Secure access of objects generated from data representation language representations of the objects in a distributed computing environment

US 7,444,644 B1
Filed: 09/15/2000
Issued: 10/28/2008
Est. Priority Date: 05/09/2000
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for the secure exchange of objects in a distributed computing environment, comprising:

a user accessing a client device;

generating a computer programming language object from a data markup language representation of the object, wherein the object is an instance of a class in the computer programming language, and wherein the object is accessible for use during said accessing the client device;

wherein said generating a computer programming language object from a data markup language representation of the object is performed by a virtual machine executing within the client device;

the client device receiving a message in the data markup language from a service device in the distributed computing environment prior to said generating a computer programming language object, wherein the message includes the data markup language representation of the object;

the user terminating said accessing the client device; and

deleting the computer programming language object in response to said terminating access, wherein the deleted object is not accessible for use by subsequent users of the client device.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A mechanism for securely decompiling representations of objects into copies of the objects is described. A virtual machine may include extensions for decompiling data representation language representations of objects into objects. The decompiler API may accept a data stream, which includes a representation of the object, and output a copy of the object. In one embodiment, during the decompilation of the representation of objects on a client, each message may be checked to verify that the user has access rights to the object. Access right information for the object may be embedded in the message(s) containing the representation of the object. In one embodiment, when the user is done using the client, the user may log off or otherwise signal the user is finished with the client. The client may detect that the user is finished, and may then proceed to delete objects created by decompilation of representations.

222 Citations

46 Claims

1. A computer-implemented method for the secure exchange of objects in a distributed computing environment, comprising:
- a user accessing a client device;
  
  generating a computer programming language object from a data markup language representation of the object, wherein the object is an instance of a class in the computer programming language, and wherein the object is accessible for use during said accessing the client device;
  
  wherein said generating a computer programming language object from a data markup language representation of the object is performed by a virtual machine executing within the client device;
  
  the client device receiving a message in the data markup language from a service device in the distributed computing environment prior to said generating a computer programming language object, wherein the message includes the data markup language representation of the object;
  
  the user terminating said accessing the client device; and
  
  deleting the computer programming language object in response to said terminating access, wherein the deleted object is not accessible for use by subsequent users of the client device.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method as recited in claim 1, wherein said accessing a client device comprises the user coupling an identification device to the client device, wherein the identification device provides identification information of the user to the client device, and wherein said terminating said accessing comprises decoupling the identification device from the client device.
  - 3. The method as recited in claim 2, wherein the identification device is a smart card.
  - 4. The method as recited in claim 1, wherein said accessing a client device comprises the user logging on to the client device by providing user identification to the client device, and wherein said terminating said accessing comprises the user logging off the client device.
  - 5. The method as recited in claim 1, further comprising:
    - generating a plurality of computer programming language objects from data markup language representations of the objects; and
      
      deleting the plurality of computer programming language objects in response to said terminating access.
  - 6. The method as recited in claim 1, wherein said data markup language is eXtensible Markup Language (XML).
  - 7. The method as recited in claim 1, wherein said computer programming language is the Java programming language.

8. A computer-implemented method for the secure exchange of objects in a distributed computing environment, comprising:
- a user accessing a client device;
  
  the client device receiving a message in a data markup language from a service device in the distributed computing environment, wherein the message includes a data markup language representation of a computer programming language object;
  
  determining if the user has access rights to the computer programming language object;
  
  if said determining determines the user has access rights to the computer programming language object, generating the object from the data markup language representation of the object, wherein the object is an instance of a class in the computer programming language, and wherein the object is accessible for use during said accessing the client device; and
  
  if said determining determines the user does not have access rights to the computer programming language object, not generating the object;
  
  wherein said generating a computer programming language object from a data markup language representation of the object is performed by a virtual machine executing within the client device.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 9. The method as recited in claim 8, wherein the message further includes access information for the computer programming language object, wherein said determining if the user has access rights to the computer programming language object uses the access information.
  - 10. The method as recited in claim 8, further comprising:
    - the user terminating said accessing the client device; and
      
      deleting the computer programming language object in response to said terminating access, wherein the deleted object is not accessible for use by subsequent users of the client device.
  - 11. The method as recited in claim 10, wherein said accessing a client device comprises the user coupling an identification device to the client device, wherein the identification device provides identification information of the user to the client device, and wherein said terminating said accessing comprises decoupling the identification device from the client device.
  - 12. The method as recited in claim 11, wherein the identification device is a smart card.
  - 13. The method as recited in claim 10, wherein said accessing a client device comprises the user logging on to the client device by providing user identification to the client device, and wherein said terminating said accessing comprises the user logging off the client device.
  - 14. The method as recited in claim 8, further comprising:
    - the user terminating said accessing the client device; and
      
      storing the computer programming language object in response to said terminating access.
  - 15. The method as recited in claim 14, further comprising:
    - the user accessing the client device subsequent to said storing the object; and
      
      accessing the stored object during said accessing the client device.
  - 16. The method as recited in claim 15, further comprising storing access rights information of the user with the object, wherein said accessing the stored object comprises verifying the access rights of the user with the stored access rights information.
  - 17. The method as recited in claim 8, wherein said data markup language is eXtensible Markup Language (XML).
  - 18. The method as recited in claim 8, wherein said computer programming language is the Java programming language.

19. A device, comprising:
- a processor; and
  
  a memory coupled to the processor, wherein the memory stores program instructions executable by the processor to;
  
  accept user input to initiate user access of the device;
  
  generate a computer programming language object from a data markup language representation of the object, wherein the object is an instance of a class in the computer programming language, and wherein the object is accessible for use during said accessing the device;
  
  implementing a virtual machine, wherein generating the computer programming language object is performed by the virtual machine;
  
  receive a message in the data markup language from a source prior to said generating a computer programming language object, wherein the message includes the data markup language representation of the object;
  
  terminate said user access; and
  
  delete the computer programming language object in response to said terminating access;
  
  wherein the deleted object is not accessible for use by subsequent users of the device.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26)
- - 20. The device as recited in claim 19, wherein the device is further configured to:
    - couple to an identification device, wherein the identification device is configured to provide identification information of the user to the device during said accepting user input; and
      
      decouple from the identification device subsequent to said generating, wherein the device performs said terminating said user access in response to said decoupling.
  - 21. The device as recited in claim 20, wherein the identification device is a smart card.
  - 22. The device as recited in claim 19, wherein the device is further configured to accept user input to initiate said terminating said user access.
  - 23. The device as recited in claim 19, wherein the device is further configured to:
    - generate a plurality of computer programming language objects from data markup language representations of the objects; and
      
      delete the plurality of computer programming language objects in response to said terminating access.
  - 24. The device as recited in claim 19,wherein said accepting, said terminating, and said deleting are performed by the virtual machine, wherein the object is stored in the memory subsequent to said generating, and wherein, in said deleting, the object is deleted from the memory.
  - 25. The device as recited in claim 19, wherein said data markup language is eXtensible Markup Language (XML).
  - 26. The device as recited in claim 19, wherein said computer programming language is the Java programming language.

27. A distributed computing system, comprising:
- a client hardware device; and
  
  a service hardware device;
  
  wherein the client hardware device is configured to;
  
  accept user input to initiate user access of the device;
  
  receive a message in a data markup language from the service hardware device, wherein the message includes a data markup language representation of a computer programming language object;
  
  determine if the user has access rights to the computer programming language object;
  
  if said determining determines the user has access rights to the computer programming language object, generate the object from the data markup language representation of the object, wherein the object is an instance of a class in the computer programming language, and wherein the object is accessible far use during said accessing the client hardware device; and
  
  if said determining determines the user does not have access rights to the computer programming language object, not generate the object;
  
  wherein the client hardware device, is further configured to execute a virtual machine, wherein generating the computer programming language object is performed by the virtual machine.
- View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 28. The system as recited in claim 27, wherein the message further includes access information for the computer programming language object, wherein said determining if the user has access rights to the computer programming language object uses the access information.
  - 29. The system as recited in claim 27, wherein the client hardware device is further configured to:
    - accept user input to terminate said access of the client hardware device; and
      
      delete the computer programming language object in response to said terminating said access, wherein the deleted object is not accessible for use by subsequent users of the client hardware device.
  - 30. The system as recited in claim 29, wherein the client hardware device is further configured to:
    - couple to an identification device, wherein the identification device is configured to provide identification information of the user to the client hardware device during said accepting user input; and
      
      decouple from the identification device subsequent to said generating, wherein the device performs said terminating said user access in response to said decoupling.
  - 31. The system as recited in claim 30, wherein the identification device is a smart card.
  - 32. The system as recited in claim 27,wherein the client hardware device comprises:
    - a memory; and
      
      wherein the client hardware device is further configured to;
      
      accept user input to terminate said access of the client hardware device; and
      
      store the computer programming language object to the memory in response to said terminating access.
  - 33. The system as recited in claim 32, wherein the client hardware device is further configured to:
    - accept user input to initiate a second user access of the client hardware device subsequent to said storing the object; and
      
      provide access to the stored object during said second user access of the client hardware device.
  - 34. The system as recited in claim 33, wherein the client hardware device is further configured to:
    - store access rights information of the user with the object in the memory; and
      
      verify the access rights of the user with the stored access rights information prior to said providing access to the stored object.
  - 35. The system as recited in claim 27, wherein said data markup language is eXtensible Markup Language (XML).
  - 36. The system as recited in claim 27, wherein said computer programming language is the Java programming language.

