Process for executing a downloadable service receiving restrictive access rights to at least one profile file
First Claim
1. A process for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, said process being characterized in that it involves the steps of:
- arranging a confined run time environment which is assigned a second communication port and socket and providing restricted access to at least one profile file;
downloading said service through said second communication port so that it is received by said confined run time environment;
executing said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment, said confined run time environment comprising an extended sandbox having restrictive access to said at least one profile file;
downloading a signed archive file which is received via said second communication port;
checking the signature of the archive file and, if corrupted, discarding said archive file; and
selecting one particular secure class loader corresponding to said signature for the purpose of creating additional security java classes allowing the restricted access to said at least one profile file.
2 Assignments
0 Petitions
Accused Products
Abstract
A process for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer. The web browser is used for accessing a web server through a first set of communication port and socket. Therefore is arranged a confined runtime environment such as for example an extended sandbox (11) and used in Java programming which is assigned a second communication port and sockets and which is used for executing downloadable service with restricted access on at least one profile file. The process can be used for executing services under the form of a signed archive file which signature is used for both validating the archive file and for selecting one particular secure class loader prior to the generation of the compiled code of the service.
188 Citations
27 Claims
-
1. A process for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, said process being characterized in that it involves the steps of:
-
arranging a confined run time environment which is assigned a second communication port and socket and providing restricted access to at least one profile file;
downloading said service through said second communication port so that it is received by said confined run time environment;
executing said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment, said confined run time environment comprising an extended sandbox having restrictive access to said at least one profile file;
downloading a signed archive file which is received via said second communication port;
checking the signature of the archive file and, if corrupted, discarding said archive file; and
selecting one particular secure class loader corresponding to said signature for the purpose of creating additional security java classes allowing the restricted access to said at least one profile file. - View Dependent Claims (2)
-
-
3. A process for receiving a signed archive file containing class structures representative of at least one service to be downloaded to and executed on a client computer, characterized in that said at least one service is associated with a corresponding set of access rights to some profile files and the process further involves the steps of:
-
receiving said archive file;
validating said archive file with a signature of said archive file;
selecting one secure class loader associated with said signature, said class loader being representative of the set of access rights associated to said service;
generating classes in accordance with the secure class loader being selected for the purpose of generating a compiled code; and
executing said compiled code.
-
-
4. A process for generating compiled executable code in a client machine, comprising the steps of:
-
receiving a signed archive file containing classes of a service to be executed on said local machine;
checking and validating the signature associated to said archive file;
associating said signature to one predetermined secure class loader for the purpose of defining a predetermined java security policy and assigning access rights to at least one profile file;
invoking generating access control classes in addition to the classes of said service; and
generating compiled code and executing said compiled code.
-
-
5. A process for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, said process being characterized in that it involves the steps of:
-
arranging a confined run time environment which is assigned a second communication port and socket and providing restricted access to at least one profile file;
downloading said service through said second communication port so that it is received by said confined run time environment;
executing said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment; and
arranging said at least one profile in a hierarchical manner with a technical section comprising data representative of the user'"'"'s machine configuration, user'"'"'s comportments, habits and preferences. - View Dependent Claims (6, 7, 8, 9)
-
-
10. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, the computer readable program code means in said computer program product comprising:
-
computer readable program means for causing a computer to arrange a confined run time environment which is assigned a second communication port and socket and provides restricted access to at least one profile file;
computer readable program means for causing a computer to download said service through said second communication port so that it is received by said confined run time environment;
computer readable program means for causing a computer to execute said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment, said confined run time environment comprising an extended sandbox having restrictive access to said at least one profile file;
computer readable program means for causing a computer to downloading a signed archive file which is received via said second communication port;
computer readable program means for causing a computer to checking the signature of the archive file and, if corrupted, discarding said archive file; and
computer readable program means for causing a computer to selecting one particular secure class loader corresponding to said signature for the purpose of creating additional security java classes allowing the restricted access to said at least one profile file. - View Dependent Claims (11)
-
-
12. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for receiving a signed archive file containing class structures representative of at least one service to be downloaded to and executed on a client computer, characterized in that said at least one service is associated with a corresponding set of access rights to some profile files, the computer readable program code means in said computer program product comprising:
-
computer readable program means for causing a computer to receive said archive file;
computer readable program means for causing a computer to validate said archive file with a signature of said archive file;
computer readable program means for causing a computer to select one secure class loader associated with said signature, said class loader being representative of the set of access rights associated to said service;
computer readable program means for causing a computer to generate classes in accordance with the secure class loader being selected for the purpose of generating a compiled code; and
computer readable program means for causing a computer to execute said compiled code.
