CA2592478A1 - System and method of enhancing computer security by using dual desktop technologies - Google Patents
System and method of enhancing computer security by using dual desktop technologies Download PDFInfo
- Publication number
- CA2592478A1 CA2592478A1 CA 2592478 CA2592478A CA2592478A1 CA 2592478 A1 CA2592478 A1 CA 2592478A1 CA 2592478 CA2592478 CA 2592478 CA 2592478 A CA2592478 A CA 2592478A CA 2592478 A1 CA2592478 A1 CA 2592478A1
- Authority
- CA
- Canada
- Prior art keywords
- computer
- desktop
- user
- desktops
- software program
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
Landscapes
- Information Transfer Between Computers (AREA)
Abstract
A system and method of enhancing a computer sysem secuirty provides dual desktops for one user on one computer.
One desktop is assigned low privileges and is used to handle potential risky tasks. Remote desktop technologies combining with two linked user accounts idea are used to create a second additional desktop.
One desktop is assigned low privileges and is used to handle potential risky tasks. Remote desktop technologies combining with two linked user accounts idea are used to create a second additional desktop.
Description
TITLE: SYSTEM AND METHOD OF ENHANCING COMPUTER SECURITY BY
USING DUAL DESKTOP TECHNOLOGIES
BACKGROUND OF THE INVENTION
This invention is related to enhancing computer security. Nowadays, there are many computer viruses, worms, and spy softwares spreading through networks, such as the Internet. There are many solutions for this problem.
A common solution is to set up different user accounts on a computer. Each account is assigned certain privileges defining what operations can be performed through this account. This is a very effective way to protect a computer.
A drawback of the implementation of the above solution is that a computer with a graphic user interface, like Windows single user(non server)systems and Linux systems, only creates one desktop for each user or each user account and allows one user account to be logged in at a time. A
user has to log off an account in order to switch to another account. It's not convenient. In Linux or Unix systems and Windows Vista, whenever higher account privileges are required, a user has to input a password for higher privilege accounts to continue operating. Inputting a password very often is not a pleasant thing to do.
Another big weakness of using user account privileges to protection computers is that an operating system can not pre-defined what programs can be executed through a user account. Because a user will install many other programs later on, the operating system has no way to know what programs will be installed and executed later on. This is one main reason some viruses getting chance to be executed.
A better solution is needed.
To protect a computer, another concept is to isolate the computer system from viruses, worms, etc.
We need a better solution which can use the user account privilege concept easily and isolate a computer system from potential risky environments.
SUMMARY OF THE INVENTION
The invention discloses an enhanced computer system which comprises one computer including an operating system, a monitor (terminal), etc and some software programs. The computer creates two different privilege desktops on its monitor for a user. One desktop is assigned low privileges and is used to handle potential risky tasks, such as browsing the web and sending/receiving e-mail; The other desktop is used to handle administrating and other safe tasks, such as installing a new software, changing system settings, running Word processor, Excel, photo shops, playing games, developing software, etc.
A user can access these two desktops simultaneously.
According to an aspect of the invention, the enhanced computer system gives two different privilege user accounts for one user. One of these two user accounts having low privileges is used to handle potential risky tasks. These two user accounts maybe linked with each other.
According to an aspect of the invention, one user two user accounts concept is used to create two desktops for one user.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 shows a typical computer with two desktops.
Figure 2 shows a flow chart of the process of creating two desktops.
Figure 3 shows a flow chart of the process of creating two desktops after the logging in process.
Figure 4 shows another flow chart of the process of creating two desktops after the logging in process.
Figure 5 shows a second desktop is created by using one of remote desktop technologies on one computer.
Figure 6 shows a second desktop is created by using one of remote desktop technologies combining with a virtual machine technology on one computer.
Figure 7 shows a second desktop is created by using one of remote desktop technologies and an Internet Service Server in a network environment.
Figure 8 shows the Internet Service Server running a different Operating System from the computer.
Figure 9 shows one Internet Service Server serves more than one computer.
USING DUAL DESKTOP TECHNOLOGIES
BACKGROUND OF THE INVENTION
This invention is related to enhancing computer security. Nowadays, there are many computer viruses, worms, and spy softwares spreading through networks, such as the Internet. There are many solutions for this problem.
A common solution is to set up different user accounts on a computer. Each account is assigned certain privileges defining what operations can be performed through this account. This is a very effective way to protect a computer.
A drawback of the implementation of the above solution is that a computer with a graphic user interface, like Windows single user(non server)systems and Linux systems, only creates one desktop for each user or each user account and allows one user account to be logged in at a time. A
user has to log off an account in order to switch to another account. It's not convenient. In Linux or Unix systems and Windows Vista, whenever higher account privileges are required, a user has to input a password for higher privilege accounts to continue operating. Inputting a password very often is not a pleasant thing to do.
Another big weakness of using user account privileges to protection computers is that an operating system can not pre-defined what programs can be executed through a user account. Because a user will install many other programs later on, the operating system has no way to know what programs will be installed and executed later on. This is one main reason some viruses getting chance to be executed.
A better solution is needed.
To protect a computer, another concept is to isolate the computer system from viruses, worms, etc.
We need a better solution which can use the user account privilege concept easily and isolate a computer system from potential risky environments.
SUMMARY OF THE INVENTION
The invention discloses an enhanced computer system which comprises one computer including an operating system, a monitor (terminal), etc and some software programs. The computer creates two different privilege desktops on its monitor for a user. One desktop is assigned low privileges and is used to handle potential risky tasks, such as browsing the web and sending/receiving e-mail; The other desktop is used to handle administrating and other safe tasks, such as installing a new software, changing system settings, running Word processor, Excel, photo shops, playing games, developing software, etc.
A user can access these two desktops simultaneously.
According to an aspect of the invention, the enhanced computer system gives two different privilege user accounts for one user. One of these two user accounts having low privileges is used to handle potential risky tasks. These two user accounts maybe linked with each other.
According to an aspect of the invention, one user two user accounts concept is used to create two desktops for one user.
BRIEF DESCRIPTION OF THE DRAWINGS
Figure 1 shows a typical computer with two desktops.
Figure 2 shows a flow chart of the process of creating two desktops.
Figure 3 shows a flow chart of the process of creating two desktops after the logging in process.
Figure 4 shows another flow chart of the process of creating two desktops after the logging in process.
Figure 5 shows a second desktop is created by using one of remote desktop technologies on one computer.
Figure 6 shows a second desktop is created by using one of remote desktop technologies combining with a virtual machine technology on one computer.
Figure 7 shows a second desktop is created by using one of remote desktop technologies and an Internet Service Server in a network environment.
Figure 8 shows the Internet Service Server running a different Operating System from the computer.
Figure 9 shows one Internet Service Server serves more than one computer.
DETAILED DESCRIPTION OF THE INVENTION
A desktop is a graphic user interface that is used to interact with an operating system and hold a frame for other application software programs. each desktop is assigned with some operation privileges. It is not an ordinary graphic interface which merely interacts with a user. A desktop sets some limits on its user interacting operations according to its privileges. It prohibits a user to perform some operations.
An extension of a desktop is not a new desktop, for example, a computer has two monitors, one desktop is shown on these two monitors, another example for one monitor system is that a desktop is enlarged and only partial of it is shown on a monitor, such as multidesktop from www.gamerstower.com.
In Figure 1, a typical computer 20 having two desktops shown on its monitor 3 is shown. One is a primary desktop 31 which is created by its operating system in the conventional way; the other one,32, is a second desktop created by other software programs assissted by its operating system. One of these two desktops 31 and 32, has low privileges and used to handle potential risky tasks. For example, the desktop 32 is assigned with low privileges and a user can access the Interner 1 through the desktop 32 and at the same time the primary desktop 31 has higer privileges and is used to do system settings. A user can use these two different privilege desktops simultaneously. Having two different privilege desktops simultaneously provides easier usage and better protections.
