Mobile code security architecture in an application service provider environment

US 7,096,491 B2
Filed: 07/20/2001
Issued: 08/22/2006
Est. Priority Date: 07/20/2001
Status: Active Grant

First Claim

Patent Images

1. A method for processing a mobile code application by a host application service provider (ASP) to an end user, and for enforcing access controls based on the user'"'"'s subscription to local resources that the ASP manages on the user'"'"'s behalf, the method comprising:

receiving at a host ASP a mobile code application from a provider, the provider being a separate entity from the host ASP, the application including a plurality of functional modules and being immediately available to users upon receipt from the provider;

receiving at the host ASP a security specification that is generated by the provider and associated with the application, the security specification describing application program interface (API) access conditions and resource access privilege requests;

receiving at the host ASP subscription information associated with a user;

forming a usage contract between the user and the provider, the user and the provider both being customers of the host ASP;

the host ASP dynamically granting, at runtime, limited access to resources managed by the host ASP but owned by the user according to the subscription information associated with the user, wherein the user can subscribe to specific functional modules of the application as opposed to an entire application; and

executing the application within a runtime environment of the host ASP using the subscription information on behalf of the user without the user'"'"'s intervention.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method is disclosed for providing mobile code software applications to users via an application service provider (ASP). The ASP receives a mobile code application, such as a Java application, from a provider, along with a security specification. The security specification defines access privileges requested to execute the application, including privileges to execute functions performed by the application and privileges to access local resources of the ASP. The ASP receives a subscription to the application from a user. The subscription includes subscription information granting or denying privileges, and specifying parameters for the privileges, requested in the security specification. The ASP executes the application at runtime by determining for each executable function whether the user has authorized the requested privilege. Those functions authorized by the user are executed in one embodiment. During runtime the ASP limits the application'"'"'s access to local resources based on the privileges granted by the user.

75 Citations

View as Search Results

17 Claims

1. A method for processing a mobile code application by a host application service provider (ASP) to an end user, and for enforcing access controls based on the user'"'"'s subscription to local resources that the ASP manages on the user'"'"'s behalf, the method comprising:
- receiving at a host ASP a mobile code application from a provider, the provider being a separate entity from the host ASP, the application including a plurality of functional modules and being immediately available to users upon receipt from the provider;
  
  receiving at the host ASP a security specification that is generated by the provider and associated with the application, the security specification describing application program interface (API) access conditions and resource access privilege requests;
  
  receiving at the host ASP subscription information associated with a user;
  
  forming a usage contract between the user and the provider, the user and the provider both being customers of the host ASP;
  
  the host ASP dynamically granting, at runtime, limited access to resources managed by the host ASP but owned by the user according to the subscription information associated with the user, wherein the user can subscribe to specific functional modules of the application as opposed to an entire application; and
  
  executing the application within a runtime environment of the host ASP using the subscription information on behalf of the user without the user'"'"'s intervention.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the step of receiving subscription information comprises receiving information related to access privileges requested by the application as part of the security specification.
  - 3. The method of claim 1, wherein the step of receiving the application comprises receiving a mobile code application that supports a flexible-usage implementation in which features of the application are optionally enabled based on the subscription information by a specific end user during a subscription process without executing the application.
  - 4. The method of claim 3, wherein the step of granting comprises enabling a user to review the security specification of the application and to selectively enable certain functionalities, and wherein the step of executing comprises executing the selected functionalities of the application based on the subscription information.
  - 5. The method of claim 1, further comprising:
    - storing the application and the security specification in an application store of the ASP; and
      
      storing the subscription information in a subscription database of the ASP.
  - 6. The method of claim 1, wherein the step of executing comprises limiting access by the application at a level of granularity of an individual API to local resources of the ASP based on the subscription information.
  - 7. The method of claim 1, further comprising requesting from the user additional privileges at runtime if the application requires a privilege that has not been granted.
  - 8. The method of claim 1, wherein the step of executing comprises:
    - running an instance of a class loader;
      
      determining from the subscription information whether a class can be used by the application;
      
      executing the application based on the determining; and
      
      controlling access to a local resource of the ASP on a per-API basis using a security manager.

