Protection of user data in hosted application environments
First Claim
Patent Images
1. A method of converting an original application into a cloud-hosted application, the method comprising:
- splitting, by a processor, the original application into a plurality of application components, along security relevant boundaries, wherein the original application performs a plurality of functions;
mapping, by the processor, the application components to hosting infrastructure boundaries to enable the application components to be hosted by separate entities; and
using, by the processor, a mechanism to enforce a privacy policy of a user of the original application to provide secure communications between the application components,wherein the splitting comprises a processor parsing computer code of the original application for boundary program labels that define respective boundaries of each application component within the original application, and generating a new program for each boundary program label that performs a subset of the functions,wherein each new program has access to a website and only a distinct subset of user information of the user based on the privacy policy, andwherein the processor creates an additional program that has access to all the user information, is configured to process data from the new programs to produce results that are presented to the user, and is prevented from accessing the websites, wherein the mapping comprising assigning each application component to a distinct virtual machine, which acts as a container for its assigned component.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of converting an original application into a cloud-hosted application includes splitting the original application into a plurality of application components along security relevant boundaries, mapping the application components to hosting infrastructure boundaries, and using a mechanism to enforce a privacy policy of a user. The mapping may include assigning each application component to a distinct virtual machine, which acts as a container for its assigned component.
-
Citations
15 Claims
-
1. A method of converting an original application into a cloud-hosted application, the method comprising:
-
splitting, by a processor, the original application into a plurality of application components, along security relevant boundaries, wherein the original application performs a plurality of functions; mapping, by the processor, the application components to hosting infrastructure boundaries to enable the application components to be hosted by separate entities; and using, by the processor, a mechanism to enforce a privacy policy of a user of the original application to provide secure communications between the application components, wherein the splitting comprises a processor parsing computer code of the original application for boundary program labels that define respective boundaries of each application component within the original application, and generating a new program for each boundary program label that performs a subset of the functions, wherein each new program has access to a website and only a distinct subset of user information of the user based on the privacy policy, and wherein the processor creates an additional program that has access to all the user information, is configured to process data from the new programs to produce results that are presented to the user, and is prevented from accessing the websites, wherein the mapping comprising assigning each application component to a distinct virtual machine, which acts as a container for its assigned component. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of converting an original application into a cloud-hosted application, the method comprising:
-
splitting, by a processor, the original application into a plurality of application components, along security relevant boundaries, wherein the original application performs a plurality of functions; mapping, by the processor, the application components to hosting infrastructure boundaries to enable the application components to be hosted by separate entities; and using, by the processor, a mechanism to enforce a privacy policy of a user of the original application to provide secure communications between the application components, wherein the splitting comprises a processor parsing computer code of the original application for boundary program labels that define respective boundaries of each application component within the original application, and generating a new program for each boundary program label that performs a subset of the functions, wherein the processor constructs a customized licensing agreement with a section for each application component based on the privacy policy, and the agreement is presented to the user before access to the cloud-hosted application is enabled, wherein each new program has access to a website and only a distinct subset of user information of the user based on the privacy policy, wherein the processor creates an additional program that has access to all the user information, is configured to process data from the new programs to produce results that are presented to the user, and is prevented from accessing the websites, and wherein the mapping comprising assigning each application component to a distinct virtual machine, which acts as a container for its assigned component. - View Dependent Claims (15)
-
Specification