For security or other reasons (e.g., privacy), a computer system may limit user access to data on the system, or otherwise control user actions or operations on the system. Users may be authenticated and authorized to access only certain data, or may be granted privileges to take only certain actions on the computer systems.
In general, security and authorization mechanisms, which control access to operations or data in the computer systems, can be both direct and indirect. A computing system may conduct direct security checks of user credentials or authorization profiles (e.g., authentication identification codes (IDs) and passwords) at an attachment interface or facility (e.g., a log-in screen, at a firewall etc.)) before users can gain access to a resource (e.g., individual files or data objects, computer devices, network connections, computer programs, applications, and functionality provided by computer applications, etc.) of the computing system.
A computer system may use object-oriented technology and may make processes and data available in the form of objects (e.g., file and folder types). The computer system may deploy an access control list (ACL)-based security model to govern authorization processes to grant users access to or privileges to manipulate (e.g., read, write, copy, delete, etc.) objects in the computer system. An ACL, with respect to a computer file system, is a list of permissions or authorizations attached to an object. An ACL specifies which users or system processes are authorized to access the objects and what operations are allowed on given objects. Each “authority” entry for an object in a typical ACL specifies a subject and an operation.
A computer system can require a user wanting to access a specific resource or object (e.g., a software application or program) on the computer system to submit credentials for user authentication or identification. The computer system can implement “device-related” authentication procedures for general access (e.g., logging on) to a computer device and further “application-specific” authentication procedures for access to a particular application. For both device-related and application-specific authentication procedures user credentials can be based on something only the user knows, something only the user has, something only the user is, or, where the user is. The credentials are evaluated by the computer system to confirm that the user is entitled to work with the application (i.e. can read or modify data which can be accessed through the application).
The user identification and authentication processes of the computer system requiring users to submit credentials to log on to a computer system, a device or a particular application are a means for enforcing institutional security and confidentiality policies. The user identification and authentication processes of the computer system can also mitigate users' privacy concerns by restricting access to user-related information on the computer system. However, common authentication procedures are not foolproof as impostors or defrauders can, for example, submit stolen, hacked or guessed user credentials (e.g., user id or passwords, etc.) or otherwise bypass the authentication procedures to improperly gain access to computer resources and information related to other users.
A user may want to keep information related to his or her usage of a computer device private. For example, a user may have specific applications privately deployed and available on the computer device for personal use. The user may want to conceal knowledge from others that the specific applications are deployed, for example, if the computer device falls in wrong hands or in circumstances where the computer device is shared with other legitimate users.
Consideration is now being given to user privacy concerns and techniques for safeguarding information related to usage of a computer device.