[특허]Server-based architecture for securely providing multi-domain applications

Server-based architecture for securely providing multi-domain applications 원문보기

IPC분류정보
국가/구분	United States(US) Patent 등록
국제특허분류(IPC7판)	H04L-029/06
출원번호	US-0110804 (2011-05-18)
등록번호	US-8584211 (2013-11-12)
발명자 / 주소	Vetter, Brian J. Marston, Justin Philip Sundstrom, David
출원인 / 주소	BlueSpace Software Corporation
대리인 / 주소	Fenwick & West LLP
인용정보	피인용 횟수 : 15 인용 특허 : 42

초록 ▼

A Multilevel Security (MLS) server provides MLS functionality to single-level applications running on a remote Multiple Independent Level Security (MILS) or MLS client device. More specifically, the MLS server provides a plurality of different security domains in which applications can execute. The client device executes a single-level application in a first security domain, the single-level application not natively capable of communicating with other domains. The single-level application in the first security domain sends a request to the MLS server. The MLS server receives the request, passing it to all applicable domains, including a second security domain, where it is duly executed. The MLS server then provides the results of the request execution—if any—back to an appropriate application on the client device. For example, the single-level application in the first security domain can display the aggregated results obtained from multiple distinct security domains, or an application running in the second security domain can display the results.

대표청구항 ▼

1. A computer-implemented method comprising: receiving a request for application content metadata from a first instance of a single-level application executing in a first domain of a plurality of security domains of a client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that has a different corresponding security level than the first domain, the first domain being implemented by a first operating system instance running in a first virtual machine, and the second domain being implemented by a second operating system instance running in a second virtual machine;executing the request in the first domain, thereby producing a first set of application metadata items corresponding to a first set of application content items accessible to a user;providing the request to the second domain;obtaining, from the second domain, a second set of application metadata items corresponding to a second set of application content items accessible to the user;aggregating the first set of application metadata items and the second set of application metadata items into an aggregated set of application metadata items;providing the aggregated set of application metadata items to the first instance of the single-level application for display within a user interface of the first instance in the first domain, thereby providing a consolidated view of metadata from multiple security domains;receiving a selection of one of the application metadata items;determining that an application content item corresponding to the selected application metadata item is stored in the second domain; andproviding a display request to the second domain to display the application content item corresponding to the selected application metadata item within a user interface of a second instance of the single-level application executing within the second domain. 2. The computer-implemented method of claim 1, wherein the security domains are arranged in a hierarchy of corresponding security levels, each domain having associated resources that are accessible only to that domain or domains with higher security levels. 3. The computer-implemented method of claim 1, wherein a trusted service bus provides the request to the second domain by writing the request to a shared memory area accessible to the first virtual machine and to the second virtual machine. 4. The computer-implemented method of claim 1, wherein at least one of the first operating system instance and the second operating system instance is a single-level operating system. 5. The computer-implemented method of claim 1, further comprising providing a result of executing the request in the second domain to an application executing on the client device in the second domain. 6. The computer-implemented method of claim 1, further comprising displaying to the user, by the second instance of the single-level application executing in the second domain, data corresponding to the selected application metadata item. 7. A computer server system comprising: a hardware computer processor; anda non-transitory computer-readable storage medium storing a computer program executable by the computer processor and performing actions comprising: receiving a request for application content metadata from a first instance of a single-level application executing in a first domain of a plurality of security domains of a client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that has a different corresponding security level than the first domain, the first domain being implemented by a first operating system instance running in a first virtual machine, and the second domain being implemented by a second operating system instance running in a second virtual machine;executing the request in the first domain, thereby producing a first set of application metadata items corresponding to a first set of application content items accessible to a user;providing the request to the second domain;obtaining, from the second domain, a second set of application metadata items corresponding to a second set of application content items accessible to the user;aggregating the first set of application metadata items and the second set of application metadata items into an aggregated set of application metadata items;providing the aggregated set of application metadata items to the first instance of the single-level application for display within a user interface of the first instance within the first domain;receiving a selection of one of the application metadata items;determining that an application content item corresponding to the selected application metadata item is stored in the second domain; and providing a display request to the second domain to display the application content item corresponding to the selected application metadata item within a user interface of a second instance of the single-level application executing within the second domain. 8. The computer server system of claim 7, wherein the security domains are arranged in a hierarchy of corresponding security levels, each domain having associated resources that are accessible only to that domain or domains with higher security levels. 9. The computer server system of claim 7, wherein a trusted service bus provides the request to the second domain by writing the request to a shared memory area accessible to the first virtual machine and to the second virtual machine. 10. The computer server system of claim 7, wherein at least one of the first operating system instance and the second operating system instance is a single-level operating system. 11. A computer-implemented method of providing a remote Multiple Independent Level Security (MILS) client device with an application that spans a plurality of different security domains, each domain implemented by a different operating system instance running in a distinct hypervisor, the method comprising: receiving, by a server, a request for email headers from a first instance of a single-level email application executing in a first domain of the plurality of security domains of the client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that is different from the first domain;executing, by the server, the request in the first domain, thereby producing a first set of email headers corresponding to a first set of emails accessible to a user;providing, by the server, the request to the second domain via a trusted service bus;executing, by the server, the request in a second instance of the single-level email application executing in the second domain, thereby producing a second set of email headers corresponding to a second set of emails accessible to the user;aggregating the first set of email headers and the second set of email headers into an aggregated set of email headers;providing the aggregated set of email headers to the first instance of the single-level email application of the remote client device for display within a user interface of the first instance within the first domain;receiving a selection of one of the email headers from the aggregated set of email headers within the user interface;determining that an email corresponding to the selected one of the email headers is stored in the second domain;providing a display request to the application in the second domain to display the email corresponding to the selected one of the email headers within a user interface executing within the second domain; anddisplaying to the user, by the application in the second domain, the email corresponding to the selected one of the email headers. 12. The computer-implemented method of claim 11, wherein the first domain is implemented by a first operating system instance running in a first virtual machine, and the second domain is implemented by a second operating system instance running in a second virtual machine. 13. A computer-implemented method comprising: receiving a request for application content metadata from a first instance of a single-level application executing in a first domain of a plurality of security domains of a client device, the request to be executed in at least the first domain and in a second domain of the plurality of security domains that has a different corresponding security level than the first domain, the first domain and the second domain being implemented by an operating system providing Multi-Level Security (MLS) that provides functionality for accessing, from the first domain, resources of the second domain;executing the request in the first domain, thereby producing a first set of application metadata items corresponding to a first set of application content items accessible to a user;providing the request to the second domain;obtaining, from the second domain, a second set of application metadata items corresponding to a second set of application content items accessible to the user;aggregating the first set of application metadata items and the second set of application metadata items into an aggregated set of application metadata items;providing the aggregated set of application metadata items to the first instance of the single-level application for display within a user interface of the first instance in the first domain, thereby providing a consolidated view of metadata from multiple security domains;receiving a selection of one of the application metadata items;determining that an application content item corresponding to the selected application metadata item is stored in the second domain; andproviding a display request to the second domain to display the application content item corresponding to the selected application metadata item within a user interface of a second instance of the single-level application executing within the second domain. 14. The computer-implemented method of claim 13, wherein a trusted service bus provides the request to the second domain by sending the request to the second domain via a multi-level port provided by the MLS operating system. 15. The computer-implemented method of claim 13, wherein the security domains are arranged in a hierarchy of corresponding security levels, each domain having associated resources that are accessible only to that domain or domains with higher security levels. 16. The computer-implemented method of claim 13, further comprising providing a result of executing the request in the second domain to an application executing on the client device in the second domain. 17. The computer-implemented method of claim 13, further comprising displaying to the user, by the second instance of the single-level application executing in the second domain, data corresponding to the selected application metadata item.

