-
公开(公告)号:US20130062401A1
公开(公告)日:2013-03-14
申请号:US13228695
申请日:2011-09-09
IPC分类号: G06F17/00
CPC分类号: G06F21/52 , G06F9/468 , G06F17/00 , G06F21/121 , G06F21/44 , G06F21/6281 , G06F2221/033
摘要: A package identifier for a package from which an application is installed on a computing device is obtained. The package identifier is assigned to each of one or more processes created for running the application and, for each of the one or more processes, whether the process is permitted to access a resource of the computing device is determined based at least in part on the package identifier.
-
公开(公告)号:US08990561B2
公开(公告)日:2015-03-24
申请号:US13228695
申请日:2011-09-09
CPC分类号: G06F21/52 , G06F9/468 , G06F17/00 , G06F21/121 , G06F21/44 , G06F21/6281 , G06F2221/033
摘要: A package identifier for a package from which an application is installed on a computing device is obtained. The package identifier is assigned to each of one or more processes created for running the application and, for each of the one or more processes, whether the process is permitted to access a resource of the computing device is determined based at least in part on the package identifier.
摘要翻译: 获得在计算设备上安装应用的包的包标识符。 将包标识符分配给为运行应用而创建的一个或多个进程中的每一个,并且对于所述一个或多个进程中的每一个,至少部分地基于所述进程来确定是否允许进程访问计算设备的资源 包标识符。
-
公开(公告)号:US20130061316A1
公开(公告)日:2013-03-07
申请号:US13225945
申请日:2011-09-06
申请人: Sermet Iskin , John A.M. Hazen , Liang Zhao , Scott B. Graham , John M. Sheelan
发明人: Sermet Iskin , John A.M. Hazen , Liang Zhao , Scott B. Graham , John M. Sheelan
IPC分类号: G06F21/00
CPC分类号: G06F21/53 , G06F21/6218 , G06F2221/2141 , G06F2221/2149
摘要: Capability access management techniques for processes are described. In one or more implementations, a token is formed having one or more security identifiers that reference capabilities described in a manifest for the executable code responsive to an input received to initiate execution of executable code installed on the computing device. The one or more processes formed through execution of the executable code on the computing device are associated with the token, the token usable to manage access of the one or more processes to the capabilities of the computing device.
摘要翻译: 描述进程的能力访问管理技术。 在一个或多个实现中,形成具有一个或多个安全标识符的令牌,所述安全标识符响应于接收到的输入来引用可执行代码的清单中描述的能力,以启动安装在计算设备上的可执行代码的执行。 通过在计算设备上执行可执行代码形成的一个或多个过程与令牌相关联,令牌可用于管理一个或多个进程对计算设备的能力的访问。
-
公开(公告)号:US09118686B2
公开(公告)日:2015-08-25
申请号:US13226223
申请日:2011-09-06
申请人: Gerardo Diaz-Cuellar , Sermet Iskin , Jorge P. Coronel Mendoza , Scott B. Graham , Nicholas D. Wood
发明人: Gerardo Diaz-Cuellar , Sermet Iskin , Jorge P. Coronel Mendoza , Scott B. Graham , Nicholas D. Wood
CPC分类号: H04L63/102 , G06F21/335 , G06F21/51 , G06F21/52 , G06F2221/2121 , G06F2221/2141 , G06F2221/2145 , H04L63/20 , H04L67/34
摘要: Per process networking capability techniques are described. In one or more implementations, a determination is made as to whether access to a network capability is permitted for a process that is executed on the computing device based on a token that is associated with the process. The token has one or more security identifiers that reference one or more network capabilities described in a manifest. The access to the network capability is managed based on the determination.
摘要翻译: 描述每个进程联网能力技术。 在一个或多个实现中,确定是否允许基于与该过程相关联的令牌在计算设备上执行的进程对网络能力的访问。 令牌具有引用清单中描述的一个或多个网络能力的一个或多个安全标识符。 基于确定来管理对网络能力的访问。
-
公开(公告)号:US20130061282A1
公开(公告)日:2013-03-07
申请号:US13227201
申请日:2011-09-07
IPC分类号: G06F21/00
CPC分类号: G06F21/629 , G06F21/52 , G06F21/53 , G06F21/56 , G06F21/566 , G06F2221/2141 , H04L63/14 , H04L63/1408 , H04L63/1416 , H04L63/1433 , H04L63/1441 , H04L63/145 , H04L63/1483
摘要: Techniques for content handling for applications are described. In one or more implementations, a first set of content handling policies is enforced for a first portion of an application that is permitted to invoke code elements of the computing device and a second set of content handling policies is enforced for a second portion of the application that is not permitted to invoke the code elements. Further, a determination is made whether to apply the first set of content handling policies or the second set of content handling policies to content based on which portion of the application is requesting the content.