37. A computer accessible storage medium storing program instructions, wherein the program instructions are computer-executable to implement:
- a user accessing a client device;
  
  generating a computer programming 1 mguagc object from a data markup language representation of the object, wherein the object is an instance of a class in the computer programming language, and wherein the object is accessible for use during said accessing the client device;
  
  wherein said generating a computer programming language object from a data markup language representation of the object is performed by a virtual machine executing within the client device;
  
  receiving a message in the data markup language from a service device in the distributed computing environment prior to said generating a computer programming language object, wherein the message includes the data markup language representation of the object;
  
  the user terminating said accessing the client device; and
  
  deleting the computer programming language object in response to said terminating access, wherein the deleted object is not accessible for use by subsequent users of the client device.
- View Dependent Claims (38, 39)
- - 38. The computer accessible storage medium as recited in claim 37, wherein the program instructions are further computer-executable to implement:
    - generating a plurality of computer programming language objects from data markup language representations of the objects; and
      
      deleting the plurality of computer programming language objects in response to said terminating access.
  - 39. The computer accessible storage medium as recited in claim 37, wherein said data markup language is eXtensible Markup Language (XML), and wherein said computer programming language is the Java programming language.

40. A computer accessible storage medium storing program instructions, wherein the program instructions are computer-executable to implement:
- a user accessing a client device;
  
  the client device receiving a message in a data markup language from a service device in the distributed computing environment, wherein the message includes a data markup language representation of a computer programming language object;
  
  determining if the user has access rights to the computer programming language object;
  
  if said determining determines the user has access rights to the computer programming language object, generating the object from the data markup language representation of the object, wherein the object is an instance of a class in the computer programming language, and wherein the object is accessible for use during said accessing the client device; and
  
  if said determining determines the user does not have access rights to the computer programming language object, not generating the object;
  
  wherein said generating a computer programming language object from a data markup language representation of the object is performed by a virtual machine executing within the client device.
- View Dependent Claims (41, 42, 43, 44, 45, 46)
- - 41. The computer accessible storage medium as recited in claim 40, wherein the message further includes access information for the computer programming language object, wherein said determining if the user has access rights to the computer programming language object uses the access information.
  - 42. The computer accessible storage medium as recited in claim 40, wherein the program instructions are further computer-executable to implement:
    - the user terminating said accessing the client device; and
      
      deleting the computer programming language object in response to said terminating access, wherein the deleted object is not accessible for use by subsequent users of the client device.
  - 43. The computer accessible storage medium as recited in claim 42, wherein said accessing a client device comprises the user coupling an identification device to the client device, wherein the identification device provides identification information of the user to the client device, and wherein said terminating said accessing comprises decoupling the identification device from the client device.
  - 44. The computer accessible storage medium as recited in claim 40, wherein the program instructions are further computer-executable to implement:
    - terminating said accessing the client device; and
      
      storing the computer programming language object in response to said terminating access; and
      
      storing access rights information of the user with the object.
  - 45. The computer accessible storage medium as recited in claim 44, wherein the program instructions are further computer-executable to implement:
    - the user accessing the client device subsequent to said storing the object;
      
      verifying the access rights of the user with the stored access rights information; and
      
      if said verifying verifies the access rights of the user to the object, allowing access to the stored object during said accessing the client device.
  - 46. The computer accessible storage medium as recited in claim 40, wherein said data markup language is eXtensible Markup Language (XML), and wherein said computer programming language is the Java programming language.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Slaughter, Gregory L., Saulpaugh, Thomas E., Traversat, Bernard A.
Primary Examiner(s)
Zhen; Li B

Application Number

US09/663,665
Time in Patent Office

2,965 Days
Field of Search

719/310, 719/315, 713/167, 713/200, 713/152, 717/136, 717/146, 726/9, 726/20, 726/4, 726/28
US Class Current

719/315
CPC Class Codes

G06F 9/547 Remote procedure calls [RPC...

H04L 67/51 Discovery or management the...

Secure access of objects generated from data representation language representations of the objects in a distributed computing environment

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

222 Citations

46 Claims

Specification

Use Cases

Quick Links

Others

Secure access of objects generated from data representation language representations of the objects in a distributed computing environment

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

222 Citations

46 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others