A desktop is a graphic user interface that is used to interact with an operating system and hold a frame for other application software programs. each desktop is assigned with some operation privileges. It is not an ordinary graphic interface which merely interacts with a user. A desktop sets some limits on its user interacting operations according to its privileges. It prohibits a user to perform some operations.
An extension of a desktop is not a new desktop, for example, a computer has two monitors, one desktop is shown on these two monitors, another example for one monitor system is that a desktop is enlarged and only partial of it is shown on a monitor, such as multidesktop from www.gamerstower.com.
In Figure 1, a typical computer 20 having two desktops shown on its monitor 3 is shown. One is a primary desktop 31 which is created by its operating system in the conventional way; the other one,32, is a second desktop created by other software programs assissted by its operating system. One of these two desktops 31 and 32, has low privileges and used to handle potential risky tasks. For example, the desktop 32 is assigned with low privileges and a user can access the Interner 1 through the desktop 32 and at the same time the primary desktop 31 has higer privileges and is used to do system settings. A user can use these two different privilege desktops simultaneously. Having two different privilege desktops simultaneously provides easier usage and better protections.
In order to provide a better protection for a computer, the desktop with low privileges can have its privilges specifically fixed. For example, the desktop 32 with low privileges will execute only an Internet browser and an Email client programs, no any other programs will be executed through this desktop 32. Later user installed programs will be executed through the other desktops 31.
To add more convenience, the second desktop 32 can have a different appearance, such as a different background color from the primary desktop 31. This lets a user know which desktop he/she is in.
In Figure 2, a flow chart of creating two desktops is shown. It starts from a user account being used to log in into a computer system. The computer system evaluates the privileges of the user account. If the privileges is high,such as having the privileges of installing new software programs or changing system settings, the computer system will automatically create two desktops on its monitor.
One of these two desktops is assigned with low privileges and is used to handle potential risky tasks, such as browsing the web and sending/receiving e-mail. The other desktop is used to handle administrating and other safe tasks, such as installing a new software, changing system settings, running Word processor, Excel, photo shops, playing games, developing software, etc.
If a low privilege account is logged in, such as a guest account, the computer system only produces one desktop to be used to handle potential risky and non-administrating tasks.
In Figure 3, another creating two desktop flow chart is shown. Only one desktop is created after the logging in process. If a high privilege account is used to log in, the high privilege desktop is created automatically. The low privilege desktop can be created by clicking an shortcut icon of a software program which is capable of creating a second desktop; Or the low privilegedesktop can be created when a software program which is used to handle potential risky tasks,such as an Internet browser is launched.
If a low privilege account is used to log in, a low privilege desktop is created.
In Figure 4, another creating two desktop flow chart is shown. Only a low desktop is created after the logging in process.
If a high privilege account is used to log in, the other high privilege desktop can be created automatically by openning a software program which is capable of changing system settings.
If a low privilege account is used to log in, only one low privilege desktop is created and is used to surf the web.
Figure 3 and 4 shows that after a user logs in into the computer, only one desktop is created, the other desktop will be created when it's needed.
To add more convenience, the second desktop 32 can have a different appearance, such as a different background color from the primary desktop 31. This lets a user know which desktop he/she is in.
In Figure 2, a flow chart of creating two desktops is shown. It starts from a user account being used to log in into a computer system. The computer system evaluates the privileges of the user account. If the privileges is high,such as having the privileges of installing new software programs or changing system settings, the computer system will automatically create two desktops on its monitor.
One of these two desktops is assigned with low privileges and is used to handle potential risky tasks, such as browsing the web and sending/receiving e-mail. The other desktop is used to handle administrating and other safe tasks, such as installing a new software, changing system settings, running Word processor, Excel, photo shops, playing games, developing software, etc.
If a low privilege account is logged in, such as a guest account, the computer system only produces one desktop to be used to handle potential risky and non-administrating tasks.
In Figure 3, another creating two desktop flow chart is shown. Only one desktop is created after the logging in process. If a high privilege account is used to log in, the high privilege desktop is created automatically. The low privilege desktop can be created by clicking an shortcut icon of a software program which is capable of creating a second desktop; Or the low privilegedesktop can be created when a software program which is used to handle potential risky tasks,such as an Internet browser is launched.
