Managing access to a resource
First Claim
1. A computer-implemented method of managing access to a plurality of resources in a computer system, the method comprising:
- associating first and second access rights with an application resource by a security driver separate from an operating system of the a computing device of the computer system,wherein the computer system comprises at least one processor and operatively associated memory,wherein the security driver is executed by the computing device and logically positioned between an application associated with the application resource and a data storage of the computing device, wherein the application is executed by the computing device,wherein the first access right defines a level of access granted to the application to a first resource selected from the plurality of resources,wherein the second access right defines a level of access granted to the application to a second resource selected from the plurality of resources,wherein the first access right comprises first authentication data for allowing the application access to an encryption key store to retrieve a first encryption key corresponding to the first resource and stored at the encryption key store in response to a first request from the application to access the first resource, wherein the encryption key store is located at a second computing device of the computer system,wherein the second access right comprises second authentication data for allowing the application to access the encryption key store to retrieve a second encryption key corresponding to the second resource and stored at the encryption key store in response to a second request from the application to access the second resource, andwherein the associating comprises incorporating the first access right, the second access right and the application resource in a single file; and
digitally signing the first access right, the second access right and the application resource by the security driver with a single digital signature.
5 Assignments
0 Petitions
Accused Products
Abstract
Methods of managing access to at least one resource in a computer system. The methods may comprise the step of associating access rights with an application resource. The access rights may define a level of access to the resource granted to the application. The methods may also comprise the step of digitally signing the access rights and the application resource. In various embodiments, the associating may comprise incorporating the access rights into a stream of a file including the application resource. Also, in various embodiments, the associating may comprise incorporating the access rights into an extended attribute of a file including the application resource.
-
Citations
14 Claims
-
1. A computer-implemented method of managing access to a plurality of resources in a computer system, the method comprising:
-
associating first and second access rights with an application resource by a security driver separate from an operating system of the a computing device of the computer system, wherein the computer system comprises at least one processor and operatively associated memory, wherein the security driver is executed by the computing device and logically positioned between an application associated with the application resource and a data storage of the computing device, wherein the application is executed by the computing device, wherein the first access right defines a level of access granted to the application to a first resource selected from the plurality of resources, wherein the second access right defines a level of access granted to the application to a second resource selected from the plurality of resources, wherein the first access right comprises first authentication data for allowing the application access to an encryption key store to retrieve a first encryption key corresponding to the first resource and stored at the encryption key store in response to a first request from the application to access the first resource, wherein the encryption key store is located at a second computing device of the computer system, wherein the second access right comprises second authentication data for allowing the application to access the encryption key store to retrieve a second encryption key corresponding to the second resource and stored at the encryption key store in response to a second request from the application to access the second resource, and wherein the associating comprises incorporating the first access right, the second access right and the application resource in a single file; and digitally signing the first access right, the second access right and the application resource by the security driver with a single digital signature. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A computer implemented method of managing access to a plurality of resources in a computer system, the method comprising:
-
receiving a request from an application executed by a computing device of the computer system to access a first resource selected from the plurality of resources; determining, by a security driver executed by the computing device, whether a first access right associated with the application includes data for allowing the application to access to an encryption key store to retrieve a first encryption key stored at the encryption key store for decrypting the first resource, wherein the security driver is, separate from an operating system of the computing device, and logically positioned between the application and a data storage of the computing device, wherein the encryption key store is located at a second computing device of the computer system, and wherein the computer system comprises at least one processor and operatively associated memory; verifying by the security driver a single digital signature of an indication of at least the first access right and a component of the application; providing the application with the first encryption key when the first access right includes the data and the single digital signature is verified; receiving a second request from the application to access a second resource selected from the plurality of resources; determining, by the security driver, whether a second access right associated with the application includes data for allowing the application to access an encryption key store to retrieve a second encryption key stored at the encryption key store for decrypting the second resource, wherein the single digital signature is also of an indication of the second access right, wherein the first access right, the second access right and the component of the application are included in a single file; providing the application with the second encryption key. - View Dependent Claims (10, 11, 12, 13)
-
-
14. A method of managing access to a plurality of resources in a computer system, the method comprising:
-
receiving a request from an application executed by a computing device of the computer system to access a first resource selected from the plurality of resources; reading a first access right of the application by a security driver separate from an operating system of the computing device, wherein the computer system comprises at least one processor and operatively associated memory, wherein the security driver is executed by the computing device and logically positioned between an application associated with the application resource and a data storage of the computing device, wherein the first access right is stored in a stream of a file, wherein a component of the application is stored in a second stream of the file, wherein the first access right comprises data for allowing access to an encryption key store to retrieve a first encryption key corresponding to the first resource, and wherein the encryption key store is located at a second computing device of the computer system; verifying, by the security driver, the first access right of the application, wherein verifying the first access right comprises verifying a digital signature of an indication of the first access right and the component of the application; and providing the application with access to the first resource when the digital signature is verified and when the first access right indicate that the application is entitled to access the first resource, wherein the providing is performed by the security driver, and wherein the providing comprises; utilizing the first access right to allow access to the encryption key store to access the encryption key store and retrieve the first encryption key; providing the first encryption key to the application; receiving a request from the application for a second resource selected from the plurality of resources; reading a second access right of the application by the security driver, wherein the second access right is stored in the stream of the file, and wherein the second access right comprises data for allowing access to the encryption key store to retrieve a second encryption key corresponding to the second resource; verifying, by the security driver, the second access right of the application, wherein verifying the second access right comprises verifying the digital signature of the indication of the second access right, the component of the application, and an indication of the second access right; and providing the application with the second resource when the digital signature is verified when the second access right indicates that the application is entitled to access the second resource, wherein the providing is performed by the security driver, and wherein the providing comprises; utilizing the second access right to allow access to the encryption key store to retrieve the second encryption key; and providing the second encryption key to the application.
-
Specification