Process for executing a downloadable service receiving restrictive access rights to at least one profile file

US 6,757,685 B2
Filed: 02/15/2002
Issued: 06/29/2004
Est. Priority Date: 02/19/2001
Status: Expired due to Fees

First Claim

Patent Images

1. A process for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, said process being characterized in that it involves the steps of:

arranging a confined run time environment which is assigned a second communication port and socket and providing restricted access to at least one profile file;

downloading said service through said second communication port so that it is received by said confined run time environment;

executing said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment, said confined run time environment comprising an extended sandbox having restrictive access to said at least one profile file;

downloading a signed archive file which is received via said second communication port;

checking the signature of the archive file and, if corrupted, discarding said archive file; and

selecting one particular secure class loader corresponding to said signature for the purpose of creating additional security java classes allowing the restricted access to said at least one profile file.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A process for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer. The web browser is used for accessing a web server through a first set of communication port and socket. Therefore is arranged a confined runtime environment such as for example an extended sandbox (11) and used in Java programming which is assigned a second communication port and sockets and which is used for executing downloadable service with restricted access on at least one profile file. The process can be used for executing services under the form of a signed archive file which signature is used for both validating the archive file and for selecting one particular secure class loader prior to the generation of the compiled code of the service.

188 Citations

27 Claims

1. A process for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, said process being characterized in that it involves the steps of:
- arranging a confined run time environment which is assigned a second communication port and socket and providing restricted access to at least one profile file;
  
  downloading said service through said second communication port so that it is received by said confined run time environment;
  
  executing said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment, said confined run time environment comprising an extended sandbox having restrictive access to said at least one profile file;
  
  downloading a signed archive file which is received via said second communication port;
  
  checking the signature of the archive file and, if corrupted, discarding said archive file; and
  
  selecting one particular secure class loader corresponding to said signature for the purpose of creating additional security java classes allowing the restricted access to said at least one profile file.
- View Dependent Claims (2)
- - 2. The process according to claim 1 characterized in that said secure class loader further includes restricted access to some specific sections of said at least one profile files.

3. A process for receiving a signed archive file containing class structures representative of at least one service to be downloaded to and executed on a client computer, characterized in that said at least one service is associated with a corresponding set of access rights to some profile files and the process further involves the steps of:
- receiving said archive file;
  
  validating said archive file with a signature of said archive file;
  
  selecting one secure class loader associated with said signature, said class loader being representative of the set of access rights associated to said service;
  
  generating classes in accordance with the secure class loader being selected for the purpose of generating a compiled code; and
  
  executing said compiled code.

4. A process for generating compiled executable code in a client machine, comprising the steps of:
- receiving a signed archive file containing classes of a service to be executed on said local machine;
  
  checking and validating the signature associated to said archive file;
  
  associating said signature to one predetermined secure class loader for the purpose of defining a predetermined java security policy and assigning access rights to at least one profile file;
  
  invoking generating access control classes in addition to the classes of said service; and
  
  generating compiled code and executing said compiled code.

5. A process for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, said process being characterized in that it involves the steps of:
- arranging a confined run time environment which is assigned a second communication port and socket and providing restricted access to at least one profile file;
  
  downloading said service through said second communication port so that it is received by said confined run time environment;
  
  executing said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment; and
  
  arranging said at least one profile in a hierarchical manner with a technical section comprising data representative of the user'"'"'s machine configuration, user'"'"'s comportments, habits and preferences.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The process according to claim 5 wherein said technical section is automatically filled with data extracted from information available at the Basic Input Output System (BIOS) level and profile building tools.
  - 7. The process according to claim 5 wherein said technical section is automatically filled by means of interrogating standardised systems management interfaces present in the client computer.
  - 8. The process according to claim 5 wherein said technical section is automatically filled by means of interrogation via the Distributed Management Interface (DMI) or Window Management Interface (WMI).
  - 9. The process according to claim 8 further comprising providing a transaction aid in the form of a personal computer, with program code elements being implemented as a downloadable service having access to said at least one profile file.

10. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, the computer readable program code means in said computer program product comprising:
- computer readable program means for causing a computer to arrange a confined run time environment which is assigned a second communication port and socket and provides restricted access to at least one profile file;
  
  computer readable program means for causing a computer to download said service through said second communication port so that it is received by said confined run time environment;
  
  computer readable program means for causing a computer to execute said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment, said confined run time environment comprising an extended sandbox having restrictive access to said at least one profile file;
  
  computer readable program means for causing a computer to downloading a signed archive file which is received via said second communication port;
  
  computer readable program means for causing a computer to checking the signature of the archive file and, if corrupted, discarding said archive file; and
  
  computer readable program means for causing a computer to selecting one particular secure class loader corresponding to said signature for the purpose of creating additional security java classes allowing the restricted access to said at least one profile file.
- View Dependent Claims (11)
- - 11. The computer program product according to claim 10 characterized in that said secure class loader further includes restricted access to some specific sections of said at least one profile files.

12. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for receiving a signed archive file containing class structures representative of at least one service to be downloaded to and executed on a client computer, characterized in that said at least one service is associated with a corresponding set of access rights to some profile files, the computer readable program code means in said computer program product comprising:
- computer readable program means for causing a computer to receive said archive file;
  
  computer readable program means for causing a computer to validate said archive file with a signature of said archive file;
  
  computer readable program means for causing a computer to select one secure class loader associated with said signature, said class loader being representative of the set of access rights associated to said service;
  
  computer readable program means for causing a computer to generate classes in accordance with the secure class loader being selected for the purpose of generating a compiled code; and
  
  computer readable program means for causing a computer to execute said compiled code.

13. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for generating compiled executable code in a client machine, the computer readable program code means in said computer program product comprising:
- computer readable program means for causing a computer to receive a signed archive file containing classes of a service to be executed on said local machine;
  
  computer readable program means for causing a computer to check and validate the signature associated to said archive file;
  
  computer readable program means for causing a computer to associate said signature to one predetermined secure class loader for the purpose of defining a predetermined java security policy and assigning access rights to at least one profile file;
  
  computer readable program means for causing a computer to invoke generating access control classes in addition to the classes of said service; and
  
  computer readable program means for causing a computer to generate compiled code and execute said compiled code.

14. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, the computer readable program code means in said computer program product comprising:
- computer readable program means for causing a computer to arrange a confined run time environment which is assigned a second communication port and socket and provides restricted access to at least one profile file;
  
  computer readable program means for causing a computer to download said service through said second communication port so that it is received by said confined run time environment;
  
  computer readable program means for causing a computer to execute said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment; and
  
  computer readable program means for causing a computer to arrange said at least one profile in a hierarchical manner with a technical section comprising data representative of the user'"'"'s machine configuration, user'"'"'s comportments, habits and preferences.
- View Dependent Claims (15, 16, 17, 18)
- - 15. The computer program product according to claim 14 wherein said technical section is automatically filled with data extracted from information available at the Basic Input Output System (BIOS) level and profile building tools.
  - 16. The computer program product according to claim 14 wherein said technical section is automatically filled by means of interrogating standardized systems management interfaces present in the client computer.
  - 17. The computer program product according to claim 14 wherein said technical section is automatically filled by means of interrogation via the Distributed Management Interface (DMI) or Window Management Interface (WMI).
  - 18. The computer program product according to claim 17 further comprising providing a transaction aid in the form of a personal computer, with program code elements being implemented as a downloadable service having access to said at least one profile file.

19. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, said method steps comprising:
- arranging a confined run time environment which is assigned a second communication port and socket and providing restricted access to at least one profile file;
  
  downloading said service through said second communication port so that it is received by said confined run time environment;
  
  executing said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment, said confined run time environment comprising an extended sandbox having restrictive access to said at least one profile file;
  
  downloading a signed archive file which is received via said second communication port;
  
  checking the signature of the archive file and, if corrupted, discarding said archive file; and
  
  selecting one particular secure class loader corresponding to said signature for the purpose of creating additional security java classes allowing the restricted access to said at least one profile file.
- View Dependent Claims (20)
- - 20. The program storage device according to claim 19 characterized in that said secure class loader further includes restricted access to some specific sections of said at least one profile files.

21. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for receiving a signed archive file containing class structures representative of at least one service to be downloaded to and executed on a client computer, characterized in that said at least one service is associated with a corresponding set of access rights to some profile files, said method steps comprising:
- receiving said archive file;
  
  validating said archive file with a signature of said archive file;
  
  selecting one secure class loader associated with said signature, said class loader being representative of the set of access rights associated to said service;
  
  generating classes in accordance with the secure class loader being selected for the purpose of generating a compiled code; and
  
  executing said compiled code.

22. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for generating compiled executable code in a client machine, said method steps comprising:
- receiving a signed archive file containing classes of a service to be executed on said local machine;
  
  checking and validating the signature associated to said archive file;
  
  associating said signature to one predetermined secure class loader for the purpose of defining a predetermined java security policy and assigning access rights to at least one profile file;
  
  invoking generating access control classes in addition to the classes of said service; and
  
  generating compiled code and executing said compiled code.

23. A program storage device readable by a machine, tangibly program of instructions executable by the machine to perform method steps for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, said method steps comprising:
- arranging a confined run time environment which is assigned a second communication port and socket and providing restricted access to at least one profile file;
  
  downloading said service through said second communication port so that it is received by said confined run time environment;
  
  executing said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment; and
  
  arranging said at least one profile in a hierarchical manner with a technical section comprising data representative of the user'"'"'s machine configuration, user'"'"'s comportments, habits and preferences.
- View Dependent Claims (24, 25, 26, 27)
- - 24. The program storage device according to claim 23 wherein said technical section is automatically filled with data extracted from information available at the Basic Input Output System (BIOS) level and profile building tools.
  - 25. The program storage device according to claim 23 wherein said technical section is automatically filled by means of interrogating standardized systems management interfaces present in the client computer.
  - 26. The program storage device according to claim 23 wherein said technical section is automatically filled by means of interrogation via the Distributed Management Interface (DMI) or Window Management Interface (WMI).
  - 27. The program storage device according to claim 26 further comprising providing a transaction aid in the form of a personal computer, with program code elements being implemented as a downloadable service having access to said at least one profile file.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Brebner, Gavin, Raffaele, Eric
Primary Examiner(s)
CHOULES, JACK M

Application Number

US10/077,595
Publication Number

US 20020116549A1
Time in Patent Office

865 Days
Field of Search

707/6, 707/10, 707/9, 713/156, 713/158, 713/176, 713/175, 713/201, 709/201
US Class Current

1/1
CPC Class Codes

G06F 21/6263   during internet communicati...

G06F 9/468   Specific access rights for ...

Y10S 707/99936   Pattern matching access

Process for executing a downloadable service receiving restrictive access rights to at least one profile file

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

188 Citations

27 Claims

Specification

Solutions

Use Cases

Quick Links

Process for executing a downloadable service receiving restrictive access rights to at least one profile file

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

188 Citations

27 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links