Rule-based application access management

US 9,380,063 B2
Filed: 05/14/2015
Issued: 06/28/2016
Est. Priority Date: 10/23/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing a streaming software container including a plurality of resources used in executing a streaming software application at a client device, the plurality of resources including access control rules defining access to the plurality of resources;

receiving a request for a resource used in executing the streaming software application from a requestor;

determining if the resource is one of the plurality of resources included in the streaming software container;

if it is determined that the resource is absent from the plurality of resources included in the streaming software container, then providing the resource to the requestor;

if it is determined that the resource is one of the plurality of resources included in the streaming software container, then;

determining if the requestor has rules-based access to the resource according to the access control rules;

providing the resource from the streaming software container to the requestor for executing the streaming software application if the requestor has rules-based access to the resource;

determining an altitude for the resource;

determining the access control rules for the resource based on the altitude;

determining if the access control rules for the resource specify accept;

if it is determined that the access control rules for the resource fail to specify accept, determining if the access control rules for the resource specify pause;

if it is determined that the access control rules for the resource fail to specify pause, determining if the access control rules for the resource specify pass through;

if it is determined that the access control rules for the resource specify pass through;

decrementing the altitude for the resource to a lower altitude;

determining new access control rules for the resource using a process ID and a resource ID at the lower altitude.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.

248 Citations

15 Claims

1. A method comprising:
- providing a streaming software container including a plurality of resources used in executing a streaming software application at a client device, the plurality of resources including access control rules defining access to the plurality of resources;
  
  receiving a request for a resource used in executing the streaming software application from a requestor;
  
  determining if the resource is one of the plurality of resources included in the streaming software container;
  
  if it is determined that the resource is absent from the plurality of resources included in the streaming software container, then providing the resource to the requestor;
  
  if it is determined that the resource is one of the plurality of resources included in the streaming software container, then;
  
  determining if the requestor has rules-based access to the resource according to the access control rules;
  
  providing the resource from the streaming software container to the requestor for executing the streaming software application if the requestor has rules-based access to the resource;
  
  determining an altitude for the resource;
  
  determining the access control rules for the resource based on the altitude;
  
  determining if the access control rules for the resource specify accept;
  
  if it is determined that the access control rules for the resource fail to specify accept, determining if the access control rules for the resource specify pause;
  
  if it is determined that the access control rules for the resource fail to specify pause, determining if the access control rules for the resource specify pass through;
  
  if it is determined that the access control rules for the resource specify pass through;
  
  decrementing the altitude for the resource to a lower altitude;
  
  determining new access control rules for the resource using a process ID and a resource ID at the lower altitude.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the requestor is a user of the client device.
  - 3. The method of claim 1, wherein the requestor is an application executing at the client device.
  - 4. The method of claim 1, wherein if it is determined that the requestor lacks rules-based access to the resource, receiving a request for an alternative resource used in executing the streaming application from the requestor.
  - 5. The method of claim 1, wherein the access control rules are specific to whether requests for resources originate from inside the streaming software container.
  - 6. The method of claim 1, further comprising:
    - beginning execution of the streaming software application using the resource in a first runtime environment;
      
      setting a timer concurrently with the beginning of the execution of the streaming software application;
      
      managing rules-based access to the plurality of resources included in the streaming software container until the timer expires;
      
      executing until completion a second streaming software application in a second runtime environment;
      
      resuming execution of the streaming software application in the first runtime environment after completed execution of the second streaming software application.
  - 7. The method of claim 1, further comprising:
    - determining if the access control rules for the resource specify accept;
      
      if it is determined that the access control rules for the resource fail to specify accept, determining if the access control rules for the resource specify pause;
      
      if it is determined that the access control rules for the resource fail to specify pause, determining if the access control rules for the resource specify pass through;
      
      if it is determined that the access control rules for the resource fail to specify pass through, denying the requestor access to the resource used in executing the streaming software application.
  - 8. The method of claim 1, further comprising:
    - determining an initial altitude for the resource used in executing the streaming software application;
      
      if it is determined that the initial altitude is zero;
      
      writing files of the resource to the streaming software container, the files used in executing the streaming software application;
      
      managing rules-based access to the files of the resource in the streaming software container.

