Information security – Access control or authentication – Network
Reexamination Certificate
2006-08-22
2006-08-22
Sheikh, Ayaz (Department: 2131)
Information security
Access control or authentication
Network
C726S004000, C726S006000, C726S021000, C726S027000, C705S052000, C705S065000, C705S067000, C705S076000, C705S078000, C705S080000, C717S134000
Reexamination Certificate
active
07096491
ABSTRACT:
A method is disclosed for providing mobile code software applications to users via an application service provider (ASP). The ASP receives a mobile code application, such as a Java application, from a provider, along with a security specification. The security specification defines access privileges requested to execute the application, including privileges to execute functions performed by the application and privileges to access local resources of the ASP. The ASP receives a subscription to the application from a user. The subscription includes subscription information granting or denying privileges, and specifying parameters for the privileges, requested in the security specification. The ASP executes the application at runtime by determining for each executable function whether the user has authorized the requested privilege. Those functions authorized by the user are executed in one embodiment. During runtime the ASP limits the application's access to local resources based on the privileges granted by the user.
REFERENCES:
patent: 5974549 (1999-10-01), Golan
patent: 6317742 (2001-11-01), Nagaratnam et al.
patent: 6480962 (2002-11-01), Touboul
patent: 6526513 (2003-02-01), Shrader et al.
patent: 6691230 (2004-02-01), Bardon
patent: 6816882 (2004-11-01), Conner et al.
patent: 2002/0013910 (2002-01-01), Edery et al.
patent: 2002/0071540 (2002-06-01), Dworkin
patent: 2002/0082988 (2002-06-01), Ujiie et al.
patent: 2002/0087717 (2002-07-01), Artzi et al.
patent: 2002/0198840 (2002-12-01), Banka et al.
patent: 2004/0015886 (2004-01-01), Aaltonen et al.
Li Gong, et al., “Implementing Protection Domains in the Java Development Kit 1.2”, Mar. 1998, In Proceedings of the Internet Society Symp. on Network and Distributed System Security, San Diego, CA, pp. 1-10.
Li Gong, et al., “Going Beyond the Sandbox: An Overview of the New Security Architecture in the Java Development Kit 1.2”, Dec. 1997, In Proceedings of the USENIX Symposium on Internet Technologies and Systems, Monterey, CA., pp. 1-10.
Trent Jaeger, et al., “Building Systems That Flexibly Control Downloaded Excutable Content”, Proocedings of the Sixth USENIX UNIX Security Symposium, San Jose, CA, Jul. 1996, pp. 1-19.
Li Gong, “Secure Java Class Loading”, Mobile code security, Nov./Dec. 1998, IEEE Internet Computing, pp. 56-61.
Aviel D. Rubin, et al., “Mobile Code Security”, Mobile code security, Nov./Dec. 1998, IEEE Internet Computing, pp. 30-33.
Sean Finnegan, “Managing Mobile Code With Microsoft Technologies”, Aug. 31, 2000, www.microsoft.com/technet/security/mblcode.asp, pp. 1-16.
Chen Shin-Hon
Sheikh Ayaz
LandOfFree
Mobile code security architecture in an application service... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Mobile code security architecture in an application service..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Mobile code security architecture in an application service... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3711412