Protection of user data in hosted application environments
First Claim
Patent Images
1. A system configured to convert an original application into a distributed application comprising a plurality of application components, the system comprising:
- a memory storing a computer program; and
a processor configured to execute the computer program,wherein the program is configured to;
generate a manifest comprising an entry for each application component indicating a part of private information of the user the application component is entitled to access, and either indicating i) a website the application component is permitted to share the information with or ii) that the application component is not to permitted to share the information,split the original application into the plurality of application components along security relevant boundaries according to the manifest by generating a second computer program for each entry that only has access to the part of the private information of the entry and the website of the entry, and a third computer program that has access to all the private information, no access to the websites, and is configured to process data received from the second computer programs,map the application components to hosting infrastructure boundaries, anduse a mechanism to enforce a privacy policy of the user and the manifest.
0 Assignments
0 Petitions
Accused Products
Abstract
A method of converting an original application into a cloud-hosted application includes splitting the original application into a plurality of application components along security relevant boundaries, mapping the application components to hosting infrastructure boundaries, and using a mechanism to enforce a privacy policy of a user. The mapping may include assigning each application component to a distinct virtual machine, which acts as a container for its assigned component.
283 Citations
14 Claims
-
1. A system configured to convert an original application into a distributed application comprising a plurality of application components, the system comprising:
-
a memory storing a computer program; and a processor configured to execute the computer program, wherein the program is configured to; generate a manifest comprising an entry for each application component indicating a part of private information of the user the application component is entitled to access, and either indicating i) a website the application component is permitted to share the information with or ii) that the application component is not to permitted to share the information, split the original application into the plurality of application components along security relevant boundaries according to the manifest by generating a second computer program for each entry that only has access to the part of the private information of the entry and the website of the entry, and a third computer program that has access to all the private information, no access to the websites, and is configured to process data received from the second computer programs, map the application components to hosting infrastructure boundaries, and use a mechanism to enforce a privacy policy of the user and the manifest. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A system configured to manage a distributed application comprising a plurality of application components, the system comprising:
-
a memory storing a computer program; and a processor configured to execute the program, wherein the program is configured to start a new virtual machine for each application component, wherein each virtual machine runs a distinct one of the application components, wherein a first application component of the application components is configured to communicate first private information of a user to a first website according to a manifest, send a message to the user requesting permission for the first website to access second other private information of the user, update the manifest based on a response of the user to the message, and output the second private information to the website only when the manifest indicates that output of the second private information to the website is allowed, wherein a second application component of the application components is configured to communicate the second private information to a second website, and wherein a third application component of the application components has access to all the private information, no access to the websites, and is configured to process data received from the first and second application components. - View Dependent Claims (13, 14)
-
Specification