Framework for providing a security context and configurable firewall for computing systems
First Claim
1. A computing environment, comprising:
- a virtual machine;
a first application operating on said virtual machine; and
a first firewall control block, wherein said first firewall control block includes;
an associate security identification portion that identifies one or more associates of said first application as identified associates, and wherein each one of said one or more identified associates has access privilege with respect to said first application; and
an access-operations portion that for each one of said one or more identified associates identifies one or more operations that have been allowed to be performed.
2 Assignments
0 Petitions
Accused Products
Abstract
Techniques for providing security context and firewalls in computing environments are disclosed. The security context includes cryptographic operations that can further enhance security. A security context block that includes a security context identification (ID) and a cryptographic system is disclosed. The security context identification (ID) can be provided for and assigned to various components of the computing system as means for security identification. Using the cryptographic system, various cryptographic operations can be performed on the security context identification (ID) to further enhance security. For example, security identifiers can be authenticated before it is presented to a firewall. After, successful authentication, the firewall can be used to determine whether the security identifier identifies an associate with access privileges.
-
Citations
37 Claims
-
1. A computing environment, comprising:
-
a virtual machine;
a first application operating on said virtual machine; and
a first firewall control block, wherein said first firewall control block includes;
an associate security identification portion that identifies one or more associates of said first application as identified associates, and wherein each one of said one or more identified associates has access privilege with respect to said first application; and
an access-operations portion that for each one of said one or more identified associates identifies one or more operations that have been allowed to be performed. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A mobile computing device, comprising:
-
a Java™
compliant virtual machine;
a first Java™
compliant applet operating on said Java™
compliant virtual machine;
a first firewall control block, wherein said first firewall control block includes;
an associate security identification portion that identifies one or more associates of said first application as identified associates, wherein each one of said one or more identified associates has access privilege with respect to said first application, and an access-operations portion that for each one of said one or more identified associates identifies one or more operations that have been allowed to be performed. - View Dependent Claims (8, 9)
-
-
10. A method of providing security for a Java™
- compliant computing environment that includes a Java™
virtual machine and a plurality of Java™
compliant applets that operate on said Java™
virtual machine, said method comprising;
receiving a request from a first Java™
compliant applet operating on Java™
virtual machine to perform an operation on a second Java™
compliant applet, said request including a security identifier that identifies said first Java™
compliant applet;
reading a firewall control block associated with said second Java™
compliant applet;
determining whether said firewall control block defines said security identifier as an associate of said second Java™
compliant applet; and
denying access to said first Java™
compliant applet when said determining determines that control block does not define said security identifier as an associate. - View Dependent Claims (11, 12, 13)
- compliant computing environment that includes a Java™
-
14. A computing environment, comprising:
-
a virtual machine;
a first application operating on said virtual machine;
a second application operating on said virtual machine; and
a firewall control block, wherein said firewall control block includes one or more of the following;
a first firewall control block portion, wherein said first firewall control block portion defines access privileges of said first application with respect to said second application, and further defines the access privileges of said second application with respect to said first application. a second firewall control block portion, wherein said second firewall control block portion includes;
an associate security identification portion that identifies one or more associates of said first application as identified associates, wherein each one of said one or more identified associates has access privilege with respect to said first application;
an access-operations portion that for each one of said one or more identified associates identifies one or more access operations that have been allowed. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A computing environment, comprising:
-
a virtual machine;
one or more applications operating on said virtual machine; and
one or more security context blocks provided for said one or more applications, wherein each of said one or more security context blocks include;
a security identification; and
a cryptographic system that can be used to perform cryptographic operations, wherein said cryptographic operations include cryptographic operations that can be performed on said security identification. - View Dependent Claims (22, 23, 24, 25, 26)
-
-
27. A method of providing security for a Java™
- compliant computing environment that includes a Java™
virtual machine and a plurality of Java™
compliant applets that operate on said Java™
virtual machine, said method comprising;
providing a security context that includes a security identification and a cryptographic system;
receiving from a first Java™
compliant applet a request to perform an operation on a second Java™
compliant applet, wherein the request includes a first security identificationdetermining whether said first Java™
compliant applet can be authenticated; and
presenting the first security identification to said second Java™
compliant applet only when said determining determines that said first security identification can be authenticated. - View Dependent Claims (28, 29, 30, 31)
- compliant computing environment that includes a Java™
-
32. A method of providing security in a Java™
- compliant computing environment that includes a Java™
virtual machine and a plurality of Java™
compliant applets that operate on said Java™
virtual machine, said method comprising;
providing a cryptographic system for a first Java™
compliant applet, wherein said cryptographic system includes cryptographic keys, wherein said cryptographic keys are suitable for performing cryptographic operations using cryptographic algorithms; and
using, by said first Java™
compliant applet, said cryptographic, to perform a cryptographic operation on computer readable data;
wherein said cryptographic operation is performed by said first Java™
compliant applet without user intervention.
- compliant computing environment that includes a Java™
-
33. A method of providing security in a Java™
- compliant computing environment that includes a Java™
virtual machine, said method comprising;
providing a cryptographic system, wherein said cryptographic system includes cryptographic keys, and wherein said cryptographic keys are suitable for performing cryptographic operations using cryptographic algorithms; and
receiving a request from a first component to access a resource of said Java™
compliant computing environment; and
using said cryptographic system to perform at least one cryptographic operation to determine whether said first component should be granted access to said resource. - View Dependent Claims (34, 35, 36, 37)
- compliant computing environment that includes a Java™
Specification