METHOD AND SYSTEM FOR CONTROLLING INTER-ZONE COMMUNICATION

US 20090271840A1
Filed: 04/25/2008
Published: 10/29/2009
Est. Priority Date: 04/25/2008
Status: Active Grant

First Claim

Patent Images

1. A method for executing a target program, comprising:

opening, in response to a request, a door between the source container and the global container, wherein the source container is controlled by the global container and the request specifies a target program;

sending the request to an access module located in the global container using the door;

verifying that the request can be executed in a target container using a policy definition, wherein the target program is in the target container and wherein the target container is controlled by the global container;

logging in to the target container after the request has been verified;

initiating a gateway within the target container in response to the login;

setting an execution context of the gateway based on the policy definition; and

executing the target program by the gateway, using the execution context, to generate a response to the request.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for executing a target program that includes opening, in response to a request, a door between the source container and the global container, where the source container is controlled by the global container and the request specifies a target program. The method further includes sending the request to an access module located in the global container using the door, verifying that the request can be executed in a target container using a policy definition, where the target program is in the target container and the target container is controlled by the global container, logging in to the target container after the request has been verified, initiating a gateway within the target container in response to the login, setting an execution context of the gateway based on the policy definition, and executing the target program by the gateway, using the execution context, to generate a response to the request.

19 Citations

View as Search Results

20 Claims

1. A method for executing a target program, comprising:
- opening, in response to a request, a door between the source container and the global container, wherein the source container is controlled by the global container and the request specifies a target program;
  
  sending the request to an access module located in the global container using the door;
  
  verifying that the request can be executed in a target container using a policy definition, wherein the target program is in the target container and wherein the target container is controlled by the global container;
  
  logging in to the target container after the request has been verified;
  
  initiating a gateway within the target container in response to the login;
  
  setting an execution context of the gateway based on the policy definition; and
  
  executing the target program by the gateway, using the execution context, to generate a response to the request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, further comprising:
    - spawning, in response to receiving the request, a thread in the global container by the access module, wherein the thread verifies that the request can be executed in the target container using the policy definition.
  - 3. The method of claim 2, further comprising:
    - prior to initiating the gateway in the container, verifying a gateway executable for the gateway by the thread.
  - 4. The method of claim 3, wherein the gateway is verified using a checksum function.
  - 5. The method of claim 2, wherein a child process of the thread logs into the target container after the request has been verified.
  - 6. The method of claim 1, wherein the policy definition comprises at least one selected from a group consisting of a program definition and an entity definition.
  - 7. The method of claim 6, wherein the program definition comprises a name of the target program, a name of the source container, and a name of the target container.
  - 8. The method of claim 7, wherein the program definition further comprises an execution identification, wherein the execution identification is used to login to the target container.
  - 9. The method of claim 6, wherein the program definition comprises a name of the target program, a label of the source container, and a label of the target container.
  - 10. The method of claim 9, wherein the label of the source container is less restrictive than the label of the target container.
  - 11. The method of claim 6, wherein the entity definition comprises a name of an entity in the source container, a name of the target program, a name of the source container, and a name of the target container.
  - 12. The method of claim 11, wherein the entity definition further comprises a forced option and wherein the forced option is added to the request.
  - 13. The method of claim 6, wherein the entity definition comprises a name of an entity in the source container, a name of the target program, a label of the source container, and a label of the target container.

14. A computer readable medium comprising executable instructions to perform a method when executed by a processor, the method comprising:
- opening, in response to a request, a door between the source container and the global container, wherein the source container is controlled by the global container and the request specifies a target program;
  
  sending the request to an access module located in the global container using the door;
  
  verifying that the request can be executed in a target container using a policy definition, wherein the target program is in the target container and wherein the target container is controlled by the global container;
  
  logging in to the target container after the request has been verified;
  
  initiating a gateway within the target container in response to the login;
  
  setting an execution context of the gateway based on the policy definition; and
  
  executing the target program by the gateway, using the execution context, to generate a response to the request.
- View Dependent Claims (15, 16, 17, 18, 19)
- - 15. The computer readable medium of claim 14, the method further comprising:
    - spawning, in response to receiving the request, a thread in the global container by the access module,wherein the thread verifies that the request can be executed in the target container using the policy definition, andwherein the policy definition comprises at least one selected from a group consisting of a program definition and an entity definition.
  - 16. The computer readable medium of claim 15, wherein the program definition comprises one selected from a group consisting of:
    - a name of the target program, a name of the source container, and a name of the target container; and
      
      a name of the target program, a label of the source container, and a label of the target container.
  - 17. The computer readable medium of claim 15, wherein the entity definition comprises one selected from a group consisting of:
    - a name of an entity in the source container, a name of the target program, a name of the source container, and a name of the target container; and
      
      (b) a name of an entity in the source container, a name of the target program, a label of the source container, and a label of the target container.
  - 18. The computer readable medium of claim 14, wherein the method further comprises:
    - prior to initiating the gateway in the container, verifying a gateway executable for the gateway by the thread.
  - 19. The computer readable medium of claim 18, wherein the gateway is verified using a checksum function.

20. A system, comprising:
- a hardware platform comprising a processor; and
  
  a global container executing on the hardware platform, wherein the global container comprises a first container, a second container, and an access module,wherein the second container comprises a target program;
  
  wherein the first container comprises a source program configured to send a request for the target program to the access module;
  
  wherein the access module, using a policy definition, is configured to enable the target program to process the request,wherein the policy definition comprises at least one selected from a group consisting of a program definition and an entity definition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Blanquart, Bart, Gillet, Bruno Jean

Granted Patent

US 8,056,119 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

G06F 21/6209 to a single file or object,...

G06F 2221/2113 Multi-level security, e.g. ...

METHOD AND SYSTEM FOR CONTROLLING INTER-ZONE COMMUNICATION

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR CONTROLLING INTER-ZONE COMMUNICATION

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links