JP6286034B2 - プロセス認証とリソースパーミッション - Google Patents

プロセス認証とリソースパーミッション Download PDF

Info

Publication number
JP6286034B2
JP6286034B2 JP2016521395A JP2016521395A JP6286034B2 JP 6286034 B2 JP6286034 B2 JP 6286034B2 JP 2016521395 A JP2016521395 A JP 2016521395A JP 2016521395 A JP2016521395 A JP 2016521395A JP 6286034 B2 JP6286034 B2 JP 6286034B2
Authority
JP
Japan
Prior art keywords
level
dimension
resource
levels
access
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
JP2016521395A
Other languages
English (en)
Japanese (ja)
Other versions
JP2016527608A (ja
JP2016527608A5 (enExample
Inventor
アガーワル,ヴィシャル
ゴッツムッカラ,スニル・ピー
キシャン,アルン・ユー
マクファーソン,デーヴ・エム
アンデス,ジョナサン・エム
スリダラン,ギリダラン
キンシュマン,キンシュマン
ダミアノ,アダム
カン,サラフッディン・ジェイ
カンナン,ゴピナサン
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Microsoft Corp
Microsoft Technology Licensing LLC
Original Assignee
Microsoft Corp
Microsoft Technology Licensing LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Microsoft Corp, Microsoft Technology Licensing LLC filed Critical Microsoft Corp
Publication of JP2016527608A publication Critical patent/JP2016527608A/ja
Publication of JP2016527608A5 publication Critical patent/JP2016527608A5/ja
Application granted granted Critical
Publication of JP6286034B2 publication Critical patent/JP6286034B2/ja
Expired - Fee Related legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2113Multi-level security, e.g. mandatory access control
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2145Inheriting rights or properties, e.g., propagation of permissions or restrictions within a hierarchy

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Storage Device Security (AREA)
JP2016521395A 2013-06-24 2013-09-21 プロセス認証とリソースパーミッション Expired - Fee Related JP6286034B2 (ja)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
US13/925,703 US9515832B2 (en) 2013-06-24 2013-06-24 Process authentication and resource permissions
US13/925,703 2013-06-24
PCT/US2013/061080 WO2014209416A1 (en) 2013-06-24 2013-09-21 Process authentication and resource permissions

Publications (3)

Publication Number Publication Date
JP2016527608A JP2016527608A (ja) 2016-09-08
JP2016527608A5 JP2016527608A5 (enExample) 2016-11-10
JP6286034B2 true JP6286034B2 (ja) 2018-02-28

Family

ID=49293916

Family Applications (1)

Application Number Title Priority Date Filing Date
JP2016521395A Expired - Fee Related JP6286034B2 (ja) 2013-06-24 2013-09-21 プロセス認証とリソースパーミッション

Country Status (7)

Country Link
US (1) US9515832B2 (enExample)
EP (1) EP3014511A1 (enExample)
JP (1) JP6286034B2 (enExample)
CN (1) CN105408912B (enExample)
BR (1) BR112015031853A8 (enExample)
RU (1) RU2637878C2 (enExample)
WO (1) WO2014209416A1 (enExample)

