Rule-based application access management

US 9,825,957 B2
Filed: 05/18/2017
Issued: 11/21/2017
Est. Priority Date: 10/23/2006
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

providing a requestor at a streaming client access to a first resource of a streaming software application executing in a streaming software container and at least partially virtualized at the streaming client;

receiving at the streaming software container a request, from the requestor, for accessing a second resource of the streaming software application based on requestor interaction with the executing of the streaming software application in the streaming software container using the first resource of the streaming software application;

determining whether the second resource of the streaming software application is in the streaming software container at the streaming client;

if it is determined the second resource of the streaming software application is absent from the streaming software container at the streaming client, sending a block request for blocks of the streaming software application corresponding to the second resource of the streaming software application to a streaming server;

receiving the second resource at the streaming software container from the streaming server in response to the block request for the second resource;

providing the requestor access to the second resource of the streaming software application in the streaming software container for use in continuing execution of the streaming software application at least partially virtualized at the streaming client;

making a rule-based determination of whether to grant the requestor access to the second resource based on an identification of the requestor;

providing the requestor access to the second resource if it is determined to grant the requestor access to the second resource.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A container that manages access to protected resources using rules to intelligently manage them includes an environment having a set of software and configurations that are to be managed. A rule engine, which executes the rules, may be called reactively when software accesses protected resources. The engine uses a combination of embedded and configurable rules. It may be desirable to assign and manage rules per process, per resource (e.g. file, registry, etc.), and per user. Access rules may be altitude-specific access rules.

249 Citations

20 Claims

1. A method comprising:
- providing a requestor at a streaming client access to a first resource of a streaming software application executing in a streaming software container and at least partially virtualized at the streaming client;
  
  receiving at the streaming software container a request, from the requestor, for accessing a second resource of the streaming software application based on requestor interaction with the executing of the streaming software application in the streaming software container using the first resource of the streaming software application;
  
  determining whether the second resource of the streaming software application is in the streaming software container at the streaming client;
  
  if it is determined the second resource of the streaming software application is absent from the streaming software container at the streaming client, sending a block request for blocks of the streaming software application corresponding to the second resource of the streaming software application to a streaming server;
  
  receiving the second resource at the streaming software container from the streaming server in response to the block request for the second resource;
  
  providing the requestor access to the second resource of the streaming software application in the streaming software container for use in continuing execution of the streaming software application at least partially virtualized at the streaming client;
  
  making a rule-based determination of whether to grant the requestor access to the second resource based on an identification of the requestor;
  
  providing the requestor access to the second resource if it is determined to grant the requestor access to the second resource.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, wherein the requestor is granted read-only access to either or both the first resource and the second resource.
  - 3. The method of claim 1, wherein the requestor is granted read/write access to either or both the first resource and the second resource.
  - 4. The method of claim 1, further comprising creating virtual images of the first resource and the second resource based on execution of the streaming software application at least partially virtualized at the client device using the first resource and the second resource, the virtual images kept separate from other virtual images of the first resource and the second resource used in other executions of the streaming software application at least partially virtualized at the streaming client.
  - 5. The method of claim 1, wherein the requestor is another application executing at the streaming client.
  - 6. The method of claim 1, wherein a degree to which the streaming software application is virtualized in the streaming software container is controlled by an administrator.
  - 7. The method of claim 1, further comprising:
    - making a rule-based determination of whether to grant the requestor access to the second resource;
      
      providing the requestor access to the second resource if it is determined to grant the requestor access to the second resource.
  - 8. The method of claim 1, wherein the streaming software application is executing in the streaming software container according to a hybrid runtime model where access to resources of the streaming software application in conflict with the requestor is restricted for the requestor.
  - 9. The method of claim 1, further comprising:
    - receiving at the streaming software container from the requestor a request for a third resource of the streaming software application in the streaming software container;
      
      determining whether to provide the requestor access to the third resource;
      
      if it is determined to abstain from providing the requestor access to the third resource, rephrasing the request for the third resource with a request for a different resource of the streaming software application in the streaming software container;
      
      providing the requestor access to the different resource in the streaming software container for use in continuing execution of the streaming software application at least partially virtualized at the streaming client.

