System for and methods of controlling user access to applications and/or programs of a computer

US 8,863,232 B1
Filed: 02/06/2012
Issued: 10/14/2014
Est. Priority Date: 02/04/2011
Status: Active Grant

First Claim

Patent Images

1. A method for controlling user access to applications, comprising:

receiving an user/group application whitelist, wherein the received user/group application whitelist is stored in a data storage medium and comprises applications associated with a specified group of one or more users;

publishing one or more applications to the specified group of one or more users that is associated with the stored user/group application whitelist;

authenticating that a user is a member of the specified group of one or more users to whom the applications are published; and

automatically adding the applications that are published to the group of which the authenticated user is a member to the stored user/group application whitelist, wherein the stored user/group application whitelist is updated with the automatically added applications.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system includes an application access manager driver and an operating system (OS) kernel module in a kernel-mode address space of an OS. The system also includes application modules, a public application whitelist, a public application whitelist manager, a user/group application whitelist, and a user/group application whitelist manager in a user-mode address space of the OS. A method includes receiving a request to launch an application, calling a “create process” function in the OS kernel module, calling a pre-registered “create process” callback function to the application access manager driver, and determining whether the application is allowed to execute based on whether the application access manager driver identifies the application as an allowable process in either public application whitelist or user/group application whitelist.

Citations

20 Claims

1. A method for controlling user access to applications, comprising:
- receiving an user/group application whitelist, wherein the received user/group application whitelist is stored in a data storage medium and comprises applications associated with a specified group of one or more users;
  
  publishing one or more applications to the specified group of one or more users that is associated with the stored user/group application whitelist;
  
  authenticating that a user is a member of the specified group of one or more users to whom the applications are published; and
  
  automatically adding the applications that are published to the group of which the authenticated user is a member to the stored user/group application whitelist, wherein the stored user/group application whitelist is updated with the automatically added applications.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, further comprising storing the user/group application whitelist in a user data of the authenticated user.
  - 3. The method of claim 1, further comprising storing a public application whitelist in a data storage medium and automatically denying access to the applications in the user/group application whitelist that are not in the public application whitelist.
  - 4. The method of claim 1, wherein the specified group is associated with a blacklist comprising one or more applications that are not allowed to be accessed by members of the specified group.
  - 5. The method of claim 1, further comprising bringing the user/group application whitelist into a kernel-mode address space.
  - 6. The method of claim 1, further comprising reading the stored user/group application whitelist into a searchable data structure.
  - 7. The method of claim 6, wherein the searchable data structure comprises an array list.

8. An apparatus for controlling user access to applications, comprising:
- a communication network for receiving an user/group application whitelist comprising applications associated with a specified group of one or more users;
  
  a data storage medium for storing the received user/group application whitelist;
  
  a processor for executing instructions stored in memory, wherein execution of the instructions by the processor;
  
  publishes one or more applications to the specified group of one or more users that is associated with the user/group application whitelist;
  
  authenticates that a user is a member of the specified group of one or more users to whom the applications are published; and
  
  automatically adds the applications that are published to the group of which the authenticated user is a member to the user/group application whitelist, wherein the user/group application whitelist is updated with the automatically added applications.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The apparatus of claim 8, wherein the data storage medium further stores a user data of the authenticated user and wherein the user/group application whitelist is stored in association with the user data of the authenticated user.
  - 10. The apparatus of claim 8, wherein the data storage medium further stores a public application whitelist, and wherein the operating system automatically denies access to one or more of the applications in the user/group application whitelist that are not in the public application whitelist.
  - 11. The apparatus of claim 8, wherein the data storage medium further stores a blacklist associated with the specified group, the blacklist comprising one or more applications that are not allowed to be accessed by members of the specified group.
  - 12. The apparatus of claim 8, wherein the user/group application whitelist is in a kernel-mode address space in the data storage medium.
  - 13. The apparatus of claim 8, wherein the user/group application whitelist is read into a searchable data structure in the data storage medium.
  - 14. The apparatus of claim 13, wherein the searchable data structure comprises an array list in the data storage medium.

15. A non-transitory computer-readable storage medium having embodied thereon a program executable by a processor to perform a method for controlling user access to applications, the method comprising:
- receiving an user/group application whitelist, wherein the received user/group application whitelist comprises applications associated with a specified group of one or more users;
  
  publishing one or more applications to the specified group of one or more users that is associated with the stored user/group application whitelist;
  
  authenticating that a user is a member of the specified group of one or more users to whom the applications are published; and
  
  automatically adding the applications that are published to the group of which the authenticated user is a member to the stored user/group application whitelist, wherein the stored user/group application whitelist is updated with the automatically added applications.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The non-transitory computer-readable storage medium of claim 15, further comprising storing the stored user/group application whitelist in a user data of the authenticated user.
  - 17. The non-transitory computer-readable storage medium of claim 15, further comprising storing a public application whitelist in a data storage medium and automatically denying access to the applications in the user/group application whitelist that are not in the public application whitelist.
  - 18. The non-transitory computer-readable storage medium of claim 15, wherein the specified group is further associated with a blacklist comprising applications that are not allowed to be accessed by members of the specified group.
  - 19. The non-transitory computer-readable storage medium of claim 15, further comprising bringing the stored user/group application whitelist into kernel-mode address space.
  - 20. The non-transitory computer-readable storage medium of claim 15, further comprising reading the stored user/group application whitelist into a searchable data structure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
RPX Corporation
Original Assignee
Hopto Inc.
Inventors
Tidd, William
Primary Examiner(s)
LEE, JASON T

Application Number

US13/367,228
Time in Patent Office

981 Days
Field of Search

726/2, 726/3, 726/4, 726/27, 713/151, 713/152
US Class Current

726/2
CPC Class Codes

G06F 16/176   Support for shared access t...

G06F 21/6218   to a system of files or obj...

G06F 21/6245   Protecting personal data, e...

G06F 21/6281   at program execution time, ...

G06F 2221/2141   Access rights, e.g. capabil...

System for and methods of controlling user access to applications and/or programs of a computer

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

System for and methods of controlling user access to applications and/or programs of a computer

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links