| 发明名称 |
Per process networking capabilities |
| 摘要 |
Per process networking capability techniques are described. In one or more implementations, a determination is made as to whether access to a network capability is permitted for a process that is executed on the computing device based on a token that is associated with the process. The token has one or more security identifiers that reference one or more network capabilities described in a manifest. The access to the network capability is managed based on the determination. |
| 申请公布号 |
US9118686(B2) |
申请公布日期 |
2015.08.25 |
| 申请号 |
US201113226223 |
申请日期 |
2011.09.06 |
| 申请人 |
Microsoft Technology Licensing, LLC |
发明人 |
Diaz-Cuellar Gerardo;Iskin Sermet;Coronel Mendoza Jorge P.;Graham Scott B.;Wood Nicholas D. |
| 分类号 |
H04L29/06;G06F21/33;H04L29/08;G06F21/51;G06F21/52 |
主分类号 |
H04L29/06 |
| 代理机构 |
|
代理人 |
Churna Timothy;Drakos Kate;Minhas Micky |
| 主权项 |
1. A method implemented by a computing device, the method comprising:
requesting, by a process executed locally on the computing device, access to a firewall-type network capability of the computing device comprising an incoming or outgoing connection from or to a remote computing device, respectively; creating, by the computing device, a token associated with the process responsive to execution of the process, the token comprising one or more security identifiers, the security identifiers corresponding to one or more network capabilities defined in a manifest stored locally as part of installation of executable code that, when executed, implements the process; determining, by the computing device and without input from a remote resource, whether the access is permitted for the process by comparing the access requested by the process to the token created in response to the execution of the process; and managing the access, by the computing device, to the network capability based on the determination. |
| 地址 |
Redmond WA US |
