US20030212890A1 - Network provider loop security system and method - Google Patents
Network provider loop security system and method Download PDFInfo
- Publication number
- US20030212890A1 US20030212890A1 US10/425,497 US42549703A US2003212890A1 US 20030212890 A1 US20030212890 A1 US 20030212890A1 US 42549703 A US42549703 A US 42549703A US 2003212890 A1 US2003212890 A1 US 2003212890A1
- Authority
- US
- United States
- Prior art keywords
- user
- network
- desktop
- workstation
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Abandoned
Links
- 238000000034 method Methods 0.000 title claims abstract description 119
- 238000004891 communication Methods 0.000 claims abstract description 20
- 230000003993 interaction Effects 0.000 claims abstract description 5
- 230000000873 masking effect Effects 0.000 claims abstract description 4
- 230000008569 process Effects 0.000 claims description 84
- 238000004590 computer program Methods 0.000 claims description 8
- 238000012544 monitoring process Methods 0.000 claims description 7
- 230000002093 peripheral effect Effects 0.000 claims description 7
- 230000000903 blocking effect Effects 0.000 claims description 4
- 230000000977 initiatory effect Effects 0.000 claims description 2
- 230000003472 neutralizing effect Effects 0.000 claims 3
- 230000005465 channeling Effects 0.000 abstract description 2
- 230000004044 response Effects 0.000 description 11
- 230000006870 function Effects 0.000 description 7
- 238000012545 processing Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000001914 filtration Methods 0.000 description 4
- 238000011068 loading method Methods 0.000 description 4
- PCTMTFRHKVHKIS-BMFZQQSSSA-N (1s,3r,4e,6e,8e,10e,12e,14e,16e,18s,19r,20r,21s,25r,27r,30r,31r,33s,35r,37s,38r)-3-[(2r,3s,4s,5s,6r)-4-amino-3,5-dihydroxy-6-methyloxan-2-yl]oxy-19,25,27,30,31,33,35,37-octahydroxy-18,20,21-trimethyl-23-oxo-22,39-dioxabicyclo[33.3.1]nonatriaconta-4,6,8,10 Chemical compound C1C=C2C[C@@H](OS(O)(=O)=O)CC[C@]2(C)[C@@H]2[C@@H]1[C@@H]1CC[C@H]([C@H](C)CCCC(C)C)[C@@]1(C)CC2.O[C@H]1[C@@H](N)[C@H](O)[C@@H](C)O[C@H]1O[C@H]1/C=C/C=C/C=C/C=C/C=C/C=C/C=C/[C@H](C)[C@@H](O)[C@@H](C)[C@H](C)OC(=O)C[C@H](O)C[C@H](O)CC[C@@H](O)[C@H](O)C[C@H](O)C[C@](O)(C[C@H](O)[C@H]2C(O)=O)O[C@H]2C1 PCTMTFRHKVHKIS-BMFZQQSSSA-N 0.000 description 3
- 230000003213 activating effect Effects 0.000 description 3
- 230000008859 change Effects 0.000 description 3
- 238000007726 management method Methods 0.000 description 3
- 230000004075 alteration Effects 0.000 description 2
- 230000008901 benefit Effects 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 230000000694 effects Effects 0.000 description 2
- 230000000737 periodic effect Effects 0.000 description 2
- 239000000126 substance Substances 0.000 description 2
- 238000010200 validation analysis Methods 0.000 description 2
- 101000746134 Homo sapiens DNA endonuclease RBBP8 Proteins 0.000 description 1
- 101000969031 Homo sapiens Nuclear protein 1 Proteins 0.000 description 1
- 102100021133 Nuclear protein 1 Human genes 0.000 description 1
- 230000006978 adaptation Effects 0.000 description 1
- 101150091027 ale1 gene Proteins 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 238000013475 authorization Methods 0.000 description 1
- 230000006399 behavior Effects 0.000 description 1
- 230000019771 cognition Effects 0.000 description 1
- 230000001276 controlling effect Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000013523 data management Methods 0.000 description 1
- 230000001419 dependent effect Effects 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000003340 mental effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000007935 neutral effect Effects 0.000 description 1
- 230000008520 organization Effects 0.000 description 1
- 230000001105 regulatory effect Effects 0.000 description 1
- 230000004043 responsiveness Effects 0.000 description 1
- 210000001525 retina Anatomy 0.000 description 1
- 230000007781 signaling event Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/28—Restricting access to network management systems or functions, e.g. using authorisation function to access network configuration
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/08—Payment architectures
- G06Q20/085—Payment architectures involving remote charge determination or related payment systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/40—Authorisation, e.g. identification of payer or payee, verification of customer or shop credentials; Review and approval of payers, e.g. check credit lines or negative lists
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L41/00—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
- H04L41/22—Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/083—Network architectures or network communication protocols for network security for authentication of entities using passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/102—Entity profiles
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/104—Grouping of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/105—Multiple levels of security
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/2866—Architectures; Arrangements
- H04L67/30—Profiles
- H04L67/306—User profiles
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/10—Office automation; Time management
- G06Q10/109—Time management, e.g. calendars, reminders, meetings or time accounting
- G06Q10/1091—Recording time for administrative or management purposes
Definitions
- the invention relates to network administration software. More specifically, the field of the invention is that of network administration software for managing user workstations access to resources on a network.
