Access authorization having embedded policies
First Claim
Patent Images
1. A computer-implemented method of setting a revocable policy on a target process, the method comprising:
- receiving, via an access control application programming interface (“
API”
), a first request from a controlling process to set a revocable policy on a target process;
determining whether the controlling process possesses adequate privilege to set the revocable policy on the target process;
upon determining that the controlling process possesses adequate privilege to set the revocable policy on the target process, setting an indication to apply the revocable policy on the target process;
when the revocable policy is applied on the target process, sending to the controlling process an identifier, wherein the identifier provides authorization to revoke the revocable policy;
receiving, via the API, a second request to revoke the revocable policy on the target process, wherein the second request includes the identifier;
based upon the identifier, authenticating the second request as having authorization to revoke the revocable policy on the target process; and
revoking the revocable policy on the target process.
1 Assignment
0 Petitions
Accused Products
Abstract
A facility for receiving an embedded policy is provided. The facility checks an application program image for the presence of an embedded policy. If an embedded policy is detected, the facility extracts the policy from within the application program image. The facility may then apply the extracted policy to the application program image before the application program image is loaded and/or executed. Moreover, the facility may check the application program image'"'"'s integrity prior to extracting the embedded policy.
-
Citations
27 Claims
-
1. A computer-implemented method of setting a revocable policy on a target process, the method comprising:
-
receiving, via an access control application programming interface (“
API”
), a first request from a controlling process to set a revocable policy on a target process;determining whether the controlling process possesses adequate privilege to set the revocable policy on the target process; upon determining that the controlling process possesses adequate privilege to set the revocable policy on the target process, setting an indication to apply the revocable policy on the target process; when the revocable policy is applied on the target process, sending to the controlling process an identifier, wherein the identifier provides authorization to revoke the revocable policy; receiving, via the API, a second request to revoke the revocable policy on the target process, wherein the second request includes the identifier; based upon the identifier, authenticating the second request as having authorization to revoke the revocable policy on the target process; and revoking the revocable policy on the target process. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A computer storage media encoding computer-executable instructions that when executed by a processor perform a method of setting a revocable policy on a target process, the method comprising:
-
receiving, via an access control application programming interface (“
API”
), a first request from a controlling process to set a revocable policy on a target process;determining whether the controlling process possesses adequate privilege to set the revocable policy on the target process; upon determining that the controlling process possesses adequate privilege to set the revocable policy on the target process, setting an indication to apply the revocable policy on the target process; when the revocable policy is set on the target process, sending to the controlling process an identifier, wherein the identifier provides authorization to revoke the revocable policy; receiving, via the API, a second request to revoke the revocable policy on the target process, wherein the second request includes the identifier; based upon the identifier, authenticating the second request as having authorization to revoke the revocable policy on the target process; and revoking the revocable policy on the target process. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for setting a revocable policy, the system comprising:
-
a processor; a memory communicatively coupled to the processor, the memory comprising; computer-executable instructions encoding a controlling process; computer-executable instructions encoding a target process; computer-executable instructions encoding an access control application programming interface (“
API”
) communicatively coupled to an operating system, the controlling process, and the target process; andcomputer-executable instructions encoding the operating system, the operating system comprised of; an authorization module configured to; determine whether the controlling process possesses adequate privilege to set a revocable policy on the target process; and authenticate a request to revoke the revocable policy on the target process; a policy store configured to store the revocable policy; and wherein the operating system is configured to; receive a first request, via the API, from the controlling process to set the revocable policy on the target process; set within the policy store an indication to apply the revocable policy on the target process; send to the controlling process, via the API, an identifier, wherein the identifier provides authorization to revoke the revocable policy; receive a second request to revoke the revocable policy on the target process, wherein the second request includes the identifier; and revoke the revocable policy stored in the policy store. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification