A restrict ed access token is created from an existing token, and provides less access than that token. A restricted token may be created by changing an attribute of one or more security identifiers allowing access in the parent token to a setting that denies access in the restricted token and/or removing...http://www.google.es/patents/US6279111?utm_source=gb-gplus-sharePatente US6279111 - Security model using restricted tokens