- Computer networks are arranged so that a multitude of users can access common network resources.
- Each user has a workstation, typically a stand alone personal computer which is connected through a suitable communications link to the other computers of the network.
- the network administrator is a program which runs on the network server or an administrator workstation which coordinates and manages the access and security of the users on the network.
- the management of users involves allocating and facilitating access to resources such as programs and data files which are needed or desired by particular users.
- a network interface program is used to identify, verify, and authorize a network user access to various network resources.
- the security provisions involve allowing only the appropriate users access to certain programs and data files to maintain the integrity and privacy of the network system.
- Networks can be administered by a single operating system running on the components of a network can coordinate desktop and servers, for example a version of the Windows NT operating system by Microsoft Corporation.
- desktop and servers for example a version of the Windows NT operating system by Microsoft Corporation.
- a network user must gain access, or logon, to the computer network and second the network user must gain access to program(s) on the server.
- a logon interface package termed a GINA (Graphical Identification aNd Authentication) is used to obtain the user name and password from the workstation and assign operating system SIDs (Security Identifiers) to the user's workstation session.
- GINA Graphical Identification aNd Authentication
- SIDs Security Identifiers
- the GINA provides a high level of security, but for the combination of single machine operating systems, a possible security breach may exist between the workstation logon and the network logon.
- Desktop administration programs provide each user with an individual view of the user's workstation configuration, the network, and the resources available over the network. Such programs conventionally provide a graphic user interface and operate under several constraints.
- One constraint involves the transparency of the desktop administration program. Transparency in this context means the ability of a user to ascertain the presence of the program merely from observing the operation of the user's workstation. Ideally, a user should not be able to detect the presence of the desktop administration program.
- Another constraint involves the underlying operating system of the workstation computer and the network. Ideally, the desktop administration program should not interfere with the operation of any portion of the underlying operating system.
- the management of individual user preferences also constrains desktop administration programs. Ideally, the user's modifications of a desktop configuration should not corrupt the desktop administration program's management of user desktops.
- Known desktop replacement or administration programs have difficulties in one or more of these constraints.
- the desktop user In order for the desktop administration program to provide access to a network resource, the desktop user must create an authenticated connection over the network.
- a Registry program on the workstation sets up and helps to administer the authenticated connection, allowing the desktop user to operate with the network resources.
- the Registry maintains a list of network resources and identifiers so that the workstation can determine when a network message is intended for the local desktop.
- the Registry may include access information relating to the user.
- the operating system is entered as the “primary process” and has precedence over all the other processes in the multi-tasking environment. All other processes are secondary processes, and can be interrupted, terminated, or otherwise controlled by the primary process.
- the Registry may include security identifiers (SIDs) such as session encryption keys, passwords, or the like.
- SIDs security identifiers
- One potential problem with the aforementioned possible security breach involves corruption and manipulation of the Registry list and the information and codes contained within the Registry list.
- the present invention is a desktop administration system and method which allows a network administrator to remotely create, protect, and manage desktops across a network.
- the invention operates to fill the gap between the workstation and network logon procedures so that the local user stays within the predefined security profiles.
- the methodology used involves the program of the present invention installing itself as the controlling process invoked by the workstation and preventing any other process from gaining control of the user terminal.
- the invention then provides a graphic user interface to construct user desktops, apply restriction options, maintain transaction logs, and password protect any object accessible from the user workstation. The invention allows these functions without altering how a user works on the desktop, or the capacities of the underlying operating system or network.
- Each workstation includes a personal desktop facility (PDF) and a Daemon which protects the user's desktop.
- the personal desktop facility receives desktop information from the network server and builds a desktop which the user manipulates to invoke local and/or network programs and access local and/or network utilities.
- the PDF further creates the expected links and interfaces with network resources for the user's profile, while the other programs running on the workstation have no cognition of the change of control.
- the Daemon serves as an interface for the personal desktop facility by channeling any communication to or from the user or the network, preventing unauthorized transactions at either the workstation or network level.
- the personal desktop facility provides a graphic user interface using objects that represent collections of programs and data, such as user preferences, default directories, and access privileges.
- the PDF can create objects, remove objects, and alter object settings. Providing a user with the proper collection of objects with the proper settings creates a workstation tailored to the users needs, thus increasing the efficiency of the user.
- the daemon has many tasks, including starting the PDF, enumerating the windows of the graphic user interface, and recording operations.
- Starting the PDF may involve obtaining security clearance, and includes loading the user's desktop from the server.
- Enumerating the windows of the graphic user interface facilitates proper operation of the desktop and the programs running under it.
- Recording operations may involve creating a log of user operations, such as tagging or signaling events when they occur, noting the usage of passwords, and the startup and exit of the desktop from the network connection.
- the present invention provides several significant advantages.
- the network administrator may standardize desktops quickly and uniformly by manipulating the server's database of personal desktop profiles, or by modifying common desktop objects which are stored on the server. Users may also be mobile across the network, because regardless of which machine they use, the PDF will load their personal desktop file from the network server.
- the Daemon further protects the desktop from inadvertent damage, and prevents intentional alteration of the network architecture.
- the present invention in one form, relates to.
- the present invention in another form, is a method for.
- Another aspect of the invention relates to a machine-readable program storage device for storing encoded instructions for a method of providing user access to resources in a network of computers including a server and a workstation according to the foregoing method.
- FIG. 1 is a schematic diagrammatic view of a computer network using the present invention.
- FIG. 2 is a flow chart diagram of the operation of the present invention relating to workstation desktop operation.
- FIG. 3 is a flow chart diagram of the operation of the present invention in an embodiment relating to the network provider loop.
- Data structures greatly facilitate data management by data processing systems, and are not accessible except through sophisticated software systems.
- Data structures are not the information content of a memory, rather they represent specific electronic structural elements which impart a physical organization on the information stored in memory. More than mere abstraction, the data structures are specific electrical or magnetic structural elements in memory which simultaneously represent complex data accurately and provide increased efficiency in computer operation.
- the manipulations performed are often referred to in terms, such as comparing or adding, commonly associated with mental operations performed by a human operator. No such capability of a human operator is necessary, or desirable in most cases, in any of the operations described herein which form part of the present invention; the operations are machine operations.
- Useful machines for performing the operations of the present invention include general purpose digital computers or other similar devices. In all cases the distinction between the method operations in operating a computer and the method of computation itself should be recognized.
- the present invention relates to a method and apparatus for operating a computer in processing electrical or other (e.g., mechanical, chemical) physical signals to generate other desired physical signals.
- the present invention also relates to an apparatus for performing these operations.
- This apparatus may be specifically constructed for the required purposes or it may comprise a general purpose computer as selectively activated or reconfigured by a computer program stored in the computer.
- the algorithms presented herein are not inherently related to any particular computer or other apparatus.
- various general purpose machines may be used with programs written in accordance with the teachings herein, or it may prove more convenient to construct more specialized apparatus to perform the required method steps. The required structure for a variety of these machines will appear from the description below.
- the present invention deals with “object-oriented” software, and particularly with an “object-oriented” operating system.
- the “object-oriented” software is organized into “objects”, each comprising a block of computer instructions describing various procedures (“methods”) to be performed in response to “messages” sent to the object.
- Such operations include, for example, the manipulation of variables and the transmission of one or more messages to other objects.
- Messages are sent and received between objects having certain functions and knowledge to carry out processes.
- Messages are generated in response to user instructions, for example, by a user activating an icon with a “mouse” pointer.
- messages may be generated by an object in response to the receipt of a message.
- the object When one of the objects receives a message, the object carries out an operation (a message procedure) corresponding to the message and, if necessary, returns a result of the operation.
- Each object has a region where internal states (instance variables) of the object itself are stored and where the other objects are not allowed to access.
- One feature of the object-oriented system is inheritance. For example, an object for drawing a “circle” on a display may inherit functions and knowledge from another object for drawing a “shape” on a display.
- a programmer “programs” in an object-oriented programming language by writing individual blocks of code each of which creates an object by defining its methods.
- a collection of such objects adapted to communicate with one another by means of messages comprises an object-oriented program.
