Methods and systems for using derived user accounts
First Claim
Patent Images
1. A computer-implemented method for accessing a resource in a computer system comprising an operating system, comprising:
- receiving a request to access a named abstraction from an application;
determining if the application is running in a derived user account (DUA) context, wherein the DUA context represents a security context of a DUA that is derived from an original user account (OUA) associated with a user, and wherein the determining comprises examining an access token associated with the request to determine if the request is associated with the DUA;
if the application is not running in the DUA context, creating the DUA and directing the application to run in the DUA context; and
granting the application access to the named abstraction.
3 Assignments
0 Petitions
Accused Products
Abstract
Methods, systems and articles of manufacture consistent with features of the present invention allow the generation and use of derived user accounts, or DUA, in a computer system comprising user accounts. In particular, derivation rules define how a DUA is linked to or created based on an existing original user account, or OUA. Derivation transformations may also update the state of a DUA based on its corresponding OUA or give feedback from the state of a DUA to the state of its corresponding OUA.
-
Citations
20 Claims
-
1. A computer-implemented method for accessing a resource in a computer system comprising an operating system, comprising:
-
receiving a request to access a named abstraction from an application; determining if the application is running in a derived user account (DUA) context, wherein the DUA context represents a security context of a DUA that is derived from an original user account (OUA) associated with a user, and wherein the determining comprises examining an access token associated with the request to determine if the request is associated with the DUA; if the application is not running in the DUA context, creating the DUA and directing the application to run in the DUA context; and granting the application access to the named abstraction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. An apparatus, comprising:
-
at least one memory having program instructions to execute an operating system; and at least one processor configured to execute the program instructions to perform the operations of; receiving a request to access a named abstraction from an application; determining if the application is running in a derived user account (DUA) context, wherein the DUA context represents a security context of a DUA that is derived from an original user account (OUA) associated with a user, and wherein the determining comprises examining an access token associated with the request to determine if the request is associated with the DUA; if the application is not running in the DUA context, creating a DUA and directing the application to run in the DUA context; and granting the application access to the named abstraction. - View Dependent Claims (11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium containing computer-readable instructions enabling a computer to perform a method, the method comprising:
-
receiving a request to access a named abstraction from an application; determining if the application is running in a derived user account (DUA) context, wherein the DUA context represents a security context of a DUA that is derived from an original user account (OUA) associated with a user, and wherein the determining comprises examining an access token associated with the request to determine if the request is associated with the DUA; if the application is not running in the DUA context, creating the DUA and directing the application to run in the DUA context; and granting the application access to the named abstraction. - View Dependent Claims (16, 17, 18, 19, 20)
-
Specification