PROTECTION OF USER DATA IN HOSTED APPLICATION ENVIRONMENTS
First Claim
Patent Images
1. A system configured to convert an original application into a distributed application, the system comprising:
- a memory storing a computer program; and
a processor configured to execute the program,wherein the program is configured to;
generate a manifest identifying all external entities a user of the application is to communicate with and what private information of the user each entity is allowed to access,split the original application into a plurality of application components along security relevant boundaries according to the manifest,map the application components to hosting infrastructure boundaries, and use a mechanism to enforce a privacy policy of the user.
0 Assignments
0 Petitions
Accused Products
Abstract
A method of converting an original application into a cloud-hosted application includes splitting the original application into a plurality of application components along security relevant boundaries, mapping the application components to hosting infrastructure boundaries, and using a mechanism to enforce a privacy policy of a user. The mapping may include assigning each application component to a distinct virtual machine, which acts as a container for its assigned component.
-
Citations
21 Claims
-
1. A system configured to convert an original application into a distributed application, the system comprising:
-
a memory storing a computer program; and a processor configured to execute the program, wherein the program is configured to; generate a manifest identifying all external entities a user of the application is to communicate with and what private information of the user each entity is allowed to access, split the original application into a plurality of application components along security relevant boundaries according to the manifest, map the application components to hosting infrastructure boundaries, and use a mechanism to enforce a privacy policy of the user. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A system configured to manage a distributed application comprising a plurality of application components, the system comprising:
-
a memory storing a computer program; and a processor configured to execute the program, wherein the program is configured to start a new virtual machine for each application component, wherein each virtual machine runs a distinct one of the application components, wherein at least one of the application components without permission to communicate information of a user to an external application, sends a message to the user requesting permission for the information to be output to the external application, updates a privacy policy of the user based on a response of the user to the message, and outputs the information to the external application only when the privacy policy indicates that output of the information to the external application is allowed. - View Dependent Claims (17, 18)
-
-
19. A system configured to manage a distributed application comprising a plurality of application components, the system comprising:
-
a memory storing a computer program; and a processor configured to execute the program, wherein the program is configured to start a new virtual machine for each application component, wherein each virtual machine runs a distinct one of the application components, and wherein at least one of the virtual machines receives a manifest from an external application indicating information from a user that is required by the external application, sends a message to the user requesting permission for the external application to access the information, and outputs the information to the external application only when a response to the message by the user indicates that output of the information to the external application is allowed. - View Dependent Claims (20, 21)
-
Specification