Protection of user data in hosted application environments
First Claim
Patent Images
1. A method of converting an original application into a distributed application, the method comprising:
- splitting, by a processor, the original application into a plurality of application components, along security relevant boundaries, wherein the original application performs a plurality of functions;
constructing, by the processor, a customized licensing agreement with a distinct textual section for each application component;
removing, by the processor, each textual section from the licensing agreement that is associated with one of the application components that has access to an external party and to user data of a user, when a privacy policy of the user indicates that the corresponding external party is to be denied access to the user data;
mapping, by the processor, the application components to hosting infrastructure boundaries to enable the application components to be hosted by separate entities communicating with one another through a computer network;
using, by the processor, a mechanism to enforce the privacy policy to provide secure communications between the application components; and
presenting, by the processor, the customized licensing agreement to the user for approval by the user before access to the distributed application is enabled.
1 Assignment
0 Petitions
Accused Products
Abstract
A method of converting an original application into a cloud-hosted application includes splitting the original application into a plurality of application components along security relevant boundaries, mapping the application components to hosting infrastructure boundaries, and using a mechanism to enforce a privacy policy of a user. The mapping may include assigning each application component to a distinct virtual machine, which acts as a container for its assigned component.
32 Citations
16 Claims
-
1. A method of converting an original application into a distributed application, the method comprising:
-
splitting, by a processor, the original application into a plurality of application components, along security relevant boundaries, wherein the original application performs a plurality of functions; constructing, by the processor, a customized licensing agreement with a distinct textual section for each application component; removing, by the processor, each textual section from the licensing agreement that is associated with one of the application components that has access to an external party and to user data of a user, when a privacy policy of the user indicates that the corresponding external party is to be denied access to the user data; mapping, by the processor, the application components to hosting infrastructure boundaries to enable the application components to be hosted by separate entities communicating with one another through a computer network; using, by the processor, a mechanism to enforce the privacy policy to provide secure communications between the application components; and presenting, by the processor, the customized licensing agreement to the user for approval by the user before access to the distributed application is enabled. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer system configured to convert an original application into a distributed application, the system comprising:
-
a memory storing a computer program; and a processor configured to execute the program, wherein the program is configured to split the original application into a plurality of application components along security relevant boundaries, the original application performing a plurality of functions;
construct a customized licensing agreement with a distinct textual section for each application component;
remove each textual section from the licensing agreement that is associated with one of the application components that has access to an external party and to user data of a user, when a privacy policy of the user indicates that the external party is to be denied access to the user data;
map the application components to hosting infrastructure boundaries to enable the application components to be hosted by separate entities communicating with one another through a computer network;
use a mechanism to enforce the privacy policy to provide secure communications between the application components; and
present the customized licensing agreement to the user for approval by the user before access to the distributed application is enabled. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification