Method and computer system for controlling access by applications to this and other computer systems

US 6,883,098 B1
Filed: 09/20/2000
Issued: 04/19/2005
Est. Priority Date: 09/20/2000
Status: Active Grant

First Claim

Patent Images

1. A method for controlling access to a private computer system comprising:

operatively connecting an untrusted computer between said private computer system and an external computer such that said external computer is prevented from communicating directly with said private computer system;

classifying applications running on said untrusted computer system as running in one of a trusted application execution context and an untrusted application execution context; and

preventing an application on said untrusted computer system from initiating a connection with said private computer system unless said untrusted computer system is running said application in said trusted application exception context;

wherein only said untrusted application execution contexts of said applications on said untrusted system can communicate directly with said external computer system.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Application execution contexts within an untrusted computer system are classified as trusted or untrusted based on respective names assigned to the execution contexts. If an application runs in an untrusted execution context, an operating system within the untrusted computer system prevents the application from initiating a connection with a trusted computer system and accessing sensitive parts of the untrusted computer system. If the application runs in a trusted execution context, the operating system permits the application to initiate a connection with the trusted computer system.

118 Citations

36 Claims

1. A method for controlling access to a private computer system comprising:
- operatively connecting an untrusted computer between said private computer system and an external computer such that said external computer is prevented from communicating directly with said private computer system;
  
  classifying applications running on said untrusted computer system as running in one of a trusted application execution context and an untrusted application execution context; and
  
  preventing an application on said untrusted computer system from initiating a connection with said private computer system unless said untrusted computer system is running said application in said trusted application exception context;
  
  wherein only said untrusted application execution contexts of said applications on said untrusted system can communicate directly with said external computer system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method in claim 1, wherein said trusted private computer system can initiate connections with any execution context on said untrusted computer system.
  - 3. The method in claim 1, wherein only said untrusted application execution contexts on said untrusted system can initiate connections with said external computer system.
  - 4. The method in claim 1, wherein said applications are classified as having said trusted application execution contexts and said untrusted application execution contexts based on distinctive application execution context names.
  - 5. The method in claim 4, wherein a human administrator of said untrusted system assigns said distinctive application execution context names.
  - 6. The method in claim 4, wherein said applications cannot change the names of respective execution contexts in which said applications are running.
  - 7. The method in claim 4, wherein said applications cannot change the name of any execution context in said untrusted computer system.
  - 8. The method in claim 1, wherein connections originating on said external system can terminate only at said untrusted system and only at said untrusted execution contexts therein.
  - 9. The method in claim 1, wherein said untrusted application execution contexts are fenced off from said untrusted computer system such that said untrusted application execution application contexts cannot interrogate or change critical system data of said untrusted computer system.

10. A method for controlling access to a private computer system comprising:
- operatively connecting an untrusted computer between said private computer system and an external computer such that said external computer is prevented from communicating directly with said private computer system;
  
  determining a name of an execution context of an application running on said untrusted system;
  
  determining whether said execution context is trusted or untrusted based on said name;
  
  if said execution context is trusted, permitting said application to initiate a connection with said private system, and if said execution context is untrusted, preventing said application from initiating a connection with said private computer system, wherein only untrusted application execution contexts on said untrusted system can communicate directly with said external computer system.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The method in claim 10, wherein said private computer system can initiate connections with any execution context on said untrusted computer system.
  - 12. The method in claim 10, wherein only said untrusted application execution contexts on said untrusted system can initiate connections with an external computer system.
  - 13. The method in claim 10, wherein said execution context name was previously assigned by a human administrator.
  - 14. The method in claim 10, wherein there are a plurality of applications running on said untrusted computer system, one of said applications having a trusted execution context and another of said applications having an untrusted execution context.
  - 15. The method in claim 14, wherein said applications cannot change names of the respective execution contexts in which said applications are running.
  - 16. The method in claim 14, wherein said applications cannot change the name of any execution context in said untrusted computer system.
  - 17. The method in claim 10, wherein connections originating on an external system can terminate only at said untrusted system and only at said untrusted execution contexts therein.
  - 18. The method in claim 10, wherein said untrusted application execution contexts are fenced off from said untrusted computer system such that said untrusted application execution application contexts cannot interrogate or change critical system data of said untrusted computer system.