9. A system comprising:
- at least one processor;
  
  memory storing instructions configured to instruct the at least one processor to perform;
  
  providing a streaming software container including a plurality of resources used in executing a streaming software application at a client device, the plurality of resources including access control rules defining access to the plurality of resources;
  
  receiving a request for a resource used in executing the streaming software application from a requestor;
  
  determining if the resource is one of the plurality of resources included in the streaming software container;
  
  if it is determined that the resource is absent from the plurality of resources included in the streaming software container, then providing the resource to the requestor;
  
  if it is determined that the resource is one of the plurality of resources included in the streaming software container, then;
  
  determining if the requestor has rules-based access to the resource according to the access control rules;
  
  providing the resource from the streaming software container to the requestor for executing the streaming software application if the requestor has rules-based access to the resource;
  
  determining an altitude for the resource;
  
  determining the access control rules for the resource based on the altitude;
  
  determining if the access control rules for the resource specify accept;
  
  if it is determined that the access control rules for the resource fail to specify accept, determining if the access control rules for the resource specify pause;
  
  if it is determined that the access control rules for the resource fail to specify pause, determining if the access control rules for the resource specify pass through;
  
  if it is determined that the access control rules for the resource specify pass through;
  
  decrementing the altitude for the resource to a lower altitude;
  
  determining new access control rules for the resource using a process ID and a resource ID at the lower altitude.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The system of claim 9, wherein the requestor is a user of the client device.
  - 11. The system of claim 9, wherein the requestor is an application executing at the client device.
  - 12. The system of claim 9, wherein if it is determined that the requestor lacks rules-based access to the resource the instructions are further configured to instruct the at least one processor to perform:
    - receiving a request for an alternative resource used in executing the streaming application from the requestor.
  - 13. The system of claim 9, wherein the access control rules are specific to whether requests for resources originate from inside the streaming software container.
  - 14. The system of claim 9, wherein the instructions are further configured to instruct the at least one processor to perform:
    - beginning execution of the streaming software application using the resource in a first runtime environment;
      
      setting a timer concurrently with the beginning of the execution of the streaming software application;
      
      managing rules-based access to the plurality of resources included in the streaming software container until the timer expires;
      
      executing until completion a second streaming software application in a second runtime environment;
      
      resuming execution of the streaming software application in the first runtime environment after completed execution of the second streaming software application.
  - 15. The system of claim 9, wherein the instructions are further configured to instruct the at least one processor to perform:
    - determining if the access control rules for the resource specify accept;
      
      if it is determined that the access control rules for the resource fail to specify accept, determining if the access control rules for the resource specify pause;
      
      if it is determined that the access control rules for the resource fail to specify pause, determining if the access control rules for the resource specify pass through;
      
      if it is determined that the access control rules for the resource fail to specify pass through, denying the requestor access to the resource used in executing the streaming software application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Numecent Holdings Incorporated
Original Assignee
Numecent Holdings Incorporated
Inventors
Hitomi, Arthur S., Tran, Robert, Kammer, Peter J., Pfiffner, Doug, Nguyen, Huy
Primary Examiner(s)
Okeke, Izunna

Application Number

US14/712,339
Publication Number

US 20150249671A1
Time in Patent Office

411 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 9/468   Specific access rights for ...

H04L 41/0813   characterised by the condit...

H04L 41/145   involving simulating, desig...

H04L 43/0823   Errors, e.g. transmission e...

H04L 63/10   for controlling access to d...

H04L 63/108   when the policy decisions a...

Rule-based application access management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

248 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Rule-based application access management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

248 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links