Work Files Saved Searches
   My Account                                                  Search:   Quick/Number   Boolean   Advanced   Derwent    Help   


 The Delphion Integrated View
  Buy Now:   Buy PDF- 32pp  PDF  |   File History  |   Other choices   
  Tools:  Citation Link  |  Add to Work File:    
  View:  Expand Details   |  INPADOC   |  Jump to: 
  Go to:  Derwent  
 Email this to a friend  Email this to a friend 
       
Title: US6505300: Method and system for secure running of untrusted content
[ Derwent Title ]

Country: US United States of America

View Images High
Resolution

 Low
 Resolution

 
32 pages

 
Inventor: Chan, Shannon; Bellevue, WA
Jensenworth, Gregory; Redmond, WA
Goertzel, Mario C.; Kirkland, WA
Shah, Bharat; New Castle, WA
Swift, Michael M.; Seattle, WA
Ward, Richard B.; Redmond, WA

Assignee: Microsoft Corporation, Redmond, WA
other patents from MICROSOFT CORPORATION (373780) (approx. 3,197)
 News, Profiles, Stocks and More about this company

Published / Filed: 2003-01-07 / 1998-06-12

Application Number: US1998000097218
IPC Code: Advanced: G06F 1/00; G06F 12/14; G06F 21/00; G06F 21/20; G06F 21/22; G06F 21/24;
Core: more...
IPC-7: G06F 1/24;

ECLA Code: G06F21/00N3E1; G06F21/00N7D; G06F21/00N9A2;

U.S. Class: 713/164; 713/165; 713/166; 713/167; 709/229;

Field of Search: 713/164-167,200-201,162 710/240 709/229

Priority Number:
1998-06-12  US1998000097218

Abstract:     Restricted execution contexts are provided for untrusted content, such as computer code or other data downloaded from websites, electronic mail messages and any attachments thereto, and scripts or client processes run on a server. A restricted process is set up for the untrusted content, and any actions attempted by the content are subject to the restrictions of the process, which may be based on various criteria. Whenever a process attempt to access a resource, a token associated with that process is compared against security information of that resource to determine if the type of access is allowed. The security information of each resource thus determines the extent to which the restricted process, and thus the untrusted content, has access. In general, the criteria used for setting up restrictions for each untrusted content's process is information indicative of how trusted or untrusted the content is likely to be.

Attorney, Agent or Firm: Law Offices of Albert S. Michalik, PLLC ;

Primary / Asst. Examiners: Peeso, Thomas R.;

INPADOC Legal Status: Show legal status actions          Buy Now: Family Legal Status Report

Designated Country: AT BE CH CY DE DK ES FI FR GB GR IE IT LI LU MC NL PT SE  EP JP 

Family: Show 6 known family members
First Claim:
Show all 50 claims		 What is claimed is:     1. In a computer system having an operating system provided security mechanism that determines access of processes to resources based on information in an access token associated with each of the processes against security information associated with each of the resources, a method of restricting access of content to resources, comprising, setting up a process for the content, determining restriction information based on criteria available to the computer system, automatically creating a restricted access token based on the restriction information, the restricted access token having reduced access relative to a parent token, associating the restricted access token with the process, and in response to a request for access by the process to the resource, the security mechanism determining access by evaluating data in the restricted access token against separately maintained security information currently associated with the resource.

Background / Summary: Show background / summary

Drawing Descriptions: Show drawing descriptions

Description: Show description

Forward References: Show 98 U.S. patent(s) that reference this one

       
U.S. References: Go to Result Set: All U.S. references   |  Forward references (98)   |   Backward references (29)   |   Citation Link

