Mobile code security architecture in an application service provider environment
First Claim
1. A method for processing a mobile code application by a host application service provider (ASP) to an end user, and for enforcing access controls based on the user'"'"'s subscription to local resources that the ASP manages on the user'"'"'s behalf, the method comprising:
- receiving at a host ASP a mobile code application from a provider, the provider being a separate entity from the host ASP, the application including a plurality of functional modules and being immediately available to users upon receipt from the provider;
receiving at the host ASP a security specification that is generated by the provider and associated with the application, the security specification describing application program interface (API) access conditions and resource access privilege requests;
receiving at the host ASP subscription information associated with a user;
forming a usage contract between the user and the provider, the user and the provider both being customers of the host ASP;
the host ASP dynamically granting, at runtime, limited access to resources managed by the host ASP but owned by the user according to the subscription information associated with the user, wherein the user can subscribe to specific functional modules of the application as opposed to an entire application; and
executing the application within a runtime environment of the host ASP using the subscription information on behalf of the user without the user'"'"'s intervention.
4 Assignments
0 Petitions
Accused Products
Abstract
A method is disclosed for providing mobile code software applications to users via an application service provider (ASP). The ASP receives a mobile code application, such as a Java application, from a provider, along with a security specification. The security specification defines access privileges requested to execute the application, including privileges to execute functions performed by the application and privileges to access local resources of the ASP. The ASP receives a subscription to the application from a user. The subscription includes subscription information granting or denying privileges, and specifying parameters for the privileges, requested in the security specification. The ASP executes the application at runtime by determining for each executable function whether the user has authorized the requested privilege. Those functions authorized by the user are executed in one embodiment. During runtime the ASP limits the application'"'"'s access to local resources based on the privileges granted by the user.
75 Citations
17 Claims
-
1. A method for processing a mobile code application by a host application service provider (ASP) to an end user, and for enforcing access controls based on the user'"'"'s subscription to local resources that the ASP manages on the user'"'"'s behalf, the method comprising:
-
receiving at a host ASP a mobile code application from a provider, the provider being a separate entity from the host ASP, the application including a plurality of functional modules and being immediately available to users upon receipt from the provider; receiving at the host ASP a security specification that is generated by the provider and associated with the application, the security specification describing application program interface (API) access conditions and resource access privilege requests; receiving at the host ASP subscription information associated with a user; forming a usage contract between the user and the provider, the user and the provider both being customers of the host ASP; the host ASP dynamically granting, at runtime, limited access to resources managed by the host ASP but owned by the user according to the subscription information associated with the user, wherein the user can subscribe to specific functional modules of the application as opposed to an entire application; and executing the application within a runtime environment of the host ASP using the subscription information on behalf of the user without the user'"'"'s intervention. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A host application service provider (ASP) for making functionalities of a mobile code application received from a provider available to a user without any execution of the application at a subscription time, and for executing the application on behalf of the user, the host ASP comprising:
-
an application store that stores a mobile code application and an associated security specification received from a provider, the provider being a separate entity from the host ASP, the security specification describing application program interface (API) access conditions and resource access privilege requests, and the application being immediately available to users upon receipt from the provider; a subscription database that receives subscription information for a user, the user and the provider both being customers of the host ASP, the subscription information comprising; information related to a function of the application; and information related to access by the application on a per-API basis to a local resource of the ASP that is owned by the user granting the subscription, wherein the subscription information makes functionalities of the application available to the user without any execution of the application at a subscription time; a local resource store that stores local resources managed by the host ASP on behalf of the user, wherein the host ASP dynamically grants, at runtime, limited access to the local resource according to the subscription information associated with the user, wherein the user can subscribe to specific functional modules of the application as opposed to an entire application; and a runtime environment that executes the application based on the subscription information on behalf of the user without the user'"'"'s intervention. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A system for enforcing access controls based on the user'"'"'s subscription to local resources that a host application service provider (ASP) manages on the user'"'"'s behalf, comprising:
-
a host ASP having a runtime environment for a mobile code application, the application including a plurality of functional modules and being immediately available to users upon receipt from the provider; an application provider that provides the application and an associated security specification to the host ASP, the application provider being a separate entity from the host ASP, the security specification describing application program interface (API) access conditions and resource access privilege requests; and an application user device that accesses the host ASP and subscribes to the application using subscription information, wherein the host ASP forms a usage contract between the user and the application provider, and dynamically grants, at runtime, limited access to resources managed by the host ASP but owned by the user according to the subscription information associated with the user, wherein the user can subscribe to specific functional modules of the application as opposed to an entire application, wherein the user and the application provider are both customers of the host ASP, wherein the host ASP controls execution of the application using the subscription information on behalf of the user without the user'"'"'s intervention. - View Dependent Claims (16, 17)
-
Specification