| CPC H04L 63/101 (2013.01) [H04L 63/08 (2013.01); H04L 63/102 (2013.01)] | 17 Claims |
|
1. A method for granting access to objects by entities in a computerized system, the method comprising:
providing an access control list specifying, for each object, access rights to the objects of the computerized system;
assigning a capability requirement information to at least one object of the objects in the access control list, wherein the capability requirement information comprises a capability requirement data entry, wherein the capability requirement data entry is implemented as part of header data of a file, a file attribute, a file name, a file name extension, or a combination thereof, and wherein the capability requirement information is a data flag in the access control list indicating a capability requirement, the capability requirement data entry, a pointer to the capability requirement data entry, or a combination thereof;
assigning a capability information to at least one entity of the entities in the computerized system;
requesting access to a requested object by a requesting entity, wherein the requested object is the file, a service, a registry entry, or a combination thereof;
checking when the requesting entity has an access right in accordance with the access control list;
verifying when a capability data entry of the requesting entity matches with the capability requirement data entry of the requested object; and
granting access to the requested object by the requesting entity only when: (1) the capability information assigned to the requesting entity matches with the capability requirement information assigned to the requested object; and (2) the capability data entry of the requesting entity matches with the capability requirement data entry of the requested object.
|