Framework for providing a configurable firewall for computing systems

US 7,543,331 B2
Filed: 12/22/2003
Issued: 06/02/2009
Est. Priority Date: 12/22/2003
Status: Active Grant

First Claim

Patent Images

1. A computing environment, comprising:

an operating system;

a virtual machine operating on said operating system;

a first application operating on said virtual machine;

a second application operating on said virtual machine;

a first firewall control block, wherein said first firewall control block defines access privileges of said first application with respect to said second application, and further defines the access privileges of said second application with respect to said first application; and

a second firewall control block, wherein said second firewall control block defines access privileges of said second application with respect to said first application, and further defines the access privileges of said first application with respect to said second application,wherein said first firewall control block and the second firewall control block each includes a firewall control value and a firewall control indicator, the firewall control value including an application identifier data having a resource identifier and a proprietary identifier extension, the firewall control indicator being an indicator value represented by one or more bytes that indicate how the firewall control value should be interpreted with respect to access privileges of other applications, andwherein when said firewall control indicator of said first firewall control block has a first indicator value, said first firewall control block compares said proprietary identifier extension of said first firewall control block to said proprietary identifier extension of said second firewall control block, and when said firewall control indicator of said first firewall control block has a second indicator value, said first firewall control block compares said proprietary identifier extension and resource identifier of said first firewall control block to said proprietary identifier extension and resource identifier of said second firewall control block.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A configurable firewall for computing systems is disclosed. The configurable firewall provides a firewall control block that can be used as a mechanism to implement and control access privileges between various components of the computing environment. As such, the firewall control block can be used to determine whether one component (e.g., applet) can access another component in the computing environment. This allows a flexible environment where firewall boundaries can be configured in such a way that each applet can allow access to a desired set of other applets. In addition, the control block can be implemented using a variety of techniques that may be suitable for different system requirements (e.g., processing speed, memory). As such, the configurable firewall is useful for implementing security for various computing systems, especially those that operate with relatively limited processing power and/or provide highly specialized functionality (e.g., smart cards).

18 Citations

View as Search Results

11 Claims

1. A computing environment, comprising:
- an operating system;
  
  a virtual machine operating on said operating system;
  
  a first application operating on said virtual machine;
  
  a second application operating on said virtual machine;
  
  a first firewall control block, wherein said first firewall control block defines access privileges of said first application with respect to said second application, and further defines the access privileges of said second application with respect to said first application; and
  
  a second firewall control block, wherein said second firewall control block defines access privileges of said second application with respect to said first application, and further defines the access privileges of said first application with respect to said second application,wherein said first firewall control block and the second firewall control block each includes a firewall control value and a firewall control indicator, the firewall control value including an application identifier data having a resource identifier and a proprietary identifier extension, the firewall control indicator being an indicator value represented by one or more bytes that indicate how the firewall control value should be interpreted with respect to access privileges of other applications, andwherein when said firewall control indicator of said first firewall control block has a first indicator value, said first firewall control block compares said proprietary identifier extension of said first firewall control block to said proprietary identifier extension of said second firewall control block, and when said firewall control indicator of said first firewall control block has a second indicator value, said first firewall control block compares said proprietary identifier extension and resource identifier of said first firewall control block to said proprietary identifier extension and resource identifier of said second firewall control block.
- View Dependent Claims (2, 3, 4)
- - 2. A computing environment as recited in claim 1, wherein said first firewall control block defines access privileges of said first application with respect to any other application in said computing environment, and further defines the access privileges of said any other application with respect to said first application.
  - 3. A computing environment as recited in claim 1, wherein said computing environment is a Java compliant computing environment, and wherein said first and second applications are Java compliant applets.
  - 4. A computing environment as recited in claim 1, wherein said computing environment is a Java compliant computing environment, and wherein said first firewall control block is implemented as in the run time environment.

5. A mobile computing device, comprising:
- an operating system;
  
  a Java compliant virtual machine operating on said operating system;
  
  a first Java compliant applet operating on said Java compliant virtual machine;
  
  a Java compliant applet operating on said virtual machine Java compliant virtual machine; and
  
  a first firewall control block, wherein said first firewall control block defines access privileges of said first Java compliant applet with respect to at least one other Java compliant applet operating on said Java compliant virtual machine, and further defines the access privileges of said at least one other Java compliant applet with respect to said first Java compliant applet; and
  
