发明名称 |
ALLOWING FIRST MODULE OF COMPUTER CODE TO MAKE USE OF SERVICE PROVIDED BY SECOND MODULE WHILE ENSURING SECURITY OF SYSTEM |
摘要 |
A system for integrating modules of computer code may include a sandbox validator for receiving a first module and verifying that the first module complies with one or more sandbox constraints. A computing device may execute the first module within a runtime environment. A module integrator may operate within the runtime environment for receiving a request from the first module to access a service provided by a second module and only allowing the first module to access the service when the first module is authorized to access the service according to a service authorization table. The sandbox validator may ensure the first module correctly identifies itself when requesting a service provide by another module and that the first module includes runtime policing functions for non-deterministic operations. A service authorizer may generate an authorization policy for the first module, which is sent to the computing device along with the first module. |
申请公布号 |
US2017034180(A1) |
申请公布日期 |
2017.02.02 |
申请号 |
US201615290791 |
申请日期 |
2016.10.11 |
申请人 |
Guest Tek Interactive Entertainment Ltd. |
发明人 |
Court Gary R. |
分类号 |
H04L29/06;G06F21/62;G06F21/53 |
主分类号 |
H04L29/06 |
代理机构 |
|
代理人 |
|
主权项 |
1. A system for integrating a plurality of modules of computer code, the system comprising:
a memory storing a plurality of instructions and one or more sandbox constraints; a communication interface; and one or more processors coupled to the memory and the communication interface; wherein, by the one or more processors executing the instructions loaded from the memory, the one or more processors are configured to provide:
a sandbox validator operable to parse computer code of a first module received via the communication interface in order to verify that the first module complies with the one or more sandbox constraints;a service authorizer operable to generate a service authorization policy for the first module, the service authorization policy indicating which services provided by a second module of computer code are allowed to be accessed by the first module; anda module integrator operable to only allow the first module to access a particular service provided by the second module when the first module is authorized to access the particular service according to the service authorization policy. |
地址 |
Calgary CA |