Techniques for permitting access across a context barrier on a small footprint device using an entry point object

US 6,633,984 B2
Filed: 01/22/1999
Issued: 10/14/2003
Est. Priority Date: 01/22/1999
Status: Expired due to Term

First Claim

Patent Images

1. A small footprint device comprising:

a. at least one processing element;

b. memory, c. a context barrier for isolating one program module from at least one other program module using said memory and processing element, said one program module and said at least one other program module configured to operate on said small footprint device; and

d. an entry point object for permitting one program module to access one other program module across said context barrier.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A small footprint device can securely run multiple programs from unrelated vendors by the inclusion of a context barrier isolating the execution of the programs. The context barrier performs security checks to see that principal and object are within the same context or to see that a requested action is authorized for an object to be operated upon. Each program or set of programs runs in a separate context. Access from one program to another program across the context barrier can be achieved under controlled circumstances by using an entry point object.

73 Citations

View as Search Results

27 Claims

1. A small footprint device comprising:
- a. at least one processing element;
  
  b. memory, c. a context barrier for isolating one program module from at least one other program module using said memory and processing element, said one program module and said at least one other program module configured to operate on said small footprint device; and
  
  d. an entry point object for permitting one program module to access one other program module across said context barrier.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 21, 22, 23)
- - 2. The small footprint device of claim 1 in which said context barrier allocates separate name spaces for each program module.
  - 3. The small footprint device of claim 2 in which at least two program modules can access said entry point object even though they are located in different respective name spaces.
  - 4. The small footprint device of claim 1 in which said context barrier allocates separate memory spaces for each program module.
  - 5. The small footprint device of claim 4 in which at least two program modules can access said entry point object even though they are located in different respective memory spaces.
  - 6. The small footprint device of claim 1 in which said context barrier enforces security checks on at least one of a principal, an object and an action.
  - 7. The small footprint device of claim 6 in which at least one security check is based on partial name agreement between a principal and an object.
  - 8. The small footprint device of claim 7 in which at least one program can access said entry point object without said at least one security check.
  - 9. The small footprint device of claim 6 in which at least one security check is based on memory space agreement between a principal and an object.
  - 10. The small footprint device of claim 9 in which at least one program can access said entry point object without said at least one security check.
  - 21. The small footprint device of claim 1 in which said one other program module is a supercontext of said one program module.
  - 22. The small footprint device of claim 1 in which the processing element runs each program module as a separate context.
  - 23. The small footprint device of claim 1 in which at least one program module comprises a plurality of applets.

11. A method of operating a small footprint device, comprising:
- separating program modules using a context barrier, said program modules configured to operate on said small footprint device; and
  
  permitting access to information across the context barrier using an entry point object.
- View Dependent Claims (12, 24)
- - 12. The method of claim 11, in which the context barrier will not permit a principal to perform an action on an object unless both principal and object are part of the same context unless the request is for access to an entry point object.
  - 24. The method of claim 12, in which, if a principal in a first context performs an action on an entry point object in a second context, when the action is performed it will execute within the second context.

13. A method of permitting access to information on a small footprint device from a first program module to a second program module separated by a context barrier, comprising:
- creating entry point object which may be accessed by at least two program modules configured to operate on said small footprint device; and
  
  using said entry point object to permit access to information across the context barrier.

14. A computer program product, comprising:
- a. a memory medium; and
  
  b. a computer controlling element comprising instructions for implementing a context barrier on a small footprint device and for bypassing said context barrier using an entry point object, said context barrier separating program modules configured to operate on said small footprint device.
- View Dependent Claims (15)
- - 15. The computer program product of claim 14 in which said medium is a carrier wave.

16. A computer program product, comprising:
- a. a memory medium; and
  
  b. a computer controlling element comprising instructions for separating a plurality of programs configured to operate on a small footprint device by running them in respective contexts and for permitting one program to access information from another program by way of an entry point object.
- View Dependent Claims (17)
- - 17. The computer program product of claim 16 in which said medium is a carrier wave.

18. A carrier wave carrying instructions for implementing an entry point object for bypassing a context barrier on a small footprint device over a communications link, said context barrier separating program modules configured to operate on said small footprint device.

19. A carrier wave carrying instructions over a communications link for separating a plurality of programs configured to operate on a small footprint device by running them in respective contexts and for permitting one program to access information from another program using at least one entry point object.

20. A method of transmitting code over a network, comprising transmitting a block of code from a server, said block of code comprising instructions for implementing an entry point object for bypassing a context barrier on a small footprint device over a communications link, said context barrier separating program modules configured to operate on said small footprint device.

25. An apparatus for operating a small footprint device, comprising:
- means for separating program modules using a context barrier, said program modules configured to operate on said small footprint device; and
  
  means for permitting access to information across the context barrier using an entry point object.
- View Dependent Claims (26)
- - 26. The apparatus of claim 25, in which the context barrier will not permit a principal to perform an action on an object unless both principal and object are part of the same context unless the request is for access to an entry point object.

27. An apparatus for permitting access to information on a small footprint device from a first program module to a second program module separated by a context barrier, comprising:
- means for creating entry point object which may be accessed by at least two program modules configured to operate on said small footprint device; and
  
  means for using said entry point object to permit access to information across the context barrier.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Streich, Andy, Susser, Joshua, Butler, Mitchel B.
Primary Examiner(s)
BANANKHAH, MAJID A

Application Number

US09/235,157
Publication Number

US 20030140176A1
Time in Patent Office

1,726 Days
Field of Search

709/100, 709/101, 709/102, 709/103, 709/104, 709/310, 713/200, 713/201, 713/202, 713/209, 380/43, 380/59, 380/255, 705/26, 705/27, 705/30
US Class Current

726/21
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 21/53   by executing in a restricte...

G06F 9/468   Specific access rights for ...

Techniques for permitting access across a context barrier on a small footprint device using an entry point object

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

73 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Techniques for permitting access across a context barrier on a small footprint device using an entry point object

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

73 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links