JP4414092B2 - 制限付きトークンを介した最小権限 - Google Patents

制限付きトークンを介した最小権限 Download PDF

Info

Publication number
JP4414092B2
JP4414092B2 JP2000553884A JP2000553884A JP4414092B2 JP 4414092 B2 JP4414092 B2 JP 4414092B2 JP 2000553884 A JP2000553884 A JP 2000553884A JP 2000553884 A JP2000553884 A JP 2000553884A JP 4414092 B2 JP4414092 B2 JP 4414092B2
Authority
JP
Japan
Prior art keywords
token
access
restricted
application
parent
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP2000553884A
Other languages
English (en)
Japanese (ja)
Other versions
JP2002517853A5 (enExample
JP2002517853A (ja
Inventor
エム. スイフト マイケル
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Original Assignee
Microsoft Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp filed Critical Microsoft Corp
Publication of JP2002517853A publication Critical patent/JP2002517853A/ja
Publication of JP2002517853A5 publication Critical patent/JP2002517853A5/ja
Application granted granted Critical
Publication of JP4414092B2 publication Critical patent/JP4414092B2/ja
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2141Access rights, e.g. capability lists, access control lists, access tables, access matrices
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2149Restricted operating environment

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Automation & Control Theory (AREA)
  • Storage Device Security (AREA)
JP2000553884A 1998-06-12 1999-06-09 制限付きトークンを介した最小権限 Expired - Fee Related JP4414092B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US09/096,679 1998-06-12
US09/096,679 US6308274B1 (en) 1998-06-12 1998-06-12 Least privilege via restricted tokens
PCT/US1999/012914 WO1999064947A1 (en) 1998-06-12 1999-06-09 Least privilege via restricted tokens

Publications (3)

Publication Number Publication Date
JP2002517853A JP2002517853A (ja) 2002-06-18
JP2002517853A5 JP2002517853A5 (enExample) 2006-08-03
JP4414092B2 true JP4414092B2 (ja) 2010-02-10

Family

ID=22258544

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2000553884A Expired - Fee Related JP4414092B2 (ja) 1998-06-12 1999-06-09 制限付きトークンを介した最小権限

Country Status (5)

Country Link
US (1) US6308274B1 (enExample)
EP (1) EP1086414B1 (enExample)
JP (1) JP4414092B2 (enExample)
AT (1) ATE511671T1 (enExample)
WO (1) WO1999064947A1 (enExample)

Families Citing this family (179)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6941552B1 (en) * 1998-07-30 2005-09-06 International Business Machines Corporation Method and apparatus to retain applet security privileges outside of the Java virtual machine
US7188180B2 (en) 1998-10-30 2007-03-06 Vimetx, Inc. Method for establishing secure communication link between computers of virtual private network
US7010604B1 (en) 1998-10-30 2006-03-07 Science Applications International Corporation Agile network protocol for secure communications with assured system availability
US6502135B1 (en) 1998-10-30 2002-12-31 Science Applications International Corporation Agile network protocol for secure communications with assured system availability
US7418504B2 (en) 1998-10-30 2008-08-26 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US10511573B2 (en) 1998-10-30 2019-12-17 Virnetx, Inc. Agile network protocol for secure communications using secure domain names
US6449652B1 (en) 1999-01-04 2002-09-10 Emc Corporation Method and apparatus for providing secure access to a computer system resource
US6883100B1 (en) 1999-05-10 2005-04-19 Sun Microsystems, Inc. Method and system for dynamic issuance of group certificates
US7213262B1 (en) 1999-05-10 2007-05-01 Sun Microsystems, Inc. Method and system for proving membership in a nested group using chains of credentials
US7058817B1 (en) 1999-07-02 2006-06-06 The Chase Manhattan Bank System and method for single sign on process for websites with multiple applications and services
AU3438401A (en) 1999-11-04 2001-05-14 Jp Morgan Chase Bank System and method for automated financial project management
US7321864B1 (en) 1999-11-04 2008-01-22 Jpmorgan Chase Bank, N.A. System and method for providing funding approval associated with a project based on a document collection
US8571975B1 (en) 1999-11-24 2013-10-29 Jpmorgan Chase Bank, N.A. System and method for sending money via E-mail over the internet
US10275780B1 (en) 1999-11-24 2019-04-30 Jpmorgan Chase Bank, N.A. Method and apparatus for sending a rebate via electronic mail over the internet
US6867789B1 (en) 2000-02-15 2005-03-15 Bank One, Delaware, National Association System and method for generating graphical user interfaces
US6591265B1 (en) * 2000-04-03 2003-07-08 International Business Machines Corporation Dynamic behavior-based access control system and method
US7058798B1 (en) 2000-04-11 2006-06-06 Sun Microsystems, Inc. Method ans system for pro-active credential refreshing
US6971018B1 (en) * 2000-04-28 2005-11-29 Microsoft Corporation File protection service for a computer system
US7174454B2 (en) 2002-11-19 2007-02-06 America Online, Inc. System and method for establishing historical usage-based hardware trust
US7216361B1 (en) * 2000-05-19 2007-05-08 Aol Llc, A Delaware Limited Liability Company Adaptive multi-tier authentication system
US7426530B1 (en) 2000-06-12 2008-09-16 Jpmorgan Chase Bank, N.A. System and method for providing customers with seamless entry to a remote server
US10185936B2 (en) 2000-06-22 2019-01-22 Jpmorgan Chase Bank, N.A. Method and system for processing internet payments
US8341743B2 (en) * 2000-07-14 2012-12-25 Ca, Inc. Detection of viral code using emulation of operating system functions
US8335855B2 (en) 2001-09-19 2012-12-18 Jpmorgan Chase Bank, N.A. System and method for portal infrastructure tracking
US7246263B2 (en) 2000-09-20 2007-07-17 Jpmorgan Chase Bank System and method for portal infrastructure tracking
US6754889B1 (en) * 2000-10-04 2004-06-22 Compuware Corporation Java automation, testing, and analysis
JP2002182983A (ja) * 2000-12-13 2002-06-28 Sharp Corp データベースへのアクセス制御方法、データベース装置、リソースへのアクセス制御方法、情報処理装置
US20020099668A1 (en) * 2001-01-22 2002-07-25 Sun Microsystems, Inc. Efficient revocation of registration authorities
JP2002251326A (ja) * 2001-02-22 2002-09-06 Hitachi Ltd 耐タンパ計算機システム
US7020645B2 (en) 2001-04-19 2006-03-28 Eoriginal, Inc. Systems and methods for state-less authentication
US8849716B1 (en) 2001-04-20 2014-09-30 Jpmorgan Chase Bank, N.A. System and method for preventing identity theft or misuse by restricting access
US7689506B2 (en) 2001-06-07 2010-03-30 Jpmorgan Chase Bank, N.A. System and method for rapid updating of credit information
US7266839B2 (en) 2001-07-12 2007-09-04 J P Morgan Chase Bank System and method for providing discriminated content to network users
US20030028813A1 (en) * 2001-08-02 2003-02-06 Dresser, Inc. Security for standalone systems running dedicated application
US20030028622A1 (en) * 2001-08-06 2003-02-06 Mitsuhiro Inoue License management server, terminal device, license management system and usage restriction control method
US7103576B2 (en) 2001-09-21 2006-09-05 First Usa Bank, Na System for providing cardless payment
CA2466071C (en) 2001-11-01 2016-04-12 Bank One, Delaware, N.A. System and method for establishing or modifying an account with user selectable terms
JP2003140972A (ja) * 2001-11-08 2003-05-16 Nec Corp プログラム実行装置及びプログラム実行方法並びにそれを用いた携帯端末及び情報提供システム
US7987501B2 (en) 2001-12-04 2011-07-26 Jpmorgan Chase Bank, N.A. System and method for single session sign-on
US7941533B2 (en) 2002-02-19 2011-05-10 Jpmorgan Chase Bank, N.A. System and method for single sign-on session management without central server
US7353383B2 (en) 2002-03-18 2008-04-01 Jpmorgan Chase Bank, N.A. System and method for single session sign-on with cryptography
KR100450402B1 (ko) * 2002-04-17 2004-09-30 한국전자통신연구원 컴퓨터 시스템에 있어서 보안속성을 갖는 토큰을 이용한접근 제어방법
US6950815B2 (en) * 2002-04-23 2005-09-27 International Business Machines Corporation Content management system and methodology featuring query conversion capability for efficient searching
US6999966B2 (en) * 2002-04-23 2006-02-14 International Business Machines Corporation Content management system and methodology for implementing a complex object using nested/recursive structures
US7082455B2 (en) * 2002-04-23 2006-07-25 International Business Machines Corporation Method and apparatus of parameter passing of structured data for stored procedures in a content management system
US6938050B2 (en) 2002-04-23 2005-08-30 International Business Machines Corporation Content management system and methodology employing a tree-based table hierarchy which accomodates opening a dynamically variable number of cursors therefor
US7035854B2 (en) * 2002-04-23 2006-04-25 International Business Machines Corporation Content management system and methodology employing non-transferable access tokens to control data access
US6944627B2 (en) * 2002-04-23 2005-09-13 International Business Machines Corporation Content management system and methodology employing a tree-based table hierarchy featuring arbitrary information retrieval from different locations in the hierarchy
US6947948B2 (en) * 2002-04-23 2005-09-20 International Business Machines Corporation Version-enabled, multi-typed, multi-targeting referential integrity relational database system and methodology
US7246324B2 (en) 2002-05-23 2007-07-17 Jpmorgan Chase Bank Method and system for data capture with hidden applets
US7143174B2 (en) 2002-06-12 2006-11-28 The Jpmorgan Chase Bank, N.A. Method and system for delayed cookie transmission in a client-server architecture
US20030236975A1 (en) * 2002-06-20 2003-12-25 International Business Machines Corporation System and method for improved electronic security credentials
US7472171B2 (en) 2002-06-21 2008-12-30 Jpmorgan Chase Bank, National Association Method and system for determining receipt of a delayed cookie in a client-server architecture
US20040003287A1 (en) * 2002-06-28 2004-01-01 Zissimopoulos Vasileios Bill Method for authenticating kerberos users from common web browsers
US7770212B2 (en) 2002-08-15 2010-08-03 Activcard System and method for privilege delegation and control
US20040059939A1 (en) * 2002-09-13 2004-03-25 Sun Microsystems, Inc., A Delaware Corporation Controlled delivery of digital content in a system for digital content access control
US7512972B2 (en) * 2002-09-13 2009-03-31 Sun Microsystems, Inc. Synchronizing for digital content access control
US20040054629A1 (en) * 2002-09-13 2004-03-18 Sun Microsystems, Inc., A Delaware Corporation Provisioning for digital content access control
US20040059913A1 (en) * 2002-09-13 2004-03-25 Sun Microsystems, Inc., A Delaware Corporation Accessing for controlled delivery of digital content in a system for digital content access control
US7240365B2 (en) * 2002-09-13 2007-07-03 Sun Microsystems, Inc. Repositing for digital content access control
US7363651B2 (en) * 2002-09-13 2008-04-22 Sun Microsystems, Inc. System for digital content access control
US7380280B2 (en) * 2002-09-13 2008-05-27 Sun Microsystems, Inc. Rights locker for digital content access control
US7913312B2 (en) * 2002-09-13 2011-03-22 Oracle America, Inc. Embedded content requests in a rights locker system for digital content access control
US20040083370A1 (en) * 2002-09-13 2004-04-29 Sun Microsystems, Inc., A Delaware Corporation Rights maintenance in a rights locker system for digital content access control
US7398557B2 (en) * 2002-09-13 2008-07-08 Sun Microsystems, Inc. Accessing in a rights locker system for digital content access control
US20040064719A1 (en) * 2002-09-13 2004-04-01 Sun Microsystems, Inc., A Delaware Corporation Accessing for digital content access control
US7058660B2 (en) 2002-10-02 2006-06-06 Bank One Corporation System and method for network-based project management
US7526798B2 (en) * 2002-10-31 2009-04-28 International Business Machines Corporation System and method for credential delegation using identity assertion
US8301493B2 (en) 2002-11-05 2012-10-30 Jpmorgan Chase Bank, N.A. System and method for providing incentives to consumers to share information
US20040122849A1 (en) * 2002-12-24 2004-06-24 International Business Machines Corporation Assignment of documents to a user domain
US7392246B2 (en) * 2003-02-14 2008-06-24 International Business Machines Corporation Method for implementing access control for queries to a content management system
US20040167989A1 (en) * 2003-02-25 2004-08-26 Jeff Kline Method and system for creating and managing a website
GB0311537D0 (en) * 2003-05-20 2003-06-25 Safa John Controlling write access of an application to a storage medium
US7343628B2 (en) * 2003-05-28 2008-03-11 Sap Ag Authorization data model
US8214884B2 (en) * 2003-06-27 2012-07-03 Attachmate Corporation Computer-based dynamic secure non-cached delivery of security credentials such as digitally signed certificates or keys
US7376838B2 (en) 2003-07-17 2008-05-20 Jp Morgan Chase Bank Method for controlled and audited access to privileged accounts on computer systems
US20050080897A1 (en) * 2003-09-29 2005-04-14 Capital One Financial Corporation Remote management utility
US7290278B2 (en) 2003-10-02 2007-10-30 Aol Llc, A Delaware Limited Liability Company Identity based service system
US20050091658A1 (en) * 2003-10-24 2005-04-28 Microsoft Corporation Operating system resource protection
US20050091535A1 (en) * 2003-10-24 2005-04-28 Microsoft Corporation Application identity for software products
US8190893B2 (en) 2003-10-27 2012-05-29 Jp Morgan Chase Bank Portable security transaction protocol
US7721329B2 (en) * 2003-11-18 2010-05-18 Aol Inc. Method and apparatus for trust-based, fine-grained rate limiting of network requests
US20050119902A1 (en) * 2003-11-28 2005-06-02 Christiansen David L. Security descriptor verifier
US7421696B2 (en) 2003-12-22 2008-09-02 Jp Morgan Chase Bank Methods and systems for managing successful completion of a network of processes
US7467386B2 (en) * 2004-01-16 2008-12-16 International Business Machines Corporation Parameter passing of data structures where API and corresponding stored procedure are different versions/releases
US7392386B2 (en) 2004-01-28 2008-06-24 J P Morgan Chase Bank Setuid-filter method for providing secure access to a credentials store for computer systems
US7908663B2 (en) * 2004-04-20 2011-03-15 Microsoft Corporation Abstractions and automation for enhanced sharing and collaboration
US7587594B1 (en) 2004-08-30 2009-09-08 Microsoft Corporation Dynamic out-of-process software components isolation for trustworthiness execution
US20060193467A1 (en) * 2005-02-16 2006-08-31 Joseph Levin Access control in a computer system
US8631476B2 (en) * 2005-03-31 2014-01-14 Sap Ag Data processing system including explicit and generic grants of action authorization
US7665098B2 (en) * 2005-04-29 2010-02-16 Microsoft Corporation System and method for monitoring interactions between application programs and data stores
US20060265262A1 (en) * 2005-05-18 2006-11-23 Microsoft Corporation Distributed conference scheduling
US20060282830A1 (en) * 2005-06-13 2006-12-14 Microsoft Corporation Analysis of the impact of application programs on resources stored in data stores
US8185877B1 (en) 2005-06-22 2012-05-22 Jpmorgan Chase Bank, N.A. System and method for testing applications
US7636851B2 (en) * 2005-06-30 2009-12-22 Microsoft Corporation Providing user on computer operating system with full privileges token and limited privileges token
US7779480B2 (en) * 2005-06-30 2010-08-17 Microsoft Corporation Identifying dependencies of an application upon a given security context
US7620995B2 (en) * 2005-06-30 2009-11-17 Microsoft Corporation Identifying dependencies of an application upon a given security context
US7784101B2 (en) * 2005-06-30 2010-08-24 Microsoft Corporation Identifying dependencies of an application upon a given security context
US8320880B2 (en) * 2005-07-20 2012-11-27 Qualcomm Incorporated Apparatus and methods for secure architectures in wireless networks
US7580933B2 (en) * 2005-07-28 2009-08-25 Microsoft Corporation Resource handling for taking permissions
US7895651B2 (en) 2005-07-29 2011-02-22 Bit 9, Inc. Content tracking in a network security system
US8984636B2 (en) 2005-07-29 2015-03-17 Bit9, Inc. Content extractor and analysis system
US8272058B2 (en) 2005-07-29 2012-09-18 Bit 9, Inc. Centralized timed analysis in a network security system
US8006088B2 (en) * 2005-08-18 2011-08-23 Beyondtrust Corporation Methods and systems for network-based management of application security
US8583926B1 (en) 2005-09-19 2013-11-12 Jpmorgan Chase Bank, N.A. System and method for anti-phishing authentication
US20070199072A1 (en) * 2005-10-14 2007-08-23 Softwareonline, Llc Control of application access to system resources
WO2008048320A1 (en) 2005-10-14 2008-04-24 Xeriton Corporation Control of application access to system resources
US20070199057A1 (en) * 2005-10-14 2007-08-23 Softwareonline, Llc Control of application access to system resources
US10503418B2 (en) 2005-12-01 2019-12-10 Drive Sentry Limited System and method to secure a computer system by selective control of write access to a data storage medium
US20100153671A1 (en) * 2005-12-01 2010-06-17 Drive Sentry Inc. System and method to secure a computer system by selective control of write access to a data storage medium
US7664924B2 (en) * 2005-12-01 2010-02-16 Drive Sentry, Inc. System and method to secure a computer system by selective control of write access to a data storage medium
US9600661B2 (en) * 2005-12-01 2017-03-21 Drive Sentry Limited System and method to secure a computer system by selective control of write access to a data storage medium
US7525425B2 (en) * 2006-01-20 2009-04-28 Perdiem Llc System and method for defining an event based on relationship between an object location and a user-defined zone
US8490093B2 (en) 2006-02-03 2013-07-16 Microsoft Corporation Managed control of processes including privilege escalation
US20080040363A1 (en) * 2006-07-13 2008-02-14 Siemens Medical Solutions Usa, Inc. System for Processing Relational Database Data
US8793490B1 (en) 2006-07-14 2014-07-29 Jpmorgan Chase Bank, N.A. Systems and methods for multifactor authentication
WO2008063185A1 (en) 2006-10-14 2008-05-29 Xeriton Corporation Control of application access to system resources
US20080184330A1 (en) * 2007-01-25 2008-07-31 Lal Rakesh M Levels of access to medical diagnostic features based on user login
US8473735B1 (en) 2007-05-17 2013-06-25 Jpmorgan Chase Systems and methods for managing digital certificates
JP4912225B2 (ja) 2007-06-12 2012-04-11 キヤノン株式会社 情報処理方法及びプログラム
US7386885B1 (en) 2007-07-03 2008-06-10 Kaspersky Lab, Zao Constraint-based and attribute-based security system for controlling software component interaction
KR101456489B1 (ko) * 2007-07-23 2014-10-31 삼성전자주식회사 CLDC OSGi 환경에서 어플리케이션의 접속 권한을관리하는 방법 및 장치
US8332922B2 (en) * 2007-08-31 2012-12-11 Microsoft Corporation Transferable restricted security tokens
US8245289B2 (en) * 2007-11-09 2012-08-14 International Business Machines Corporation Methods and systems for preventing security breaches
US8650616B2 (en) * 2007-12-18 2014-02-11 Oracle International Corporation User definable policy for graduated authentication based on the partial orderings of principals
US8321682B1 (en) 2008-01-24 2012-11-27 Jpmorgan Chase Bank, N.A. System and method for generating and managing administrator passwords
EP2269358A2 (en) * 2008-04-22 2011-01-05 Barclays Capital Inc. System and method for secure remote computer task automation
US20100036845A1 (en) * 2008-08-07 2010-02-11 Research In Motion Limited System and Method for Negotiating the Access Control List of Data Items in an Ad-Hoc Network with Designated Owner Override Ability
US9882769B2 (en) * 2008-08-08 2018-01-30 Blackberry Limited System and method for registration of an agent to process management object updates
US8429741B2 (en) * 2008-08-29 2013-04-23 Google, Inc. Altered token sandboxing
US8234693B2 (en) * 2008-12-05 2012-07-31 Raytheon Company Secure document management
US8544083B2 (en) * 2009-02-19 2013-09-24 Microsoft Corporation Identification security elevation
US8555378B2 (en) * 2009-03-11 2013-10-08 Sas Institute Inc. Authorization caching in a multithreaded object server
US8850549B2 (en) * 2009-05-01 2014-09-30 Beyondtrust Software, Inc. Methods and systems for controlling access to resources and privileges per process
US9608826B2 (en) 2009-06-29 2017-03-28 Jpmorgan Chase Bank, N.A. System and method for partner key management
US8589264B2 (en) * 2009-10-19 2013-11-19 International Business Machines Corporation Token licensing mapping costs to enabled software tool features
US8996866B2 (en) * 2009-12-22 2015-03-31 Microsoft Technology Licensing, Llc Unobtrusive assurance of authentic user intent
US8782429B2 (en) * 2009-12-23 2014-07-15 Ab Initio Technology Llc Securing execution of computational resources
US8621647B1 (en) * 2010-01-11 2013-12-31 Google Inc. Restricting privileges of first privileged process in operating system using second privileged process
JP5702953B2 (ja) * 2010-06-09 2015-04-15 キヤノン株式会社 情報処理装置及びアプリケーションの実行方法とプログラム
US8806602B2 (en) 2011-08-15 2014-08-12 Bank Of America Corporation Apparatus and method for performing end-to-end encryption
WO2013025590A1 (en) * 2011-08-15 2013-02-21 Bank Of America Corporation Method and apparatus for making token-based access decisions
US8572689B2 (en) 2011-08-15 2013-10-29 Bank Of America Corporation Apparatus and method for making access decision using exceptions
WO2013025592A1 (en) * 2011-08-15 2013-02-21 Bank Of America Corporation Method and apparatus for token-based conditioning
US8572714B2 (en) 2011-08-15 2013-10-29 Bank Of America Corporation Apparatus and method for determining subject assurance level
US8950002B2 (en) * 2011-08-15 2015-02-03 Bank Of America Corporation Method and apparatus for token-based access of related resources
US8726341B2 (en) 2011-08-15 2014-05-13 Bank Of America Corporation Apparatus and method for determining resource trust levels
US8789143B2 (en) 2011-08-15 2014-07-22 Bank Of America Corporation Method and apparatus for token-based conditioning
US8789162B2 (en) 2011-08-15 2014-07-22 Bank Of America Corporation Method and apparatus for making token-based access decisions
US8458781B2 (en) 2011-08-15 2013-06-04 Bank Of America Corporation Method and apparatus for token-based attribute aggregation
US8752124B2 (en) 2011-08-15 2014-06-10 Bank Of America Corporation Apparatus and method for performing real-time authentication using subject token combinations
US8539558B2 (en) * 2011-08-15 2013-09-17 Bank Of America Corporation Method and apparatus for token-based token termination
US8584202B2 (en) 2011-08-15 2013-11-12 Bank Of America Corporation Apparatus and method for determining environment integrity levels
US8910290B2 (en) 2011-08-15 2014-12-09 Bank Of America Corporation Method and apparatus for token-based transaction tagging
US8572683B2 (en) * 2011-08-15 2013-10-29 Bank Of America Corporation Method and apparatus for token-based re-authentication
US8726340B2 (en) * 2011-08-15 2014-05-13 Bank Of America Corporation Apparatus and method for expert decisioning
GB2494391B (en) 2011-09-02 2014-06-18 Avecto Ltd Computer device with anti-tamper resource security
US8689324B2 (en) * 2012-04-04 2014-04-01 Sas Institute, Inc. Techniques to explain authorization origins for protected resource objects in a resource object domain
US8826390B1 (en) 2012-05-09 2014-09-02 Google Inc. Sharing and access control
US8844026B2 (en) * 2012-06-01 2014-09-23 Blackberry Limited System and method for controlling access to secure resources
US9419957B1 (en) 2013-03-15 2016-08-16 Jpmorgan Chase Bank, N.A. Confidence-based authentication
US9213820B2 (en) * 2013-09-10 2015-12-15 Ebay Inc. Mobile authentication using a wearable device
US10148726B1 (en) 2014-01-24 2018-12-04 Jpmorgan Chase Bank, N.A. Initiating operating system commands based on browser cookies
US11100242B2 (en) * 2014-05-30 2021-08-24 Apple Inc. Restricted resource classes of an operating system
US20170220792A1 (en) * 2014-07-25 2017-08-03 Hewlett-Packard Development Company, L.P. Constraining authorization tokens via filtering
JP6285853B2 (ja) * 2014-12-05 2018-02-28 株式会社ソニー・インタラクティブエンタテインメント 情報処理装置および情報処理方法
US9785783B2 (en) * 2015-07-23 2017-10-10 Ca, Inc. Executing privileged code in a process
US10104084B2 (en) * 2015-07-30 2018-10-16 Cisco Technology, Inc. Token scope reduction
US10505962B2 (en) * 2016-08-16 2019-12-10 Nec Corporation Blackbox program privilege flow analysis with inferred program behavior context
US10402564B2 (en) * 2016-08-16 2019-09-03 Nec Corporation Fine-grained analysis and prevention of invalid privilege transitions
US10120786B2 (en) * 2016-12-13 2018-11-06 Sap Se Programmatic access control validation
US10977361B2 (en) 2017-05-16 2021-04-13 Beyondtrust Software, Inc. Systems and methods for controlling privileged operations
US11165776B2 (en) * 2018-08-28 2021-11-02 International Business Machines Corporation Methods and systems for managing access to computing system resources
US11201871B2 (en) * 2018-12-19 2021-12-14 Uber Technologies, Inc. Dynamically adjusting access policies
US11328054B2 (en) * 2018-12-21 2022-05-10 Netiq Corporation Preventing access to single sign on credentials associated with executing applications
US11528149B2 (en) 2019-04-26 2022-12-13 Beyondtrust Software, Inc. Root-level application selective configuration
US11916918B2 (en) * 2020-04-14 2024-02-27 Salesforce, Inc. System mode override during flow execution
US11620394B2 (en) * 2020-12-22 2023-04-04 International Business Machines Corporation Allocating multiple database access tokens to a single user
US20250158820A1 (en) * 2023-11-10 2025-05-15 Capital One Services, Llc Systems and methods for managing resource access permissions

Family Cites Families (35)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4962449A (en) 1988-04-11 1990-10-09 Artie Schlesinger Computer security system having remote location recognition and remote location lock-out
JPH087709B2 (ja) 1989-05-15 1996-01-29 インターナシヨナル・ビジネス・マシーンズ・コーポレーシヨン アクセス特権制御方法及びシステム
US5187790A (en) 1989-06-29 1993-02-16 Digital Equipment Corporation Server impersonation of client processes in an object based computer operating system
US5138712A (en) * 1989-10-02 1992-08-11 Sun Microsystems, Inc. Apparatus and method for licensing software on a network of computers
US5204961A (en) 1990-06-25 1993-04-20 Digital Equipment Corporation Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols
US5577209A (en) 1991-07-11 1996-11-19 Itt Corporation Apparatus and method for providing multi-level security for communication among computers and terminals on a network
US5276901A (en) * 1991-12-16 1994-01-04 International Business Machines Corporation System for controlling group access to objects using group access control folder and group identification as individual user
CA2093094C (en) 1992-04-06 2000-07-11 Addison M. Fischer Method and apparatus for creating, supporting, and using travelling programs
US5412717A (en) 1992-05-15 1995-05-02 Fischer; Addison M. Computer system security method and apparatus having program authorization information data structures
JP2519390B2 (ja) * 1992-09-11 1996-07-31 インターナショナル・ビジネス・マシーンズ・コーポレイション デ―タ通信方法及び装置
US5649099A (en) 1993-06-04 1997-07-15 Xerox Corporation Method for delegating access rights through executable access control program without delegating access rights not in a specification to any intermediary nor comprising server security
AU3099295A (en) 1994-08-09 1996-03-07 Shiva Corporation Apparatus and method for restricting access to a local computer network
DE69427347T2 (de) 1994-08-15 2001-10-31 International Business Machines Corp., Armonk Verfahren und System zur verbesserten Zugriffssteuerung auf Basis der Rollen in verteilten und zentralisierten Rechnersystemen
US5864683A (en) 1994-10-12 1999-01-26 Secure Computing Corporartion System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights
US5682478A (en) 1995-01-19 1997-10-28 Microsoft Corporation Method and apparatus for supporting multiple, simultaneous services over multiple, simultaneous connections between a client and network server
US5696898A (en) 1995-06-06 1997-12-09 Lucent Technologies Inc. System and method for database access control
US5675782A (en) * 1995-06-06 1997-10-07 Microsoft Corporation Controlling access to objects on multiple operating systems
US5761669A (en) 1995-06-06 1998-06-02 Microsoft Corporation Controlling access to objects on multiple operating systems
US5678041A (en) * 1995-06-06 1997-10-14 At&T System and method for restricting user access rights on the internet based on rating information stored in a relational database
US5941947A (en) * 1995-08-18 1999-08-24 Microsoft Corporation System and method for controlling access to data entities in a computer network
US5757916A (en) 1995-10-06 1998-05-26 International Series Research, Inc. Method and apparatus for authenticating the location of remote users of networked computing systems
US5638448A (en) 1995-10-24 1997-06-10 Nguyen; Minhtam C. Network with secure communications sessions
US5680461A (en) 1995-10-26 1997-10-21 Sun Microsystems, Inc. Secure network protocol system and method
US5826029A (en) * 1995-10-31 1998-10-20 International Business Machines Corporation Secured gateway interface
US5745676A (en) * 1995-12-04 1998-04-28 International Business Machines Corporation Authority reduction and restoration method providing system integrity for subspace groups and single address spaces during program linkage
JPH09190236A (ja) 1996-01-10 1997-07-22 Canon Inc 情報処理方法及び装置及びシステム
WO1997026734A1 (en) 1996-01-16 1997-07-24 Raptor Systems, Inc. Transferring encrypted packets over a public network
US5925109A (en) * 1996-04-10 1999-07-20 National Instruments Corporation System for I/O management where I/O operations are determined to be direct or indirect based on hardware coupling manners and/or program privilege modes
TW313642B (en) 1996-06-11 1997-08-21 Ibm A uniform mechanism for using signed content
US5845067A (en) 1996-09-09 1998-12-01 Porter; Jack Edward Method and apparatus for document management utilizing a messaging system
US5983350A (en) 1996-09-18 1999-11-09 Secure Computing Corporation Secure firewall supporting different levels of authentication based on address or encryption status
US5949882A (en) * 1996-12-13 1999-09-07 Compaq Computer Corporation Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm
US6105132A (en) 1997-02-20 2000-08-15 Novell, Inc. Computer network graded authentication system and method
US5983270A (en) 1997-03-11 1999-11-09 Sequel Technology Corporation Method and apparatus for managing internetwork and intranetwork activity
US6081807A (en) * 1997-06-13 2000-06-27 Compaq Computer Corporation Method and apparatus for interfacing with a stateless network file system server

Also Published As

Publication number Publication date
US6308274B1 (en) 2001-10-23
EP1086414A1 (en) 2001-03-28
WO1999064947A1 (en) 1999-12-16
JP2002517853A (ja) 2002-06-18
ATE511671T1 (de) 2011-06-15
EP1086414B1 (en) 2011-06-01

Similar Documents

Publication Publication Date Title
JP4414092B2 (ja) 制限付きトークンを介した最小権限
JP4809530B2 (ja) 制限付きのトークンを使用したセキュリティモデル
JP4906188B2 (ja) 信頼できないコンテントを安全に実行するための方法およびシステム
US7350204B2 (en) Policies for secure software execution
JP4625181B2 (ja) セキュリティ・ロケーション識別の方法およびシステム
US8181219B2 (en) Access authorization having embedded policies
US8266702B2 (en) Analyzing access control configurations
US7246374B1 (en) Enhancing computer system security via multiple user desktops
US7200869B1 (en) System and method for protecting domain data against unauthorized modification
US8850549B2 (en) Methods and systems for controlling access to resources and privileges per process
US20090282457A1 (en) Common representation for different protection architectures (crpa)
US20070156691A1 (en) Management of user access to objects
JP2011526387A (ja) コンピューティングプロセスのための最小特権アクセスの付与
US8646044B2 (en) Mandatory integrity control
US20210357518A1 (en) Control of access to hierarchical nodes
Estor et al. Mandatory Access Control & SELinux

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20060609

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20060609

RD04 Notification of resignation of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: A7424

Effective date: 20060609

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20090130

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20090430

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20090616

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20090916

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20091020

A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20091119

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20121127

Year of fee payment: 3

R150 Certificate of patent or registration of utility model

Free format text: JAPANESE INTERMEDIATE CODE: R150

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20121127

Year of fee payment: 3

FPAY Renewal fee payment (event date is renewal date of database)

Free format text: PAYMENT UNTIL: 20131127

Year of fee payment: 4

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

S111 Request for change of ownership or part of ownership

Free format text: JAPANESE INTERMEDIATE CODE: R313113

R350 Written notification of registration of transfer

Free format text: JAPANESE INTERMEDIATE CODE: R350

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

LAPS Cancellation because of no payment of annual fees