System for and methods of controlling user access to applications and/or programs of a computer
First Claim
1. A method for controlling user access to applications, comprising:
- receiving an user/group application whitelist, wherein the received user/group application whitelist is stored in a data storage medium and comprises applications associated with a specified group of one or more users;
publishing one or more applications to the specified group of one or more users that is associated with the stored user/group application whitelist;
authenticating that a user is a member of the specified group of one or more users to whom the applications are published; and
automatically adding the applications that are published to the group of which the authenticated user is a member to the stored user/group application whitelist, wherein the stored user/group application whitelist is updated with the automatically added applications.
5 Assignments
0 Petitions
Accused Products
Abstract
A system includes an application access manager driver and an operating system (OS) kernel module in a kernel-mode address space of an OS. The system also includes application modules, a public application whitelist, a public application whitelist manager, a user/group application whitelist, and a user/group application whitelist manager in a user-mode address space of the OS. A method includes receiving a request to launch an application, calling a “create process” function in the OS kernel module, calling a pre-registered “create process” callback function to the application access manager driver, and determining whether the application is allowed to execute based on whether the application access manager driver identifies the application as an allowable process in either public application whitelist or user/group application whitelist.
-
Citations
20 Claims
-
1. A method for controlling user access to applications, comprising:
-
receiving an user/group application whitelist, wherein the received user/group application whitelist is stored in a data storage medium and comprises applications associated with a specified group of one or more users; publishing one or more applications to the specified group of one or more users that is associated with the stored user/group application whitelist; authenticating that a user is a member of the specified group of one or more users to whom the applications are published; and automatically adding the applications that are published to the group of which the authenticated user is a member to the stored user/group application whitelist, wherein the stored user/group application whitelist is updated with the automatically added applications. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for controlling user access to applications, comprising:
-
a communication network for receiving an user/group application whitelist comprising applications associated with a specified group of one or more users; a data storage medium for storing the received user/group application whitelist; a processor for executing instructions stored in memory, wherein execution of the instructions by the processor; publishes one or more applications to the specified group of one or more users that is associated with the user/group application whitelist; authenticates that a user is a member of the specified group of one or more users to whom the applications are published; and automatically adds the applications that are published to the group of which the authenticated user is a member to the user/group application whitelist, wherein the user/group application whitelist is updated with the automatically added applications. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable storage medium having embodied thereon a program executable by a processor to perform a method for controlling user access to applications, the method comprising:
-
receiving an user/group application whitelist, wherein the received user/group application whitelist comprises applications associated with a specified group of one or more users; publishing one or more applications to the specified group of one or more users that is associated with the stored user/group application whitelist; authenticating that a user is a member of the specified group of one or more users to whom the applications are published; and automatically adding the applications that are published to the group of which the authenticated user is a member to the stored user/group application whitelist, wherein the stored user/group application whitelist is updated with the automatically added applications. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification