JP4878647B2 - 信頼できないコンテントを安全に実行するための方法およびシステム - Google Patents
信頼できないコンテントを安全に実行するための方法およびシステム Download PDFInfo
- Publication number
- JP4878647B2 JP4878647B2 JP2010054439A JP2010054439A JP4878647B2 JP 4878647 B2 JP4878647 B2 JP 4878647B2 JP 2010054439 A JP2010054439 A JP 2010054439A JP 2010054439 A JP2010054439 A JP 2010054439A JP 4878647 B2 JP4878647 B2 JP 4878647B2
- Authority
- JP
- Japan
- Prior art keywords
- access
- restricted
- resource
- token
- security
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
- G06F21/53—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2145—Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Databases & Information Systems (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Storage Device Security (AREA)
- Information Transfer Between Computers (AREA)
Description
歴史的に、実行可能なコンテント(content)は磁気媒体を物理的にコンピュータに運び、管理権限を持つ人にインストールしてもらうによってのみ、コンピュータにインストールすることができた。しかし現在、インターネットにより、普通のコンピュータユーザがプログラム、HTMLページ、および制御などの実行可能なコンテントをダウンロードすることが非常に簡単になり、普及してきた。多くの場合、実行可能なコンテントは、ユーザがこのようなイベントが起きたことに気づくことさえなく、インターネットを介してダウンロードし、実行することが可能である。同様に、コンピュータユーザは実行可能なプログラム、および/またはマクロを含む文書など実行可能なコンテントが含まれるファイルを含む電子メールまたはニュースを受信するか、さらに、メールまたはニュース自体がHTMLページである場合がある。このようなメッセージまたはその添付物を開くことは、どのような実行可能なコンテントが存在するにせよ受信者のシステムをそのコンテントにさらすことになる。
図1および以下の議論は、本発明が実現できる適切なコンピューティング環境の簡単で一般的な説明を提供することを意図している。必要ではないが、本発明は、パーソナルコンピュータによって実行されるプログラムモジュールなどのコンピュータ実行可能な命令の一般的なコンテキスト内で説明される。一般に、プログラムモジュールはルーチン、プログラム、オブジェクト、構成要素、データ構造などを含み、特定のタスクを実行するか、特定の抽象的なデータタイプを実装する。さらに、当業者であれば本発明は、ハンドヘルド・デバイス、マルチプロセッサシステム、マイクロプロセッサに基づいたまたはプログラミング可能な消費者電気製品、ネットワークPC、ミニコンピュータ、メインフレームコンピュータなどを含む他ののコンピュータシステム構成でも実行できることが理解されるであろう。本発明はまた、通信ネットワークを介してリンクされた遠隔処理デバイスによってタスクが実行される分散コンピューティング環境内でも実行できる。分散コンピューティング環境では、プログラムモジュールはローカルメモリ記憶デバイスおよび遠隔メモリ記憶デバイスの両方に位置する場合がある。
本発明の好ましいセキュリティモデルは、Windows NTセキュリティモデルに関して説明される。しかし、本発明をWindows NTオペレーティングシステムに限定する意図はなく、逆に、本発明はオペレーティングシステムのレベルでセキュリティチェックを実行する任意のメカニズムで動作し、利益を提供することを目的としている。さらに、本発明はスレッドごとのベースでソフトウェア障害の隔離で使用するか、または制限が現在実行されているクラスのスタックから決定されるバーチャルマシンで使用することもできる。さらに、本発明は必ずしもカーネルモードの動作に依存するわけではなく、ソフトウェア障害の隔離またはバーチャルマシンのように、ユーザモードで実現することもできる。
制限付きのトークンは次のように、既存のアクセストークン(制限付きまたは制限なし)から作成される。また次に説明するように、制限付きトークンが任意の制限付きセキュリティIDを含む場合、そのトークンは追加のアクセスチェックを受け、その中で制限付きセキュリティIDはオブジェクトのACL内のエントリーと比較される。
ジョブとは一組の編成化されたプロセスをその中に有するカーネルオブジェクトであり、各ジョブはそれに関連付けられた異なるタイプの制限を有する可能性がある。本発明によれば、制限付きトークンはWindows NTジョブオブジェクトに統合され、同じ制限の下に実行される多数のプロセスの管理を可能にできる。ジョブオブジェクト制限は次のように表される。
本発明の一態様によれば、制限付きトークンを使用して信頼できないコンテントを実行するための制限付きセキュリティコンテキストが設定される。典型的に信頼できないコンテントの1つのタイプは、インターネットのサイトからダウンロードされたコンテントである。このようなコンテントを制限するために、プロセスを(少なくとも)一般に制限付きトークンおよび他の制限と関連付けることによって、ブラウズされた各サイトを実行するための制限付きプロセスを設定できる。プロセスはジョブオブジェクトの中にもあり、これによって、サイトのプロセスによって作成された任意のプロセスが自動的に同じ制限を与えられる場合があることに注意されたい。ジョブオブジェクトの他の利点は、たとえば、プロセスがマシンをシャットダウンしたりまたはクリップボードのデータにアクセスできないように、ウィンドウ化動作も制限できることである。いずれの場合でも、ダイナミックHTML、Java制御またはActive−X制御を介するなどでサイトのコンテントが実行する任意のアクションはプロセス内で発生し、これによって、そのプロセスの制限を受ける。多数のフレームが同時に画面上のウィンドウ内に表示されても、フレームの実際のサイトソースにかかわらず、異なるフレームは異なるサイトとして処理されることに注意されたい。
62 UserAndGroupsフィールド
64 ユーザSID
66 グループSID
68 権限
72 オブジェクト
74 オブジェクトマネジャー
76 セキュリティ記述子
78 セキュリティメカニズム
80 DACL
81 SACL
84 制限付きトークン
86 NtFilterToken API
88 UserAndGroupsフィールド
90 権限フィールド
92 制限付きセキュリティIDフィールド
94 制限付きプロセス
Claims (4)
- コンピュータシステムにおいて、実行可能なコンテントが、記憶装置に記憶されたリソースへアクセスすることを制限する方法であって、
前記コンピュータシステムのプロセッサにおいて、前記コンテントを実行中の前記プロセッサが前記リソースへアクセスするためのプロセスを設定するステップと、
前記コンピュータシステムの識別手段において、前記コンピュータシステムにログオン中のユーザの認証方法の種類に基づいて前記プロセスの信頼レベルを決定するステップと、
前記コンピュータシステムの制御手段において、前記決定された信頼レベルに対応するアクセス権の範囲内で前記プロセスが前記リソースにアクセスすることを決定するステップと、
前記識別手段において、前記決定された信頼レベルに対応するセキュリティ識別子を決定するステップと、
前記コンピュータシステムの作成手段において、前記決定されたセキュリティ識別子を含む制限付きトークンを作成するステップと
を備え、
前記コンピュータシステムは、前記リソースに関連付けられたセキュリティ識別子およびアクセス権の情報を前記記憶装置に記憶しており、かつ前記プロセスの信頼レベルを前記セキュリティ識別子に関連付けて前記記憶装置に記憶しており、
前記プロセスが前記リソースにアクセスすることを決定するステップは、前記制御手段において、前記リソースに関連付けられた前記記憶されたセキュリティ識別子を参照し、前記制限付きトークンに含まれたセキュリティ識別子が見つかった場合、前記見つかったセキュリティ識別子に対応する前記アクセス権の範囲内で前記プロセスが前記リソースにアクセスすることを決定するステップを含むことを特徴とする方法。 - 前記コンピュータシステムはサーバであり、および前記信頼レベルを決定するステップは、クライアントが前記サーバに認証された方法を決定するステップと、前記決定された認証方法に応じて前記信頼レベルを決定するステップとを含むことを特徴とする請求項1に記載の方法。
- コンピュータシステムにおいて、実行可能なコンテントが、記憶装置に記憶されたリソースへアクセスすることを制限するためのシステムであって、
前記コンテントを実行中の前記コンピュータシステムのプロセッサによって設定された前記リソースへアクセスするためのプロセスと、
前記コンピュータシステムにログオン中のユーザの認証方法の種類に基づいて前記プロセスの信頼レベルを決定するための識別手段と、
前記プロセスが前記決定された信頼レベルに対応するアクセス権の範囲内で前記リソースにアクセスするように制御するための制御手段と
を備え、
前記コンピュータシステムは、前記リソースに関連付けられたセキュリティ識別子およびアクセス権の情報を前記記憶装置に記憶しており、かつ前記プロセスの信頼レベルを前記セキュリティ識別子に関連付けて前記記憶装置に記憶しており、
前記識別手段は、前記決定された信頼レベルに応じてセキュリティ識別子を決定し、
前記セキュリティ識別子を含む制限付きトークンを作成するための作成手段を更に備え、
前記制御手段は、前記リソースに関連付けられた前記記憶されたセキュリティ識別子を参照し、前記作成手段により作成された制限付きトークン内のセキュリティ識別子が見つかった場合に、前記見つかったセキュリティ識別子に対応する前記アクセス権の範囲内で前記プロセスが前記リソースにアクセスすることを決定することを特徴とするシステム。 - 前記システムはサーバであり、および前記信頼レベルは、クライアントが認証され前記サーバに接続する方法に従って決定されることを特徴とする請求項3に記載のシステム。
Applications Claiming Priority (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US09/097,218 | 1998-06-12 | ||
US09/097,218 US6505300B2 (en) | 1998-06-12 | 1998-06-12 | Method and system for secure running of untrusted content |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2000553883A Division JP4906188B2 (ja) | 1998-06-12 | 1999-06-09 | 信頼できないコンテントを安全に実行するための方法およびシステム |
Publications (2)
Publication Number | Publication Date |
---|---|
JP2010176690A JP2010176690A (ja) | 2010-08-12 |
JP4878647B2 true JP4878647B2 (ja) | 2012-02-15 |
Family
ID=22262174
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2000553883A Expired - Fee Related JP4906188B2 (ja) | 1998-06-12 | 1999-06-09 | 信頼できないコンテントを安全に実行するための方法およびシステム |
JP2010054439A Expired - Fee Related JP4878647B2 (ja) | 1998-06-12 | 2010-03-11 | 信頼できないコンテントを安全に実行するための方法およびシステム |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
JP2000553883A Expired - Fee Related JP4906188B2 (ja) | 1998-06-12 | 1999-06-09 | 信頼できないコンテントを安全に実行するための方法およびシステム |
Country Status (6)
Country | Link |
---|---|
US (1) | US6505300B2 (ja) |
EP (1) | EP1086413B1 (ja) |
JP (2) | JP4906188B2 (ja) |
AT (1) | ATE518180T1 (ja) |
ES (1) | ES2368200T3 (ja) |
WO (1) | WO1999064946A1 (ja) |
Families Citing this family (317)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8079086B1 (en) | 1997-11-06 | 2011-12-13 | Finjan, Inc. | Malicious mobile code runtime monitoring system and methods |
US9219755B2 (en) | 1996-11-08 | 2015-12-22 | Finjan, Inc. | Malicious mobile code runtime monitoring system and methods |
US7058822B2 (en) | 2000-03-30 | 2006-06-06 | Finjan Software, Ltd. | Malicious mobile code runtime monitoring system and methods |
US7529856B2 (en) * | 1997-03-05 | 2009-05-05 | At Home Corporation | Delivering multimedia services |
US6370571B1 (en) | 1997-03-05 | 2002-04-09 | At Home Corporation | System and method for delivering high-performance online multimedia services |
US6986062B2 (en) * | 1998-04-09 | 2006-01-10 | Microsoft Corporation | Set top box object security system |
WO1999066383A2 (en) * | 1998-06-15 | 1999-12-23 | Dmw Worldwide, Inc. | Method and apparatus for assessing the security of a computer system |
US7162528B1 (en) * | 1998-11-23 | 2007-01-09 | The United States Of America As Represented By The Secretary Of The Navy | Collaborative environment implemented on a distributed computer network and software therefor |
US7225333B2 (en) * | 1999-03-27 | 2007-05-29 | Microsoft Corporation | Secure processor architecture for use with a digital rights management (DRM) system on a computing device |
US6647494B1 (en) * | 1999-06-14 | 2003-11-11 | Intel Corporation | System and method for checking authorization of remote configuration operations |
US6775828B2 (en) * | 1999-07-19 | 2004-08-10 | Microsoft Corporation | Delayed uploading of user registration data |
EP1085396A1 (en) | 1999-09-17 | 2001-03-21 | Hewlett-Packard Company | Operation of trusted state in computing platform |
US6678733B1 (en) * | 1999-10-26 | 2004-01-13 | At Home Corporation | Method and system for authorizing and authenticating users |
FR2802319B1 (fr) * | 1999-12-10 | 2004-10-01 | Gemplus Card Int | Controle d'acces par capacites pour des applications notamment cooperantes dans une carte a puce |
US7331058B1 (en) * | 1999-12-16 | 2008-02-12 | International Business Machines Corporation | Distributed data structures for authorization and access control for computing resources |
US7003571B1 (en) * | 2000-01-31 | 2006-02-21 | Telecommunication Systems Corporation Of Maryland | System and method for re-directing requests from browsers for communication over non-IP based networks |
US7246374B1 (en) | 2000-03-13 | 2007-07-17 | Microsoft Corporation | Enhancing computer system security via multiple user desktops |
US6842774B1 (en) * | 2000-03-24 | 2005-01-11 | Robert L. Piccioni | Method and system for situation tracking and notification |
US7373512B1 (en) * | 2000-03-27 | 2008-05-13 | Entrust Limited | Method and apparatus for providing information security to prevent digital signature forgery |
US6986037B1 (en) * | 2000-04-07 | 2006-01-10 | Sendmail, Inc. | Electronic mail system with authentication/encryption methodology for allowing connections to/from a message transfer agent |
US7577834B1 (en) * | 2000-05-09 | 2009-08-18 | Sun Microsystems, Inc. | Message authentication using message gates in a distributed computing environment |
KR20010107572A (ko) * | 2000-05-24 | 2001-12-07 | 포만 제프리 엘 | 신뢰성 기반의 링크 액세스 제어 방법, 장치 및 프로그램제품 |
US7284124B1 (en) * | 2000-06-05 | 2007-10-16 | Microsoft Corporation | Trust level based platform access regulation application |
US6922782B1 (en) * | 2000-06-15 | 2005-07-26 | International Business Machines Corporation | Apparatus and method for ensuring data integrity of unauthenticated code |
US7155667B1 (en) * | 2000-06-21 | 2006-12-26 | Microsoft Corporation | User interface for integrated spreadsheets and word processing tables |
US7346848B1 (en) * | 2000-06-21 | 2008-03-18 | Microsoft Corporation | Single window navigation methods and systems |
WO2001098928A2 (en) * | 2000-06-21 | 2001-12-27 | Microsoft Corporation | System and method for integrating spreadsheets and word processing tables |
US7117435B1 (en) | 2000-06-21 | 2006-10-03 | Microsoft Corporation | Spreadsheet fields in text |
US7000230B1 (en) | 2000-06-21 | 2006-02-14 | Microsoft Corporation | Network-based software extensions |
US6948135B1 (en) * | 2000-06-21 | 2005-09-20 | Microsoft Corporation | Method and systems of providing information to computer users |
US7624356B1 (en) * | 2000-06-21 | 2009-11-24 | Microsoft Corporation | Task-sensitive methods and systems for displaying command sets |
US6883168B1 (en) * | 2000-06-21 | 2005-04-19 | Microsoft Corporation | Methods, systems, architectures and data structures for delivering software via a network |
US7191394B1 (en) * | 2000-06-21 | 2007-03-13 | Microsoft Corporation | Authoring arbitrary XML documents using DHTML and XSLT |
US6874143B1 (en) | 2000-06-21 | 2005-03-29 | Microsoft Corporation | Architectures for and methods of providing network-based software extensions |
GB0020441D0 (en) * | 2000-08-18 | 2000-10-04 | Hewlett Packard Co | Performance of a service on a computing platform |
US6985963B1 (en) * | 2000-08-23 | 2006-01-10 | At Home Corporation | Sharing IP network resources |
JP2002135334A (ja) * | 2000-10-27 | 2002-05-10 | Nobuko Hirano | 代行送受信方法、及びそのシステム |
US7660902B2 (en) * | 2000-11-20 | 2010-02-09 | Rsa Security, Inc. | Dynamic file access control and management |
US6938164B1 (en) * | 2000-11-22 | 2005-08-30 | Microsoft Corporation | Method and system for allowing code to be securely initialized in a computer |
GB2376763B (en) | 2001-06-19 | 2004-12-15 | Hewlett Packard Co | Demonstrating integrity of a compartment of a compartmented operating system |
TW584801B (en) | 2000-12-11 | 2004-04-21 | Ntt Docomo Inc | Terminal and repeater |
US20030220880A1 (en) * | 2002-01-17 | 2003-11-27 | Contentguard Holdings, Inc. | Networked services licensing system and method |
US7603356B2 (en) | 2001-01-26 | 2009-10-13 | Ascentive Llc | System and method for network administration and local administration of privacy protection criteria |
GB0102516D0 (en) * | 2001-01-31 | 2001-03-21 | Hewlett Packard Co | Trusted gateway system |
GB0102518D0 (en) * | 2001-01-31 | 2001-03-21 | Hewlett Packard Co | Trusted operating system |
JP2002247548A (ja) * | 2001-02-15 | 2002-08-30 | Nec Access Technica Ltd | 映像表示許可方式、コンピュータに映像表示を行わせるためのプログラム |
GB2372345A (en) * | 2001-02-17 | 2002-08-21 | Hewlett Packard Co | Secure email handling using a compartmented operating system |
GB2372595A (en) * | 2001-02-23 | 2002-08-28 | Hewlett Packard Co | Method of and apparatus for ascertaining the status of a data processing environment. |
GB2372593B (en) * | 2001-02-23 | 2005-05-18 | Hewlett Packard Co | Electronic communication |
GB2372592B (en) | 2001-02-23 | 2005-03-30 | Hewlett Packard Co | Information system |
JP2002288093A (ja) * | 2001-03-26 | 2002-10-04 | Fujitsu Ltd | 電子メールプログラム |
US7325193B2 (en) * | 2001-06-01 | 2008-01-29 | International Business Machines Corporation | Automated management of internet and/or web site content |
EP1430373A2 (en) * | 2001-06-11 | 2004-06-23 | Matsushita Electric Industrial Co., Ltd. | License management server, license management system and usage restriction method |
US7546453B2 (en) | 2001-06-12 | 2009-06-09 | Research In Motion Limited | Certificate management and transfer system and method |
EP2112625A3 (en) | 2001-06-12 | 2010-03-10 | Research in Motion | Methods for pre-processing and rearranging secure E-mail for exchange with a mobile data communication device |
GB2376762A (en) * | 2001-06-19 | 2002-12-24 | Hewlett Packard Co | Renting a computing environment on a trusted computing platform |
GB0114898D0 (en) * | 2001-06-19 | 2001-08-08 | Hewlett Packard Co | Interaction with electronic services and markets |
GB2376764B (en) * | 2001-06-19 | 2004-12-29 | Hewlett Packard Co | Multiple trusted computing environments |
GB2376765B (en) * | 2001-06-19 | 2004-12-29 | Hewlett Packard Co | Multiple trusted computing environments with verifiable environment identities |
GB2376761A (en) * | 2001-06-19 | 2002-12-24 | Hewlett Packard Co | An arrangement in which a process is run on a host operating system but may be switched to a guest system if it poses a security risk |
GB2378013A (en) * | 2001-07-27 | 2003-01-29 | Hewlett Packard Co | Trusted computer platform audit system |
US7523496B2 (en) * | 2001-07-31 | 2009-04-21 | International Business Machines Corporation | Authenticating without opening electronic mail |
US7698713B2 (en) | 2001-09-20 | 2010-04-13 | Google Inc. | Altered states of software component behavior |
US7076797B2 (en) * | 2001-10-05 | 2006-07-11 | Microsoft Corporation | Granular authorization for network user sessions |
US8261095B1 (en) | 2001-11-01 | 2012-09-04 | Google Inc. | Methods and systems for using derived user accounts |
US7617529B1 (en) * | 2001-11-02 | 2009-11-10 | Cisco Technology, Inc. | Robust and flexible group structure |
GB2382419B (en) * | 2001-11-22 | 2005-12-14 | Hewlett Packard Co | Apparatus and method for creating a trusted environment |
US20030105830A1 (en) * | 2001-12-03 | 2003-06-05 | Duc Pham | Scalable network media access controller and methods |
US7487233B2 (en) * | 2001-12-05 | 2009-02-03 | Canon Kabushiki Kaisha | Device access based on centralized authentication |
US10360545B2 (en) | 2001-12-12 | 2019-07-23 | Guardian Data Storage, Llc | Method and apparatus for accessing secured electronic data off-line |
USRE41546E1 (en) | 2001-12-12 | 2010-08-17 | Klimenty Vainstein | Method and system for managing security tiers |
US7631184B2 (en) * | 2002-05-14 | 2009-12-08 | Nicholas Ryan | System and method for imposing security on copies of secured items |
US10033700B2 (en) | 2001-12-12 | 2018-07-24 | Intellectual Ventures I Llc | Dynamic evaluation of access rights |
US7921288B1 (en) | 2001-12-12 | 2011-04-05 | Hildebrand Hal S | System and method for providing different levels of key security for controlling access to secured items |
US7783765B2 (en) * | 2001-12-12 | 2010-08-24 | Hildebrand Hal S | System and method for providing distributed access control to secured documents |
US7562232B2 (en) * | 2001-12-12 | 2009-07-14 | Patrick Zuili | System and method for providing manageability to security information for secured items |
US7565683B1 (en) * | 2001-12-12 | 2009-07-21 | Weiqing Huang | Method and system for implementing changes to security policies in a distributed security system |
US7380120B1 (en) | 2001-12-12 | 2008-05-27 | Guardian Data Storage, Llc | Secured data format for access control |
US8006280B1 (en) | 2001-12-12 | 2011-08-23 | Hildebrand Hal S | Security system for generating keys from access rules in a decentralized manner and methods therefor |
US7178033B1 (en) | 2001-12-12 | 2007-02-13 | Pss Systems, Inc. | Method and apparatus for securing digital assets |
US6889210B1 (en) * | 2001-12-12 | 2005-05-03 | Pss Systems, Inc. | Method and system for managing security tiers |
US7260555B2 (en) | 2001-12-12 | 2007-08-21 | Guardian Data Storage, Llc | Method and architecture for providing pervasive security to digital assets |
US7930756B1 (en) | 2001-12-12 | 2011-04-19 | Crocker Steven Toye | Multi-level cryptographic transformations for securing digital assets |
US7921284B1 (en) | 2001-12-12 | 2011-04-05 | Gary Mark Kinghorn | Method and system for protecting electronic data in enterprise environment |
US8065713B1 (en) | 2001-12-12 | 2011-11-22 | Klimenty Vainstein | System and method for providing multi-location access management to secured items |
US7681034B1 (en) | 2001-12-12 | 2010-03-16 | Chang-Ping Lee | Method and apparatus for securing electronic data |
US7921450B1 (en) | 2001-12-12 | 2011-04-05 | Klimenty Vainstein | Security system using indirect key generation from access rules and methods therefor |
US7950066B1 (en) | 2001-12-21 | 2011-05-24 | Guardian Data Storage, Llc | Method and system for restricting use of a clipboard application |
US8176334B2 (en) | 2002-09-30 | 2012-05-08 | Guardian Data Storage, Llc | Document security system that permits external users to gain access to secured files |
CN1650595B (zh) * | 2002-03-01 | 2010-05-26 | 捷讯研究有限公司 | 用于提供安全消息签名状态和信任状态指示的系统和方法 |
US7130886B2 (en) | 2002-03-06 | 2006-10-31 | Research In Motion Limited | System and method for providing secure message signature status and trust status indication |
WO2003075158A2 (en) * | 2002-03-01 | 2003-09-12 | Green Border Technologies | Method and system for assured denotation of application semantics |
JP4224250B2 (ja) * | 2002-04-17 | 2009-02-12 | パイオニア株式会社 | 音声認識装置、音声認識方法および音声認識プログラム |
US8613102B2 (en) | 2004-03-30 | 2013-12-17 | Intellectual Ventures I Llc | Method and system for providing document retention using cryptography |
US7748045B2 (en) * | 2004-03-30 | 2010-06-29 | Michael Frederick Kenrich | Method and system for providing cryptographic document retention with off-line access |
US7900048B2 (en) * | 2002-05-07 | 2011-03-01 | Sony Ericsson Mobile Communications Ab | Method for loading an application in a device, device and smart card therefor |
US7191469B2 (en) * | 2002-05-13 | 2007-03-13 | Green Border Technologies | Methods and systems for providing a secure application environment using derived user accounts |
JP4222774B2 (ja) * | 2002-05-20 | 2009-02-12 | 株式会社エヌ・ティ・ティ・ドコモ | 携帯端末およびプログラムの起動方法 |
GB0212314D0 (en) * | 2002-05-28 | 2002-07-10 | Symbian Ltd | Secure mobile wireless device |
EP1525522A2 (en) * | 2002-06-06 | 2005-04-27 | Green Border Technologies | Method and system for implementing a secure application execution environment using derived user accounts for internet content |
US7334124B2 (en) * | 2002-07-22 | 2008-02-19 | Vormetric, Inc. | Logical access block processing protocol for transparent secure file storage |
US6678828B1 (en) * | 2002-07-22 | 2004-01-13 | Vormetric, Inc. | Secure network file access control system |
JP2004102373A (ja) * | 2002-09-05 | 2004-04-02 | Hitachi Ltd | アクセス管理サーバ、方法及びプログラム |
US7512810B1 (en) * | 2002-09-11 | 2009-03-31 | Guardian Data Storage Llc | Method and system for protecting encrypted files transmitted over a network |
US20040054790A1 (en) * | 2002-09-12 | 2004-03-18 | International Business Machines Corporation | Management of security objects controlling access to resources |
KR20040028257A (ko) * | 2002-09-30 | 2004-04-03 | 삼성전자주식회사 | 네트워크에 접근가능한 장치, 그 보안 방법 및 정보저장매체 |
US20040073688A1 (en) * | 2002-09-30 | 2004-04-15 | Sampson Scott E. | Electronic payment validation using Transaction Authorization Tokens |
US7010565B2 (en) * | 2002-09-30 | 2006-03-07 | Sampson Scott E | Communication management using a token action log |
US20060168089A1 (en) * | 2002-09-30 | 2006-07-27 | Sampson Scott E | Controlling incoming communication by issuing tokens |
US6804687B2 (en) * | 2002-09-30 | 2004-10-12 | Scott E. Sampson | File system management with user-definable functional attributes stored in a token action log |
US8051172B2 (en) | 2002-09-30 | 2011-11-01 | Sampson Scott E | Methods for managing the exchange of communication tokens |
US7143288B2 (en) | 2002-10-16 | 2006-11-28 | Vormetric, Inc. | Secure file system server architecture and methods |
US7836310B1 (en) | 2002-11-01 | 2010-11-16 | Yevgeniy Gutnik | Security system that uses indirect password-based encryption |
US7890990B1 (en) | 2002-12-20 | 2011-02-15 | Klimenty Vainstein | Security system with staging capabilities |
US7660790B1 (en) * | 2005-02-24 | 2010-02-09 | Symantec Operating Corporation | Method and apparatus for utilizing a file change log |
US7949957B2 (en) | 2002-12-31 | 2011-05-24 | International Business Machines Corporation | Edit selection control |
US7207058B2 (en) * | 2002-12-31 | 2007-04-17 | American Express Travel Related Services Company, Inc. | Method and system for transmitting authentication context information |
US20040143749A1 (en) * | 2003-01-16 | 2004-07-22 | Platformlogic, Inc. | Behavior-based host-based intrusion prevention system |
US7370212B2 (en) * | 2003-02-25 | 2008-05-06 | Microsoft Corporation | Issuing a publisher use license off-line in a digital rights management (DRM) system |
US7275216B2 (en) * | 2003-03-24 | 2007-09-25 | Microsoft Corporation | System and method for designing electronic forms and hierarchical schemas |
US7415672B1 (en) | 2003-03-24 | 2008-08-19 | Microsoft Corporation | System and method for designing electronic forms |
US7370066B1 (en) * | 2003-03-24 | 2008-05-06 | Microsoft Corporation | System and method for offline editing of data files |
US7296017B2 (en) * | 2003-03-28 | 2007-11-13 | Microsoft Corporation | Validation of XML data files |
US7913159B2 (en) * | 2003-03-28 | 2011-03-22 | Microsoft Corporation | System and method for real-time validation of structured data files |
US7516145B2 (en) * | 2003-03-31 | 2009-04-07 | Microsoft Corporation | System and method for incrementally transforming and rendering hierarchical data files |
US8707034B1 (en) | 2003-05-30 | 2014-04-22 | Intellectual Ventures I Llc | Method and system for using remote headers to secure electronic files |
US20040268139A1 (en) * | 2003-06-25 | 2004-12-30 | Microsoft Corporation | Systems and methods for declarative client input security screening |
US20040268229A1 (en) * | 2003-06-27 | 2004-12-30 | Microsoft Corporation | Markup language editing with an electronic form |
US7451392B1 (en) * | 2003-06-30 | 2008-11-11 | Microsoft Corporation | Rendering an HTML electronic form by applying XSLT to XML using a solution |
US7197515B2 (en) * | 2003-06-30 | 2007-03-27 | Microsoft Corporation | Declarative solution definition |
US7730543B1 (en) | 2003-06-30 | 2010-06-01 | Satyajit Nath | Method and system for enabling users of a group shared across multiple file security systems to access secured files |
US7424609B2 (en) * | 2003-07-11 | 2008-09-09 | Computer Associates Think, Inc. | Method and system for protecting against computer viruses |
US7406660B1 (en) | 2003-08-01 | 2008-07-29 | Microsoft Corporation | Mapping between structured data and a visual surface |
US7334187B1 (en) * | 2003-08-06 | 2008-02-19 | Microsoft Corporation | Electronic form aggregation |
US7530103B2 (en) * | 2003-08-07 | 2009-05-05 | Microsoft Corporation | Projection of trustworthiness from a trusted environment to an untrusted environment |
US8122511B2 (en) * | 2003-08-28 | 2012-02-21 | International Business Machines Corporation | Attribute information providing method |
JP2005085266A (ja) * | 2003-09-04 | 2005-03-31 | Stmicroelectronics Sa | マイクロプロセッサ周辺装置アクセス制御 |
CN100459659C (zh) * | 2003-09-17 | 2009-02-04 | 松下电器产业株式会社 | 应用执行设备、应用执行方法、和集成电路 |
US8127366B2 (en) | 2003-09-30 | 2012-02-28 | Guardian Data Storage, Llc | Method and apparatus for transitioning between states of security policies used to secure electronic documents |
US7703140B2 (en) * | 2003-09-30 | 2010-04-20 | Guardian Data Storage, Llc | Method and system for securing digital assets using process-driven security policies |
US20050086531A1 (en) * | 2003-10-20 | 2005-04-21 | Pss Systems, Inc. | Method and system for proxy approval of security changes for a file security system |
WO2005043360A1 (en) * | 2003-10-21 | 2005-05-12 | Green Border Technologies | Systems and methods for secure client applications |
US20050091535A1 (en) * | 2003-10-24 | 2005-04-28 | Microsoft Corporation | Application identity for software products |
US20050091658A1 (en) * | 2003-10-24 | 2005-04-28 | Microsoft Corporation | Operating system resource protection |
US7752320B2 (en) * | 2003-11-25 | 2010-07-06 | Avaya Inc. | Method and apparatus for content based authentication for network access |
US20050119902A1 (en) * | 2003-11-28 | 2005-06-02 | Christiansen David L. | Security descriptor verifier |
KR20050053401A (ko) * | 2003-12-02 | 2005-06-08 | 주식회사 하우리 | 컴퓨터 바이러스 방역방법과 그 프로그램을 기록한 기록매체 |
US7392527B2 (en) * | 2003-12-10 | 2008-06-24 | Microsoft Corporation | Driver-specific context for kernel-mode shimming |
US20050138371A1 (en) * | 2003-12-19 | 2005-06-23 | Pss Systems, Inc. | Method and system for distribution of notifications in file security systems |
US7702909B2 (en) * | 2003-12-22 | 2010-04-20 | Klimenty Vainstein | Method and system for validating timestamps |
US20050177724A1 (en) * | 2004-01-16 | 2005-08-11 | Valiuddin Ali | Authentication system and method |
US8819072B1 (en) | 2004-02-02 | 2014-08-26 | Microsoft Corporation | Promoting data from structured data files |
US7743423B2 (en) * | 2004-02-03 | 2010-06-22 | Microsoft Corporation | Security requirement determination |
US7430711B2 (en) * | 2004-02-17 | 2008-09-30 | Microsoft Corporation | Systems and methods for editing XML documents |
US7950000B2 (en) * | 2004-03-17 | 2011-05-24 | Microsoft Corporation | Architecture that restricts permissions granted to a build process |
US7617519B2 (en) * | 2004-03-18 | 2009-11-10 | Microsoft Corporation | System and method for intelligent recommendation with experts for user trust decisions |
US20050240995A1 (en) * | 2004-04-23 | 2005-10-27 | Ali Valiuddin Y | Computer security system and method |
US8607299B2 (en) * | 2004-04-27 | 2013-12-10 | Microsoft Corporation | Method and system for enforcing a security policy via a security virtual machine |
US7496837B1 (en) * | 2004-04-29 | 2009-02-24 | Microsoft Corporation | Structural editing with schema awareness |
US7743425B2 (en) * | 2004-04-29 | 2010-06-22 | Microsoft Corporation | Security restrictions on binary behaviors |
US8108902B2 (en) * | 2004-04-30 | 2012-01-31 | Microsoft Corporation | System and method for local machine zone lockdown with relation to a network browser |
US7281018B1 (en) | 2004-05-26 | 2007-10-09 | Microsoft Corporation | Form template data source change |
US7774620B1 (en) | 2004-05-27 | 2010-08-10 | Microsoft Corporation | Executing applications at appropriate trust levels |
US8566461B1 (en) | 2004-06-09 | 2013-10-22 | Digital River, Inc. | Managed access to media services |
US7707427B1 (en) * | 2004-07-19 | 2010-04-27 | Michael Frederick Kenrich | Multi-level file digests |
JP5021475B2 (ja) * | 2004-08-03 | 2012-09-05 | マイクロソフト コーポレーション | コンテキストポリシー制御によるアプリケーション間の関連付けの制御のためのシステムおよび方法 |
US7484247B2 (en) | 2004-08-07 | 2009-01-27 | Allen F Rozman | System and method for protecting a computer system from malicious software |
US9094429B2 (en) | 2004-08-10 | 2015-07-28 | Blackberry Limited | Server verification of secure electronic messages |
US7797294B2 (en) * | 2004-08-25 | 2010-09-14 | International Business Machines Corporation | Method, system and program for testing accessibility in data processing system programs |
US7516399B2 (en) * | 2004-09-30 | 2009-04-07 | Microsoft Corporation | Structured-document path-language expression methods and systems |
US20060074933A1 (en) * | 2004-09-30 | 2006-04-06 | Microsoft Corporation | Workflow interaction |
US7692636B2 (en) * | 2004-09-30 | 2010-04-06 | Microsoft Corporation | Systems and methods for handwriting to a screen |
US7793350B2 (en) * | 2004-10-28 | 2010-09-07 | International Business Machines Corporation | Apparatus, system, and method for simulated access to restricted computing resources |
US8487879B2 (en) | 2004-10-29 | 2013-07-16 | Microsoft Corporation | Systems and methods for interacting with a computer through handwriting to a screen |
US7886144B2 (en) | 2004-10-29 | 2011-02-08 | Research In Motion Limited | System and method for retrieving certificates associated with senders of digitally signed messages |
US7584417B2 (en) * | 2004-11-15 | 2009-09-01 | Microsoft Corporation | Role-dependent action for an electronic form |
US7712022B2 (en) * | 2004-11-15 | 2010-05-04 | Microsoft Corporation | Mutually exclusive options in electronic forms |
US20060107224A1 (en) * | 2004-11-15 | 2006-05-18 | Microsoft Corporation | Building a dynamic action for an electronic form |
US7721190B2 (en) * | 2004-11-16 | 2010-05-18 | Microsoft Corporation | Methods and systems for server side form processing |
US7509353B2 (en) * | 2004-11-16 | 2009-03-24 | Microsoft Corporation | Methods and systems for exchanging and rendering forms |
US20060107327A1 (en) * | 2004-11-16 | 2006-05-18 | Sprigg Stephen A | Methods and apparatus for enforcing application level restrictions on local and remote content |
US7904801B2 (en) * | 2004-12-15 | 2011-03-08 | Microsoft Corporation | Recursive sections in electronic forms |
US7437376B2 (en) * | 2004-12-20 | 2008-10-14 | Microsoft Corporation | Scalable object model |
US20060150247A1 (en) * | 2004-12-30 | 2006-07-06 | Andrew Gafken | Protection of stored data |
US7937651B2 (en) * | 2005-01-14 | 2011-05-03 | Microsoft Corporation | Structural editing operations for network forms |
US7802294B2 (en) * | 2005-01-28 | 2010-09-21 | Microsoft Corporation | Controlling computer applications' access to data |
US7810153B2 (en) * | 2005-01-28 | 2010-10-05 | Microsoft Corporation | Controlling execution of computer applications |
JP4717464B2 (ja) * | 2005-02-18 | 2011-07-06 | キヤノン株式会社 | 情報処理装置、情報処理方法及びプログラム |
US7870613B2 (en) | 2005-03-02 | 2011-01-11 | Facetime Communications, Inc. | Automating software security restrictions on applications |
US8046831B2 (en) * | 2005-03-02 | 2011-10-25 | Actiance, Inc. | Automating software security restrictions on system resources |
US7725834B2 (en) * | 2005-03-04 | 2010-05-25 | Microsoft Corporation | Designer-created aspect for an electronic form template |
EP2194476B1 (en) | 2005-03-22 | 2014-12-03 | Hewlett-Packard Development Company, L.P. | Method and apparatus for creating a record of a software-verification attestation |
US7673228B2 (en) * | 2005-03-30 | 2010-03-02 | Microsoft Corporation | Data-driven actions for network forms |
US8725646B2 (en) * | 2005-04-15 | 2014-05-13 | Microsoft Corporation | Output protection levels |
US8010515B2 (en) * | 2005-04-15 | 2011-08-30 | Microsoft Corporation | Query to an electronic form |
US8566462B2 (en) * | 2005-05-12 | 2013-10-22 | Digital River, Inc. | Methods of controlling access to network content referenced within structured documents |
US8443094B2 (en) * | 2005-05-12 | 2013-05-14 | Oracle America, Inc. | Computer system comprising a communication device |
US8972743B2 (en) * | 2005-05-16 | 2015-03-03 | Hewlett-Packard Development Company, L.P. | Computer security system and method |
US20060265758A1 (en) | 2005-05-20 | 2006-11-23 | Microsoft Corporation | Extensible media rights |
US8078740B2 (en) * | 2005-06-03 | 2011-12-13 | Microsoft Corporation | Running internet applications with low rights |
US20070011665A1 (en) * | 2005-06-21 | 2007-01-11 | Microsoft Corporation | Content syndication platform |
US7543228B2 (en) * | 2005-06-27 | 2009-06-02 | Microsoft Corporation | Template for rendering an electronic form |
US8200975B2 (en) | 2005-06-29 | 2012-06-12 | Microsoft Corporation | Digital signatures for network forms |
US7580933B2 (en) * | 2005-07-28 | 2009-08-25 | Microsoft Corporation | Resource handling for taking permissions |
US8272058B2 (en) * | 2005-07-29 | 2012-09-18 | Bit 9, Inc. | Centralized timed analysis in a network security system |
US8984636B2 (en) * | 2005-07-29 | 2015-03-17 | Bit9, Inc. | Content extractor and analysis system |
US20070028291A1 (en) * | 2005-07-29 | 2007-02-01 | Bit 9, Inc. | Parametric content control in a network security system |
US7895651B2 (en) * | 2005-07-29 | 2011-02-22 | Bit 9, Inc. | Content tracking in a network security system |
US20070036433A1 (en) * | 2005-08-15 | 2007-02-15 | Microsoft Corporation | Recognizing data conforming to a rule |
US7613996B2 (en) * | 2005-08-15 | 2009-11-03 | Microsoft Corporation | Enabling selection of an inferred schema part |
US20070061706A1 (en) * | 2005-09-14 | 2007-03-15 | Microsoft Corporation | Mapping property hierarchies to schemas |
US20070061467A1 (en) * | 2005-09-15 | 2007-03-15 | Microsoft Corporation | Sessions and session states |
WO2008048320A1 (en) * | 2005-10-14 | 2008-04-24 | Xeriton Corporation | Control of application access to system resources |
US20070199072A1 (en) * | 2005-10-14 | 2007-08-23 | Softwareonline, Llc | Control of application access to system resources |
US20070199057A1 (en) * | 2005-10-14 | 2007-08-23 | Softwareonline, Llc | Control of application access to system resources |
US7484173B2 (en) * | 2005-10-18 | 2009-01-27 | International Business Machines Corporation | Alternative key pad layout for enhanced security |
US8001459B2 (en) | 2005-12-05 | 2011-08-16 | Microsoft Corporation | Enabling electronic documents for limited-capability computing devices |
JP5061908B2 (ja) * | 2005-12-27 | 2012-10-31 | 日本電気株式会社 | プログラム実行制御方法および装置ならびに実行制御プログラム |
US20070156871A1 (en) * | 2005-12-30 | 2007-07-05 | Michael Braun | Secure dynamic HTML pages |
US7779343B2 (en) | 2006-01-30 | 2010-08-17 | Microsoft Corporation | Opening network-enabled electronic documents |
US9754119B1 (en) * | 2006-03-07 | 2017-09-05 | Emc Corporation | Containerized security for managed content |
US9519399B1 (en) | 2006-03-07 | 2016-12-13 | Emc Corporation | Providing a visual indication that stored content is associated with a collaboration environment |
US7512578B2 (en) * | 2006-03-30 | 2009-03-31 | Emc Corporation | Smart containers |
US8117246B2 (en) | 2006-04-17 | 2012-02-14 | Microsoft Corporation | Registering, transfering, and acting on event metadata |
US20070250495A1 (en) * | 2006-04-25 | 2007-10-25 | Eran Belinsky | Method and System For Accessing Referenced Information |
US7979891B2 (en) * | 2006-05-09 | 2011-07-12 | Oracle International Corporation | Method and system for securing execution of untrusted applications |
US7814556B2 (en) * | 2006-05-09 | 2010-10-12 | Bea Systems, Inc. | System and method for protecting APIs from untrusted or less trusted applications |
JP2009537042A (ja) * | 2006-05-12 | 2009-10-22 | サムスン エレクトロニクス カンパニー リミテッド | 保安データを管理する装置およびその方法 |
US8117441B2 (en) * | 2006-06-20 | 2012-02-14 | Microsoft Corporation | Integrating security protection tools with computer device integrity and privacy policy |
US8429708B1 (en) * | 2006-06-23 | 2013-04-23 | Sanjay Tandon | Method and system for assessing cumulative access entitlements of an entity in a system |
US8185737B2 (en) | 2006-06-23 | 2012-05-22 | Microsoft Corporation | Communication across domains |
US8533778B1 (en) * | 2006-06-23 | 2013-09-10 | Mcafee, Inc. | System, method and computer program product for detecting unwanted effects utilizing a virtual machine |
JP4539613B2 (ja) * | 2006-06-28 | 2010-09-08 | 富士ゼロックス株式会社 | 画像形成装置、画像生成方法およびプログラム |
US20080126590A1 (en) * | 2006-06-29 | 2008-05-29 | Rothman Michael A | Semiconductor based host protected addressing in computing devices |
US20080040363A1 (en) * | 2006-07-13 | 2008-02-14 | Siemens Medical Solutions Usa, Inc. | System for Processing Relational Database Data |
JP2008027306A (ja) * | 2006-07-24 | 2008-02-07 | Aplix Corp | ユーザ空間仮想化システム |
US8352733B2 (en) | 2006-08-04 | 2013-01-08 | Apple Inc. | Resource restriction systems and methods |
US8082442B2 (en) | 2006-08-10 | 2011-12-20 | Microsoft Corporation | Securely sharing applications installed by unprivileged users |
US9860274B2 (en) | 2006-09-13 | 2018-01-02 | Sophos Limited | Policy management |
JP2008084117A (ja) * | 2006-09-28 | 2008-04-10 | Fujitsu Ltd | リクエスト送信制御プログラム,装置,および方法 |
WO2008063185A1 (en) * | 2006-10-14 | 2008-05-29 | Xeriton Corporation | Control of application access to system resources |
AU2007309183A1 (en) | 2006-10-20 | 2008-05-02 | Citrix Systems,Inc. | Methods and systems for accessing remote user files associated with local resources |
US20080127142A1 (en) * | 2006-11-28 | 2008-05-29 | Microsoft Corporation | Compiling executable code into a less-trusted address space |
US8533291B1 (en) * | 2007-02-07 | 2013-09-10 | Oracle America, Inc. | Method and system for protecting publicly viewable web client reference to server resources and business logic |
JP4995590B2 (ja) * | 2007-02-14 | 2012-08-08 | 株式会社エヌ・ティ・ティ・ドコモ | コンテンツ流通管理装置、通信端末、プログラム及びコンテンツ流通システム |
US7797743B2 (en) * | 2007-02-26 | 2010-09-14 | Microsoft Corporation | File conversion in restricted process |
US8640215B2 (en) * | 2007-03-23 | 2014-01-28 | Microsoft Corporation | Secure isolation of application pools |
US20080263679A1 (en) * | 2007-04-23 | 2008-10-23 | Microsoft Corporation | Storing information in closed computing devices |
US8523666B2 (en) * | 2007-05-25 | 2013-09-03 | Microsoft Corporation | Programming framework for closed systems |
JP4395178B2 (ja) * | 2007-05-29 | 2010-01-06 | インターナショナル・ビジネス・マシーンズ・コーポレーション | コンテンツ処理システム、方法及びプログラム |
US10019570B2 (en) * | 2007-06-14 | 2018-07-10 | Microsoft Technology Licensing, Llc | Protection and communication abstractions for web browsers |
US7386885B1 (en) | 2007-07-03 | 2008-06-10 | Kaspersky Lab, Zao | Constraint-based and attribute-based security system for controlling software component interaction |
US8621605B2 (en) * | 2007-10-09 | 2013-12-31 | International Business Machines Corporation | Method for reducing the time to diagnose the cause of unexpected changes to system files |
US8607324B2 (en) * | 2008-01-15 | 2013-12-10 | Microsoft Corporation | Untrusted gaming system access to online gaming service |
GB2457305A (en) * | 2008-02-11 | 2009-08-12 | Symbian Software Ltd | Controlling access to system resources using script and application identifiers |
US8208375B2 (en) * | 2008-03-17 | 2012-06-26 | Microsoft Corporation | Selective filtering of network traffic requests |
US8688641B1 (en) | 2008-03-31 | 2014-04-01 | Symantec Operating Corporation | Per user and per process layer visibility |
US8639734B1 (en) * | 2008-03-31 | 2014-01-28 | Symantec Operating Corporation | Use of external information about a file to determine virtualization |
US8429741B2 (en) * | 2008-08-29 | 2013-04-23 | Google, Inc. | Altered token sandboxing |
US9027123B2 (en) * | 2008-12-08 | 2015-05-05 | Nec Corporation | Data dependence analyzer, information processor, data dependence analysis method and program |
US20100199357A1 (en) * | 2009-02-02 | 2010-08-05 | Microsoft Corporation | Secure hosting for untrusted code |
US8544083B2 (en) * | 2009-02-19 | 2013-09-24 | Microsoft Corporation | Identification security elevation |
US8812451B2 (en) | 2009-03-11 | 2014-08-19 | Microsoft Corporation | Programming model for synchronizing browser caches across devices and web services |
US9680964B2 (en) * | 2009-03-11 | 2017-06-13 | Microsoft Technology Licensing, Llc | Programming model for installing and distributing occasionally connected applications |
US8826269B2 (en) * | 2009-06-15 | 2014-09-02 | Microsoft Corporation | Annotating virtual application processes |
US8819399B1 (en) | 2009-07-31 | 2014-08-26 | Google Inc. | Predicated control flow and store instructions for native code module security |
US8924553B2 (en) * | 2009-08-31 | 2014-12-30 | Red Hat, Inc. | Multifactor validation of requests to thwart cross-site attacks |
EP2312485B1 (en) | 2009-08-31 | 2018-08-08 | BlackBerry Limited | System and method for controlling applications to mitigate the effects of malicious software |
US9003517B2 (en) * | 2009-10-28 | 2015-04-07 | Microsoft Technology Licensing, Llc | Isolation and presentation of untrusted data |
US8776168B1 (en) * | 2009-10-29 | 2014-07-08 | Symantec Corporation | Applying security policy based on behaviorally-derived user risk profiles |
US8775818B2 (en) * | 2009-11-30 | 2014-07-08 | Red Hat, Inc. | Multifactor validation of requests to thwart dynamic cross-site attacks |
US8904521B2 (en) * | 2009-11-30 | 2014-12-02 | Red Hat, Inc. | Client-side prevention of cross-site request forgeries |
US8495607B2 (en) * | 2010-03-01 | 2013-07-23 | International Business Machines Corporation | Performing aggressive code optimization with an ability to rollback changes made by the aggressive optimizations |
US8850573B1 (en) * | 2010-04-14 | 2014-09-30 | Google Inc. | Computing device with untrusted user execution mode |
KR101064143B1 (ko) * | 2010-08-20 | 2011-09-15 | 주식회사 파수닷컴 | Drm 환경에서의 클립보드 보호 시스템 및 그 방법을 컴퓨터에서 실행시키기 위한 프로그램을 기록한 기록매체 |
US20120192292A1 (en) * | 2011-01-26 | 2012-07-26 | Seatech Ltd | Categorized content sharing, identical content maintanance and user protection in a peer-to-peer network |
US9117083B2 (en) * | 2011-02-14 | 2015-08-25 | Blackberry Limited | Managing booting of secure devices with untrusted software |
US8650640B2 (en) * | 2011-02-24 | 2014-02-11 | International Business Machines Corporation | Using a declaration of security requirements to determine whether to permit application operations |
WO2012159070A2 (en) | 2011-05-18 | 2012-11-22 | Nextgenid, Inc. | Multi-biometric enrollment kiosk including biometric enrollment and verification, face recognition and fingerprint matching systems |
US9256720B2 (en) | 2011-05-18 | 2016-02-09 | Nextgenid, Inc. | Enrollment kiosk including biometric enrollment and verification, face recognition and fingerprint matching systems |
US8973158B2 (en) * | 2011-07-20 | 2015-03-03 | Microsoft Technology Licensing Llc | Trust level activation |
US8789143B2 (en) | 2011-08-15 | 2014-07-22 | Bank Of America Corporation | Method and apparatus for token-based conditioning |
US8806602B2 (en) | 2011-08-15 | 2014-08-12 | Bank Of America Corporation | Apparatus and method for performing end-to-end encryption |
