Protection of user data in hosted application environments

US 9,430,653 B2
Filed: 04/14/2015
Issued: 08/30/2016
Est. Priority Date: 11/13/2012
Status: Expired due to Fees

First Claim

Patent Images

1. A method of converting an original application into a distributed application, the method comprising:

splitting, by a processor, the original application into a plurality of application components, along security relevant boundaries, wherein the original application performs a plurality of functions;

constructing, by the processor, a customized licensing agreement with a distinct textual section for each application component;

removing, by the processor, each textual section from the licensing agreement that is associated with one of the application components that has access to an external party and to user data of a user, when a privacy policy of the user indicates that the corresponding external party is to be denied access to the user data;

mapping, by the processor, the application components to hosting infrastructure boundaries to enable the application components to be hosted by separate entities communicating with one another through a computer network;

using, by the processor, a mechanism to enforce the privacy policy to provide secure communications between the application components; and

presenting, by the processor, the customized licensing agreement to the user for approval by the user before access to the distributed application is enabled.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of converting an original application into a cloud-hosted application includes splitting the original application into a plurality of application components along security relevant boundaries, mapping the application components to hosting infrastructure boundaries, and using a mechanism to enforce a privacy policy of a user. The mapping may include assigning each application component to a distinct virtual machine, which acts as a container for its assigned component.

32 Citations

View as Search Results

16 Claims

1. A method of converting an original application into a distributed application, the method comprising:
- splitting, by a processor, the original application into a plurality of application components, along security relevant boundaries, wherein the original application performs a plurality of functions;
  
  constructing, by the processor, a customized licensing agreement with a distinct textual section for each application component;
  
  removing, by the processor, each textual section from the licensing agreement that is associated with one of the application components that has access to an external party and to user data of a user, when a privacy policy of the user indicates that the corresponding external party is to be denied access to the user data;
  
  mapping, by the processor, the application components to hosting infrastructure boundaries to enable the application components to be hosted by separate entities communicating with one another through a computer network;
  
  using, by the processor, a mechanism to enforce the privacy policy to provide secure communications between the application components; and
  
  presenting, by the processor, the customized licensing agreement to the user for approval by the user before access to the distributed application is enabled.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, further comprising enabling or disabling each application component based on whether the privacy policy indicates the external party has access to the user data of the user.
  - 3. The method of claim 2, wherein the external party is a website.
  - 4. The method of claim 3, wherein a corresponding one of the application components configured to communicate with the website is disabled when the privacy policy indicates access of the website to the user data is denied.
  - 5. The method of claim 3, wherein a corresponding one of the application components configured to communicate with the website is enabled when the privacy policy indicates access of the website to the user data is allowed.
  - 6. The method of claim 1, wherein a structure of the licensing agreement is machine readable such that the licensing agreement is readable by a natural language processing tool.
  - 7. The method of claim 1, wherein the splitting comprises the processor parsing computer code of the original application for boundary program labels that define respective boundaries of each application component within the original application, and generating a new program for each boundary program label that performs a subset of the functions.
  - 8. The method of claim 7, wherein each new program has access to a website and only a distinct subset of user data of the user based on the privacy policy.
  - 9. The method of claim 8, wherein the processor creates an additional program that has access to all user data of the user, is configured to process data from the additional programs to produce results that are presented to the user, and is prevented from accessing the websites.
  - 10. The method of claim 1, wherein the mapping comprises assigning each application component to a distinct virtual machine, which acts as a container for its assigned component.

11. A computer system configured to convert an original application into a distributed application, the system comprising:
- a memory storing a computer program; and
  
  a processor configured to execute the program,wherein the program is configured to split the original application into a plurality of application components along security relevant boundaries, the original application performing a plurality of functions;
  
  construct a customized licensing agreement with a distinct textual section for each application component;
  
  remove each textual section from the licensing agreement that is associated with one of the application components that has access to an external party and to user data of a user, when a privacy policy of the user indicates that the external party is to be denied access to the user data;
  
  map the application components to hosting infrastructure boundaries to enable the application components to be hosted by separate entities communicating with one another through a computer network;
  
  use a mechanism to enforce the privacy policy to provide secure communications between the application components; and
  
  present the customized licensing agreement to the user for approval by the user before access to the distributed application is enabled.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The computer system of claim 11, wherein the program is configured to enable or disable each application component based on whether the privacy policy indicates the external party has access to the user data of the user.
  - 13. The computer system of claim 12, wherein the external party is a website.
  - 14. The computer system of claim 13, wherein a corresponding one of the application components configured to communicate with the website is disabled when the privacy policy indicates access of the website to the user data is denied, and enabled when the privacy policy indicates access of the website to the user data is allowed.
  - 15. The computer system of claim 11, wherein a structure of the licensing agreement is machine readable such that the licensing agreement is readable by a natural language processing tool.
  - 16. The computer system of claim 11, wherein the map assigns each application component to a distinct virtual machine, which acts as a container for its assigned component.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Christodorescu, Mihai, Pendarakis, Dimitrios, Singh, Kapil K.
Primary Examiner(s)
Lewis, Lisa
Assistant Examiner(s)
Torres-Diaz, Lizbeth

Application Number

US14/685,922
Publication Number

US 20150271180A1
Time in Patent Office

504 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/105   Arrangements for software l...

G06F 21/53   by executing in a restricte...

G06F 21/60   Protecting data

H04L 63/10   for controlling access to d...

Protection of user data in hosted application environments

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

16 Claims

Specification

Solutions

Use Cases

Quick Links

Protection of user data in hosted application environments

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

16 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links