Method and system for restricting access to user resources
First Claim
1. A computer program product comprising:
- a non-transitory computer usable storage medium having computer executable code embodied therein for managing access to an application program interface (API) comprising a plurality of functions, the computer executable code comprising;
a first module for receiving a message containing code calling a function in the API associated with conducting an electronic commerce transaction and an access control list (ACL) indicating API function execution rights of an originator of the message;
a second module for determining whether the ACL indicates that the originator of the message has the right to execute the called function associated with conducting the electronic commerce transaction; and
a third module for sending a response to the originator of the message indicating whether the code successfully called the function in the API associated with conducting the electronic commerce transaction.
0 Assignments
0 Petitions
Accused Products
Abstract
A user'"'"'s set top box (STB), or other client, executes a shell and has an application program interface (API) by which certain features of the client can be controlled. The client is in communication with a walled garden proxy server (WGPS), which controls access to a walled garden. The walled garden contains links to one or more servers providing network-based services. The client sends a request to the WGPS to access a service provided by a site in the garden. To provide the service, the site sends the client a message containing code calling a function in the API. The WGPS traps the message from the site and looks up the site in a table to determine the access control list (ACL) for the site. The ACL is a bit-map that specifies which functions of the client'"'"'s API can be invoked by code from the site. The WGPS includes the ACL in the header of the hypertext transport protocol (HTTP) message to the client. The shell receives the message and extracts the ACL. The shell uses the ACL to determine whether the code has permission to execute any called functions in the API. If the code lacks permission, the shell stops execution and sends a message to the site indicating that the site lacks permission. Otherwise, the shell allows the code to call the function.
-
Citations
14 Claims
-
1. A computer program product comprising:
a non-transitory computer usable storage medium having computer executable code embodied therein for managing access to an application program interface (API) comprising a plurality of functions, the computer executable code comprising; a first module for receiving a message containing code calling a function in the API associated with conducting an electronic commerce transaction and an access control list (ACL) indicating API function execution rights of an originator of the message; a second module for determining whether the ACL indicates that the originator of the message has the right to execute the called function associated with conducting the electronic commerce transaction; and a third module for sending a response to the originator of the message indicating whether the code successfully called the function in the API associated with conducting the electronic commerce transaction. - View Dependent Claims (2, 3, 4)
-
5. A computer program product comprising:
a non-transitory computer usable storage medium having computer executable code embodied therein for passing messages from a server to a client, the computer executable code comprising; a first module for receiving a message containing code calling a function in an API associated with conducting an electronic commerce transaction from the server intended for the client; a second module for determining permissions of the server with respect to the client; a third module for including the determined permissions with the message; and a fourth module for passing the message and the determined permissions to the client. - View Dependent Claims (6, 7, 8, 9, 10)
-
11. A system for managing access to an application program interface (API) comprising a plurality of functions, comprising:
-
a processor for executing computer program code; a non-transitory computer-readable storage medium storing executable computer program code comprising; a first module for receiving a message containing code calling a function in the API associated with conducting an electronic commerce transaction and an access control list (ACL) indicating API function execution rights of an originator of the message; a second module for determining whether the ACL indicates that the originator of the message has the right to execute the called function associated with conducting the electronic commerce transaction; and a third module for sending a response to the originator of the message indicating whether the code successfully called the function in the API associated with conducting the electronic commerce transaction. - View Dependent Claims (12, 13, 14)
-
Specification