Rule-based application access management

US 9,571,501 B2
Filed: 05/10/2016
Issued: 02/14/2017
Est. Priority Date: 10/23/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing, by at least one processor operating using instructions stored in memory, a streaming software container including a plurality of resources used in executing a streaming software application at a client device, the plurality of resources including access control rules defining access to the plurality of resources;

receiving, by the at least one processor operating using the instructions stored in the memory, a request for a resource used in executing the streaming software application from a requestor;

determining, by the at least one processor operating using the instructions stored in the memory, if the resource is part of the plurality of resources included in the streaming software container;

if it is determined that the resource is absent from the plurality of resources included in the streaming software container, then providing, by the at least one processor operating using the instructions stored in the memory, the resource to the requestor;

if it is determined that the resource is part of the plurality of resources included in the streaming software container, then;

determining, by the at least one processor operating using the instructions stored in the memory, if the requestor has rules-based access to the resource according to the access control rules;

providing, by the at least one processor operating using the instructions stored in the memory, the resource from the streaming software container to the requestor for executing the streaming software application if the requestor has rules-based access to the resource;

beginning, by the at least one processor operating using the instructions stored in the memory, execution of the streaming software application using the resource in a first runtime environment;

setting, by the at least one processor operating using the instructions stored in the memory, a timer concurrently with the beginning of the execution of the streaming software application;

managing, by the at least one processor operating using the instructions stored in the memory, rules-based access to the plurality of resources included in the streaming software container until the timer expires;

executing until completion, by the at least one processor operating using the instructions stored in the memory, a second streaming software application in a second runtime environment;

resuming execution, by the at least one processor operating using the instructions stored in the memory, of the streaming software application in the first runtime environment after completed execution of the second streaming software application.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.

Citations

18 Claims

1. A method comprising:
- providing, by at least one processor operating using instructions stored in memory, a streaming software container including a plurality of resources used in executing a streaming software application at a client device, the plurality of resources including access control rules defining access to the plurality of resources;
  
  receiving, by the at least one processor operating using the instructions stored in the memory, a request for a resource used in executing the streaming software application from a requestor;
  
  determining, by the at least one processor operating using the instructions stored in the memory, if the resource is part of the plurality of resources included in the streaming software container;
  
  if it is determined that the resource is absent from the plurality of resources included in the streaming software container, then providing, by the at least one processor operating using the instructions stored in the memory, the resource to the requestor;
  
  if it is determined that the resource is part of the plurality of resources included in the streaming software container, then;
  
  determining, by the at least one processor operating using the instructions stored in the memory, if the requestor has rules-based access to the resource according to the access control rules;
  
  providing, by the at least one processor operating using the instructions stored in the memory, the resource from the streaming software container to the requestor for executing the streaming software application if the requestor has rules-based access to the resource;
  
  beginning, by the at least one processor operating using the instructions stored in the memory, execution of the streaming software application using the resource in a first runtime environment;
  
  setting, by the at least one processor operating using the instructions stored in the memory, a timer concurrently with the beginning of the execution of the streaming software application;
  
  managing, by the at least one processor operating using the instructions stored in the memory, rules-based access to the plurality of resources included in the streaming software container until the timer expires;
  
  executing until completion, by the at least one processor operating using the instructions stored in the memory, a second streaming software application in a second runtime environment;
  
  resuming execution, by the at least one processor operating using the instructions stored in the memory, of the streaming software application in the first runtime environment after completed execution of the second streaming software application.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - determining if the access control rules for the resource specify accept;
      
      if it is determined that the access control rules for the resource fail to specify accept, determining if the access control rules for the resource specify pause;
      
      if it is determined that the access control rules for the resource fail to specify pause, determining if the access control rules for the resource specify pass through;
      
      if it is determined that the access control rules for the resource fail to specify pass through, denying the requestor access to the resource used in executing the streaming software application.
  - 3. The method of claim 1, wherein the access control rules are specific to whether the request for the resource originates from inside the streaming software container.
  - 4. The method of claim 1, wherein the streaming software container includes a subset of first stream-enabled application blocks for beginning execution of the streaming software application.
  - 5. The method of claim 1, wherein providing the resource to the requestor comprises providing the resource to a second streaming software container different from the streaming software container, wherein the streaming software application is executed in the second streaming software container.
  - 6. The method of claim 1, wherein the request for the resource is intercepted using a file system hook at a device of the requestor.
  - 7. The method of claim 1, wherein the access control rules are specific to a plurality of requestors including the requestor.
  - 8. The method of claim 1, wherein the access control rules are specific to processes within the execution of the streaming software application.
  - 9. The method of claim 1, wherein if it is determined the requestor lacks rules-based access to the resource, ending execution of the streaming software application.

10. A system comprising:
- at least one processor;
  
  memory storing instructions configured to instruct the at least one processor to perform;
  
  providing a streaming software container including a plurality of resources used in executing a streaming software application at a client device, the plurality of resources including access control rules defining access to the plurality of resources;
  
  receiving a request for a resource used in executing the streaming software application from a requestor;
  
  determining if the resource is part of the plurality of resources included in the streaming software container;
  
  if it is determined that the resource is absent from the plurality of resources included in the streaming software container, then providing the resource to the requestor;
  
  if it is determined that the resource is part of the plurality of resources included in the streaming software container, then;
  
  determining if the requestor has rules-based access to the resource according to the access control rules;
  
  providing the resource from the streaming software container to the requestor for executing the streaming software application if the requestor has rules-based access to the resource;
  
  beginning execution of the streaming software application using the resource in a first runtime environment;
  
  setting a timer concurrently with the beginning of the execution of the streaming software application;
  
  managing rules-based access to the plurality of resources included in the streaming software container until the timer expires;
  
  executing until completion a second streaming software application in a second runtime environment;
  
  resuming execution of the streaming software application in the first runtime environment after completed execution of the second streaming software application.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
- - 11. The system of claim 10, wherein the instructions are further configured to instruct the at least on processor to perform:
    - determining if the access control rules for the resource specify accept;
      
      if it is determined that the access control rules for the resource fail to specify accept, determining if the access control rules for the resource specify pause;
      
      if it is determined that the access control rules for the resource fail to specify pause, determining if the access control rules for the resource specify pass through;
      
      if it is determined that the access control rules for the resource fail to specify pass through, denying the requestor access to the resource used in executing the streaming software application.
  - 12. The system of claim 10, wherein the access control rules are specific to whether the request for the resource originates from inside the streaming software container.
  - 13. The system of claim 10, wherein the streaming software container includes a subset of first stream-enabled application blocks for beginning execution of the streaming software application.
  - 14. The system of claim 10, wherein providing the resource to the requestor comprises providing the resource to a second streaming software container different from the streaming software container, wherein the streaming software application is executed in the second streaming software container.
  - 15. The system of claim 10, wherein the request for the resource is intercepted using a file system hook at a device of the requestor.
  - 16. The system of claim 10, wherein the access control rules are specific to a plurality of requestors including the requestor.
  - 17. The system of claim 10, wherein if it is determined the requestor lacks rules-based access to the resource, the instructions are further configured to instruct the at least one processor to perform ending execution of the streaming software application.

18. A system comprising:
- means including at least one processor operating using instructions stored in memory, for providing a streaming software container including a plurality of resources used in executing a streaming software application at a client device, the plurality of resources including access control rules defining access to the plurality of resources;
  
  means including the at least one processor operating using the instructions stored in the memory, for receiving a request for a resource used in executing the streaming software application from a requestor;
  
  means including the at least one processor operating using the instructions stored in the memory, for determining if the resource is part of the plurality of resources included in the streaming software container;
  
  means including the at least one processor operating using the instructions stored in the memory, for providing the resource to the requestor, if it is determined that the resource is absent from the plurality of resources included in the streaming software container;
  
  means including the at least one processor operating using the instructions stored in the memory, for determining if the requestor has rules-based access to the resource according to the access control rules, if it is determined that the resource is part of the plurality of resources included in the streaming software container;
  
  means including the at least one processor operating using the instructions stored in the memory, for providing the resource from the streaming software container to the requestor for executing the streaming software application if the requestor has rules-based access to the resource, if it is determined that the resource is part of the plurality of resources included in the streaming software container;
  
  means including the at least one processor operating using the instructions stored in the memory, for beginning execution of the streaming software application using the resource in a first runtime environment;
  
  means including the at least one processor operating using the instructions stored in the memory, for setting a timer concurrently with the beginning of the execution of the streaming software application;
  
  means including the at least one processor operating using the instructions stored in the memory, for managing rules-based access to the plurality of resources included in the streaming software container until the timer expires;
  
  means including the at least one processor operating using the instructions stored in the memory, for executing until completion a second streaming software application in a second runtime environment;
  
  means including the at least one processor operating using the instructions stored in the memory, for resuming execution of the streaming software application in the first runtime environment after completed execution of the second streaming software application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Numecent Holdings Incorporated
Original Assignee
Numecent Holdings Incorporated
Inventors
Hitomi, Arthur S., Tran, Robert, Kammer, Peter J., Pfiffner, Doug, Nguyen, Huy
Primary Examiner(s)
Okeke, Izunna

Application Number

US15/150,874
Publication Number

US 20160255085A1
Time in Patent Office

280 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 9/468   Specific access rights for ...

H04L 41/0813   characterised by the condit...

H04L 41/145   involving simulating, desig...

H04L 43/0823   Errors, e.g. transmission e...

H04L 63/10   for controlling access to d...

H04L 63/108   when the policy decisions a...

Rule-based application access management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Rule-based application access management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links