19. A program storage device readable by machine, tangibly embodying a program of instructions executable by the machine to perform a method for controlling access private to a computer system, said method comprising:
- operatively connecting an untrusted computer between said private computer system and an external computer such that said external computer is prevented from communicating directly with said private computer system;
  
  classifying applications running on an untrusted computer system as running in one of a trusted application execution context and an untrusted application execution context; and
  
  preventing an application on said untrusted computer system from initiating a connection with a said private computer system unless said untrusted computer system is running said application in said trusted application execution context;
  
  wherein only said untrusted application execution contexts of said application on said untrusted system can communicate directly with said external computer system.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. The program storage device in claim 19, wherein said private computer system can initiate connections with any execution context on said untrusted computer system.
  - 21. The program storage device kin claim 19, wherein only said untrusted application execution contexts on said untrusted system can initiate connections with said external computer system.
  - 22. The program storage device in claim 19, wherein said applications are classified as having said trusted application execution contexts and said untrusted application execution contexts based on distinctive application execution context names.
  - 23. The program storage device in claim 22, wherein a human administrator of said untrusted system assigns said distinctive application execution context names.
  - 24. The program storage device in claim 22, wherein said applications cannot change names of respective execution contexts in which said applications are running.
  - 25. The method in claim 22, wherein said applications cannot change the name of any execution context in said untrusted computer system.
  - 26. The program storage device in claim 19, wherein connections originating on said external system can terminate only at said untrusted system only at said untrusted execution contexts therein.
  - 27. The program storage device in claim 19, wherein said untrusted application execution contexts are fenced off from said untrusted computer system such that said untrusted application execution contexts cannot interrogate or change critical system data of said untrusted computer system.

28. A system for controlling access to a network comprising:
- a private computer system;
  
  an untrusted computer system connected between said private computer system and an external computer system, such that said external computer is prevented from communicating directly with said private computer system;
  
  wherein said untrusted system includes applications classified as having trusted application execution contexts and untrusted application execution contexts, and wherein only said trusted application execution contexts can initiate connections with said private computer system, and wherein only said untreated application execution contexts of said applications on said untrusted system can communicate directly with said external computer system.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36)
- - 29. The system in claim 28, wherein said private computer system can initiate connections with any execution context on said untrusted computer system.
  - 30. The system in claim 28, wherein only said untrusted application execution contexts on said untreated system can initiate connections with said external computer system.
  - 31. The system in claim 28, wherein said applications are classified as having said trusted application execution contexts and said untrusted application execution contexts based on distinctive application execution context names.
  - 32. The system in claim 31, wherein a human administrator of said untrusted system assigns said distinctive application execution context names.
  - 33. The system in claim 31, wherein said applications cannot change the names of respective execution contexts in which said applications are running.
  - 34. The method in claim 31, wherein said applications cannot change the name of any execution context in said untrusted computer system.
  - 35. The method in claim 28, wherein connections originating on said external system can terminate only at said untrusted system and only at said untrusted execution contexts therein.
  - 36. The system of claim 28, wherein said untrusted application execution contexts are fenced off from said untrusted computer system such that said untrusted application execution application contexts cannot interrogate or change critical system data of said untrusted computer system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Roman, John S., Wade, Brian K.
Primary Examiner(s)
JUNG, DAVID YIUK

Application Number

US09/666,952
Time in Patent Office

1,672 Days
Field of Search

713200-202, 713150-152, 709201-204
US Class Current

726/5
CPC Class Codes

G06F 21/53 by executing in a restricte...

Method and computer system for controlling access by applications to this and other computer systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

118 Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

Method and computer system for controlling access by applications to this and other computer systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

118 Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links