发明名称 |
ALLOWING FIRST MODULE OF COMPUTER CODE RECEIVED FROM VENDOR TO MAKE USE OF SERVICE PROVIDED BY SECOND MODULE WHILE ENSURING SECURITY OF SYSTEM |
摘要 |
A system for integrating modules of computer code may include a sandbox validator for receiving a first module and verifying that the first module complies with one or more sandbox constraints. A computing device may execute the first module within a runtime environment. A module integrator may operate within the runtime environment for receiving a request from the first module to access a service provided by a second module and only allowing the first module to access the service when the first module is authorized to access the service according to a service authorization table. The sandbox validator may ensure the first module correctly identifies itself when requesting a service provide by another module and that the first module includes runtime policing functions for non-deterministic operations. A service authorizer may generate an authorization policy for the first module, which is sent to the computing device along with the first module. |
申请公布号 |
US2015235041(A1) |
申请公布日期 |
2015.08.20 |
申请号 |
US201514702729 |
申请日期 |
2015.05.03 |
申请人 |
Guest Tek Interactive Entertainment Ltd. |
发明人 |
Court Gary R. |
分类号 |
G06F21/62;G06F21/53;G06F9/46 |
主分类号 |
G06F21/62 |
代理机构 |
|
代理人 |
|
主权项 |
1. A system for integrating a plurality of modules of computer code, the system comprising:
a computer server having one or more processors coupled to memory and a network interface, wherein, by the one or more processors executing instructions loaded from the memory, the one or more processors are configured to provide:
a vendor interface accessible via the network interface, the vendor interface operable to receive a first module of computer code from a vendor;a sandbox validator operable to parse the computer code of the first module in order to verify that the first module complies with one or more sandbox constraints;a service authorizer operable to generate a service authorization policy for the first module, the service authorization policy indicating which services provided by a second module of computer code are allowed to be accessed by the first module; anda module distributor operable to send the first module along with the service authorization policy to a computing device that already includes the second module; and the computing device, wherein, when executing the first module, a module integrator running on the computing device only allows the first module to access a particular service provided by the second module when the first module is authorized to access the particular service according to the service authorization policy. |
地址 |
Calgary CA |