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9489390B2 (en) 2012-12-20 2016-11-08 Bank Of America Corporation Reconciling access rights at IAM system implementing IAM data model
US9189644B2 (en) 2012-12-20 2015-11-17 Bank Of America Corporation Access requests at IAM system implementing IAM data model
US9483488B2 (en) 2012-12-20 2016-11-01 Bank Of America Corporation Verifying separation-of-duties at IAM system implementing IAM data model
US9477838B2 (en) 2012-12-20 2016-10-25 Bank Of America Corporation Reconciliation of access rights in a computing system
US9537892B2 (en) 2012-12-20 2017-01-03 Bank Of America Corporation Facilitating separation-of-duties when provisioning access rights in a computing system
US9639594B2 (en) 2012-12-20 2017-05-02 Bank Of America Corporation Common data model for identity access management data
US9495380B2 (en) 2012-12-20 2016-11-15 Bank Of America Corporation Access reviews at IAM system implementing IAM data model
US9529629B2 (en) * 2012-12-20 2016-12-27 Bank Of America Corporation Computing resource inventory system
US9542433B2 (en) 2012-12-20 2017-01-10 Bank Of America Corporation Quality assurance checks of access rights in a computing system
US9407638B2 (en) 2013-08-26 2016-08-02 The Boeing Company System and method for trusted mobile communications
US9344439B2 (en) * 2014-01-20 2016-05-17 The Boeing Company Executing unprotected mode services in a protected mode environment
KR101671989B1 (ko) * 2014-02-10 2016-11-03 한국전자통신연구원 전자 서명 제공 장치 및 방법
US10776457B1 (en) * 2014-07-22 2020-09-15 Epic Games, Inc. System and method for preventing execution of unauthorized code
CN105404819A (zh) * 2014-09-10 2016-03-16 华为技术有限公司 一种数据访问控制方法、装置以及终端
US10049218B2 (en) 2016-12-07 2018-08-14 Google Llc Rollback resistant security
US10432407B2 (en) * 2016-12-19 2019-10-01 Arris Enterprises Llc Secure provisioning of unique time-limited certificates to virtual application instances in dynamic and elastic systems
US10805080B2 (en) * 2017-01-06 2020-10-13 Microsoft Technology Licensing, Llc Strong resource identity in a cloud hosted system
US10853471B2 (en) * 2017-01-15 2020-12-01 Apple Inc. Managing permissions for different wireless devices to control a common host device
EP3376464A1 (en) * 2017-03-14 2018-09-19 Electronics and Telecommunications Research Institute Trust-based resource sharing method and system
US10572680B2 (en) * 2017-03-21 2020-02-25 Microsoft Technology Licensing, Llc Automated personalized out-of-the-box and ongoing in-application settings
CN107688730A (zh) * 2017-07-28 2018-02-13 宁波保税区攀峒信息科技有限公司 一种可执行文件安全运行方法
EP3756085A4 (en) * 2018-10-18 2021-10-27 Hewlett-Packard Development Company, L.P. GENERATION OF STATISTICAL ANALYSIS OF DATA FOR TRANSFER TO SERVER
EP3786826B1 (en) * 2019-08-30 2025-09-17 Barclays Execution Services Limited Secure validation pipeline in a third party cloud environment
US10812272B1 (en) 2020-01-13 2020-10-20 Cyberark Software Ltd. Identifying computing processes on automation servers
IL275954A (en) 2020-07-09 2022-02-01 Google Llc Anonymous event confirmation with group signatures
IL275947A (en) * 2020-07-09 2022-02-01 Google Llc Anonymous Event Confirmation
CN114238997B (zh) * 2022-02-23 2022-05-10 国汽智控(北京)科技有限公司 基于车辆应用权限的资源调用方法、装置和电子设备

Family Cites Families (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6023765A (en) * 1996-12-06 2000-02-08 The United States Of America As Represented By The Secretary Of Commerce Implementation of role-based access control in multi-level secure systems
EP1119813A1 (en) * 1998-09-28 2001-08-01 Argus Systems Group, Inc. Trusted compartmentalized computer operating system
US6981281B1 (en) 2000-06-21 2005-12-27 Microsoft Corporation Filtering a permission set using permission requests associated with a code assembly
CN101694687B (zh) 2000-09-21 2017-04-12 黑莓有限公司 代码签字系统及方法
EP1225512A1 (en) 2001-01-19 2002-07-24 Eyal Dotan Method for protecting computer programs and data from hostile code
FR2901038A1 (fr) * 2006-05-15 2007-11-16 France Telecom Procede et dispositif de configuration securisee d'un terminal au moyen d'un dispositif de stockage de donnees de demarrage
US8381306B2 (en) 2006-05-30 2013-02-19 Microsoft Corporation Translating role-based access control policy to resource authorization policy
US8117441B2 (en) 2006-06-20 2012-02-14 Microsoft Corporation Integrating security protection tools with computer device integrity and privacy policy
CN101231712A (zh) * 2007-01-23 2008-07-30 上海宝信软件股份有限公司 业务授权模型及其在具体业务应用中的设定方法
US8196184B2 (en) * 2007-02-16 2012-06-05 Microsoft Corporation Efficient data structures for multi-dimensional security
US8433927B2 (en) 2007-05-29 2013-04-30 International Business Machines Corporation Cryptographically-enabled privileged mode execution
JP5043786B2 (ja) * 2008-09-10 2012-10-10 Kddi株式会社 アクセス制御システム、アクセス制御方法
US8973158B2 (en) 2011-07-20 2015-03-03 Microsoft Technology Licensing Llc Trust level activation
US8832447B2 (en) * 2011-08-10 2014-09-09 Sony Corporation System and method for using digital signatures to assign permissions
CN102354356B (zh) * 2011-09-29 2014-06-04 用友软件股份有限公司 数据权限管理装置和方法

