System and Methods for Providing Granular Security for Locally Running Scripted Environments and Web Applications

US 20080148298A1
Filed: 01/24/2008
Published: 06/19/2008
Est. Priority Date: 12/18/2006
Status: Abandoned Application

First Claim

Patent Images

1. A computing device comprising:

an application runtime environment for receiving an individual function call from a browser based application running locally on the computing device and for checking the individual function call against a signed list of allowed function calls to restrict access to protected native functions and data of the computing device.

View all claims

10 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Various embodiments are described for an application runtime environment that provides secure safe access to local resources from web based applications when applications are locally hosted or cached or when a safe broker is needed to ensure that a trusted program is given access to specific functionality. The application runtime environment allows enhanced scripting interfaces and locally running web service interfaces to provide individual function level security controls which restrict access to only those applications which are signed. The application runtime environment provides finer granularity and control at the function level by allowing scripted runtime based applications to call local functions in a signed manner with function call level control. Other embodiments are described and claimed.

104 Citations

View as Search Results

30 Claims

1. A computing device comprising:
- an application runtime environment for receiving an individual function call from a browser based application running locally on the computing device and for checking the individual function call against a signed list of allowed function calls to restrict access to protected native functions and data of the computing device.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The computing device of claim 1, wherein the application runtime environment comprises a runtime interpreter for interpreting browser based scripts in real time.
  - 3. The computing device of claim 1, the individual function call comprising a request to access functionality controlled by an operating system of the computing device.
  - 4. The computing device of claim 3, the individual function call comprising a request to access at least one of a local file system, a local database, a local software service, and a local hardware service.
  - 5. The computing device of claim 3, the application runtime environment to determine whether to block or allow the function call.
  - 6. The computing device of claim 5, the application runtime environment to block or allow the function call according to an operating system security policy.
  - 7. The computing device of claim 3, the operating system to determine whether to block or allow the function call.
  - 8. The computing device of claim 1, the application runtime environment to access a manifest file comprising the signed list of allowed function calls and a digital signature.
  - 9. The computing device of claim 8, the application runtime environment to verify the digital signature with a certifying authority.
  - 10. The computing device of claim 8, the application runtime environment to pass the function call and the digital signature to the operating system.
  - 11. The computing device of claim 1, wherein application runtime environment is implemented by a local web host.
  - 12. The computing device of claim 3, wherein the local web host comprises a web services stack.

13. A method comprising:
- receiving an individual function call from a browser based application running locally on a computing device; and
  
  checking the individual function call against a signed list of allowed function calls to restrict access to protected native functions and data of the computing device.
- View Dependent Claims (14, 15, 16)
- - 14. The method of claim 13, comprising blocking or allowing the function call according to an operating system security policy.
  - 15. The method of claim 13, comprising delegating a decision to block or allow the function call to an operating system.
  - 16. The method of claim 15, comprising passing a digital signature associated with the application to the operating system.

17. A method for delegating native function calls from an application runtime environment to an operating system in real-time comprising:
- sending an application script code to the operating system; and
  
  receiving permission from the operating system to execute one or more native function calls based on the application script code.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The method of claim 17, wherein said application script code comprises a manifest file including a list of native level functions used by a scripted application.
  - 19. The method of claim 18, where the application runtime environment sends the manifest file to the operating system at time of installation to seek permission to install the scripted application.
  - 20. The method of claim 18, comprising presenting the list of native functions used by the scripted application to a user for inspection.
  - 21. The method of claim 20, comprising receiving user input to block installation after inspection.
  - 22. The method of claim 17, comprising attaching a digital signature to the operating system when a native function is executed.

23. A method for serving multiple web applications comprising:
- running multiple web applications locally on a single computing device; and
  
  serving the multiple web applications simultaneously using different address and port combinations.
- View Dependent Claims (24, 25, 28, 29, 30)
- - 24. The method of claim 23, wherein the multiple applications have different permission levels.
  - 25. The method of claim 23, comprising:
    - serving the multiple applications on a single address and port combination; and
      
      redirected the multiple applications to separate address and port combinations.
  - 28. The method of claim 23, wherein once a particular application is started, each page refresh uses a rolling code to encode a response for maintaining a secure link that is not static between a web server and a client.
  - 29. The method of claim 23, comprising:
    - writing data to a tagged repository with a key; and
      
      retrieving the data by another application matching the key.
  - 30. The method of claim 29, wherein the key comprises public/private key pairs.

26. The method of clam 23, comprising:
- serving a first application on a first address and port combination; and
  
  redirecting the first application to a second port address combination.
- View Dependent Claims (27)
- - 27. The method of claim 26, comprising:
    - issuing a session identifier to the first application; and
      
      uses the session identifier to make a Simple Object Access Protocol call or privileged call from the first application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Qualcomm, Inc.
Original Assignee
Palm, Inc. (TCL Technology Group Corp.)
Inventors
Chatterjee, Manjirnath, Simon, Gregory R.

Application Number

US12/019,362
Publication Number

US 20080148298A1
Time in Patent Office

Days
Field of Search
US Class Current

719/328
CPC Class Codes

G06F 21/53 by executing in a restricte...

G06F 21/54 by adding security routines...

System and Methods for Providing Granular Security for Locally Running Scripted Environments and Web Applications

First Claim

10 Assignments

0 Petitions

Accused Products

Abstract

104 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

System and Methods for Providing Granular Security for Locally Running Scripted Environments and Web Applications

First Claim

10 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

104 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links