indicating an occurrence of obtaining a resource authorization dependent upon at least a monitoring system output, a user input, or a system-wide policy signifying an apparent compliance with a policy of causing the selected emulation environment to isolate a first software object type from a second software object type, wherein the isolate the first software object type is at least one of a temporary isolation; and
  
  circuitry for signaling a decision whether to comply with the policy of causing the selected emulation environment to isolate the first software object type from the second software object type, wherein the policy is selectively associated with one or more resources or resource types,associated with one or more resources or resource types; and
  
  implemented according to an apparent nature of a potential vulnerability.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
- - 6. The apparatus of claim 5 in which the one or more non-transitory computer-readable storage media comprise:
    - an antenna-containing semiconductor chip.
  - 7. The apparatus of claim 5 in which at least one of the one or more non-transitory computer-readable storage media comprises:
    - one or more signal-bearing media transmitting a portion of the device-detectable output at least partly responsive to obtaining a resource authorization dependent upon at least the monitoring system output, the user input, or the system-wide policy signifying an apparent compliance with a policy of causing the selected emulation environment to isolate a first software object type from a second software object type.
  - 8. The apparatus of claim 5 in which the one or more non-transitory computer-readable storage media comprise:
    - a portable module including at least an auditory interface configured to be operated while the portable module is held or worn.
  - 9. The apparatus of claim 5 in which a portion of the one or more non-transitory computer-readable storage media comprises:
    - one or more of an image projection module or a touch screen.
  - 10. The apparatus of claim 5 in which the one or more non-transitory computer-readable storage media include at least one of a repeater, a communication satellite, or another active module configured to accept first and second portions of the device-detectable output at first and second respective times, the device-detectable output comprising at least one or more displayable images and one or more data files.
  - 11. The apparatus of claim 5 in which a portion of the one or more non-transitory computer-readable storage media comprises:
    - one or more processors configured to perform one or more of optical image scanning or auditory pattern scanning upon the device-detectable output, wherein the device-detectable output comprises at least one of a decision, a statistical correlation, and/or an encoded expression.
  - 12. The apparatus of claim 5 in which a portion of the one or more non-transitory computer-readable storage media comprises:
    - one or more processors configured to perform linguistic pattern scanning upon the device-detectable output.
  - 13. The apparatus of claim 5 in which a portion of the one or more non-transitory computer-readable storage media comprises:
    - circuitry for using an encryption constraint in at least some of the device-detectable output.
  - 14. The apparatus of claim 5 in which at least one of the one or more non-transitory computer-readable storage media comprises:
    - one or more signal-bearing media storing at least one of a special-purpose instruction sequence or an information-bearing static attribute as a portion of the device-detectable output.
  - 15. The apparatus of claim 5 in which at least one of the one or more non-transitory computer-readable storage media comprises:
    - one or more signal-bearing media storing at least one signal from an implementation having at least circuitry for obtaining a resource authorization dependent upon at least the monitoring system output, the user input, or the system-wide policy signifying an apparent compliance with a policy of causing the selected emulation environment to isolate a first software object type from a second software object type; and
      
      circuitry for signaling a decision whether to comply with the policy of causing the selected emulation environment to isolate the first software object type from the second software object type.
  - 16. The apparatus of claim 5 in which a first portion of the one or more non-transitory computer-readable storage media transmits a portion of the device-detectable output before a remainder of the one or more non-transitory media transmits a remainder of the device-detectable output.
  - 17. The apparatus of claim 5 in which the one or more non-transitory computer-readable storage media include at least one of an integrated circuit, a data-holding element, a lens or other light-transmissive medium, a signal-bearing conduit currently bearing at least a portion of the device-detectable output, or a bus or other configuration of two or more transmission media in mutual isolation.
  - 18. The apparatus of claim 5 in which a portion of the one or more non-transitory computer-readable storage media comprises:
    - a power line operated for transmitting content of the device-detectable output between at least two terminals.
  - 19. The apparatus of claim 5 in which a first medium of the one or more non-transitory computer-readable storage media stores a first portion of the device-detectable output while a second medium of the one or more non-transitory media stores a second portion of the device-detectable output.
  - 20. The apparatus of claim 5 in which the one or more non-transitory computer-readable storage media are configured at least (a) by causing a communication channel in the one or more non-transitory media to store a first portion of the device-detectable output;
    - and (b) by causing another channel of the one or more non-transitory media to store a second portion of the device-detectable output.
  - 21. The apparatus of claim 5 in which the one or more non-transitory computer-readable storage media have borne the device-detectable output.
  - 22. The apparatus of claim 5 in which a portion of the one or more non-transitory computer-readable storage media comprises:
    - one or more static markings indicative of the device-detectable output.
  - 23. The apparatus of claim 5 in which a portion of the one or more non-transitory computer-readable storage media comprises:
    - a magnetoresistive random access memory configured to receive the device-detectable output.
  - 24. The apparatus of claim 5 further comprising at least one of a satellite dish or other signal-reflective element, a transducer, an antenna, or a receiver operated to receive the device-detectable output.

25. A device implemented method comprising:
- performing, on the device, a reception of or a transmission of one or more instructions in relation to a second method that includes at least;
  
  creating one or more emulation environments including at least a virtual environment and a physical emulation environment;
  
  selecting an emulation environment from the multiple emulation environments in response to the specific event category identified;
  
  obtaining a resource authorization dependent upon at least a monitoring system output, a user input, or system-wide policy signifying an apparent compliance with a policy of causing the selected emulation environment to isolate a first software object type from a second software object type, wherein the isolate the first software object type is at least one of a temporary isolation; and
  
  signaling a decision whether to comply with the policy of causing the selected emulation environment to isolate the first software object type from the second software object type, wherein the policy is selectively associated with one or more resources or resource types,associated with one or more resources or resource types; and
  
  implemented according to an apparent nature of a potential vulnerability.
- View Dependent Claims (26)
- - 26. The device implemented method of claim 25 further comprising limiting access to part or all of a local resource with a similar apparent compliance dependent resource authorization, wherein the apparent compliance dependent resource authorization is implemented as a device-executable code or other instruction sequence.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
MEC Management, LLC (Three Affiliated Tribes of the Fort Berthold Reservation, North Dakota)
Original Assignee
The Invention Science Fund I, L.L.C. (Intellectual Ventures LLC)
Inventors
Jung, Edward K. Y., Levien, Royce A., Cohen, Alexander J., Lord, Robert W., Malamud, Mark A., Rinaldo, Jr., John D., Wood, JR., Lowell L.
Primary Examiner(s)
Barron, Jr., Gilberto
Assistant Examiner(s)
Gregory, Shaun

Application Number

US11/824,581
Publication Number

US 20080235756A1
Time in Patent Office

2,140 Days
Field of Search

None
US Class Current

726/1
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/606   by securing the transmissio...

G06F 9/45533   Hypervisors; Virtual machin...

Resource authorizations dependent on emulation environment isolation policies

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

26 Claims

Specification

Solutions

Use Cases

Quick Links

Resource authorizations dependent on emulation environment isolation policies

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

26 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links