Methods and systems for network-based management of application security
US9654474B2 · kind B2 · utility
Assignee
Inventor
Key dates
| Filing date | Sep 11, 2013 |
| Grant date | May 16, 2017 |
| Priority date | — |
| Expiry date | Sep 11, 2033 |
Classification
- Technology area (CPC H)Electricity
- CPC primaryH04L63/20
- WIPO fieldDigital communication
- WIPO sectorElectrical engineering
Abstract
To control privileges and access to resources on a per-process basis, an administrator creates a rule that may be applied to modify a process's token. The rule includes an application-criterion set and changes to be made to the groups and/or privileges of a token. The rule is set as a policy within a group policy object (GPO), where a GPO is associated with one or more groups of computers. When a GPO containing a rule is applied to a computer, a driver installed on the computer accesses the rule(s) anytime a logged-on user executes a process. If the executed process satisfies the criterion set of a rule the changes contained within the rule are made to the process token, and the user has expanded and/or contracted access and/or privileges for only that process.
Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.