10. A system comprising:
- at least one processor and memory configured to store instructions to instruct the at least one processor to;
  
  provide a requestor at a streaming client access to a first resource of a streaming software application executing in a streaming software container and at least partially virtualized at the streaming client;
  
  receive at the streaming software container a request, from the requestor, for accessing a second resource of the streaming software application based on requestor interaction with the executing of the streaming software application in the streaming software container using the first resource of the streaming software application;
  
  determine whether the second resource of the streaming software application is in the streaming software container at the streaming client;
  
  send a block request for blocks of the streaming software application corresponding to the second resource of the streaming software application to a streaming server, if it is determined the second resource of the streaming software application is absent from the streaming software container at the streaming client;
  
  receive the second resource at the streaming software container from the streaming server in response to the block request for the second resource;
  
  provide the requestor access to the second resource of the streaming software application in the streaming software container for use in continuing execution of the streaming software application at least partially virtualized at the streaming client;
  
  make a rule-based determination of whether to grant the requestor access to the second resource based on an identification of the requestor;
  
  provide the requestor access to the second resource if it is determined to grant the requestor access to the second resource.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 19)
- - 11. The system of claim 10, wherein the requestor is granted read-only access to either or both the first resource and the second resource.
  - 12. The system of claim 10, wherein the requestor is granted read/write access to either or both the first resource and the second resource.
  - 13. The system of claim 10, wherein the instructions are further configured to instruct the at least one processor to create virtual images of the first resource and the second resource based on execution of the streaming software application at least partially virtualized at the client device using the first resource and the second resource, the virtual images kept separate from other virtual images of the first resource and the second resource used in other executions of the streaming software application at least partially virtualized at the streaming client.
  - 14. The system of claim 10, wherein the requestor is another application executing at the streaming client.
  - 15. The system of claim 10, wherein a degree to which the streaming software application is virtualized in the streaming software container is controlled by an administrator.
  - 16. The system of claim 10, wherein the instructions are further configured to instruct the at least one processor to:
    - make a rule-based determination of whether to grant the requestor access to the second resource;
      
      provide the requestor access to the second resource if it is determined to grant the requestor access to the second resource.
  - 17. The system of claim 10, wherein the streaming software application is executing in the streaming software container according to a hybrid runtime model where access to resources of the streaming software application in conflict with the requestor is restricted for the requestor.
  - 19. The system of claim 10, wherein the instructions are further configured to instruct the at least one processor to:
    - receive at the streaming software container from the requestor a request for a third resource of the streaming software application in the streaming software container;
      
      determine whether to provide the requestor access to the third resource;
      
      if it is determined to abstain from providing the requestor access to the third resource, rephrase the request for the third resource with a request for a different resource of the streaming software application in the streaming software container;
      
      provide the requestor access to the different resource in the streaming software container for use in continuing execution of the streaming software application at least partially virtualized at the streaming client.

18. A system comprising:
- a hardware processor to implement;
  
  means for providing a requestor at a streaming client access to a first resource of a streaming software application executing in a streaming software container and at least partially virtualized at the streaming client;
  
  means for receiving at the streaming software container a request, from the requestor, for accessing a second resource of the streaming software application based on requestor interaction with the executing of the streaming software application in the streaming software container using the first resource of the streaming software application;
  
  means for determining whether the second resource of the streaming software application is in the streaming software container at the streaming client;
  
  means for sending a block request for blocks of the streaming software application corresponding to the second resource of the streaming software application to a streaming server, if it is determined the second resource of the streaming software application is absent from the streaming software container at the streaming client;
  
  means for receiving the second resource at the streaming software container from the streaming server in response to the block request for the second resource;
  
  means for providing the requestor access to the second resource of the streaming software application in the streaming software container for use in continuing execution of the streaming software application at least partially virtualized at the streaming client;
  
  means for making a rule-based determination of whether to grant the requestor access to the second resource based on an identification of the requestor;
  
  means for providing the requestor access to the second resource if it is determined to grant the requestor access to the second resource.
- View Dependent Claims (20)
- - 20. The system of claim 18, wherein the hardware processor is to implement:
    - means for receiving at the streaming software container from the requestor a request for a third resource of the streaming software application in the streaming software container;
      
      means for determining whether to provide the requestor access to the third resource;
      
      means for, if it is determined to abstain from providing the requestor access to the third resource, rephrasing the request for the third resource with a request for a different resource of the streaming software application in the streaming software container;
      
      means for providing the requestor access to the different resource in the streaming software container for use in continuing execution of the streaming software application at least partially virtualized at the streaming client.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Numecent Holdings Incorporated
Original Assignee
Numecent Holdings Incorporated
Inventors
Hitomi, Arthur S., Tran, Robert, Kammer, Peter J., Pfiffner, Doug, Nguyen, Huy
Primary Examiner(s)
Okeke, Izunna

Application Number

US15/598,993
Publication Number

US 20170257371A1
Time in Patent Office

187 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 9/468   Specific access rights for ...

H04L 41/0813   characterised by the condit...

H04L 41/145   involving simulating, desig...

H04L 43/0823   Errors, e.g. transmission e...

H04L 63/10   for controlling access to d...

H04L 63/108   when the policy decisions a...

Rule-based application access management

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

249 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Rule-based application access management

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

249 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links