BR112015031853A8 - sistema, método e dispositivo de armazenamento legível em computador para concessão de acesso de processo para um recurso de sistema - Google Patents
sistema, método e dispositivo de armazenamento legível em computador para concessão de acesso de processo para um recurso de sistema Download PDFInfo
- Publication number
- BR112015031853A8 BR112015031853A8 BR112015031853A BR112015031853A BR112015031853A8 BR 112015031853 A8 BR112015031853 A8 BR 112015031853A8 BR 112015031853 A BR112015031853 A BR 112015031853A BR 112015031853 A BR112015031853 A BR 112015031853A BR 112015031853 A8 BR112015031853 A8 BR 112015031853A8
- Authority
- BR
- Brazil
- Prior art keywords
- computer
- storage device
- readable storage
- granting process
- process access
- Prior art date
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2113—Multi-level security, e.g. mandatory access control
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Storage Device Security (AREA)
Abstract
a presente invenção refere-se a técnicas e sistemas descritos no presente documento que estão presentes em várias implantações de um modelo para autenticar processos para execução e especificar e reforçar restrições de permissão em recursos de sistema para processos e usuários. em algumas implantações, um arquivo binário para um aplicativo, programa ou processo pode ser aumentado para incluir uma assinatura digital criptografada com uma chave de modo que um sistema operacional possa autenticar, de forma subsequente, a assinatura digital. uma vez que o arquivo binário tenha sido autenticado, o sistema operacional pode criar um processo e marcar o processo com metadados que indicam o tipo de permissões que são permitidas para o processo. os metadados podem corresponder a um nível de acesso particular para especificar as permissões de recurso.
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US13/925,703 US9515832B2 (en) | 2013-06-24 | 2013-06-24 | Process authentication and resource permissions |
PCT/US2013/061080 WO2014209416A1 (en) | 2013-06-24 | 2013-09-21 | Process authentication and resource permissions |
Publications (2)
Publication Number | Publication Date |
---|---|
BR112015031853A2 BR112015031853A2 (pt) | 2017-07-25 |
BR112015031853A8 true BR112015031853A8 (pt) | 2019-12-31 |
Family
ID=49293916
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
BR112015031853A BR112015031853A8 (pt) | 2013-06-24 | 2013-09-21 | sistema, método e dispositivo de armazenamento legível em computador para concessão de acesso de processo para um recurso de sistema |
Country Status (7)
Country | Link |
---|---|
US (1) | US9515832B2 (pt) |
EP (1) | EP3014511A1 (pt) |
JP (1) | JP6286034B2 (pt) |
CN (1) | CN105408912B (pt) |
BR (1) | BR112015031853A8 (pt) |
RU (1) | RU2637878C2 (pt) |
WO (1) | WO2014209416A1 (pt) |
Families Citing this family (26)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9483488B2 (en) | 2012-12-20 | 2016-11-01 | Bank Of America Corporation | Verifying separation-of-duties at IAM system implementing IAM data model |
US9495380B2 (en) | 2012-12-20 | 2016-11-15 | Bank Of America Corporation | Access reviews at IAM system implementing IAM data model |
US9189644B2 (en) | 2012-12-20 | 2015-11-17 | Bank Of America Corporation | Access requests at IAM system implementing IAM data model |
US9542433B2 (en) | 2012-12-20 | 2017-01-10 | Bank Of America Corporation | Quality assurance checks of access rights in a computing system |
US9477838B2 (en) | 2012-12-20 | 2016-10-25 | Bank Of America Corporation | Reconciliation of access rights in a computing system |
US9529629B2 (en) * | 2012-12-20 | 2016-12-27 | Bank Of America Corporation | Computing resource inventory system |
US9537892B2 (en) | 2012-12-20 | 2017-01-03 | Bank Of America Corporation | Facilitating separation-of-duties when provisioning access rights in a computing system |
US9489390B2 (en) | 2012-12-20 | 2016-11-08 | Bank Of America Corporation | Reconciling access rights at IAM system implementing IAM data model |
US9639594B2 (en) | 2012-12-20 | 2017-05-02 | Bank Of America Corporation | Common data model for identity access management data |
US9407638B2 (en) | 2013-08-26 | 2016-08-02 | The Boeing Company | System and method for trusted mobile communications |
US9344439B2 (en) * | 2014-01-20 | 2016-05-17 | The Boeing Company | Executing unprotected mode services in a protected mode environment |
KR101671989B1 (ko) * | 2014-02-10 | 2016-11-03 | 한국전자통신연구원 | 전자 서명 제공 장치 및 방법 |
US10776457B1 (en) * | 2014-07-22 | 2020-09-15 | Epic Games, Inc. | System and method for preventing execution of unauthorized code |
CN105404819A (zh) * | 2014-09-10 | 2016-03-16 | 华为技术有限公司 | 一种数据访问控制方法、装置以及终端 |
US10049218B2 (en) | 2016-12-07 | 2018-08-14 | Google Llc | Rollback resistant security |
US10432407B2 (en) * | 2016-12-19 | 2019-10-01 | Arris Enterprises Llc | Secure provisioning of unique time-limited certificates to virtual application instances in dynamic and elastic systems |
US10805080B2 (en) * | 2017-01-06 | 2020-10-13 | Microsoft Technology Licensing, Llc | Strong resource identity in a cloud hosted system |
US10853471B2 (en) * | 2017-01-15 | 2020-12-01 | Apple Inc. | Managing permissions for different wireless devices to control a common host device |
EP3376464A1 (en) * | 2017-03-14 | 2018-09-19 | Electronics and Telecommunications Research Institute | Trust-based resource sharing method and system |
US10572680B2 (en) * | 2017-03-21 | 2020-02-25 | Microsoft Technology Licensing, Llc | Automated personalized out-of-the-box and ongoing in-application settings |
CN107688730A (zh) * | 2017-07-28 | 2018-02-13 | 宁波保税区攀峒信息科技有限公司 | 一种可执行文件安全运行方法 |
CN112005207A (zh) | 2018-10-18 | 2020-11-27 | 惠普发展公司,有限责任合伙企业 | 创建数据的统计分析以用于传输到服务器 |
EP3786826A1 (en) * | 2019-08-30 | 2021-03-03 | Barclays Execution Services Limited | Secure validation pipeline in a third party cloud environment |
US10812272B1 (en) | 2020-01-13 | 2020-10-20 | Cyberark Software Ltd. | Identifying computing processes on automation servers |
IL275947A (en) * | 2020-07-09 | 2022-02-01 | Google Llc | Anonymous Event Confirmation |
CN114238997B (zh) * | 2022-02-23 | 2022-05-10 | 国汽智控(北京)科技有限公司 | 基于车辆应用权限的资源调用方法、装置和电子设备 |
Family Cites Families (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6023765A (en) * | 1996-12-06 | 2000-02-08 | The United States Of America As Represented By The Secretary Of Commerce | Implementation of role-based access control in multi-level secure systems |
US6289462B1 (en) * | 1998-09-28 | 2001-09-11 | Argus Systems Group, Inc. | Trusted compartmentalized computer operating system |
US6981281B1 (en) | 2000-06-21 | 2005-12-27 | Microsoft Corporation | Filtering a permission set using permission requests associated with a code assembly |
ES2360005T3 (es) | 2000-09-21 | 2011-05-31 | Research In Motion Limited | Sistema y método de firma mediante código por software. |
EP1225512A1 (en) | 2001-01-19 | 2002-07-24 | Eyal Dotan | Method for protecting computer programs and data from hostile code |
FR2901038A1 (fr) * | 2006-05-15 | 2007-11-16 | France Telecom | Procede et dispositif de configuration securisee d'un terminal au moyen d'un dispositif de stockage de donnees de demarrage |
US8381306B2 (en) | 2006-05-30 | 2013-02-19 | Microsoft Corporation | Translating role-based access control policy to resource authorization policy |
US8117441B2 (en) | 2006-06-20 | 2012-02-14 | Microsoft Corporation | Integrating security protection tools with computer device integrity and privacy policy |
CN101231712A (zh) * | 2007-01-23 | 2008-07-30 | 上海宝信软件股份有限公司 | 业务授权模型及其在具体业务应用中的设定方法 |
US8196184B2 (en) * | 2007-02-16 | 2012-06-05 | Microsoft Corporation | Efficient data structures for multi-dimensional security |
US8433927B2 (en) | 2007-05-29 | 2013-04-30 | International Business Machines Corporation | Cryptographically-enabled privileged mode execution |
JP5043786B2 (ja) * | 2008-09-10 | 2012-10-10 | Kddi株式会社 | アクセス制御システム、アクセス制御方法 |
US8973158B2 (en) | 2011-07-20 | 2015-03-03 | Microsoft Technology Licensing Llc | Trust level activation |
US8832447B2 (en) * | 2011-08-10 | 2014-09-09 | Sony Corporation | System and method for using digital signatures to assign permissions |
