Least privilege via restricted tokens
US6308274A · kind A · utility
Assignee
Inventor
Key dates
| Filing date | Jun 12, 1998 |
| Grant date | Oct 23, 2001 |
| Priority date | — |
| Expiry date | Jun 12, 2018 |
Classification
- Technology area (CPC G)Physics
- CPC primaryG06F2221/2149
- WIPO fieldComputer technology
- WIPO sectorElectrical engineering
Abstract
A method and mechanism to enforce reduced access via restricted access tokens. Restricted access tokens are based on an existing token, and have less access than that existing token. A process is associated with a restricted token, and when the restricted process attempts to perform an action on a resource, a security mechanism compares the access token information with security information associated with the resource to grant or deny access. Application programs may have restriction information stored in association therewith, such that when launched, a restricted token is created for that application based on the restriction information thereby automatically reducing that application's access. Applications may be divided into different access levels such as privileged and non-privileged portions, thereby automatically restricting the actions a user can perform via that application. Also, the system may enforce running with reduced access by running user processes with a restricted token, and then requiring a definite action by the user to specifically override actions that are restricted by temporarily running with the user's normal token.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.