Method and computer system for controlling access by applications to this and other computer systems
First Claim
Patent Images
1. A method for controlling access to a private computer system comprising:
- operatively connecting an untrusted computer between said private computer system and an external computer such that said external computer is prevented from communicating directly with said private computer system;
classifying applications running on said untrusted computer system as running in one of a trusted application execution context and an untrusted application execution context; and
preventing an application on said untrusted computer system from initiating a connection with said private computer system unless said untrusted computer system is running said application in said trusted application exception context;
wherein only said untrusted application execution contexts of said applications on said untrusted system can communicate directly with said external computer system.
1 Assignment
0 Petitions
Accused Products
Abstract
Application execution contexts within an untrusted computer system are classified as trusted or untrusted based on respective names assigned to the execution contexts. If an application runs in an untrusted execution context, an operating system within the untrusted computer system prevents the application from initiating a connection with a trusted computer system and accessing sensitive parts of the untrusted computer system. If the application runs in a trusted execution context, the operating system permits the application to initiate a connection with the trusted computer system.
118 Citations
36 Claims
-
1. A method for controlling access to a private computer system comprising:
-
operatively connecting an untrusted computer between said private computer system and an external computer such that said external computer is prevented from communicating directly with said private computer system;
classifying applications running on said untrusted computer system as running in one of a trusted application execution context and an untrusted application execution context; and
preventing an application on said untrusted computer system from initiating a connection with said private computer system unless said untrusted computer system is running said application in said trusted application exception context;
wherein only said untrusted application execution contexts of said applications on said untrusted system can communicate directly with said external computer system. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for controlling access to a private computer system comprising:
-
operatively connecting an untrusted computer between said private computer system and an external computer such that said external computer is prevented from communicating directly with said private computer system;
determining a name of an execution context of an application running on said untrusted system;
determining whether said execution context is trusted or untrusted based on said name;
if said execution context is trusted, permitting said application to initiate a connection with said private system, and if said execution context is untrusted, preventing said application from initiating a connection with said private computer system, wherein only untrusted application execution contexts on said untrusted system can communicate directly with said external computer system. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform a method for controlling access private to a computer system, said method comprising:
-
operatively connecting an untrusted computer between said private computer system and an external computer such that said external computer is prevented from communicating directly with said private computer system;
classifying applications running on an untrusted computer system as running in one of a trusted application execution context and an untrusted application execution context; and
preventing an application on said untrusted computer system from initiating a connection with a said private computer system unless said untrusted computer system is running said application in said trusted application execution context;
wherein only said untrusted application execution contexts of said application on said untrusted system can communicate directly with said external computer system. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A system for controlling access to a network comprising:
-
a private computer system;
an untrusted computer system connected between said private computer system and an external computer system, such that said external computer is prevented from communicating directly with said private computer system;
wherein said untrusted system includes applications classified as having trusted application execution contexts and untrusted application execution contexts, and wherein only said trusted application execution contexts can initiate connections with said private computer system, and wherein only said untreated application execution contexts of said applications on said untrusted system can communicate directly with said external computer system. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36)
-
Specification