If a low privilege account is used to log in, a low privilege desktop is created.
In Figure 4, another creating two desktop flow chart is shown. Only a low desktop is created after the logging in process.
If a high privilege account is used to log in, the other high privilege desktop can be created automatically by openning a software program which is capable of changing system settings.
If a low privilege account is used to log in, only one low privilege desktop is created and is used to surf the web.
Figure 3 and 4 shows that after a user logs in into the computer, only one desktop is created, the other desktop will be created when it's needed.
In order to fully make the usage of user account privilege concept, one user can be assigned with two different privilege user accounts. The one user two user account concept will let one user have two user accounts.
This idea has some advantages.
One of these advantages is a user's privileges can be implemented among two different privilege user accounts and the low privilege account has very specific and even fixed operations. No other software programs will be executed through this low privilege account. Later user-installed program will be executed through the other high privilege account. This will take the full usage of the user account privilages concept.
In order to provide more convenience, the two user accounts for one user should be linked. It means the user's personal data will be stored among these two accounts and these two accounts can be logged in by just logging in one of them, that means logging in into one account will be automatically logging in into the other one; these two accounts will have different privileges. The low privilege account will only executed pre-defined software programs.
Two linked user accounts provides a lot of convenience.
A user's Internet related data, for example favorites websites, email account information, will be stored in the low privilege account, everytime a user logs in into one of his two linked account, his personal data are retrived and ready for him to use.
This idea has some advantages.
One of these advantages is a user's privileges can be implemented among two different privilege user accounts and the low privilege account has very specific and even fixed operations. No other software programs will be executed through this low privilege account. Later user-installed program will be executed through the other high privilege account. This will take the full usage of the user account privilages concept.
In order to provide more convenience, the two user accounts for one user should be linked. It means the user's personal data will be stored among these two accounts and these two accounts can be logged in by just logging in one of them, that means logging in into one account will be automatically logging in into the other one; these two accounts will have different privileges. The low privilege account will only executed pre-defined software programs.
Two linked user accounts provides a lot of convenience.
A user's Internet related data, for example favorites websites, email account information, will be stored in the low privilege account, everytime a user logs in into one of his two linked account, his personal data are retrived and ready for him to use.
Two linked accounts method makes a user feels that he is dealing with only one user account.
One user two user account concept can be used to create two desktops. Each user account has its own desktop and this desktop has the same privileges as its user account. One user two accounts can give one user two desktops.
In order to let the two desktops for one user show on one monitor at the same time and also let a user access these two desktops simultaneously, a remote desktop technology combining with one user two user account concept can be used to create a second desktop.
Remote desktop technologies have some advantages. One advantage is its desktop can be shown on a monitor just as another application. Its desktop can be shown at the same time with the host desktop that is created by the host operating system in the conventional way. And a remote desktop technology provides screen-edge switching which makes a user feel like he/she is using one desktop instead of two. A remote desktop can be resized, minimized, maximized and moved. It gives a user instantly access.
Second advantage is having a clickboard redirection feature. This feature lets these two desktops exchange data very easily. For example, in Figure 5, some words in a textpad are selected and copied to the clickboard in the remote desktop 34, then they can be pasted into a Word file opened in the primary desktop 31.
One user two user account concept can be used to create two desktops. Each user account has its own desktop and this desktop has the same privileges as its user account. One user two accounts can give one user two desktops.
In order to let the two desktops for one user show on one monitor at the same time and also let a user access these two desktops simultaneously, a remote desktop technology combining with one user two user account concept can be used to create a second desktop.
Remote desktop technologies have some advantages. One advantage is its desktop can be shown on a monitor just as another application. Its desktop can be shown at the same time with the host desktop that is created by the host operating system in the conventional way. And a remote desktop technology provides screen-edge switching which makes a user feel like he/she is using one desktop instead of two. A remote desktop can be resized, minimized, maximized and moved. It gives a user instantly access.
Second advantage is having a clickboard redirection feature. This feature lets these two desktops exchange data very easily. For example, in Figure 5, some words in a textpad are selected and copied to the clickboard in the remote desktop 34, then they can be pasted into a Word file opened in the primary desktop 31.
There are at least 3 ways of using a remote desktop technology to create a second desktop.
First way of using a remote desktop technology to create a second desktop is shown in Figure 5. The computer 21 runs both a remote desktop client software program and a remote desktop server software program in itself. And the operating system of the computer 21 allows two user accounts simultaneouly logged in.
When a user logged in into the computer 21 by using a high privilege account, the computer 21 will use a low privilege user account to launch the remote desktop client software, and the remote desktop client will connect to the local remote desktop server and produce the local remote desktop 34. The desktop 34 will be used to browser the Internet 1 and check emails.
The remote desktop 34 also can be a higher privilege desktop, the other primary desktop 31 can be a low privilege one.
The computer 21 also can run other software programs to assist the remote desktop client software to build the second desktop. For example, if a remote desktop technology is implemented within the Internet environment, such as Citrix's GoToMyPC, the computer 21 can have a web server and other software installed to imitate the Internet environment to implement a remote desktop.
First way of using a remote desktop technology to create a second desktop is shown in Figure 5. The computer 21 runs both a remote desktop client software program and a remote desktop server software program in itself. And the operating system of the computer 21 allows two user accounts simultaneouly logged in.
When a user logged in into the computer 21 by using a high privilege account, the computer 21 will use a low privilege user account to launch the remote desktop client software, and the remote desktop client will connect to the local remote desktop server and produce the local remote desktop 34. The desktop 34 will be used to browser the Internet 1 and check emails.
The remote desktop 34 also can be a higher privilege desktop, the other primary desktop 31 can be a low privilege one.
The computer 21 also can run other software programs to assist the remote desktop client software to build the second desktop. For example, if a remote desktop technology is implemented within the Internet environment, such as Citrix's GoToMyPC, the computer 21 can have a web server and other software installed to imitate the Internet environment to implement a remote desktop.
Second way of using a remote desktop technology to create a second desktop is shown in Figure 6. This implementation uses a virutal machine technology. In a computer 22, there are two operating systems running at the same time along with a virtual machine software program.
One operating system is a primary operating system and has the remote desktop client software program installed and the other operating system is a second operating system and has the remote desktop server software program installed. The primary operating system will create two desktops, one is its own primary desktop 31 and the other is a local remote desktop 35 of the second operating system.
This way is suitable when the primary operating system only allows one user account to be logged in at a time. And also it's suitalbe for using two operating systems to be used in one computer. The two operating systems can be the same or be different from each other.
The above first way and second way of using a remote desktop technology to create a second desktop is suitable for only one computer being used, such as one personal computer, or one laptop. This implementation provides a self-protection solution for one computer.
Third way of using a remote desktop technology to create a second desktop is shown in Figure 7. The creation is implemented through a network. A remote desktop server software program is installed in a computer 4, called an Internet Service Server. Another computer 23 has the remote desktop client software installed. These two computers 4 and 23 are connected by a network. The Internet Service Server 4 has connection to the Internet 1.
When a user logs in into the computer 23 with a high privilege user account, the computer 23 will use a low privilege user account to launch the remote desktop client software. The client software will connect with the remote desktop server software program installed in the Internet Servie Server 4, and create a remote desktop 36 of the Internet Service Server 4 on the computer 23's monitor 3.
The remote desktop 36 will be used to handle potential risky tasks. The low privilege account used to build a remote desktop of the Internet Service Server 4 will provide certain protections for the Internet Service Server 4.
One advantage of this network implementation is that the computer 23 is isolated from the Internet 1. It is 100%
secure from any internet viruses, worms, etc. The computer 23 doesn't need an Internet connection. The computer 23 only needs to connect to the Internet Service Server 4 and uses a remote desktop to access the Internet 1. Hence, the computer 23 is totally isolated from viruses, worms, etc.
