Directional set operations for permission based security in a computer system

Assignee

• Microsoft Corporation · US

Inventors

• Michael Jerger · Kirkland, US
• Jeffrey A. Bisset · Redmond, US
• Craig T. Sinclair · Sammamish, US
• Michael J. Toutonghi · Seattle, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F21/62
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Computer-based systems and methods are disclosed for a comprehensive security model for managing active content downloaded from a computer network. The security model includes the configuration of a system security policy that is stored on a host computer. The system security policy is configured by security zone in progressively “finer grain” levels with each level associated with and defining the previous level. These levels may include: protected operations; user permission sets, permissions, parameters and primitives associated with parameters. A requested permission set is provided by the publisher of active content that lists the permissions that the active content requires in order to run on the host system. The requested permission set is automatically compared to one or more user permission sets to determine the permissions, if any that will be granted on the host system. The automated set comparisons includes determining a directional permissions sets comparison result, which is “directional” in that it maintains the distinction between the “superior” user-defined set and the “inferior” requested set. Determining the directi…