CN102354356B (zh) * | 2011-09-29 | 2014-06-04 | 用友软件股份有限公司 | 数据权限管理装置和方法 |
-
2013
- 2013-06-24 US US13/925,703 patent/US9515832B2/en active Active
- 2013-09-21 JP JP2016521395A patent/JP6286034B2/ja active Active
- 2013-09-21 RU RU2015155272A patent/RU2637878C2/ru not_active IP Right Cessation
- 2013-09-21 WO PCT/US2013/061080 patent/WO2014209416A1/en active Application Filing
- 2013-09-21 EP EP13771337.6A patent/EP3014511A1/en not_active Ceased
- 2013-09-21 BR BR112015031853A patent/BR112015031853A8/pt not_active Application Discontinuation
- 2013-09-21 CN CN201380077757.4A patent/CN105408912B/zh active Active
Also Published As
Publication number | Publication date |
---|---|
US20140380058A1 (en) | 2014-12-25 |
CN105408912B (zh) | 2018-09-14 |
US9515832B2 (en) | 2016-12-06 |
BR112015031853A2 (pt) | 2017-07-25 |
CN105408912A (zh) | 2016-03-16 |
JP6286034B2 (ja) | 2018-02-28 |
EP3014511A1 (en) | 2016-05-04 |
WO2014209416A1 (en) | 2014-12-31 |
RU2015155272A (ru) | 2017-07-28 |
RU2637878C2 (ru) | 2017-12-07 |
JP2016527608A (ja) | 2016-09-08 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
BR112015031853A8 (pt) | sistema, método e dispositivo de armazenamento legível em computador para concessão de acesso de processo para um recurso de sistema | |
BR112017003412A2 (pt) | preservação de proteção de dados com política | |
BR112018006327A2 (pt) | sistema e método para usar um símbolo como instrução para iniciar a transferência de informação de identidade autenticada a um sistema alvo | |
BR112017018890A2 (pt) | controle de acesso para dados encriptados em identificadores legíveis por máquina | |
BR112016005604A8 (pt) | segurança de gabarito biométrico e geração de chave | |
MX361101B (es) | Tira para el suministro de un activo para el cuidado bucal y métodos para aplicar activos para el cuidado bucal. | |
BR112017005824A2 (pt) | método, e, dispositivo móvel. | |
BR112016021120A2 (pt) | Método e dispositivo de gerenciamento de dados confidenciais; método e sistema de autenticação segura | |
JP2013235612A5 (pt) | ||
GB2545838A (en) | Hypervisor and virtual machine protection | |
BRPI0711042A8 (pt) | Sistema, método para possibilitar um emissor de direitos criar dados de autenticação relacionados à um objeto e/ou criptografar o objeto usando uma chave diversificada e dispositivo | |
BR112016029790A8 (pt) | sistemas e métodos para sinalizar informações para conjuntos de camadas em um conjunto de parâmetros | |
AR097524A1 (es) | Encriptación de datos y tarjeta inteligente que almacena datos encriptados | |
BR112017014135A2 (pt) | métodos e sistemas para gerenciar permissões para acessar recursos de dispositivo móvel | |
JP2016527608A5 (pt) | ||
BR112015005740A2 (pt) | método para controlar o acesso a dados sendo processados por um recurso de computação remoto, meio legível por computador, e sistema para controlar o acesso a dados sendo processados por um recurso de computação remoto | |
BR112017003660A2 (pt) | conjuntos de armazenamento de dados escaláveis | |
BR112017007994A2 (pt) | armazenamento para dados criptografados com segurança reforçada | |
NZ701459A (en) | Systems and methods for secure processing with embedded cryptographic unit | |
MX355189B (es) | Autentificacion de usuario. | |
BR112017023840A2 (pt) | método, computador de entidade de validação, e, dispositivo móvel. | |
BR112015019554A8 (pt) | método, mídias de armazenamento e dispositivo para tela de bloqueio com aplicações socializadas | |
BR112015021174A2 (pt) | método de atualização do software de um terminal móvel, e, terminal móvel | |
BR112013009672A2 (pt) | guia individualizado de programas com base em restrições ao sistema e ao usuário | |
JP2015505225A5 (pt) |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
B06U | Preliminary requirement: requests with searches performed by other patent offices: procedure suspended [chapter 6.21 patent gazette] | ||
B11B | Dismissal acc. art. 36, par 1 of ipl - no reply within 90 days to fullfil the necessary requirements | ||
B350 | Update of information on the portal [chapter 15.35 patent gazette] |