Because the Internet Service Server 4 only provide the Internet service, it can be a dedicated computer, it runs only pre-deifned software programs. This will give the Interent Service Server an extra protection.
If a remote desktop is implemented through the Internet, such as using VPN, GoToMyPC, the computer 23 can have highly restricted access to the Internet 1, or can only access certain trustworthy websites.
_11_ The computer 23 can have the Internet 1 access if it will use VOIP phone software, such as Skype, or other safe network-related software programs.
A shared storage area can be set up between the Internet Service Server 4 and the computer 23 for data exchanging. All files that are downloaded from the Internet 1 can be stored in a folder in the Internet Service Server 4 first. If a downloaded file needs to be opened in the computer 23, it will be examined before being moved to the shared folder.
This network implementation fits in with an existing regular computer system easily. A regular computer just needs to have some software installed, such as a remote desktop client software program to enjoy the benefit of the enhanced system.
Another variation of this network implementation is shown in Figure 8. There, the Internet Service Server 4 runs a different operating system from the computer 23. The Internet Service Server 4 runs a Linux system. The computer 23 runs a Windows system. On the computer 23, there are two desktops, one is remote Linux desktop 38; the other is primary windows desktop 37. Viruses which target Linux systems are rare. This will make this whole system more secure because no virus will attack more than one different operating systems.
Another variation of the network implementation is shown in Figure 9. There, one Internet Service Server 4 is serving two computers 25 and 26. Each computer 25 or 26 is assigned a session by the Internet Service Server 4. This is a good scheme for home networks or office environments where more computers are used.
Sometimes a remote desktop is referred to as a virtual desktop or a virtual terminal. A remote desktop server software program is referred as a remote terminal service.
There are several technologies which can be used to implement a remote desktop, such as the remote desktop provided in Windows XP; remote terminal service in Windows 2000 server; X windows in Linux; and Citrix's remote access;
VPN (virtual private network), or VNC (virtual network computing), etc.
A computer or an Internet Service Server can be a Laptop, a Desktop, or a Handheld computer system.
One operating system is a primary operating system and has the remote desktop client software program installed and the other operating system is a second operating system and has the remote desktop server software program installed. The primary operating system will create two desktops, one is its own primary desktop 31 and the other is a local remote desktop 35 of the second operating system.
This way is suitable when the primary operating system only allows one user account to be logged in at a time. And also it's suitalbe for using two operating systems to be used in one computer. The two operating systems can be the same or be different from each other.
The above first way and second way of using a remote desktop technology to create a second desktop is suitable for only one computer being used, such as one personal computer, or one laptop. This implementation provides a self-protection solution for one computer.
Third way of using a remote desktop technology to create a second desktop is shown in Figure 7. The creation is implemented through a network. A remote desktop server software program is installed in a computer 4, called an Internet Service Server. Another computer 23 has the remote desktop client software installed. These two computers 4 and 23 are connected by a network. The Internet Service Server 4 has connection to the Internet 1.
When a user logs in into the computer 23 with a high privilege user account, the computer 23 will use a low privilege user account to launch the remote desktop client software. The client software will connect with the remote desktop server software program installed in the Internet Servie Server 4, and create a remote desktop 36 of the Internet Service Server 4 on the computer 23's monitor 3.
The remote desktop 36 will be used to handle potential risky tasks. The low privilege account used to build a remote desktop of the Internet Service Server 4 will provide certain protections for the Internet Service Server 4.
One advantage of this network implementation is that the computer 23 is isolated from the Internet 1. It is 100%
secure from any internet viruses, worms, etc. The computer 23 doesn't need an Internet connection. The computer 23 only needs to connect to the Internet Service Server 4 and uses a remote desktop to access the Internet 1. Hence, the computer 23 is totally isolated from viruses, worms, etc.
Because the Internet Service Server 4 only provide the Internet service, it can be a dedicated computer, it runs only pre-deifned software programs. This will give the Interent Service Server an extra protection.
If a remote desktop is implemented through the Internet, such as using VPN, GoToMyPC, the computer 23 can have highly restricted access to the Internet 1, or can only access certain trustworthy websites.
