 |
|
|
|
|
|
 Title: |
US6412070:
Extensible security system and method for controlling access to objects in a computing environment
[ Derwent Title ]
|
| Country: |
US United States of America
|
| |
| Inventor: |
Van Dyke, Clifford P.; Bellevue, WA
Brundrett, Peter T.; Seattle, WA
Swift, Michael M.; Seattle, WA
Garg, Praerit; Kirkland, WA
Ward, Richard B.; Redmond, WA
|
| Assignee: |
Microsoft Corporation, Redmond, WA
other patents from MICROSOFT CORPORATION (373780) (approx. 3,197)
News, Profiles, Stocks and More about this company
|
| Published / Filed: |
2002-06-25
/ 1998-09-21
|
| Application Number: |
US1998000157882
|
| IPC Code: |
Advanced:
G06F 9/46;
G06F 21/00;
Core:
more...
IPC-7:
G06F 12/14;
|
| ECLA Code: |
G06F9/46R4; G06F21/00N9A2; G06F21/00N9S;
|
| U.S. Class: |
Current:
726/017;
707/009;
707/010;
713/167;
Original:
713/200;
713/201;
713/167;
707/009;
707/010;
|
| Field of Search: |
713/200,201,182,167,150,168,164
709/225,229
707/009,10,1,103,104
|
| Priority Number: |
| 1998-09-21 |
US1998000157882 |
|
| Abstract: |
A method and computing system for extending access control of system objects in a computing environment beyond traditional rights such as read, write, create and delete. According to the invention, a system administrator or user application is able to create control rights that are unique to the type of object. Rights can be created that do not relate to any specific property of the object, but rather define how a user may control the object. A novel object, referred to as a control access data structure, is defined for each unique control right and associates the control right with one or more objects of the computing environment. In order to grant the right to a trusted user, an improved access control entry (ACE) is defined which holds a unique identifier of the trusted user and a unique identifier of the control access data structure.
|
| Attorney, Agent or Firm: |
Lee & Hayes, PLLC ;
|
| Primary / Asst. Examiners: |
Hua, Ly V.;
|
| INPADOC Legal Status: |
Show legal status actions
|
| Family: |
None
|
First Claim:
Show all 46 claims |
We claim:
1. A computer-readable medium having stored thereon a control access data structure for defining an access right to an operation of one or more objects within a computing environment, the control access data structure comprising:
- an identification field for storing a unique identifier of the control access data structure;
- one or more object identification fields for associating the control access data structure with the one or more objects of the computing environment; and
- wherein the control access data structure corresponds to an access control entry of the one or more objects, and wherein the access control entry associates the access right with a trusted user of the computing environment.
|
| Background / Summary: |
Show background / summary
|
| Drawing Descriptions: |
Show drawing descriptions
|
| Description: |
Show description
|
| Forward References: |
Show 67 U.S. patent(s) that reference this one
|