- Object-oriented computer programming facilitates the modeling of interactive systems in that each component of the system can be modeled with an object, the behavior of each component being simulated by the methods of its corresponding object, and the interactions between components being simulated by messages transmitted between objects.
- An operator may stimulate a collection of interrelated objects comprising an object-oriented program by sending a message to one of the objects.
- the receipt of the message may cause the object to respond by carrying out predetermined functions which may include sending additional messages to one or more other objects.
- the other objects may in turn carry out additional functions in response to the messages they receive, including sending still more messages.
- sequences of message and response may continue indefinitely or may come to an end when all messages have been responded to and no new messages are being sent.
- a programmer need only think in terms of how each component of a modeled system responds to a stimulus and not in terms of the sequence of operations to be performed in response to some stimulus. Such sequence of operations naturally flows out of the interactions between the objects in response to the stimulus and need not be preordained by the programmer.
- object-oriented programming makes simulation of systems of interrelated components more intuitive, the operation of an object-oriented program is often difficult to understand because the sequence of operations carried out by an object-oriented program is usually not immediately apparent from a software listing as in the case for sequentially organized programs. Nor is it easy to determine how an object-oriented program works through observation of the readily apparent manifestations of its operation. Most of the operations carried out by a computer in response to a program are “invisible” to an observer since only a relatively few steps in a program typically produce an observable computer output.
- the term “object” relates to a set of computer instructions and associated data which can be activated directly or indirectly by the user.
- the terms “windowing environment”, “running in windows”, and “object oriented operating system” are used to denote a computer user interface in which information is manipulated and displayed on a video display such as within bounded regions on a raster scanned video display.
- the terms “network”, “local area network”, “LAN”, “wide area network”, or “WAN” mean two or more computers which are connected in such a manner that messages may be transmitted between the computers.
- computers typically one or more computers operate as a “server”, a computer with large storage devices such as hard disk drives and communication hardware to operate peripheral devices such as printers or modems.
- Other computers termed “workstations”, provide a user interface so that users of computer networks can access the network resources, such as shared data files, common peripheral devices, and inter-workstation communication. Users activate computer programs or network resources to create “processes” which include both the general operation of the computer program along with specific operating characteristics determined by input variables and its environment.
- the terms “desktop”, “personal desktop facility”, and “PDF” mean a specific user interface which presents a menu or display of objects with associated settings for the user associated with the desktop, personal desktop facility, or PDF.
- the PDF accesses a network resource, which typically requires an application program to execute on the remote server, the PDF calls an Application Program Interface, or “API”, to allow the user to provide commands to the network resource and observe any output.
- API Application Program Interface
- the term “Daemon” refers to a program which is not necessarily apparent to the user, but which is responsible for transmitting messages between the PDF and the network server and for protecting and regulating the user's ability to use and modify network resources.
- Network 20 includes at least one server 22 and at least one, and typically dozens or hundreds, of workstations 24 .
- Server 22 and workstations 24 are connected by communication line 26 which may be an ethernet cable or another suitable device.
- Network 20 also includes several shared peripheral devices, such as disk storage 28 (typically coupled directly to server 22 , although connection through communication line 26 is also possible), printers 30 , modems 32 , and router 34 .
- ADMIN (administration) software 36 resides on server 22 , and generally controls communications between the components of network 20 .
- ADMIN software 34 typically controls access to disk storage 28 , the scheduling of printing jobs on printers 30 , the allocation of modems 32 , and the transmission of information through router 34 .
- Each workstation 24 includes a computer with a monitor and keyboard, such as a standard personal computer (e.g., an IBM-PC type or Macintosh) or an advanced computer (e.g., a Next or SPARC workstation), and may include its own peripheral devices such as local printer 38 , local modem 40 , or local disk storage 42 .
- each workstation 24 includes PDF 44 and Daemon 46 .
- PDF 44 provides a graphic user interface, or “desktop”, to the programs and resources available on its workstation 24 and generally through network 20 .
- Daemon 46 serves as an intermediary between ADMIN 36 and PDF 44 , filtering out unauthorized activities and maintaining the integrity of the desktop.
- ADMIN 36 only accepts requests and receives messages from Daemon 46 , so PDF 44 is required to access information and programs through Daemon 46 , and must send all of its information to ADMIN 36 through Daemon 46 . Further, PDF 44 may only change the parameters of the desktop through Daemon 46 , and Daemon 46 determines what operations are permissible based on criteria supplied from ADMIN 36 .