_11_ The computer 23 can have the Internet 1 access if it will use VOIP phone software, such as Skype, or other safe network-related software programs.
A shared storage area can be set up between the Internet Service Server 4 and the computer 23 for data exchanging. All files that are downloaded from the Internet 1 can be stored in a folder in the Internet Service Server 4 first. If a downloaded file needs to be opened in the computer 23, it will be examined before being moved to the shared folder.
This network implementation fits in with an existing regular computer system easily. A regular computer just needs to have some software installed, such as a remote desktop client software program to enjoy the benefit of the enhanced system.
Another variation of this network implementation is shown in Figure 8. There, the Internet Service Server 4 runs a different operating system from the computer 23. The Internet Service Server 4 runs a Linux system. The computer 23 runs a Windows system. On the computer 23, there are two desktops, one is remote Linux desktop 38; the other is primary windows desktop 37. Viruses which target Linux systems are rare. This will make this whole system more secure because no virus will attack more than one different operating systems.
Another variation of the network implementation is shown in Figure 9. There, one Internet Service Server 4 is serving two computers 25 and 26. Each computer 25 or 26 is assigned a session by the Internet Service Server 4. This is a good scheme for home networks or office environments where more computers are used.
Sometimes a remote desktop is referred to as a virtual desktop or a virtual terminal. A remote desktop server software program is referred as a remote terminal service.
There are several technologies which can be used to implement a remote desktop, such as the remote desktop provided in Windows XP; remote terminal service in Windows 2000 server; X windows in Linux; and Citrix's remote access;
VPN (virtual private network), or VNC (virtual network computing), etc.
A computer or an Internet Service Server can be a Laptop, a Desktop, or a Handheld computer system.
Claims (23)
1. A system of enhancing computer security comprising a computer, an operating system and other software programs, said computer creating two desktops by adding a second additional desktop for one user, one of these two desktops has low privileges and is used to handle risky tasks.
2. A system as claimed in claim 1 wherein one of said two desktops assigned with low privileges only capable of executing specific programs.
3. A system as claimed in claim 1 wherein said two desktops are created automatically when a user logs in into said computer.
4. A system as claimed in claim 1 wherein said second additional desktop is created when a software program that is designated to be executed in said second additional desktop is launched.
5. A system as claimed in claim 1 wherein said second additional desktop is created when an icon or shortcut for a software program that is capable of creating said second additional desktop is launched or double clicked.
6. A system as claimed in claim 1 wherein said second additional desktop is created when a software program that is used to handle potential risky tasks is launched.
7. A system as claimed in claim 1 wherein said computer only creating one desktop after a user logs in, said second additional desktop is created when it's needed.
8. A system as claimed in claim 1 wherein said two desktops are created by using two user accounts, one of these two user accounts is assigned with low privileges and is used to handle potential risky tasks.
9. A system as claimed in claim 8 wherein one of said two user accounts assigned with low privileges only capable of executing specific programs.
10. A system as claimed in claim 1 wherein said two desktops are created through two linked user accounts.
11. A system as claimed in claim 10 wherein one of said two linked user accounts only let pre-defined software programs be executed.
12. A system as claimed in claim 1 wherein said computer running both a remote desktop server software program and a remote desktop client software program locally to produce a remote desktop as one of said two desktops.
13. A system as claimed in claim 1 wherein said computer running a virtual machine software program and running two operating systems simultaneously, one is a primary operating system and the other is a second operating system, said computer also running a remote desktop server software program in said second operating system and a remote desktop client software program in said primary operating system; said computer produces a remote desktop of said second operating system as a second additional desktop for said primary operating system.
14. A system as claimed in claim 1 further comprising an Internet Service Server running a remote desktop server software program, said computer runs a remote desktop client software program and creates a second additional desktop by creating a remote desktop of said Internet Service Server.
15. A system claimed in claim 14 wherein said computer has no connection to the Internet.
16. A system claimed in claim 14 wherein said computer has restricted access to the Internet.
17. A system claimed in claim 14 wherein said Internet Service Server uses a different operating system from said computer.