이 특허에 인용된 특허 (42)

Ramanathan Srinivas ; Caswell Deborah L. ; Neal Scott S. ; Nijdam Marc, Automated service elements discovery using core service specific discovery templates.
상세보기
Chow Yen-whei ; Hayes-Roth Frederick A. ; Jacobstein Neil A. ; Manley James E. ; McMahan Christopher B., Automatic retrieval of changed files by a network software agent.
상세보기
Leighton, F. Thomson; Lewin, Daniel M., Content delivery network using edge-of-network servers for providing content delivery to a set of participating content providers.
상세보기
Raman Thiruvilwamalai V., Data stream processing on networked computer system lacking format-specific data processing resources.
상세보기
Kinnis, Tony F.; Sit, Ho Wing, Digital signature service.
상세보기
Kucherawy,Murray, E-mail system with methodology for accelerating mass mailings.
상세보기
Botts Jennifer M. ; Musson Karen L. ; Stites Elizabeth M. ; Weber Douglas C. ; Wilson David A., Electronic message management system.
상세보기
David A. Farber ; Ronald D. Lachman, Identifying and requesting data in network using identifiers which are based on contents of data.
상세보기
Ajit Kumar Gupta ; Richard David Day ; Eric Sven-Johan Swildens, Integrated point of presence server network.
상세보기
Lindbo, Sverker; Lothberg, Peter; Vixie, Paul, Internet communication system.
상세보기
Lim Swee Boon ; Singhai Ashish ; Radia Sanjay R., Load balancing and failover of network services.
상세보기
Bolton Derek W.,AUX ; Agrawal Rajesh,AUX, Load balancing of client connections across a network using server based algorithms.
상세보기
Albert, Mark; Howes, Richard A.; Kersey, Edward A.; Menditto, Louis F.; O'Rourke, Chris; Tiwari, Pranav Kumar; Tsang, Tzu-Ming, Load balancing using distributed forwarding agents with application based feedback for different virtual machines.
상세보기
Shaw Mark ; Rosen Ross, Method and apparatus for performing enterprise email management.
상세보기
Bates, Cary Lee; Day, Paul Reuben; Santosuosso, John Matthew, Method and apparatus for providing a view of an electronic mail message.
상세보기
Horvitz,Eric, Methods for routing items for communications based on a measure of criticality.
상세보기
Wallis Graham Derek,GBX ; Taylor Michael George,GBX ; Platt Michael,GBX ; Stanford-Clark Andrew James,GBX, Name server computer having a load levelling facility to spread the load from client computers across a plurality of server computers.
상세보기
Malcolm,Michael; Zarnke,Robert, Network object cache engine.
상세보기
Farber David A. ; Greer Richard E. ; Swart Andrew D. ; Balter James A., Optimized network resource location.
상세보기
Swildens, Eric Sven-Johan; Gupta, Ajit Kumar; Day, Richard David, Performance computer network method.
상세보기
Putzolu, David Matthew, Policy-based network management system using dynamic policy generation.
상세보기
Pfeffer, Howard; Leddy, John, Reduction of network server loading.
상세보기
Birrell Andrew D. ; Wobber Edward P. ; Schroeder Michael, Replacing large bit component of electronic mail (e-mail) message with hot-link in distributed computer system.
상세보기
Buckley David ; Brown Donald Gordon ; Cranston Wayne Merl, SMTP extension to preserve per-message and per-recipient properties.
상세보기
Kelly John Anthony,GBX ; McCallion Ian Michael,GBX, Support for application programs in a distributed environment.
상세보기
Kenner Brian ; Colby Kenneth W. ; Brownell Lonnie J., System and method for automated identification, retrieval, and installation of multimedia software components.
상세보기
Milo S. Medin, Jr., System and method for delivering high-performance online multimedia services.
상세보기
Kennedy Kevin Alan, System and method for managing electronic mail messages using a client-based database.
상세보기
Brian Kenner ; Arnold Karush, System and method for optimized storage and retrieval of data on a distributed computer network.
상세보기
Kenner Brian ; Karush Arnold, System and method for optimized storage and retrieval of data on a distributed computer network.
상세보기
Kenner Brian ; Karush Arnold, System and method for optimized storage and retrieval of data on a distributed computer network.
상세보기
Moody,Paul B.; Gruen,Daniel M.; Rohall,Steven L.; Kerr,Bernard J., System and method for searching and retrieving related messages.
상세보기
Brian Kenner ; Kenneth W. Colby ; Lonnie J. Brownell ; Guy P. Weathersby, System and method for selection and retrieval of diverse types of video data on a computer network.
상세보기
Kenner Brian ; Colby Kenneth W. ; Mudry Robert N., System and method for server-side optimization of data delivery on a distributed computer network.
상세보기
Malik Naeem Iqbal, System for establishing optimized ISDN communication by identifying common communication attributes of destination and s.
상세보기
Clark, David Morley; Gibson, Thomas Wilson; Bracewell, David Mitchell; Kwan, Jeff Toy Tsao, System for managing and organizing stored electronic messages.
상세보기
Zombek, James M.; Sobchak, Richard K.; Bonefas, Rudy G., System, method and computer program product for providing server discovery services during a startup sequence.
상세보기
Ahmed, Muhammad A.; Alam, Mohammad Shabbir, Thread based email.
상세보기
Eric Sven-Johan Swildens ; Richard David Day ; Ajit K. Gupta, User device and system for traffic management and content distribution over a world wide area network.
상세보기
Kenner Brian ; Gruber Harry, Video storage and retrieval system.
상세보기
Mark E. Kriegsman, Web serving system.
상세보기
Birrell Andrew D. ; Wobber Edward P. ; Schroeder Michael, Web-based electronic mail service apparatus and method using full text and label indexing.
상세보기