- Daemon 46 includes both an initiation routine (contained in the source code file KP2WPS.C of the first filed application) and a periodic checking routine (contained in the source code file KP2SHUF.C of the first filed application) to implement these functions. With this arrangement, which is explained in further detail below and in the source code appendix, the integrity of each desktop is maintained by Daemon 46 , and permanently maintained by ADMIN 36 .
- disk 28 of server 22 stores .sec file 50 (the logical designation of .sec file 50 may include several separate physical files which are interrelated through logical connections).
- ADMIN software 36 uses the information contained in .sec file 50 to specify the menu of computer programs and network resources which may be referenced by the desktops of the users of network 20 .
- .sec file 50 may be a general file for all the users of network 20 .
- .sec file 50 may represent a collection of files, which each file corresponding to a particular user or a particular class of user.
- Another alternative is a hybrid approach, wherein the menu information has a common component and a user specific component. In any event, this arrangement allows for a network administrator to directly manipulate .sec file 50 with ADMIN software 36 on server 22 to modify, customize, and/or maintain the desktops across a network, rather than having to change each desktop configuration locally.
- the present invention uses PDF 44 to enforce the user's desktop configuration directly on workstation 24 .
- PDF 44 operates on the assumption that unless the user is specifically authorized to access a particular computer program or resource, that user's workstation should not be allowed to manipulate or interact with that particular item. Only upon receiving .sec file 50 from ADMIN 36 does PDF 44 construct a desktop for the user, and that desktop only provides access to computer programs and resources which are specifically identified for the user on .sec file 50 .
- access control is first maintained at the level of workstations 24 to enhance the protection of server 22 .
- ADMIN 36 on server 22 locks out the user from the file system software at workstation 24 , and only a properly configured desktop provided by PDF 44 can present a key to unlock the file system and access resources on server 22 .
- the implementation of the second embodiment with the OS/2 operating system includes several routines of ADMIN 36 which interact with certain security features of the OS/2 operating system to achieve this file lock out.
- server access control lock-outs may be implemented with any operating system by a suitably designed program operating with the benefit of system administration privileges.
- the present invention may be best explained using the paradigm of an object oriented operating system.
- object oriented operating system may be abstracted to conform with object oriented programming principles so that a programmer may impose object oriented programming principles on any operating system.
- the exemplary embodiment of the present invention works in conjunction with the OS/2* operating system developed and sold by International Business Machines, Incorporated (IBM) (* “OS/2” is a trademark of IBM).
- IBM International Business Machines, Incorporated
- the OS/2 operating system formally identifies and utilizes objects as part of its operating schema, wherein the individual processes managed by the OS/2 operating system are encapsulated by objects which define the computer programs, data, icons, access privileges, and other attributes effecting the ability of the process to influence or alter other portions of the system.
- objects which define the computer programs, data, icons, access privileges, and other attributes effecting the ability of the process to influence or alter other portions of the system.
- Many similar operating systems use an object oriented operating schema, and thus the present invention is directly applicable to many conventional operating systems, including Windows95 and WindowsNT made by Microsoft Corporation.
- programs and the processes they create may be associated with a class which has common characteristics.
- the class designation communicates to the operating system that the class member includes a predefined set of characteristics. Access privileges and security clearances may be set for classes rather than having to identify such information for every individual object or process.
- PDF 44 and ADMIN 36 may be designed to include security and control algorithms which can target classes of processes rather than only singly identified processes.
- the following example of a .sec file used in the second embodiment of the invention as a default desktop profile, implemented in this embodiment as a flat text file, provides several class designations along with the other desktop information.
- Each initial bracketed item identifies the class of the object, including desktop objects, devices, filters, or file system objects, which is utilized by PDF 44 to invoke the appropriate program, install the appropriate desktop icon, or initialize the appropriate resource.
- the first item, [Master] is a header block identifying the .sec file, in this instance a Master file for a default workstation desktop.
- These and other high level instructions can thus be provided to PDF 44 on the workstation from the .sec file provided by ADMIN 36 .
- ADMIN 36 can then block all access to network resources by the workstation until supplied the appropriate information (e.g., keys, predefined requests, or passwords) from PDF 44 .
- the second item of the .sec file of the example, [Folder] TITLE Desktop, is the highest level class and identifies the desktop user interface representation of the object.
- the statement CLASS DskDesktop indicates that the object belongs to the class of top level desktop display which is created by inheriting characteristics from the WPShell class and adds further characteristics utilized by the inventional method (the DskDesktop class is sometimes referred to as a replacement class as it replaces the WPShell class).