摘要翻译: 描述用于应用的内容处理的技术。 在一个或多个实现中,为允许调用计算设备的代码元素的应用的第一部分强制执行第一组内容处理策略,并且为应用的第二部分强制执行第二组内容处理策略 这是不允许调用代码元素的。 此外,确定是否基于应用的哪个部分请求内容来应用第一组内容处理策略或第二组内容处理策略到内容。
-
公开(公告)号:US20130061309A1
公开(公告)日:2013-03-07
申请号:US13226223
申请日:2011-09-06
申请人: Gerardo Diaz-Cuellar , Sermet Iskin , Jorge P. Coronel Mendoza , Scott B. Graham , Nicholas D. Wood
发明人: Gerardo Diaz-Cuellar , Sermet Iskin , Jorge P. Coronel Mendoza , Scott B. Graham , Nicholas D. Wood
CPC分类号: H04L63/102 , G06F21/335 , G06F21/51 , G06F21/52 , G06F2221/2121 , G06F2221/2141 , G06F2221/2145 , H04L63/20 , H04L67/34
摘要: Per process networking capability techniques are described. In one or more implementations, a determination is made as to whether access to a network capability is permitted for a process that is executed on the computing device based on a token that is associated with the process. The token has one or more security identifiers that reference one or more network capabilities described in a manifest. The access to the network capability is managed based on the determination.
摘要翻译: 描述每个进程联网能力技术。 在一个或多个实现中,确定是否允许基于与该过程相关联的令牌在计算设备上执行的进程对网络能力的访问。 令牌具有引用清单中描述的一个或多个网络能力的一个或多个安全标识符。 基于确定来管理对网络能力的访问。
-
公开(公告)号:US10445528B2
公开(公告)日:2019-10-15
申请号:US13227201
申请日:2011-09-07
摘要: Techniques for content handling for applications are described. In one or more implementations, a first set of content handling policies is enforced for a first portion of an application that is permitted to invoke code elements of the computing device and a second set of content handling policies is enforced for a second portion of the application that is not permitted to invoke the code elements. Further, a determination is made whether to apply the first set of content handling policies or the second set of content handling policies to content based on which portion of the application is requesting the content.
-
公开(公告)号:US07602903B2
公开(公告)日:2009-10-13
申请号:US10759636
申请日:2004-01-16
IPC分类号: H04L9/00
CPC分类号: G06F21/602 , H04L9/088
摘要: Methods and apparatuses are provided that can inform certain processes and/or even the user about the relative strength/weakness of cryptography services being used. In certain methods, for example, at least one cryptography service parameter threshold is established. The method further includes, selectively detecting a request for at least one cryptography service, and selectively performing at least one correctness detection action based on the requested cryptography service and the cryptography service parameter threshold. The cryptography service parameter threshold identifies acceptable/unacceptable cryptography algorithms, acceptable/unacceptable cryptography key size parameters, acceptable/unacceptable cryptography seed size parameters, and other like parameters that the requested cryptography service information can be compared with.
摘要翻译: 提供了可以向某些进程和/或甚至用户通知正在使用的加密服务的相对强度/弱点的方法和装置。 在某些方法中,例如,建立至少一个密码服务参数阈值。 该方法还包括:选择性地检测对至少一个密码服务的请求,以及基于所请求的密码服务和密码服务参数阈值选择性地执行至少一个正确性检测动作。 加密服务参数阈值识别可接受/不可接受的加密算法,可接受/不可接受的加密密钥大小参数,可接受/不可接受的加密种子大小参数以及可以与所请求的密码服务信息进行比较的其他类似参数。
-
公开(公告)号:US09773102B2
公开(公告)日:2017-09-26
申请号:US13229367
申请日:2011-09-09
申请人: Scott Graham , Kavitha Radhakrishnan , Sermet Iskin , Katrina M. Blanch , Steven Ball , John Hazen , Tyler Kien Beam , Allen Kim , Guillermo Enrique Rueda Quintero
发明人: Scott Graham , Kavitha Radhakrishnan , Sermet Iskin , Katrina M. Blanch , Steven Ball , John Hazen , Tyler Kien Beam , Allen Kim , Guillermo Enrique Rueda Quintero
CPC分类号: G06F21/335 , G06F21/6218 , G06F2221/2141
摘要: Methods, systems, and computer program products are provided for enabling selective file system access by applications. An application is installed in a computing device. An application manifest associated with the application is received. The application manifest indicates one or more file types that the application is allowed to access. The indicated file type(s) are registered in a location accessible by a broker service. The application is launched as an application process. The application process is isolated in an application container. The application container prevents direct access by the application process to file system data. An access request related to first data of the file system data is received at the broker service from the application process. Access by the application process to the first data is enabled when the broker service determines that a file type of the first data is included in the registered file type(s).
-
公开(公告)号:US08973158B2
公开(公告)日:2015-03-03
申请号:US13186474
申请日:2011-07-20
申请人: Saji Abraham , Hart Wilson , Tassaduq Basu , Sermet Iskin , Liang Zhao
发明人: Saji Abraham , Hart Wilson , Tassaduq Basu , Sermet Iskin , Liang Zhao
CPC分类号: G06F21/604 , G06F21/51 , G06F21/52 , G06F21/53 , G06F2221/2113
摘要: An isolation execution environment provides an application with limited resources to execute an application. The application may require access to secured resources associated with a particular trust level that are outside of the isolation execution environment. A trust activation engine determines the trust level associated with a request for a resource and operates differently based on the trust level. A broker process may be used to execute components providing access to resources having a partial trust level in an execution environment that is separate from the isolation execution environment.
摘要翻译: 隔离执行环境为应用程序提供有限的资源来执行应用程序。 应用程序可能需要访问与隔离执行环境之外的特定信任级别相关联的安全资源。 信任激活引擎确定与资源请求相关联的信任级别,并基于信任级别进行不同的操作。 代理进程可以用于执行提供对具有与隔离执行环境分离的执行环境中的部分信任级别的资源的访问的组件。
-
-
-
-
-
-
-
-
-