US8752124B2 (en) | 2011-08-15 | 2014-06-10 | Bank Of America Corporation | Apparatus and method for performing real-time authentication using subject token combinations |
US8950002B2 (en) * | 2011-08-15 | 2015-02-03 | Bank Of America Corporation | Method and apparatus for token-based access of related resources |
US8539558B2 (en) | 2011-08-15 | 2013-09-17 | Bank Of America Corporation | Method and apparatus for token-based token termination |
GB2494391B (en) | 2011-09-02 | 2014-06-18 | Avecto Ltd | Computer device with anti-tamper resource security |
US20130061316A1 (en) * | 2011-09-06 | 2013-03-07 | Microsoft Corporation | Capability Access Management for Processes |
US9118686B2 (en) * | 2011-09-06 | 2015-08-25 | Microsoft Technology Licensing, Llc | Per process networking capabilities |
US10445528B2 (en) * | 2011-09-07 | 2019-10-15 | Microsoft Technology Licensing, Llc | Content handling for applications |
US9773102B2 (en) | 2011-09-09 | 2017-09-26 | Microsoft Technology Licensing, Llc | Selective file access for applications |
US8990561B2 (en) | 2011-09-09 | 2015-03-24 | Microsoft Technology Licensing, Llc | Pervasive package identifiers |
US9800688B2 (en) | 2011-09-12 | 2017-10-24 | Microsoft Technology Licensing, Llc | Platform-enabled proximity service |
USD818464S1 (en) | 2014-04-11 | 2018-05-22 | Nextgenid, Inc. | Kiosk |
USD760711S1 (en) | 2012-05-18 | 2016-07-05 | NexgenID, Inc. | Kiosk |
US9069766B2 (en) | 2012-11-02 | 2015-06-30 | Microsoft Technology Licensing, Llc | Content-based isolation for computing device security |
US20140156787A1 (en) * | 2012-12-05 | 2014-06-05 | Yahoo! Inc. | Virtual wall for writings associated with landmarks |
US10356204B2 (en) | 2012-12-13 | 2019-07-16 | Microsoft Technology Licensing, Llc | Application based hardware identifiers |
US9858247B2 (en) | 2013-05-20 | 2018-01-02 | Microsoft Technology Licensing, Llc | Runtime resolution of content references |
US10171483B1 (en) | 2013-08-23 | 2019-01-01 | Symantec Corporation | Utilizing endpoint asset awareness for network intrusion detection |
US10212143B2 (en) * | 2014-01-31 | 2019-02-19 | Dropbox, Inc. | Authorizing an untrusted client device for access on a content management system |
US9684784B2 (en) * | 2014-06-25 | 2017-06-20 | Thi Chau Nguyen-Huu | Systems and methods for securely storing data |
US9680862B2 (en) | 2014-07-01 | 2017-06-13 | Fireeye, Inc. | Trusted threat-aware microvisor |
US10002252B2 (en) | 2014-07-01 | 2018-06-19 | Fireeye, Inc. | Verification of trusted threat-aware microvisor |
US9396343B2 (en) * | 2014-10-20 | 2016-07-19 | International Business Machines Corporation | Policy access control lists attached to resources |
US9881166B2 (en) * | 2015-04-16 | 2018-01-30 | International Business Machines Corporation | Multi-focused fine-grained security framework |
US10191831B2 (en) * | 2016-06-08 | 2019-01-29 | Cylance Inc. | Macro-script execution control |
US10025691B1 (en) | 2016-09-09 | 2018-07-17 | Fireeye, Inc. | Verification of complex software code using a modularized architecture |
US10592678B1 (en) | 2016-09-09 | 2020-03-17 | Fireeye, Inc. | Secure communications between peers using a verified virtual trusted platform module |
GB2561861A (en) * | 2017-04-25 | 2018-10-31 | Avecto Ltd | Computer device and method for isolating untrusted content |
US10897462B2 (en) * | 2017-05-16 | 2021-01-19 | Citrix Systems, Inc. | Systems and methods for encoding additional authentication data into an active directory security identifier |
US11093624B2 (en) | 2017-09-12 | 2021-08-17 | Sophos Limited | Providing process data to a data recorder |
GB2570924B (en) * | 2018-02-12 | 2021-06-16 | Avecto Ltd | Managing registry access on a computer device |
US11159322B2 (en) * | 2019-01-31 | 2021-10-26 | Baidu Usa Llc | Secure multiparty computing framework using a restricted operating environment with a guest agent |
US20230004638A1 (en) * | 2021-06-30 | 2023-01-05 | Citrix Systems, Inc. | Redirection of attachments based on risk and context |
US11811668B2 (en) | 2021-08-19 | 2023-11-07 | Bank Of America Corporation | System for implementing disposition bias for validating network traffic from upstream applications |
US20230185929A1 (en) * | 2021-12-09 | 2023-06-15 | Vmware, Inc. | Enrolling a virtual device as an unprivileged user |
Family Cites Families (42)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US4962449A (en) | 1988-04-11 | 1990-10-09 | Artie Schlesinger | Computer security system having remote location recognition and remote location lock-out |
JPH087709B2 (ja) | 1989-05-15 | 1996-01-29 | インターナシヨナル・ビジネス・マシーンズ・コーポレーシヨン | アクセス特権制御方法及びシステム |
US5187790A (en) * | 1989-06-29 | 1993-02-16 | Digital Equipment Corporation | Server impersonation of client processes in an object based computer operating system |
US5138712A (en) | 1989-10-02 | 1992-08-11 | Sun Microsystems, Inc. | Apparatus and method for licensing software on a network of computers |
US5204961A (en) | 1990-06-25 | 1993-04-20 | Digital Equipment Corporation | Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols |
US5577209A (en) | 1991-07-11 | 1996-11-19 | Itt Corporation | Apparatus and method for providing multi-level security for communication among computers and terminals on a network |
US5276901A (en) | 1991-12-16 | 1994-01-04 | International Business Machines Corporation | System for controlling group access to objects using group access control folder and group identification as individual user |
CA2093094C (en) * | 1992-04-06 | 2000-07-11 | Addison M. Fischer | Method and apparatus for creating, supporting, and using travelling programs |
US5412717A (en) * | 1992-05-15 | 1995-05-02 | Fischer; Addison M. | Computer system security method and apparatus having program authorization information data structures |
JP2519390B2 (ja) | 1992-09-11 | 1996-07-31 | インターナショナル・ビジネス・マシーンズ・コーポレイション | デ―タ通信方法及び装置 |
US5649099A (en) | 1993-06-04 | 1997-07-15 | Xerox Corporation | Method for delegating access rights through executable access control program without delegating access rights not in a specification to any intermediary nor comprising server security |
JPH0713842A (ja) * | 1993-06-25 | 1995-01-17 | Hitachi Ltd | 情報処理装置 |
CA2197219A1 (en) | 1994-08-09 | 1996-02-22 | Shiva Corporation | Apparatus and method for restricting access to a local computer network |
DE69427347T2 (de) | 1994-08-15 | 2001-10-31 | Ibm | Verfahren und System zur verbesserten Zugriffssteuerung auf Basis der Rollen in verteilten und zentralisierten Rechnersystemen |
US5864683A (en) | 1994-10-12 | 1999-01-26 | Secure Computing Corporartion | System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights |
US5682478A (en) | 1995-01-19 | 1997-10-28 | Microsoft Corporation | Method and apparatus for supporting multiple, simultaneous services over multiple, simultaneous connections between a client and network server |
JPH08263382A (ja) * | 1995-03-24 | 1996-10-11 | Nec Corp | 機密保護管理システム |
US5678041A (en) | 1995-06-06 | 1997-10-14 | At&T | System and method for restricting user access rights on the internet based on rating information stored in a relational database |
US5696898A (en) | 1995-06-06 | 1997-12-09 | Lucent Technologies Inc. | System and method for database access control |
US5761669A (en) | 1995-06-06 | 1998-06-02 | Microsoft Corporation | Controlling access to objects on multiple operating systems |
US5675782A (en) | 1995-06-06 | 1997-10-07 | Microsoft Corporation | Controlling access to objects on multiple operating systems |
US5941947A (en) | 1995-08-18 | 1999-08-24 | Microsoft Corporation | System and method for controlling access to data entities in a computer network |
US5757916A (en) | 1995-10-06 | 1998-05-26 | International Series Research, Inc. | Method and apparatus for authenticating the location of remote users of networked computing systems |
US5859966A (en) * | 1995-10-10 | 1999-01-12 | Data General Corporation | Security system for computer systems |
US5638448A (en) | 1995-10-24 | 1997-06-10 | Nguyen; Minhtam C. | Network with secure communications sessions |
US5680461A (en) * | 1995-10-26 | 1997-10-21 | Sun Microsystems, Inc. | Secure network protocol system and method |
US5826029A (en) | 1995-10-31 | 1998-10-20 | International Business Machines Corporation | Secured gateway interface |
US5745676A (en) | 1995-12-04 | 1998-04-28 | International Business Machines Corporation | Authority reduction and restoration method providing system integrity for subspace groups and single address spaces during program linkage |
JPH09190236A (ja) | 1996-01-10 | 1997-07-22 | Canon Inc | 情報処理方法及び装置及びシステム |
AU1829897A (en) | 1996-01-16 | 1997-08-11 | Raptor Systems, Inc. | Transferring encrypted packets over a public network |
US5925109A (en) | 1996-04-10 | 1999-07-20 | National Instruments Corporation | System for I/O management where I/O operations are determined to be direct or indirect based on hardware coupling manners and/or program privilege modes |
TW313642B (en) | 1996-06-11 | 1997-08-21 | Ibm | A uniform mechanism for using signed content |
US5987123A (en) * | 1996-07-03 | 1999-11-16 | Sun Microsystems, Incorporated | Secure file system |
US5845067A (en) | 1996-09-09 | 1998-12-01 | Porter; Jack Edward | Method and apparatus for document management utilizing a messaging system |
US5983350A (en) * | 1996-09-18 | 1999-11-09 | Secure Computing Corporation | Secure firewall supporting different levels of authentication based on address or encryption status |
US6167520A (en) * | 1996-11-08 | 2000-12-26 | Finjan Software, Inc. | System and method for protecting a client during runtime from hostile downloadables |
US5949882A (en) | 1996-12-13 | 1999-09-07 | Compaq Computer Corporation | Method and apparatus for allowing access to secured computer resources by utilzing a password and an external encryption algorithm |
US6317742B1 (en) * | 1997-01-09 | 2001-11-13 | Sun Microsystems, Inc. | Method and apparatus for controlling software access to system resources |
US6105132A (en) | 1997-02-20 | 2000-08-15 | Novell, Inc. | Computer network graded authentication system and method |
US5983270A (en) | 1997-03-11 | 1999-11-09 | Sequel Technology Corporation | Method and apparatus for managing internetwork and intranetwork activity |
US6167522A (en) * | 1997-04-01 | 2000-12-26 | Sun Microsystems, Inc. | Method and apparatus for providing security for servers executing application programs received via a network |
US6081807A (en) | 1997-06-13 | 2000-06-27 | Compaq Computer Corporation | Method and apparatus for interfacing with a stateless network file system server |
-
1998
- 1998-06-12 US US09/097,218 patent/US6505300B2/en not_active Expired - Lifetime
-
1999
- 1999-06-09 ES ES99955547T patent/ES2368200T3/es not_active Expired - Lifetime
- 1999-06-09 WO PCT/US1999/012912 patent/WO1999064946A1/en active Application Filing
- 1999-06-09 AT AT99955547T patent/ATE518180T1/de not_active IP Right Cessation
- 1999-06-09 JP JP2000553883A patent/JP4906188B2/ja not_active Expired - Fee Related
- 1999-06-09 EP EP99955547A patent/EP1086413B1/en not_active Expired - Lifetime
-
2010
- 2010-03-11 JP JP2010054439A patent/JP4878647B2/ja not_active Expired - Fee Related
Also Published As
Publication number | Publication date |
---|---|
WO1999064946A1 (en) | 1999-12-16 |
EP1086413B1 (en) | 2011-07-27 |
US20020019941A1 (en) | 2002-02-14 |
EP1086413A1 (en) | 2001-03-28 |
JP2010176690A (ja) | 2010-08-12 |
JP4906188B2 (ja) | 2012-03-28 |
ATE518180T1 (de) | 2011-08-15 |
ES2368200T3 (es) | 2011-11-15 |
JP2002517852A (ja) | 2002-06-18 |
US6505300B2 (en) | 2003-01-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
JP4878647B2 (ja) | 信頼できないコンテントを安全に実行するための方法およびシステム | |
JP4809530B2 (ja) | 制限付きのトークンを使用したセキュリティモデル | |
JP4414092B2 (ja) | 制限付きトークンを介した最小権限 | |
US8931035B2 (en) | Access authorization having embedded policies | |
JP4625181B2 (ja) | セキュリティ・ロケーション識別の方法およびシステム | |
US7818781B2 (en) | Behavior blocking access control | |
US7350204B2 (en) | Policies for secure software execution | |
US8893300B2 (en) | Security systems and methods to reduce data leaks in enterprise networks | |
US6345361B1 (en) | Directional set operations for permission based security in a computer system | |
US8646044B2 (en) | Mandatory integrity control | |
US20060075492A1 (en) | Access authorization with anomaly detection | |
AU3299402A (en) | Methods and arrangements for controlling access to resources based on authentication method | |
JP2011526391A (ja) | アプリケーションセットに対する保護されたコンテンツの許可 | |
EP1643409A2 (en) | Application programming Interface for Access authorization | |
AU2005209678A1 (en) | Integrated access authorization | |
Taylor et al. | A Comparison of Authentication, Authorization and Auditing in Windows and Linux |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
A131 | Notification of reasons for refusal |
Free format text: JAPANESE INTERMEDIATE CODE: A131 Effective date: 20110805 |
|
A521 | Request for written amendment filed |
Free format text: JAPANESE INTERMEDIATE CODE: A523 Effective date: 20111107 |
|
TRDD | Decision of grant or rejection written | ||
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 Effective date: 20111122 |
|
A01 | Written decision to grant a patent or to grant a registration (utility model) |
Free format text: JAPANESE INTERMEDIATE CODE: A01 |
|
A61 | First payment of annual fees (during grant procedure) |
Free format text: JAPANESE INTERMEDIATE CODE: A61 Effective date: 20111128 |
|
R150 | Certificate of patent or registration of utility model |
Ref document number: 4878647 Country of ref document: JP Free format text: JAPANESE INTERMEDIATE CODE: R150 Free format text: JAPANESE INTERMEDIATE CODE: R150 |
|
FPAY | Renewal fee payment (event date is renewal date of database) |
Free format text: PAYMENT UNTIL: 20141209 Year of fee payment: 3 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
S111 | Request for change of ownership or part of ownership |
Free format text: JAPANESE INTERMEDIATE CODE: R313113 |
|
R350 | Written notification of registration of transfer |
Free format text: JAPANESE INTERMEDIATE CODE: R350 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
R250 | Receipt of annual fees |
Free format text: JAPANESE INTERMEDIATE CODE: R250 |
|
LAPS | Cancellation because of no payment of annual fees |