logo

For the Inventor, By the Inventor

The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.

The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.

Patent No.:

US 7096367 B1

PDFFull Text
Date of Patent:
Aug. 22, 2006

Filed:

May. 04, 2001

System and methods for caching in connection with authorization in a computer system

Applicants:

Praerit Garg, Kirkland, WA (US);

Robert P. Reichel, Sammamish, WA (US);

Richard B. Ward, Redmond, WA (US);

Kedarnath A. Dubhashi, Bellevue, WA (US);

Jeffrey B. Hamblin, North Bend, WA (US);

Anne C. Hopkins, Seattle, WA (US);

Inventors:

Praerit Garg, Kirkland, WA (US);

Robert P. Reichel, Sammamish, WA (US);

Richard B. Ward, Redmond, WA (US);

Kedarnath A. Dubhashi, Bellevue, WA (US);

Jeffrey B. Hamblin, North Bend, WA (US);

Anne C. Hopkins, Seattle, WA (US);

Assignee:

Microsoft Corporation, Redmond, WA (US);

Attorney:

Woodcock Washburn LLP

Primary Examiner:

Gilberto Barron, Jr

Assistant Examiner:

Samson Lemma

Int. Cl.
CPC ...
H04K 1/00 (2006.01); H04L 9/00 (2006.01);
U.S. Cl.
CPC ...
Abstract

An authorization handle is supported for each access policy determination that is likely to be repeated. In particular, an authorization handle may be assigned to access check results associated with the same discretionary access control list and the same client context. This likelihood may be determined based upon pre-set criteria for the application or service, based on usage history and the like. Once an access policy determination is assigned an authorization handle, the static maximum allowed access is cached for that policy determination. From access check to access check, the set of permissions desired by the client may change, and dynamic factors that might affect the overall privilege grant may also change; however, generally there is still a set of policies that is unaffected by the changes and common across access requests. The cached static maximum allowed access data is thus used to provide efficient operations for the evaluation of common policy sets. In systems having access policy evaluations that are repeated, authorization policy evaluations are more efficient, computer resources are free for other tasks, and performance improvements are observed.

Find Patent Forward Citations

Loading…