Authorizing lower privilege users to invoke privileged calls
US12014225B2 · kind B2 · utility
Assignee
Inventors
Key dates
| Filing date | May 23, 2022 |
| Grant date | Jun 18, 2024 |
| Priority date | — |
| Expiry date | May 23, 2042 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2113
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Solutions for enabling lower privilege users (e.g., applications, virtualized computing environment applications such as virtual machines or containers) to perform requests for service (e.g., remote procedure calls) that require higher privilege include: receiving, by a relay service executing at a first privilege level, from an application executing at a lower privilege level, a received request for service. The first privilege level is sufficient for the request, however, the application's privilege level is insufficient. The relay service determines whether the application is authorized to perform the request by comparing the application identity and the request with privilege exception information (e.g., a list of application identities and corresponding requests that are subject to privilege exception). If the application's request is authorized, the relay service relays the request (e.g., as a hypercall) to a destination service at the relay's service own privilege level and then relays the received response back to the application.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.