- This desktop class of object represents PDF 44 to the user, and the statements within this item of the .sec file provide the default parameters for the user interface to PDF 44 .
- PDF 44 does not include security and privilege information relating to workstation process, such information being stored on a local .sec file which is referred to by PDF 44 .
- PRDirectory may be a subclass of a folder class, such as created by a LAN network system.
- This object represents a directory of programs to the user, specifically in this case a collection of OS/2 operating system programs. Any program activated from a particular folder inherits the privileges of the folder unless the program object itself overrides the inherent privileges.
- This item includes three identifications used by PDF 44 in manipulating this or related objects, namely OBJECTID (the identifier of the object itself), PARENTID (the identifier of the parent of the object), and SHADOWID (the pointer to the original object).
- the item also includes several display parameters, and several security/privilege indicators.
- This “OS/2 System” item includes several identifiers and indicators which are used in [Folder] class items. Icons are located inside the folders, and processes started by invoking the icons will have default access privileges according to the security/privilege statements of the originating folder, and all parent folders (folders which contain other folders).
- the items identified by [Pad], [Program], [Datafile], and [Printer] all deal with discreet logical and/or physical devices.
- the [Pad] item refers to a facility which can initiate other operations or applications, or “launch” them, e.g., represented by a “LaunchPad” icon.
- the [Program] item refers to an executable file which when launched creates a process on workstation 24 and/or server 22 , and may include API initialization strings and other related data.
- the [Datafile] item refers to a data file which when launched will activate an associated application program executable file.
- the [Printer] item (or other “Device” item) refers to a peripheral computer device such as a printer, modem, joystick, or similar input and/or output device.
- the [Ses] item specifically relates to executables, directories, and/or devices of PDF 44 and Daemon 46 which interact with the Security Enabling Services kernel features of the OS/2 operating system.
- an item could relate to separate parts of ADMIN 36 and/or Daemon 46 which initially lock and can later unlock the file system
- ADMIN 36 , PDF 44 , and Daemon 46 are programmed to recognize specially designated objects as “trusted applications” and allow such trusted applications access to certain system level files.
- ADMIN 36 , PDF 44 , and Daemon 46 also allow “Device” items to be locked and/or monitored to maintain a log file of all operations occurring on or through the device.
- the [Filter] item can be used by PDF 44 when creating or operating a desktop, or by Daemon 46 during an enumeration routine.
- the filtering process may be implemented on a class level, or alternatively object titles may be subject to such filtering
- a filter item may be used to remove window list entries from a desktop without a user prompt or acknowledgment.
- Another use of a filter may be to keep certain processes running during the creation or re-creation of a desktop (for example, to keep an external communication link active even though the local desktop is being rebuilt).
- a filter may also be used to require a password from PDF 44 or the user before invoking certain objects or classes of objects.
- the item designation [Object] provides a format for a user defined object, such as an abstract non-file system object.
- abstract objects are of the .dll type, which are not necessarily with executable files rather are substantiated by the shell (often referred to as work place shell applications). Statements within this object shall be interpreted as if the statement occurred in one of the previously defined classes.
- JANEDOE may be stored in a single .sec file
- the user having the user ID of JANEDOE may have the files JANEDOE.SEC for general configuration information, JANEDOE.SCC for common items on the desktop and start menu, JANEDOE.USR for user defined setting created on logon, JANEDOE.NSO for namespace objects that are built upon loading of the profile, and JANEDOE.POL for policy or security restrictions, each type of file storing those various aspects of the JANEDOE user profile.
- the present invention also provides two additional ways to secure the desktop, one being a hardware based restriction and the other a context based validation.
- the hardware based restriction is maintained by an additional file (RESTRICT.TXT) resident on the local computer which PDF 44 checks before creating desktop objects.
- RETERCT.TXT additional file resident on the local computer which PDF 44 checks before creating desktop objects.
- PDF 44 thus creates a desktop which includes a graphic display of icons representing programs, files, network resources, and other related information.
- PDF 44 displays a new window on the monitor of workstation 24 showing the activity of the new process.
- more than one process can appear on the desktop simultaneously.
- PDF 44 presents the most current window in the forefront, with the other windows accessible through a command.
- object oriented operating system the communication and implementation of processes are achieved through the use of objects which contain the needed information for executing the process and interacting with other portions of the system.
- Each icon on the desktop has an associated object so that when PDF 44 observes the operator activating a particular icon, the corresponding object may be launched and a new display window may be created.
- Daemon 46 obtains the user's desktop profile from ADMIN 36 , the desktop profile being a list of objects with appropriate restrictions and privileges, which may include keys or other authentication information.
- ADMIN 36 may also imposed other restrictions on that desktop profile transmitted to Daemon 46 based on the physical location or node of the user logging on to network 20 .
- That desktop profile includes general information about the restrictions and boundaries applicable to PDF 44 , as well as the objects available to PDF 44 .
- Daemon 46 also obtains local attribute information, such as the presence or absence of local peripheral devices from workstation 24 .
- PDF 44 may then transmit requests for creation of processes to Daemon 46 , which determines if the requested process is permitted according to ADMIN 36 's desktop profile for that user. This arrangement allows a user to log in at any workstation 24 of network 20 and have the same desktop displayed by PDF 44 .
- ADMIN 36 operates to lock out any user from accessing network resources.
- no program or process can access a network file except through the enabled security procedure which requires a previously established access privilege to have existed for the user.
- the .sec file 50 may contain the information needed to “unlock” the security procedure and allow a user access to the network resource. In this way, any user attempt to access a network resource without using PDF 44 will fail. Only by using PDF 44 , which is enabled by an appropriate key or other authentication information in the user's .sec file 50 , can a user access network resources.
- Daemon 46 obtains the parameters associated with that particular workstation 24 , typically by accessing a locally stored file or performing a diagnostic routine, in step 202 . For example, in the exemplary embodiment, Daemon 46 first kills any old objects which are apparent on workstation 24 . After this initial cleansing, Daemon 46 loads a binary file stored on local disk 42 which contains a set of all the possible objects for workstation 24 , then hides those objects from display by PDF 44 . Next Daemon 46 loads a second binary file of the active objects for workstation 24 .
- this set of active objects includes a self-launching network log on procedure, typically involving typing in a usemame and password at step 204 . Further elaboration of the interface of the software of the present invention with the network provider loop is provided in the description of FIG. 3 below.
- Daemon 46 may then obtain a user network profile from ADMIN Software 36 in step 206 .
- ADMIN 36 initially blocks the user by denying all access privileges to network resources.
- PDF 44 may set up the user's desktop in step 208 by creating a list of objects representing the possible available resources, both on network 22 and workstation 24 .
- PDF 44 may also obtain suitable access enabling information from .sec file 50 to allow the user to access security protected resources, such as a security key or other suitable authentication.
- workstation 24 is able to receive input from the user to initiate or interact with processes and accomplish the desired computing functions.
- Daemon 46 continues to monitor the operations of workstation 24 so that the user does not modify the desktop created by PDF 44 in circumvention of the user's access and security provisions.
- a timer is set so that Daemon 46 is activated periodically.
- an interval of approximately three (3) seconds has been selected as a suitable period for activating Daemon 46 with the hardware and software being used with the inventional system. This interval is selected to check sufficiently frequently to catch violations before significant damage has occurred, without significantly reducing the efficiency and responsiveness of workstation 24 . Also, this interval is adjustable by simply changing initialization parameters, without requiring reconfiguration of any other part of the system.
- the periodic interval used to call Daemon 46 is dependent upon the hardware and software speed.
- step 212 allows the user to activate and manipulate workstation 24 as desired.
- step 214 involves determining whether a termination condition has occurred, e.g., a user activated exit or a fatal system error, so that workstation 24 may be shut down. Should a termination condition be observed, step 222 (described in greater detail below) would then occur. In the typical case, however, processing would continue until timer interrupt step 216 occurs.
- the timer interrupt causes Daemon 46 to become the active program of the system, which allows Daemon 46 to check on the status of the other processes at workstation 24 .
- Daemon 46 checks every process that is present in workstation 24 against the process information contained in its local copy of .sec file 50 . Every process which is not found in the listing of .sec file 50 is processed further by Daemon 46 , typically deleting and removing the unknown process from workstation 24 .
- Daemon 46 typically deleting and removing the unknown process from workstation 24 .
- other operations are possible, and sometimes desired. For example, a message box may be displayed and the process may be modified according to the user's response to correspond to a known process. Another alternative may be to record the presence of the unknown process in a log for use by diagnostic software.
- Daemon 46 checks for consistency between the process as noted by the desktop files by PDF 44 and the information from .sec file 50 , making corrections when appropriate. Also, Daemon 46 checks the security protection of the process and the user for compliance with network security privileges. If an inconsistency is discovered, or a security violation, or another similar condition, then Daemon 46 may respond by: requesting a password from the user before allowing further access or processing; delete and remove the process from the desktop; record the presence of the process on a log file; rebuild the process using the original process and a user response to a message box; and/or another suitable response to the observed inconsistency.