이 특허를 인용한 특허 (15)

Sinha, Shantanu; Roy, Jeremy; Ohene-Adu, Ohene Kwasi; Wei, Edward, Domain trusted video network.
상세보기
Quinn, Rian Patrick; Kerrigan, Brendan Timothy, Facilitating user interaction with multiple domains while preventing cross-domain transfer of data.
상세보기
Bertram, Joshua R.; Marek, James A.; Mitchell, Andre F.; Topf, Curtis M.; Bean, Reginald D., Multi-level security display with secure input/output.
상세보기
Kling, Matthew T.; Hockenbury, Clark B.; Bonn, Jerrold L.; Bataller, Susan F.; Veneziano, Mark, Multi-level security domain separation using soft-core processor embedded in an FPGA.
상세보기
Yarykin, Pavel N.; Martynenko, Vladislav V.; Monastyrsky, Alexey V., Security architecture for virtual machines.
상세보기
Mraz, Ronald; Staubly, Steven; Tsao, Michael M., Single computer-based virtual cross-domain solutions.
상세보기
Mooring, Edward T.; Howard, Craig, Systems and methods involving aspects of hardware virtualization such as hypervisor, detection and interception of code or instruction execution including API calls, and/or other features.
상세보기
Mooring, Edward T.; Howard, Craig, Systems and methods involving aspects of hardware virtualization such as hypervisor, detection and interception of code or instruction execution including API calls, and/or other features.
상세보기
Mooring, Edward T.; Howard, Craig, Systems and methods involving aspects of hardware virtualization such as hypervisor, detection and interception of code or instruction execution including API calls, and/or other features.
상세보기
Mooring, Edward T.; Yankovsky, Phillip, Systems and methods involving features of hardware virtualization such as separation kernel hypervisors, hypervisors, hypervisor guest context, hypervisor context, rootkit detection/prevention, and/or other features.
상세보기
Mooring, Edward T.; Yankovsky, Phillip, Systems and methods involving features of hardware virtualization such as separation kernel hypervisors, hypervisors, hypervisor guest context, hypervisor context, rootkit detection/prevention, and/or other features.
상세보기
Mooring, Edward T.; Howard, Craig; Yankovsky, Phillip, Systems and methods involving features of hardware virtualization, hypervisor, APIs of interest, and/or other features.
상세보기
Mooring, Edward T.; Yankovsky, Phillip; Howard, Craig, Systems and methods involving features of hardware virtualization, hypervisor, APIs of interest, and/or other features.
상세보기
Mooring, Edward T.; Yankovsky, Phillip, Systems and methods involving features of hardware virtualization, hypervisor, pages of interest, and/or other features.
상세보기
Mooring, Edward T.; Yankovsky, Phillip, Systems and methods involving features of hardware virtualization, hypervisor, pages of interest, and/or other features.
상세보기