Buy
PDF		 Patent  Pub.Date  Inventor Assignee   Title
Buy PDF- 10pp US4962449  1990-10 Schlesinger   Computer security system having remote location recognition and remote location lock-out
Buy PDF- 21pp US5138712  1992-08 Corbin  Sun Microsystems, Inc. Apparatus and method for licensing software on a network of computers
Buy PDF- 8pp US5276901  1994-01 Howell et al.  International Business Machines Corporation System for controlling group access to objects using group access control folder and group identification as individual user
Buy PDF- 41pp US5321841  1994-06 East et al.  Digital Equipment Corporation System for determining the rights of object access for a server process by combining them with the rights of the client process
Buy PDF- 47pp US5390247  1995-02 Fischer   Method and apparatus for creating, supporting, and using travelling programs
Buy PDF- 27pp US5412717  1995-05 Fischer   Computer system security method and apparatus having program authorization information data structures
Buy PDF- 21pp US5506961  1996-04 Carlson et al.  International Business Machines Corporation Connection authorizer for controlling access to system resources
Buy PDF- 20pp US5542046  1996-07 Carlson et al.  International Business Machines Corporation Server entity that provides secure access to its resources through token validation
Buy PDF- 27pp US5638448  1997-06 Nguyen   Network with secure communications sessions
Buy PDF- 84pp US5649099  1997-07 Theimer et al.  Xerox Corporation Method for delegating access rights through executable access control program without delegating access rights not in a specification to any intermediary nor comprising server security
Buy PDF- 16pp US5675782  1997-10 Montague et al.  Microsoft Corporation Controlling access to objects on multiple operating systems
Buy PDF- 12pp US5678041  1997-10 Baker et al.  AT&T System and method for restricting user access rights on the internet based on rating information stored in a relational database
Buy PDF- 13pp US5680461  1997-10 McManis  Sun Microsystems, Inc. Secure network protocol system and method
Buy PDF- 14pp US5682478  1997-10 Watson et al.  Microsoft Corporation Method and apparatus for supporting multiple, simultaneous services over multiple, simultaneous connections between a client and network server
Buy PDF- 18pp US5745676  1998-04 Hobson et al.  International Business Machines Corporation Authority reduction and restoration method providing system integrity for subspace groups and single address spaces during program linkage
Buy PDF- 27pp US5757916  1998-05 MacDoran et al.  International Series Research, Inc. Method and apparatus for authenticating the location of remote users of networked computing systems
Buy PDF- 24pp US5761669  1998-06 Montague et al.  Microsoft Corporation Controlling access to objects on multiple operating systems
Buy PDF- 15pp US5812784  1998-09 Watson et al.  Microsoft Corporation Method and apparatus for supporting multiple, simultaneous services over multiple, simultaneous connections between a client and network server
Buy PDF- 12pp US5826029  1998-10 Gore et al.  International Business Machines Corporation Secured gateway interface
Buy PDF- 26pp US5845067  1998-12 Porter et al.   Method and apparatus for document management utilizing a messaging system
Buy PDF- 29pp US5922073  1999-07 Shimada  Canon Kabushiki Kaisha System and method for controlling access to subject data using location data associated with the subject data and a requesting device
Buy PDF- 20pp US5925109  1999-07 Bartz  National Instruments Corporation System for I/O management where I/O operations are determined to be direct or indirect based on hardware coupling manners and/or program privilege modes
Buy PDF- 25pp US5940591  1999-08 Boyle  ITT Corporation Apparatus and method for providing network security
Buy PDF- 30pp US5941947  1999-08 Brown et al.  Microsoft Corporation System and method for controlling access to data entities in a computer network
Buy PDF- 14pp US5949882  1999-09 Angelo  Compaq Computer Corporation Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm
Buy PDF- 110pp US5983270  1999-11 Abraham et al.  Sequel Technology Corporation Method and apparatus for managing internetwork and intranetwork activity
Buy PDF- 17pp US5983350  1999-11 Minear et al.  Secure Computing Corporation Secure firewall supporting different levels of authentication based on address or encryption status
Buy PDF- 13pp US6081807  2000-06 Story et al.  Compaq Computer Corporation Method and apparatus for interfacing with a stateless network file system server
Buy PDF- 18pp US6105132  2000-08 Fritch et al.  Novell, Inc. Computer network graded authentication system and method
       
Foreign References:
Buy
PDF		 Publication Date IPC Code Assignee   Title
Buy PDF- 15pp EP0398645 1990-11  G06F 12/00 IBM System for controlling access privileges 
Buy PDF- 12pp EP0465016 1992-01  G06F 1/00 DIGITAL EQUIPMENT CORP Distributed multilevel computer security system and method 
Buy PDF- 25pp EP0588415 1994-03  G06F 1/00 International Business Machines Corporation Peer to peer connection authorizer 
Buy PDF- 21pp EP0697662 1996-02  G06F 12/14 IBM Method and system for advanced role-based access control in distributed and centralized computer systems 
Buy PDF- 15pp EP0813133 1997-12  G06F 1/00 IBM A uniform mechanism for using signed content 
Buy PDF- 32pp WO9605549 1996-02  G06F 1/00 SHIVA CORP APPARATUS AND METHOD FOR RESTRICTING ACCESS TO A LOCAL COMPUTER NETWORK 
Buy PDF- 78pp WO9613113 1996-05  G06F 21/00 SECURE COMPUTING CORP SYSTEM AND METHOD FOR PROVIDING SECURE INTERNETWORK SERVICES 
Buy PDF- 19pp WO9715008 1997-04  G06F 11/00 AT & T CORP SYSTEM AND METHOD FOR DATABASE ACCESS CONTROL 
Buy PDF- 32pp WO9726734 1997-07  G06F 1/00 RAPTOR SYSTEMS INC TRANSFERRING ENCRYPTED PACKETS OVER A PUBLIC NETWORK 


Other Abstract Info: DERABS G2000-105922

Other References:
  • Frost, J. "Windows NT Security", pp. 1-6, dated May 4, 1995 retrieved form the Internet <http://world.std.com/~jimf/papers/nt-security/nt-security. html> on May 28, 2001.*
  • Asche, Ruediger R., "The Guts of Security", pp. 1-19, dated May 9, 1995, retrieved from the Internet <http://msdn.microsoft.com/library/techart/medn- secguts.htm> on May 28, 2001.*
  • Asche, Ruediger R. "Windows Security in Theory and Practice", pp. 1-10, dated May 9, 1995, retrieved from the Internet <http://msdn.microsoft.com/library/techart/msdn- seccpp.htm> on May 28, 2001.*
  • Soshi et al., The Saga Security System: A Security Architecture for Open Distributed Systems, IEEE, pp 53-5 (1997).
  • Anonymous, "Apache suEXEC Support," (describes the Apache HTTP Server Version 1.3 dating from Jun. 5, 1998 as documented in Written Opinion for PCT Application No. PCT/US99/12912), http://www.apache.org/docs/suexec.html printed Jul. 24, 2000.
  • Anonymous, "Apache Virtual Host documentation," (describes the Apache HTTP Server Version 1.3 dating fr Jun. 5, 1998 as documented in Written Opinion for PCT Application No. PCT/US99/12912), http://www.apache.org/docs/vhosts/index.html, printed Jul. 24, 2000.
  • Bell Telephone Laboratories Incorporated, UNIX.TM. Time-Sharing System: UNIX Programmer's Manual, 7th Edition, vol. 1, Chmod(1), SU(1), Exec(2) (Jan. 1979).
  • Copy of Written Opinion in Corresponding PCT Application No. PCT/ US99/12912 dated Mar. 3, 2000.
  • Copy of International Search Report in Corresponding PCT Application No. PCT/US99/12912 dated May 11, 1999.
  • "Java Security Model: Java Protection Domains," http://java.sun.com/security/handout.html, printed Nov. 11, 1999.
  • Anon, "Privilege Control Mechanism for UNIX Systems," IBM Technical Disclosure Bulletin, vol. 34, No. 7b pp. 477-479, Dec. 1991.
  • Erdos et al., "Security Reference Model for the Java Developer's Kit 1.0.2," Java Security Reference Model, Nov. 13, 1996, http://www.javasoft.com/security/SRM.html printed Jul. 14, 1999.
  • Fritzinger et al., "Java Security," 1996, http://java.sun.com/security/whitepaper.txt.
  • Fritzinger et al., "Java Security," 1996, http://java.sun.com/security/whitepaper.ps.
  • Goldberg et al., "A Secure Environment for Untrusted Helper Applications: Confining the Wily Hacker," Sixt USENIX Security Symposium, Jul. 22-25, 1996, http://www.usenix.org/publications/library/proceedings/sec9.
  • Goldstein, Ted, "The Gateway Security Model in the Java Commerce Client," The Source for Java198 Technology, 1997, http://www.java.com/products/commerce/docs/whitepapers/security/JCC- gateway.html printed Jul. 14, 1999.
  • Maziers, David and M. Frans Kaashoek, "Secure Applications Need Flexible Operating Systems," 6th Workshop on Hot Topics in Operating Systems (HotOS-VI), May 5-6, 1997, http://www.eecs.harvard.edu/hotos/.
  • Neuman et al., "Kerberos: An Authentication Service for Computer Networks," IEEE Communicaitons Magazine, pp. 33-38, Sep. 1, 1994. (6 pages) Cited by 44 patents [ISI abstract]


    • Inquire Regarding Licensing

    Powered by Verity
    Plaques from Patent Awards      Gallery of Obscure PatentsNominate this for the Gallery...

    Thomson Reuters Copyright © 1997-2010 Thomson Reuters 
    Subscriptions  |  Web Seminars  |  Privacy  |  Terms & Conditions  |  Site Map  |  Contact Us  |  Help