Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1997-10-10
2002-02-26
Le, Dieu-Minh (Department: 2184)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
Reexamination Certificate
active
06351816
ABSTRACT:
BACKGROUND OF THE INVENTION
This application relates to the provision of services in a client-server context. More particularly, this application relates to securing inter-server services on behalf of a client over a network.
FIG. 1
illustrates a typical client-server environment within the World Wide Web. As one of ordinary skill in the art will readily appreciate, a user's accessing a web page on the World Wide Web involves the cooperation of (at least) two pieces of software: the web browser
110
, typically directly under the user's control as software on the workstation
150
, and the server
120
for the web page. Responding in a manner predetermined by the author of the web page to transactions initiated by the browser
110
, the server
120
typically resides on a separate processor
140
.
FIG. 2
sketches a processor
200
such as a workstation
150
or server
120
. Such a processor includes a CPU
210
to which a memory
220
and I/O facilities
230
connect by a bus
240
. The processor
200
connects to an external communications system
250
which is, for example, a network or modem communications link and memory
220
includes programs
260
. Programs
260
may include one or more programs. Although programs
260
are depicted as being stored in memory
220
, one skilled in the art will appreciate that all or part of programs
260
may be stored on or read from other computer readable media, such as secondary storage devices
270
, like hard disks, floppy disks and CD-Rom, a digital signal received from a network such as the Internet, or other forms of RAM or ROM, either currently known or later developed.
As the HyperText Markup Language (HTML) is the preferred language for authoring web pages, the description below is in the terms of HTML. These terms are explained in, for example, I. S. Graham,
The HTML Sourcebook
, 1996 (John Wiley & Sons, Inc., 2d Edition). Graham is incorporated herein by reference to the extent necessary to explain these terms. However, Graham is not prior art.
In addition to text and static images for display on the user's workstation
150
via the user's browser
110
, a web page can also include an applet. An applet is a program included in an HTML page, whose execution a user can observe via a browser
110
enabled to recognize, download and execute the applet and to display the results of the applet's execution. The HotJava® browser, available from the assignee of the instant invention, is the preferred browser
110
, and the Java® environment, also available from the assignee of the instant invention, is the preferred environment for encoding and executing applets.
The Java® environment is described in, for example,
Java® Unleashed
(Sams.net Publishing, 1996).
Java® Unleashed
is incorporated herein by reference to the extent necessary to explain the Java® environment. However,
Java® Unleashed
is not prior art.
An applet typically is a small program residing on a server
120
. Some HTML document refers to the applet using the <applet> tag. When a browser downloads the HTML document and recognizes the <applet> tag, it also downloads the applet identified by the applet tag and executes that applet.
Written in a general purpose language such as Java®, an applet is in this way unrestrained in its functionality. It can perform any function which a program written in any other general purpose language (such as C or PL
1
) can accomplish. The methodologies of applets, however, are constrained by the Java® environment in order to minimize the security risks an applet presents to the workstation
150
. That is to say, an applet is restricted to “play” within a bounded “sandbox.”
While a security policy may suffice for the transfer of code from a server to a client, the transfer of code for execution from one server to another server presents greater security risks and requires a more stringent security policy. Accordingly, there is a need for a managing security on a server which receives code for execution.
SUMMARY OF THE INVENTION
Herein is disclosed, in a network environment, a security manager residing on a server and deciding whether to permit the execution of a servlet based on a characteristic of the servlet.
REFERENCES:
patent: 5163091 (1992-11-01), Graziano et al.
patent: 5191613 (1993-03-01), Graziano et al.
patent: 5289540 (1994-02-01), Jones
patent: 5341477 (1994-08-01), Pitkin et al.
patent: 5381332 (1995-01-01), Wood
patent: 5452454 (1995-09-01), Basu
patent: 5475819 (1995-12-01), Miller et al.
patent: 5475826 (1995-12-01), Fischer
patent: 5689708 (1997-11-01), Regnier et al.
patent: 5742759 (1998-04-01), Nessett et al.
patent: 5742762 (1998-04-01), Scholl et al.
patent: 5761663 (1998-06-01), Lagarde et al.
patent: 5926631 (1999-07-01), McGarvey
patent: 5928323 (1999-07-01), Gosling et al.
patent: 5933503 (1999-08-01), Schell et al.
patent: 5956733 (1999-09-01), Nakano et al.
patent: 5958051 (1999-09-01), Renaud et al.
patent: 5983348 (1999-11-01), Ji
patent: 6009176 (1999-12-01), Gennaro et al.
Connelly David
Mueller Marianne
Le Dieu-Minh
Sun Microsystems Inc.
LandOfFree
System and method for securing a program's execution in... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System and method for securing a program's execution in..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System and method for securing a program's execution in... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2982022