IPC	Description
A	생활필수품
A62	인명구조; 소방(사다리 E06C)
A62B	인명구조용의 기구, 장치 또는 방법(특히 의료용에 사용되는 밸브 A61M 39/00; 특히 물에서 쓰이는 인명구조 장치 또는 방법 B63C 9/00; 잠수장비 B63C 11/00; 특히 항공기에 쓰는 것, 예. 낙하산, 투출좌석 B64D; 특히 광산에서 쓰이는 구조장치 E21F 11/00)
A62B-1/08	.. 윈치 또는 풀리에 제동기구가 있는 것

내보내기 구분	파일저장 인쇄 메일전송
구성항목	기본정보 상세정보 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표IPC 관리번호, 국가코드, 자료구분, 상태, 출원번호, 출원일자, 공개번호, 공개일자, 공고번호, 공고일자, 등록번호, 등록일자, 발명명칭(한글), 발명명칭(영문), 출원인(한글), 출원인(영문), 출원인코드, 대표출원인, 출원인국적, 출원인주소, 발명자, 발명자E, 발명자코드, 발명자주소, 발명자 우편번호, 발명자국적, 대표IPC, IPC코드, 요약, 미국특허분류, 대리인주소, 대리인코드, 대리인(한글), 대리인(영문), 국제공개일자, 국제공개번호, 국제출원일자, 국제출원번호, 우선권, 우선권주장일, 우선권국가, 우선권출원번호, 원출원일자, 원출원번호, 지정국, Citing Patents, Cited Patents
저장형식	Text(ASCII format) Excel format PIAS분석(.xls)
메일정보	받는사람 (필수) @ 보내는사람 (선택) @ 제목 내용 KISTI 검색결과 이메일 서비스
안내	총 건의 자료가 검색되었습니다. 다운받으실 자료의 인덱스를 입력하세요. (1-10,000) 검색결과의 순서대로 최대 10,000건 까지 다운로드가 가능합니다. 데이타가 많을 경우 속도가 느려질 수 있습니다.(최대 2~3분 소요) 다운로드 파일은 UTF-8 형태로 저장됩니다. 파일의 내용이 제대로 보이지 않을실 때는 웹브라우저 상단의 보기 -> 인코딩 -> 자동선택 여부를 확인하십시오. ~ Text(ASCII format) Excel format

연합인증

Server-based architecture for securely providing multi-domain applications 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

이 특허에 인용된 특허 (42)

이 특허를 인용한 특허 (15)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트

연합인증

Server-based architecture for securely providing multi-domain applications 원문보기

초록 ▼

대표청구항 ▼

연구과제 타임라인

전체(0) 논문(0) 특허(0) 보고서(0)

전체(0) 논문(0) 특허(0) 보고서(0)

이 특허에 인용된 특허 (42)

이 특허를 인용한 특허 (15)

관련 콘텐츠

특허 원문 보기

IPC 상위 출원인

AI-Helper ※ AI-Helper는 오픈소스 모델을 사용합니다.

선택된 텍스트