Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1996-05-30
2001-07-17
Le, Dieu-Minh T. (Department: 2184)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
Reexamination Certificate
active
06263442
ABSTRACT:
BACKGROUND OF THE INVENTION
This application relates to the provision of services in a client-server context. More particularly, this application relates to securing inter-server services on behalf of a client over a network.
FIG. 1
illustrates a typical client-server environment within the World Wide Web. As one of ordinary skill in the art will readily appreciate, a user's accessing a web page on the World Wide Web involves the cooperation of (at least) two pieces of software: the web browser
110
, typically directly under the user's control as software on the workstation
150
, and the server
120
for the web page. Responding in a manner predetermined by the author of the web page to transactions initiated by the browser
110
, the server
120
typically resides on a separate processor
140
.
FIG. 2
illustrates a processor
200
such as a workstation
150
or server
120
. Such a processor includes a CPU
210
to which a memory
220
and I/O facilities
230
connect by a bus
240
. The processor
200
connects to an external communications system
250
which is, for example, a network or modem communications link.
As the HyperText Markup Language (HTML) is the preferred language for authoring web pages, the description below is in the terms of HTML. These terms are explained in, for example, I. S. Graham,
The HTML Sourcebook,
1996 (John Wiley & Sons, Inc., 2d Edition). Graham is incorporated herein by reference to the extent necessary to explain these terms. However, Graham is not prior art.
In addition to text and static images for display on the user's workstation
150
via the user's browser
110
, a web page can also include an applet. An applet is a program included in an HTML page, whose execution a user can observe via a browser
110
enabled to recognize, download and execute the applet and to display the results of the applet's execution. The HotJava™ browser, available from the assignee of the instant invention, is the preferred browser
110
, and the Java™ environment, also available from the assignee of the instant invention, is the preferred environment for encoding and executing applets.
The Java environment is described in, for example,
Java Unleashed
(Sams.net Publishing, 1996).
Java® Unleashed
is incorporated herein by reference to the extent necessary to explain the Java environment. However,
Java® Unleashed
is not prior art. Java and Java-based trademarks are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries.
An applet typically is a small program residing on a server 120. Some HTML document refers to the applet using the <applet> tag. When a browser downloads the HTML document and recognizes the <applet> tag, it also downloads the applet identified by the applet tag and executes that applet.
Written in a general purpose language such as Java, an applet is in this way unrestrained in its functionality. It can perform any function which a program written in any other general purpose language (such as C or PL1) can accomplish. The methodologies of applets, however, are constrained by the Java environment in order to minimize the security risks an applet presents to the workstation
150
. That is to say, an applet is restricted to “play” within a bounded “sandbox.”
While a security policy may suffice for the transfer of code from a server to a client, the transfer of code for execution from one server to another server presents greater security risks and requires a more stringent security policy. Accordingly, there is a need for a managing security on a server which receives code for execution.
SUMMARY OF THE INVENTION
Herein is disclosed, in a network environment, a security manager residing on a server and deciding whether to permit the execution of a servlet based on a characteristic of the servlet.
REFERENCES:
patent: 4713753 (1987-12-01), Boebert et al.
patent: 4780821 (1988-10-01), Crossley
patent: 4849877 (1989-07-01), Bishop et al.
patent: 4891785 (1990-01-01), Donohoo
patent: 5164988 (1992-11-01), Matyas et al.
patent: 5450567 (1995-09-01), Mori et al.
patent: 5495533 (1996-02-01), Linehan et al.
patent: 5572673 (1996-11-01), Shurts
patent: 5577209 (1996-11-01), Boyle et al.
patent: 5682514 (1997-10-01), Yohe et al.
patent: 5689708 (1997-11-01), Regnier et al.
patent: 5699518 (1997-12-01), Held et al.
patent: 5724425 (1998-03-01), Chang et al.
patent: 5864683 (1999-01-01), Boebert et al.
patent: 5940591 (1999-08-01), Boyle et al.
Chung, K.-M., et al., “A ‘Tiny’ Pascal Comiler, Part 1: The P-Code Interpreter,” Byte Publications Inc. (1978), pp. 58-65, 148-155.
Chung, K.-M., et al., “A ‘Tiny’ Pascal Complier, Part 2: The P-Compiler,” Byte Publications Inc. (1978), pp. 34-52.
Thompson, K., “Regular Expression Search Algorithm,”Communication of the ACM(1968), vol. 11, No. 6, pp. 419-422.
Mitchell, J.G., et al.,Mesa Language Manual, a Xerox Corp. document.
McDaniel, G., An Analysis of a Mesa Instruction Set (1982), a Xerox Corp. document.
Pier, A.P., A Retrospective on the Dorado, A High-Performance Personal Computer (1983), a Xerox Corp. document.
Pier, A.P., A Retrospective on the Dorado, A High-Performance Personal Computer, Conference Proceedings, The 10th Annual International Symposium on Computer Architecture, Computer Society Press (1983), pp. 252-269.
Connelly David
Mueller Marianne
Finnegan Henderson Farabow Garrett & Dunner L.L.P.
Le Dieu-Minh T.
Sun Microsystems Inc.
LandOfFree
System and method for securing a program's execution in... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for securing a program's execution in..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for securing a program's execution in... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2496570