9. A host application service provider (ASP) for making functionalities of a mobile code application received from a provider available to a user without any execution of the application at a subscription time, and for executing the application on behalf of the user, the host ASP comprising:
- an application store that stores a mobile code application and an associated security specification received from a provider, the provider being a separate entity from the host ASP, the security specification describing application program interface (API) access conditions and resource access privilege requests, and the application being immediately available to users upon receipt from the provider;
  
  a subscription database that receives subscription information for a user, the user and the provider both being customers of the host ASP, the subscription information comprising;
  
  information related to a function of the application; and
  
  information related to access by the application on a per-API basis to a local resource of the ASP that is owned by the user granting the subscription,wherein the subscription information makes functionalities of the application available to the user without any execution of the application at a subscription time;
  
  a local resource store that stores local resources managed by the host ASP on behalf of the user, wherein the host ASP dynamically grants, at runtime, limited access to the local resource according to the subscription information associated with the user, wherein the user can subscribe to specific functional modules of the application as opposed to an entire application; and
  
  a runtime environment that executes the application based on the subscription information on behalf of the user without the user'"'"'s intervention.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The ASP of claim 9, wherein the subscription information is related to the security specification.
  - 11. The ASP of claim 9, wherein the application includes Java code, and wherein the ASP further comprises class loader that checks the subscription information in the subscription database at runtime to determine whether use of a class requested by the application is permitted by the user.
  - 12. The ASP of claim 11, wherein the ASP further comprises a security manager that controls access of by the application to a local resource during runtime.
  - 13. The ASP of claim 9, wherein the mobile code application supports a flexible-usage implementation in which features of the application can be optionally enabled based on the subscription information by a specific end user at the subscription time without executing the application.
  - 14. The ASP of claim 9, wherein the runtime environment limits access by the application to local resources and execution of the application based on the subscription information.

15. A system for enforcing access controls based on the user'"'"'s subscription to local resources that a host application service provider (ASP) manages on the user'"'"'s behalf, comprising:
- a host ASP having a runtime environment for a mobile code application, the application including a plurality of functional modules and being immediately available to users upon receipt from the provider;
  
  an application provider that provides the application and an associated security specification to the host ASP, the application provider being a separate entity from the host ASP, the security specification describing application program interface (API) access conditions and resource access privilege requests; and
  
  an application user device that accesses the host ASP and subscribes to the application using subscription information, wherein the host ASP forms a usage contract between the user and the application provider, and dynamically grants, at runtime, limited access to resources managed by the host ASP but owned by the user according to the subscription information associated with the user, wherein the user can subscribe to specific functional modules of the application as opposed to an entire application, wherein the user and the application provider are both customers of the host ASP,wherein the host ASP controls execution of the application using the subscription information on behalf of the user without the user'"'"'s intervention.
- View Dependent Claims (16, 17)
- - 16. The system of claim 15, wherein the ASP requests the subscription information from the user, and the user sends the subscription information to the ASP.
  - 17. The system of claim 15, wherein the ASP further comprises:
    - a subscription database that stores the subscription information; and
      
      an application store that stores the application.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Ent Services Development Corporation LP (DXC Technology Company)
Original Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Inventors
Cheng, Lebin
Primary Examiner(s)
Sheikh, Ayaz
Assistant Examiner(s)
Chen, Shin-Hon

Application Number

US09/908,592
Publication Number

US 20030033539A1
Time in Patent Office

1,859 Days
Field of Search

726/4, 726/6, 726/21, 726 27- 30, 705/52, 705/65, 705/67, 705/76, 705/78, 705/80, 705/26, 705/39, 705/50, 717/134, 709/203, 709/217, 709200-206, 709/315, 379/202, 713200-202, 395186-188
US Class Current

726/4
CPC Class Codes

G06F 21/54   by adding security routines...

G06F 21/629   to features or functions of...

G06Q 20/0855   involving a third party

G06Q 20/367   involving electronic purses...

G06Q 20/3674   involving authentication

G06Q 20/3821   Electronic credentials

G06Q 50/188   Electronic negotiation

H04L 2463/102   applying security measure f...

H04L 63/102   Entity profiles

H04L 63/168   above the transport layer

Mobile code security architecture in an application service provider environment

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

75 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Mobile code security architecture in an application service provider environment

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

75 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links