  a second firewall control block, wherein said second firewall control block defines access privileges of said at least one other Java compliant applet with respect to the first Java compliant virtual machine, and further defines the access privileges of said first Java compliant applet with respect to said at least one other Java compliant applet,wherein said first firewall control block and said second firewall control block each includes a firewall control value and a firewall control indicator, the firewall control value including an application identifier data having a resource identifier and a proprietary identifier extension, the firewall control indicator being an indicator value represented by one or more bytes that indicate how the firewall control value should be interpreted with respect to access privileges of other Java compliant applets, andwherein when said firewall control indicator of said first firewall control block has a first indicator value, said first firewall control block compares said proprietary identifier extension of said first firewall control block to said proprietary identifier extension of said second firewall control block, and when said firewall control indicator has a second indicator value, said first firewall control block compares said proprietary identifier extension and resource identifier of said first firewall control block to said proprietary identifier extension and resource identifier of said second firewall control block.
- View Dependent Claims (6, 7)
- - 6. A mobile computing device as recited in claim 5, wherein said mobile device is a Java compliant smart card.
  - 7. A mobile computing device as recited in claim 6, wherein for a firewall control block is defined by for every Java compliant applet.

8. A method of providing security for a Java compliant computing environment that includes a Java virtual machine and a plurality of Java compliant applets that operate on said Java virtual machine, said method comprising:
- receiving a request from a first Java compliant applet operating on a Java virtual machine to access a second Java compliant applet, the first Java compliant applet having a first firewall control block associated with it and the second Java compliant applet having a second firewall control block associated with it;
  
  reading the second firewall control block associated with said second Java compliant applet, said first firewall control block and said second firewall control block each including a firewall control value and a firewall control indicator, the firewall control value including an application identifier data having a resource identifier and a proprietary identifier extension, the firewall control indicator being an indicator value represented by one or more bytes that indicate how the firewall control value should be interpreted with respect to access privileges of the respective first or second Java compliant applet;
  
  determining, based on said second firewall control block, whether said first Java compliant applet should be allowed to access said second Java compliant applet by determining whether said firewall control value of said second firewall control block has a first indicator value or a second indicator value, whereinwherein said first firewall control block and said second firewall control block has a first indicator value, said second firewall control block compares said proprietary identifier extension of said first firewall control block to said proprietary identifier extension of said second firewall control block, andwherein said firewall control indicator of said second firewall control block has a second indicator value, said second firewall control block compares said proprietary identifier extension and resource identifier of said first firewall control block to said first firewall control block to said proprietary identifier extension and resource identifier of said second firewall control block; and
  
  allowing said first Java compliant applet to access said second Java compliant applet when said determining determines that access should be allowed.
- View Dependent Claims (9, 10)
- - 9. A method as recited in claim 8, wherein said method further comprises:
    - Providing a reference to said first Java compliant applet with a reference to said second Java compliant applet when said determining determines that access should be allowed.
  - 10. A method as recited in claim 8, wherein said providing of a reference comprises:
    - Invoking a first method that is implemented as a part of Java management environment or Java system environment; and
      
      Invoking a second method that is implemented as a Applet class, as a result of said invoking of the second method.

11. A computer readable media including computer program code for providing security for a computing environment, said computer readable media comprising:
- computer program code for receiving a request from a first application to access a second application, the first application having a first firewall control block associated with it and the second application having a second firewall control block associated with it;
  
  computer program code for reading the second firewall control block associated with said second application, said first firewall control block and said second firewall control block each including a firewall control value and a firewall control indicator, the firewall control value including an application identifier data having a resource identifier and a proprietary identifier extension, the firewall control indicator being an indicator value represented by one or more bytes that indicate how the firewall control value should be interpreted with respect to access privileges of the respective first or second application;
  
  determining, based on said second firewall control block, whether said first application should be allowed to access said second application by determining whether said firewall control value of said second firewall control block has a first indicator value or a second indicator value, whereinwhen said firewall control indicator of said second firewall control block has a first indicator value, said second firewall control block compares said proprietary identifier extension of said first firewall control block to said proprietary identifier extension of said second firewall control block, andwhen said firewall control indicator of said second firewall control block has a second indicator value, said second firewall control block compares said proprietary identifier extension and resource identifier of said first firewall control block to said proprietary identifier extension and resource identifier of said second firewall control block; and
  
  allowing said first application to access said second application when said determining determines that access should be allowed.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Oracle America, Inc. (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Saltz, Michael K.
Primary Examiner(s)
Parthasarathy; Pramila

Application Number

US10/743,929
Publication Number

US 20050149926A1
Time in Patent Office

1,989 Days
Field of Search

None
US Class Current

726/11
CPC Class Codes

G06F 21/34   involving the use of extern...

G06F 9/468   Specific access rights for ...

H04L 63/0227   Filtering policies mail mes...

H04L 63/08   for authentication of entit...

H04L 63/104   Grouping of entities

Framework for providing a configurable firewall for computing systems

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

18 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Framework for providing a configurable firewall for computing systems

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links