Enhanced security for computer system resources with a resource access authorization control facility that creates files and provides increased granularity of resource permission
US6233576A · kind A · utility
Assignee
Inventor
Key dates
| Filing date | Nov 14, 1997 |
| Grant date | May 15, 2001 |
| Priority date | — |
| Expiry date | Nov 14, 2017 |
Classification
- Technology area (CPC Y)Emerging Cross-Sectional Technologies
- CPC primaryY10S707/99939
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
Provided is a scheme for implementing flexible control of subject authorizations (i.e. the authorizations which users or processes have) to perform operations in relation to computer resources. The methods, computer systems and authorization facilities which are provided by the invention enhance the security provisions of operating systems which have only very limited authorization facilities, by mapping the available operating system permissions to specified resource authorities for each of a set of aspects or characteristics of a computer system resource. Thus, the standard operating system permissions (e.g. read, write, execute) can have different meanings for different resource aspects, and an individual subject can have separate authorization levels set for the different resource aspects. The mappings between authorities and the available permissions may be different for different types of resources. The invention provides great flexibility in setting the authorizations that a subject may have in relation to particular resources.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.