18. A system claimed in claim 14 wherein said Internet Service Server runs only pre-defined software programs.
19. A system claimed in claim 14 wherein said Internet Service Server is capable of serving more than one said computer simultaneously.
20. A system of enhancing computer security comprising a computer, an operating system and other software programs, said computer creating two user accounts for one user, one of these two accounts has low privileges and is used to handle risky tasks.
21. A system as claimed in claim 20 wherein one of said two user accounts assigned with low privileges and only capable of executing specific programs.
22. A system as claimed in claim 20 wherein said two user accounts linked with each other.
23. A method of enhancing computer security comprising logging in into a computer being capable of creating two different privilege desktops, using one desktop being assigned low privileges to perform potential risky, network-related tasks.
Applications Claiming Priority (2)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| US11/701,487 US20080126978A1 (en) | 2006-11-28 | 2007-02-02 | System and method of enhancing computer security by using dual desktop technologies |
| US11/701,487 | 2007-02-02 |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CA2592478A1 true CA2592478A1 (en) | 2008-08-02 |
Family
ID=39671568
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CA 2592478 Abandoned CA2592478A1 (en) | 2007-02-02 | 2007-07-13 | System and method of enhancing computer security by using dual desktop technologies |
Country Status (1)
| Country | Link |
|---|---|
| CA (1) | CA2592478A1 (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105830028A (en) * | 2014-07-11 | 2016-08-03 | 华为技术有限公司 | Method and terminal for executing human-computer interaction function |
-
2007
- 2007-07-13 CA CA 2592478 patent/CA2592478A1/en not_active Abandoned
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105830028A (en) * | 2014-07-11 | 2016-08-03 | 华为技术有限公司 | Method and terminal for executing human-computer interaction function |
| EP3159793A4 (en) * | 2014-07-11 | 2017-05-17 | Huawei Technologies Co. Ltd. | Method and terminal for executing human-computer interaction function |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20080126978A1 (en) | System and method of enhancing computer security by using dual desktop technologies | |
| JP6775603B2 (en) | Virtual browser integration | |
| US9626204B1 (en) | Automated provisioning of secure virtual execution environment using virtual machine templates based on source code origin | |
| US11023088B2 (en) | Composing the display of a virtualized web browser | |
| US10348711B2 (en) | Restricting network access to untrusted virtual machines | |
| US8839245B1 (en) | Transferring files using a virtualized application | |
| US9830430B2 (en) | Inherited product activation for virtual machines | |
| US8972980B2 (en) | Automated provisioning of secure virtual execution environment using virtual machine templates based on requested activity | |
| JP5483884B2 (en) | Seamless integration of multiple computing environments | |
| US10055231B1 (en) | Network-access partitioning using virtual machines | |
| US8849941B2 (en) | Virtual desktop configuration and operation techniques | |
| US8752047B2 (en) | Automated management of virtual machines to process untrusted data based on client policy information | |
| US9201850B1 (en) | Composing the display of a virtualized web browser | |
| CN102420846A (en) | Remote access to hosted virtual machines by enterprise users | |
| WO2009014975A1 (en) | System and methods providing secure workspace sessions | |
| US8813252B2 (en) | Request based license mode selection | |
| US9104837B1 (en) | Exposing subset of host file systems to restricted virtual machines based on upon performing user-initiated actions against host files | |
| US20220004623A1 (en) | Managed isolated workspace on a user device | |
| US10986137B2 (en) | Clipboard hardening | |
| US10310696B1 (en) | Supporting a consistent user interface within a virtualized environment | |
| US9558051B1 (en) | Inter-process communication router within a virtualized environment | |
| US9727534B1 (en) | Synchronizing cookie data using a virtualized browser | |
| US9460293B1 (en) | Clipboard hardening | |
| CA2592478A1 (en) | System and method of enhancing computer security by using dual desktop technologies | |
| US20040103320A1 (en) | Multiple network access |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| FZDE | Dead |