SECURITY MODES FOR A COMPONENT-BASED WEB SECURITY MODEL

US 20180152456A1
Filed: 11/30/2016
Published: 05/31/2018
Est. Priority Date: 11/30/2016
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

a processor; and

a memory storing instructions that are configurable to cause the system to;

receive a plurality of documents for a web-based application, the web-based application comprising one or more components, the components comprising one or more custom components and one or more Application Programming Interface (API) components;

process a Document Object Model (DOM) corresponding to the web-based application, wherein the one or more components are modeled in hierarchical form;

assign each API component to a system mode setting, the system mode setting configured to provide the API component access to all of the components in the web-based application;

generate one or more secure documents for each custom component, each secure document comprising a key constituting an object reference of the custom component such that the custom component is accessible only to other custom components that can provide said key in accordance with the rules of capability security; and

assign each custom component to a user mode setting, the user mode setting configured to provide custom components access to other components in the web-based application for which the custom component can provide the key assigned to the other component.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Disclosed are examples of systems, apparatus, methods and computer program products for providing a security model for component-based web applications. Documents for a web-based application are received, with the application containing custom components and Application Programming Interface (API) components. A Document Object Model (DOM) is processed corresponding to the web-based application, with the components modeled in hierarchical form. Each API component is assigned to a system mode setting, where the system mode setting is configured to provide the API component access to all of the components in the application. One or more secure documents are generated for each custom component, with each secure document containing a key in accordance with the rules of capability security. Each custom component is then assigned to a user mode setting, where the user mode setting is configured to provide custom components access to other components in the application for which a key can be provided.

15 Citations

View as Search Results

20 Claims

1. A system comprising:
- a processor; and
  
  a memory storing instructions that are configurable to cause the system to;
  
  receive a plurality of documents for a web-based application, the web-based application comprising one or more components, the components comprising one or more custom components and one or more Application Programming Interface (API) components;
  
  process a Document Object Model (DOM) corresponding to the web-based application, wherein the one or more components are modeled in hierarchical form;
  
  assign each API component to a system mode setting, the system mode setting configured to provide the API component access to all of the components in the web-based application;
  
  generate one or more secure documents for each custom component, each secure document comprising a key constituting an object reference of the custom component such that the custom component is accessible only to other custom components that can provide said key in accordance with the rules of capability security; and
  
  assign each custom component to a user mode setting, the user mode setting configured to provide custom components access to other components in the web-based application for which the custom component can provide the key assigned to the other component.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1, the system further configurable to cause:
    - for each custom component, restricting access to other custom components for which the custom component cannot provide the key.
  - 3. The system of claim 1, the system further configurable to cause:
    - for each API component, determining whether the API component is a private API component or a public API component; and
      
      for each custom component, restricting access to private API components.
  - 4. The system of claim 3, wherein the user mode is further configured to provide custom components access to public API components.
  - 5. The system of claim 1, the system further configurable to cause:
    - assigning a component to an additional security mode different from the system mode and the user mode.
  - 6. The system of claim 5, wherein the additional security mode restricts access of the component to one or more other components different from the component.
  - 7. The system of claim 5, wherein the additional security mode provides access of the component to one or more other components different from the component.
  - 8. The system of claim 5, the system further configurable to cause:
    - providing keys for all custom components to all API components assigned to a system mode setting; and
      
      determining, by an API component assigned to a system mode setting, that a custom component assigned to a user mode setting can provide the key to another custom component assigned to a user mode setting.
  - 9. The system of claim 1, wherein upon generating the one or more secure documents for a custom component, access to the one or more original documents associated with the custom component is prohibited to all components except for API components.
  - 10. The system of claim 1, the system further configurable to cause:
    - generating a stamp associated with each custom component, wherein the stamp uniquely identifies a capability security mechanism associated with the custom component; and
      
      determining, upon a component providing a key for another component, that the capability security mechanism of the other component is associated with the stamp for that other component.

11. A method comprising:
- receiving a plurality of documents for a web-based application, the web-based application comprising one or more components, the components comprising one or more custom components and one or more Application Programming Interface (API) components;
  
  processing a Document Object Model (DOM) corresponding to the web-based application, wherein the one or more components are modeled in hierarchical form;
  
  assigning each API component to a system mode setting, the system mode setting configured to provide the API component access to all of the components in the web-based application;
  
  generating one or more secure documents for each custom component, each secure document comprising a key constituting an object reference of the custom component such that the custom component is accessible only to other custom components that can provide said key in accordance with the rules of capability security; and
  
  assigning each custom component to a user mode setting, the user mode setting configured to provide custom components access to other components in the web-based application for which the custom component can provide the key assigned to the other component.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, further comprising:
    - for each custom component, restricting access to other custom components for which the custom component cannot provide the key.
  - 13. The method of claim 11, further comprising:
    - for each API component, determining whether the API component is a private API component or a public API component; and
      
      for each custom component, restricting access to private API components.
  - 14. The method of claim 13, wherein the user mode is further configured to provide custom components access to public API components.
  - 15. The method of claim 11, further comprising:
    - assigning a component to an additional security mode different from the system mode and the user mode.
  - 16. The method of claim 11, further comprising:
    - providing keys for all custom components to all API components assigned to a system mode setting; and
      
      determining, by an API component assigned to a system mode setting, that a custom component assigned to a user mode setting can provide the key to another custom component assigned to a user mode setting.
  - 17. The method of claim 11, wherein upon generating the one or more secure documents for a custom component, access by the custom components to the one or more original documents associated with the custom component is prohibited to all components except for API components.

18. A computer program product comprising computer-readable program code capable of being executed by one or more processors when retrieved from a non-transitory computer-readable medium, the program code comprising instructions configurable to cause:
- receiving a plurality of documents for a web-based application, the web-based application comprising one or more components, the components comprising one or more custom components and one or more Application Programming Interface (API) components;
  
  processing a Document Object Model (DOM) corresponding to the web-based application, wherein the one or more components are modeled in hierarchical form;
  
  assigning each API component to a system mode setting, the system mode setting configured to provide the API component access to all of the components in the web-based application;
  
  generating one or more secure documents for each custom component, each secure document comprising a key constituting an object reference of the custom component such that the custom component is accessible only to other custom components that can provide said key in accordance with the rules of capability security; and
  
  assigning each custom component to a user mode setting, the user mode setting configured to provide custom components access to other components in the web-based application for which the custom component can provide the key assigned to the other component.
- View Dependent Claims (19, 20)
- - 19. The computer program product of claim 18, the instructions further configurable to cause:
    - for each custom component, restricting access to other custom components for which the custom component cannot provide the key.
  - 20. The computer program product of claim 18, the instructions further configurable to cause:
    - for each API component, determining whether the API component is a private API component or a public API component; and
      
      for each custom component, restricting access to private API components.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Chasman, Doug, Patio, Caridy, Bliss, Trevor James, Gorbaty, Sergey

Granted Patent

US 10,116,660 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/06   for supporting key manageme...

H04L 63/101   Access control lists [ACL]

SECURITY MODES FOR A COMPONENT-BASED WEB SECURITY MODEL

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

SECURITY MODES FOR A COMPONENT-BASED WEB SECURITY MODEL

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others