Server-based architecture for securely providing multi-domain applications
First Claim
1. A computer-implemented method comprising:
- receiving a request for application content metadata from a first instance of a single-level application executing in a first domain of a plurality of security domains of a client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that is different from the first domain;
executing the request in the first domain, thereby producing a first set of application metadata items corresponding to a first set of application content items accessible to a user;
providing the request to the second domain;
obtaining, from the second domain, a second set of application metadata items corresponding to a second set of application content items accessible to the user;
aggregating the first set of application metadata items and the second set of application metadata items into an aggregated set of application metadata items;
providing the aggregated set of application metadata items to the first instance of the single-level application;
receiving a selection of one of the application metadata items;
determining that an application content item corresponding to the selected application metadata item is stored in the second domain; and
providing a second request to the second domain, the second request referencing at least one of the group consisting of the selected application metadata item and the application content item corresponding to the selected application metadata item.
2 Assignments
0 Petitions
Accused Products
Abstract
A Multilevel Security (MLS) server provides MLS functionality to single-level applications running on a remote Multiple Independent Level Security (MILS) or MLS client device. More specifically, the MLS server provides a plurality of different security domains in which applications can execute. The client device executes a single-level application in a first security domain, the single-level application not natively capable of communicating with other domains. The single-level application in the first security domain sends a request to the MLS server. The MLS server receives the request, passing it to all applicable domains, including a second security domain, where it is duly executed. The MLS server then provides the results of the request execution—if any—back to an appropriate application on the client device. For example, the single-level application in the first security domain can display the aggregated results obtained from multiple distinct security domains, or an application running in the second security domain can display the results.
-
Citations
18 Claims
-
1. A computer-implemented method comprising:
-
receiving a request for application content metadata from a first instance of a single-level application executing in a first domain of a plurality of security domains of a client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that is different from the first domain; executing the request in the first domain, thereby producing a first set of application metadata items corresponding to a first set of application content items accessible to a user; providing the request to the second domain; obtaining, from the second domain, a second set of application metadata items corresponding to a second set of application content items accessible to the user; aggregating the first set of application metadata items and the second set of application metadata items into an aggregated set of application metadata items; providing the aggregated set of application metadata items to the first instance of the single-level application; receiving a selection of one of the application metadata items; determining that an application content item corresponding to the selected application metadata item is stored in the second domain; and providing a second request to the second domain, the second request referencing at least one of the group consisting of the selected application metadata item and the application content item corresponding to the selected application metadata item. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A computer server system comprising:
-
a hardware computer processor; and a non-transitory computer-readable storage medium storing a computer program executable by the computer processor, the computer program comprising; instructions for receiving a request for application content metadata from a first instance of a single-level application executing in a first domain of a plurality of security domains of a client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that is different from the first domain; instructions for executing the request in the first domain, thereby producing a first set of application metadata items corresponding to a first set of application content items accessible to a user; instructions for providing the request to the second domain; instructions for obtaining, from the second domain, a second set of application metadata items corresponding to a second set of application content items accessible to the user; instructions for aggregating the first set of application metadata items and the second set of application metadata items into an aggregated set of application metadata items; instructions for providing the aggregated set of application metadata items to the first instance of the single-level application; instructions for receiving a selection of one of the application metadata items; instructions for determining that an application content item corresponding to the selected application metadata item is stored in the second domain; and instructions for providing a second request to the second domain, the second request referencing at least one of the group consisting of the selected application metadata item and the application content item corresponding to the selected application metadata item. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory computer-readable storage medium comprising computer-executable instructions, the instructions comprising:
-
a non-transitory computer-readable storage medium storing a computer program instructions for receiving a request for application content metadata from a first instance of a single-level application executing in a first domain of a plurality of security domains of a client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that is different from the first domain; instructions for executing the request in the first domain, thereby producing a first set of application metadata items corresponding to a first set of application content items accessible to a user; instructions for providing the request to the second domain; instructions for obtaining, from the second domain, a second set of application metadata items corresponding to a second set of application content items accessible to the user; instructions for aggregating the first set of application metadata items and the second set of application metadata items into an aggregated set of application metadata items; instructions for providing the aggregated set of application metadata items to the first instance of the single-level application; instructions for receiving a selection of one of the application metadata items; instructions for determining that an application content item corresponding to the selected application metadata item is stored in the second domain; and instructions for providing a second request to the second domain, the second request referencing at least one of the group consisting of the selected application metadata item and the application content item corresponding to the selected application metadata item. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification