Mobile code isolation cage
First Claim
1. An end user computer system programmed to operate in response to an imported data stream containing at least one mobile program component from an external source, characterized in that:
- a. the data stream is screened to identify mobile program components of that data stream;
b. at least one of the mobile program components is passed to at least one program execution location physically isolated by separate hardware within the end user system prior to being executed to operate in a desired manner;
c. the execution location is one in which at least one program component is retained and which has at least one interface with the external source of the data stream and at least one interface with the end user system whereby the program component within the execution location can be executed within the execution location to interact with one of the external source of data and the data and a program held by the end user system; and
d. the operation of the interface between the execution location and the end user system is programmed so that only data which has been interacted on by the program component within the execution location in a specified and controlled manner and program components which operate in a specified manner can be passed to and from the end user system.
3 Assignments
0 Petitions
Accused Products
Abstract
The present invention reduces the risk of damage to data or programs in an end user computer system programmed to operate in response to an imported data stream containing one or more mobile program components from an external source. The incoming data stream is screened to identify mobile program components of that data stream. Some of the mobile program components are passed to a program execution location isolated from the end user system prior to being executed to operate in a desired manner. The execution location has an interface with the external source of the data stream and an interface with the end user system. The operation of the interface between the execution location and the end user system is programmed so that only data which has been interacted on by the program component within the execution location in a specified and controlled manner can be passed to and from the end user system.
-
Citations
14 Claims
-
1. An end user computer system programmed to operate in response to an imported data stream containing at least one mobile program component from an external source, characterized in that:
-
a. the data stream is screened to identify mobile program components of that data stream; b. at least one of the mobile program components is passed to at least one program execution location physically isolated by separate hardware within the end user system prior to being executed to operate in a desired manner; c. the execution location is one in which at least one program component is retained and which has at least one interface with the external source of the data stream and at least one interface with the end user system whereby the program component within the execution location can be executed within the execution location to interact with one of the external source of data and the data and a program held by the end user system; and d. the operation of the interface between the execution location and the end user system is programmed so that only data which has been interacted on by the program component within the execution location in a specified and controlled manner and program components which operate in a specified manner can be passed to and from the end user system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method for operating an end user computer system which comprises importing to the system a data stream containing at least one mobile program component which is to execute on the computer system from an external source, which method comprises:
-
a. screening the data stream to identify mobile program components of that data stream; b. passing at least one mobile program component to at least one program execution location physically isolated by separate hardware within the end user system; c. executing the mobile program component within the execution location so as to interact with data from one of the end user system and the external source; d. passing one of the program components which operate in a specified manner and the interacted data and the resultant data from such interaction to the end user system via an interface which permits the transmission of one of data and program components which correspond to specified criteria to and from specified locations in one of the end user system and the external source. - View Dependent Claims (12)
-
-
13. A program for operating a location for the execution of mobile program components in an incoming data stream imported to an end user computer system, of which at least one mobile program component is to be executed on the end user computer system, which program causes:
-
a. at least one of the incoming mobile program components to be directed to at least one execution location which is physically isolated by separate hardware within the end user system; b. the mobile program component to be executed within the execution location so as to interact with data from one of the end user system and the external source; and c. one of program components which operate in a specified manner and data and the resultant data from such interaction to be passed to the end user system via an interface which permits the transmission of one of data and program components which correspond to specified criteria to and from specified locations in one of the end user system and the external source. - View Dependent Claims (14)
-
Specification