Also Published As

Publication number Publication date
JP2016527608A (ja) 2016-09-08
RU2015155272A (ru) 2017-07-28
WO2014209416A1 (en) 2014-12-31
RU2637878C2 (ru) 2017-12-07
CN105408912B (zh) 2018-09-14
US9515832B2 (en) 2016-12-06
US20140380058A1 (en) 2014-12-25
BR112015031853A2 (pt) 2017-07-25
CN105408912A (zh) 2016-03-16
BR112015031853A8 (pt) 2019-12-31
EP3014511A1 (en) 2016-05-04

Similar Documents

Publication Publication Date Title
JP6286034B2 (ja) プロセス認証とリソースパーミッション
JP7545419B2 (ja) 統合された隔離されたアプリケーションにおけるランサムウェアの被害の軽減
JP6397500B2 (ja) 仮想マシン・マネージャーによって支援される選択的コード完全性強制
KR101861401B1 (ko) 장치 기능과 애플리케이션의 결합
CN109923548B (zh) 通过监管进程访问加密数据实现数据保护的方法、系统及计算机程序产品
JP5314016B2 (ja) 情報処理装置、暗号鍵の管理方法、コンピュータプログラム及び集積回路
US8505084B2 (en) Data access programming model for occasionally connected applications
KR102037160B1 (ko) 기대치에 따른 데이터 보안 작동
KR101009126B1 (ko) 대응하는 구성요소를 인증하기 위한 디지탈 인증서 및 디지탈 인증서 인증 방법
US9576147B1 (en) Security policy application through data tagging
US9871821B2 (en) Securely operating a process using user-specific and device-specific security constraints
EP1946238B1 (en) Operating system independent data management
US8452982B2 (en) Methods and systems for migrating content licenses
CN113168476A (zh) 操作系统中个性化密码学安全的访问控制
CN104318176A (zh) 用于终端的数据管理方法、数据管理装置和终端
US9137024B2 (en) System and method for incorporating an originating site into a security protocol for a downloaded program object
Nyman et al. Citizen electronic identities using TPM 2.0
CN114065183A (zh) 一种权限控制方法、装置、电子设备和存储介质
CN114244565B (zh) 密钥分发方法、装置、设备及存储介质
JP6584500B2 (ja) トラステッドプラットフォームモジュールにおけるオペレーティングシステムコンテキストの表現
CN115022091A (zh) 一种基于数字证书的自主授权方法和系统
US7694154B2 (en) Method and apparatus for securely executing a background process
CN111046440B (zh) 一种安全区域内容的篡改验证方法及系统
US20240111884A1 (en) Authenticating a File System Within Untrusted Storage
Nyamwaro Application for enhancing confidentiality and availability for sensitive user data using AES algorithm in smartphone devices

Legal Events

Date Code Title Description
A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20160920

A621 Written request for application examination

Free format text: JAPANESE INTERMEDIATE CODE: A621

Effective date: 20160920

A977 Report on retrieval

Free format text: JAPANESE INTERMEDIATE CODE: A971007

Effective date: 20170815

A131 Notification of reasons for refusal

Free format text: JAPANESE INTERMEDIATE CODE: A131

Effective date: 20170817

A521 Request for written amendment filed

Free format text: JAPANESE INTERMEDIATE CODE: A523

Effective date: 20171116

TRDD Decision of grant or rejection written
A01 Written decision to grant a patent or to grant a registration (utility model)

Free format text: JAPANESE INTERMEDIATE CODE: A01

Effective date: 20180104

A61 First payment of annual fees (during grant procedure)

Free format text: JAPANESE INTERMEDIATE CODE: A61

Effective date: 20180202

R150 Certificate of patent or registration of utility model

Ref document number: 6286034

Country of ref document: JP

Free format text: JAPANESE INTERMEDIATE CODE: R150

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

R250 Receipt of annual fees

Free format text: JAPANESE INTERMEDIATE CODE: R250

LAPS Cancellation because of no payment of annual fees
RD02 Notification of acceptance of power of attorney

Free format text: JAPANESE INTERMEDIATE CODE: R3D02