-
-
13. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for generating compiled executable code in a client machine, the computer readable program code means in said computer program product comprising:
-
computer readable program means for causing a computer to receive a signed archive file containing classes of a service to be executed on said local machine;
computer readable program means for causing a computer to check and validate the signature associated to said archive file;
computer readable program means for causing a computer to associate said signature to one predetermined secure class loader for the purpose of defining a predetermined java security policy and assigning access rights to at least one profile file;
computer readable program means for causing a computer to invoke generating access control classes in addition to the classes of said service; and
computer readable program means for causing a computer to generate compiled code and execute said compiled code.
-
-
14. A computer program product comprising a computer usable medium having computer readable program code means embodied therein for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, the computer readable program code means in said computer program product comprising:
-
computer readable program means for causing a computer to arrange a confined run time environment which is assigned a second communication port and socket and provides restricted access to at least one profile file;
computer readable program means for causing a computer to download said service through said second communication port so that it is received by said confined run time environment;
computer readable program means for causing a computer to execute said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment; and
computer readable program means for causing a computer to arrange said at least one profile in a hierarchical manner with a technical section comprising data representative of the user'"'"'s machine configuration, user'"'"'s comportments, habits and preferences. - View Dependent Claims (15, 16, 17, 18)
-
-
19. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, said method steps comprising:
-
arranging a confined run time environment which is assigned a second communication port and socket and providing restricted access to at least one profile file;
downloading said service through said second communication port so that it is received by said confined run time environment;
executing said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment, said confined run time environment comprising an extended sandbox having restrictive access to said at least one profile file;
downloading a signed archive file which is received via said second communication port;
checking the signature of the archive file and, if corrupted, discarding said archive file; and
selecting one particular secure class loader corresponding to said signature for the purpose of creating additional security java classes allowing the restricted access to said at least one profile file. - View Dependent Claims (20)
-
-
21. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for receiving a signed archive file containing class structures representative of at least one service to be downloaded to and executed on a client computer, characterized in that said at least one service is associated with a corresponding set of access rights to some profile files, said method steps comprising:
-
receiving said archive file;
validating said archive file with a signature of said archive file;
selecting one secure class loader associated with said signature, said class loader being representative of the set of access rights associated to said service;
generating classes in accordance with the secure class loader being selected for the purpose of generating a compiled code; and
executing said compiled code.
-
-
22. A program storage device readable by a machine, tangibly embodying a program of instructions executable by the machine to perform method steps for generating compiled executable code in a client machine, said method steps comprising:
-
receiving a signed archive file containing classes of a service to be executed on said local machine;
checking and validating the signature associated to said archive file;
associating said signature to one predetermined secure class loader for the purpose of defining a predetermined java security policy and assigning access rights to at least one profile file;
invoking generating access control classes in addition to the classes of said service; and
generating compiled code and executing said compiled code.
-
-
23. A program storage device readable by a machine, tangibly program of instructions executable by the machine to perform method steps for executing a downloadable service with specific access rights to at least one profile file in a user'"'"'s computer, said computer comprising a web browser communication to the Internet or intranet via a first communication port and socket, said method steps comprising:
-
arranging a confined run time environment which is assigned a second communication port and socket and providing restricted access to at least one profile file;
downloading said service through said second communication port so that it is received by said confined run time environment;
executing said service within said confined run time environment whereby said service is given an access to said at least one profile file in a secure environment; and
arranging said at least one profile in a hierarchical manner with a technical section comprising data representative of the user'"'"'s machine configuration, user'"'"'s comportments, habits and preferences. - View Dependent Claims (24, 25, 26, 27)
-
Specification