Process for executing a downloadable service receiving restrictive access rights to at least one profile file
First Claim
1. A process for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, said process being characterized in that it involves the steps of:
- arranging a confined run time environment (11) which is assigned a second communication port and socket and providing restricted access to at least one profile file;
downloading said service through said second communication port so that it is received by said confined run time environment (11); and
executing said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment.
2 Assignments
0 Petitions
Accused Products
Abstract
A process for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer. The web browser is used for accessing a web server through a first set of communication port and socket. Therefore is arranged a confined runtime environment such as for example an extended sandbox (11) and used in Java programming which is assigned a second communication port and sockets and which is used for executing downloadable service with restricted access on at least one profile file. The process can be used for executing services under the form of a signed archive file which signature is used for both validating the archive file and for selecting one particular secure class loader prior to the generation of the compiled code of the service.
-
Citations
15 Claims
-
1. A process for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, said process being characterized in that it involves the steps of:
-
arranging a confined run time environment (11) which is assigned a second communication port and socket and providing restricted access to at least one profile file;
downloading said service through said second communication port so that it is received by said confined run time environment (11); and
executing said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment. - View Dependent Claims (2, 3, 4, 5, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
6. A process for receiving a signed archive file containing class structures representative of at least one service to be downloaded to and executed on a client computer, characterized in that said at least one service is associated with a corresponding set of access rights to some profile files and the process further involves the steps of:
-
receiving said archive file;
validating said archive file with said signature;
selecting one secure class loader associated with said signature, said class loader being representative of the set of access rights associated to said service;
generating said classes in accordance with the secure class loader being selected for the purpose of generating a compiled code; and
executing said compiled code.
-
-
7. A process for generating compiled executable code in a client machine, comprising the steps of:
-
receiving a signed archive file containing classes of a service to be executed on said local machine;
checking and validating the signature associated to said archive file;
associating said signature to one predetermined secure class loader for the purpose of defining a predetermined java security policy and assigning access rights to at least one profile file;
invoking generating said access control classes in addition to the classes of said service; and
generating compiled code and executing said compiled code.
-
Specification