Server-based architecture for securely providing multi-domain applications

US 9,021,559 B1
Filed: 10/11/2013
Issued: 04/28/2015
Est. Priority Date: 05/18/2011
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving a request for application content metadata from a first instance of a single-level application executing in a first domain of a plurality of security domains of a client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that is different from the first domain;

executing the request in the first domain, thereby producing a first set of application metadata items corresponding to a first set of application content items accessible to a user;

providing the request to the second domain;

obtaining, from the second domain, a second set of application metadata items corresponding to a second set of application content items accessible to the user;

aggregating the first set of application metadata items and the second set of application metadata items into an aggregated set of application metadata items;

providing the aggregated set of application metadata items to the first instance of the single-level application;

receiving a selection of one of the application metadata items;

determining that an application content item corresponding to the selected application metadata item is stored in the second domain; and

providing a second request to the second domain, the second request referencing at least one of the group consisting of the selected application metadata item and the application content item corresponding to the selected application metadata item.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A Multilevel Security (MLS) server provides MLS functionality to single-level applications running on a remote Multiple Independent Level Security (MILS) or MLS client device. More specifically, the MLS server provides a plurality of different security domains in which applications can execute. The client device executes a single-level application in a first security domain, the single-level application not natively capable of communicating with other domains. The single-level application in the first security domain sends a request to the MLS server. The MLS server receives the request, passing it to all applicable domains, including a second security domain, where it is duly executed. The MLS server then provides the results of the request execution—if any—back to an appropriate application on the client device. For example, the single-level application in the first security domain can display the aggregated results obtained from multiple distinct security domains, or an application running in the second security domain can display the results.

102 Citations

View as Search Results

18 Claims

1. A computer-implemented method comprising:
- receiving a request for application content metadata from a first instance of a single-level application executing in a first domain of a plurality of security domains of a client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that is different from the first domain;
  
  executing the request in the first domain, thereby producing a first set of application metadata items corresponding to a first set of application content items accessible to a user;
  
  providing the request to the second domain;
  
  obtaining, from the second domain, a second set of application metadata items corresponding to a second set of application content items accessible to the user;
  
  aggregating the first set of application metadata items and the second set of application metadata items into an aggregated set of application metadata items;
  
  providing the aggregated set of application metadata items to the first instance of the single-level application;
  
  receiving a selection of one of the application metadata items;
  
  determining that an application content item corresponding to the selected application metadata item is stored in the second domain; and
  
  providing a second request to the second domain, the second request referencing at least one of the group consisting of the selected application metadata item and the application content item corresponding to the selected application metadata item.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The computer-implemented method of claim 1, wherein the plurality of security domains are arranged in a hierarchy of corresponding security levels, each member domain of the plurality of security domains having associated resources that are accessible only to the member domain or domains with higher security levels.
  - 3. The computer-implemented method of claim 2, wherein the first domain is implemented by a single-level operating system.
  - 4. The computer-implemented method of claim 1, wherein the first domain and the second domain are implemented by an operating system providing Multi-Level Security (MLS) that provides functionality for accessing, from a given domain, resources of a domain different from the given domain.
  - 5. The computer-implemented method of claim 1, further comprising providing a second result of executing the request in the second domain to an application executing on the client device, the application executing in the second domain.
  - 6. The computer-implemented method of claim 1, further comprising displaying to the user, by a second instance of the single-level application executing in the second domain, data corresponding to the selected application metadata item.

7. A computer server system comprising:
- a hardware computer processor; and
  
  a non-transitory computer-readable storage medium storing a computer program executable by the computer processor, the computer program comprising;
  
  instructions for receiving a request for application content metadata from a first instance of a single-level application executing in a first domain of a plurality of security domains of a client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that is different from the first domain;
  
  instructions for executing the request in the first domain, thereby producing a first set of application metadata items corresponding to a first set of application content items accessible to a user;
  
  instructions for providing the request to the second domain;
  
  instructions for obtaining, from the second domain, a second set of application metadata items corresponding to a second set of application content items accessible to the user;
  
  instructions for aggregating the first set of application metadata items and the second set of application metadata items into an aggregated set of application metadata items;
  
  instructions for providing the aggregated set of application metadata items to the first instance of the single-level application;
  
  instructions for receiving a selection of one of the application metadata items;
  
  instructions for determining that an application content item corresponding to the selected application metadata item is stored in the second domain; and
  
  instructions for providing a second request to the second domain, the second request referencing at least one of the group consisting of the selected application metadata item and the application content item corresponding to the selected application metadata item.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer server system of claim 7, wherein the plurality of security domains are arranged in a hierarchy of corresponding security levels, each member domain of the plurality of security domains having associated resources that are accessible only to the member domain or domains with higher security levels.
  - 9. The computer server system of claim 8, wherein the first domain is implemented by a single-level operating system.
  - 10. The computer server system of claim 7, wherein the first domain and the second domain are implemented by an operating system providing Multi-Level Security (MLS) that provides functionality for accessing, from a given domain, resources of a domain different from the given domain.
  - 11. The computer server system of claim 7, the computer program further comprising instructions for providing a second result of executing the request in the second domain to an application executing on the client device, the application executing in the second domain.
  - 12. The computer server system of claim 7, the computer program further comprising instructions for displaying to the user, by a second instance of the single-level application executing in the second domain, data corresponding to the selected application metadata item.

13. A non-transitory computer-readable storage medium comprising computer-executable instructions, the instructions comprising:
- a non-transitory computer-readable storage medium storing a computer programinstructions for receiving a request for application content metadata from a first instance of a single-level application executing in a first domain of a plurality of security domains of a client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that is different from the first domain;
  
  instructions for executing the request in the first domain, thereby producing a first set of application metadata items corresponding to a first set of application content items accessible to a user;
  
  instructions for providing the request to the second domain;
  
  instructions for obtaining, from the second domain, a second set of application metadata items corresponding to a second set of application content items accessible to the user;
  
  instructions for aggregating the first set of application metadata items and the second set of application metadata items into an aggregated set of application metadata items;
  
  instructions for providing the aggregated set of application metadata items to the first instance of the single-level application;
  
  instructions for receiving a selection of one of the application metadata items;
  
  instructions for determining that an application content item corresponding to the selected application metadata item is stored in the second domain; and
  
  instructions for providing a second request to the second domain, the second request referencing at least one of the group consisting of the selected application metadata item and the application content item corresponding to the selected application metadata item.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The non-transitory computer-readable storage medium of claim 13, wherein the plurality of security domains are arranged in a hierarchy of corresponding security levels, each member domain of the plurality of security domains having associated resources that are accessible only to the member domain or domains with higher security levels.
  - 15. The non-transitory computer-readable storage medium of claim 14, wherein the first domain is implemented by a single-level operating system.
  - 16. The non-transitory computer-readable storage medium of claim 13, wherein the first domain and the second domain are implemented by an operating system providing Multi-Level Security (MLS) that provides functionality for accessing, from a given domain, resources of a domain different from the given domain.
  - 17. The non-transitory computer-readable storage medium of claim 13, the computer program further comprising instructions for providing a second result of executing the request in the second domain to an application executing on the client device, the application executing in the second domain.
  - 18. The non-transitory computer-readable storage medium of claim 13, the computer program further comprising instructions for displaying to the user, by a second instance of the single-level application executing in the second domain, data corresponding to the selected application metadata item.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
STERLING COMPUTERS CORPORATION
Original Assignee
BLUESPACE SOFTWARE CORP. (STERLING COMPUTERS CORPORATION)
Inventors
Vetter, Brian J., Marston, Justin Philip, Sundstrom, David
Primary Examiner(s)
Truong, Thanhnga B
Assistant Examiner(s)
PLECHA, THADDEUS J

Application Number

US14/052,560
Time in Patent Office

564 Days
Field of Search

726/4, 713/166
US Class Current

726/4
CPC Class Codes

G06F 21/00 Security arrangements for p...

H04L 63/105 Multiple levels of security

Server-based architecture for securely providing multi-domain applications

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

102 Citations

18 Claims

Specification

Solutions

Use Cases

Quick Links

Server-based architecture for securely providing multi-domain applications

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

18 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links