- the timer is reset at step 210 and the foregoing steps are repeated.
- PDF 44 requests that the potentially modified desktop be saved in step 222 .
- Daemon 46 receives this request, first filtering the newer desktop with the original user profile to make sure that the new desktop does not violate any of the user's profile information stored on server 22 . After the new desktop has been so filtered, Daemon 46 saves the filtered new desktop by storing the representative file or files on server 22 . Now, the operation of workstation 24 can be properly terminated at step 224 .
- FIG. 3 The general sequence of the network provider loop, as modified by an embodiment of the present invention, is illustrated in FIG. 3. While to the network, the provider loop sequence is operating as normal, FIG. 3 illustrates how the software of the present invention operates on workstation 24 to achieve the objectives of the present invention. As noted below, several of the steps in the conventional, prior art provider loop operation are shown (as would be apparent at the network level) with the workstation alterations being noted in association with the several changed steps.
- the provider loop for allowing workstation access to network programs and devices may be conceptually represented in six steps.
- the first step is start-up 300 , in which the workstation is first operably connected and enabled for communication with the network.
- This start-up step 300 may involve the actual power on of the workstation computer, or alternatively may involve the initialization and connection of a remotely operating computer to the communication structure of the network such as by an ethernet connection or telecommunications hook up using telephone, ISDN, DSL, wireless, or cable modems.
- start-up step 300 is completed, the user is then prompted with a logon screen in step 302 , logon window.
- logon window step 302 may involve a single logon screen, such as the GINA interface of WindowsNT, or may have separate logon screens for the workstation operating system and the network operating system. Conventionally, users have logon names and passwords which authenticate the user and authorize access to the computer system.
- logon process is completed, the workstation initiates the various processes needed to enable operation of the workstation operating system and the associated network interface programs in system initialization step 304 .
- provider initialization step 306 involves loading the Registry in the workstation with the appropriate information relating to the network processes, typically including associating the API responsible for the user access to the network resource and any security or user interface parameters.
- network access and authentication step 308 involves the Registry information to appropriately invoke API's to provide the user with an interface to the network resources such as application programs, communications devices, printers, etc.
- desktop operation step 310 involves the user calling such workstation and server based programs and/or other resources for the user's computing needs. Such operations may continue as long as the network connection to the workstation is maintained, but if the workstation's operation is broken then connection or re-connection to the network would occur in step 300 .
- PDF 44 and Daemon 46 operate to mask off the operating system components and directly control, through the parameters of .sec file 50 , the user's access to workstation and network resources. Initially, this is accomplished by PDF 44 and/or Daemon 46 being the first process started (for purposes of explaining the provider loop in foregoing description, software comprising PDF 44 and/or Daemon 46 is collectively referred to as “Desktop Security” software), which secures control of the workstation by preventing the user from exiting the provider loop and prevents any other programs from obtaining access to the user.
- Desktop Security software
- network resources may be accessed by the user, but only using the security profiles and preferences indicated by the user's .sec file 50 .
- the workstation executes Desktop Security Override step 303 where instead of the workstation allowing the conventional progression to system initialization 304 , Desktop Security software is positioned placed first in the load sequence for system initialization step 304 .
- the load sequence includes a Primary provider and the other provider processes.
- the Desktop Security software changes this sequence by naming itself as the Primary provider, allowing the Desktop Security software to secure the workstation operation against user intervention and mask off the potentially insecure portions of the operating system.
- This step can be combined with an additional authentication device, such as a fingerprint, eye retina, or other biometric device or a smartcard or the like, to authenticate the identity of the user.
- the Desktop Security initialization step 305 involves the Desktop Security disabling user overrides, such as the control-alt-del sequence, clearing the Registry, and obtaining the user's .sec 50 file.
- the Desktop Security masks calls by either the workstation or network operating systems, and sets up the communication protocols for the workstation and network, e.g., by initializing IPX addresses and the like.
- the Desktop Security is then able to logon to the network as a supervisor and obtain the .sec file 50 for the user of the workstation.
- the Desktop Security replaces the network GINA and initially logs on as a supervisor.
- the workstation executes customized API called by the Desktop Security using parameters suitable for the user as denoted in the user's associated .sec file 50 .
- the customized API calls are made according the user profile information available to the Desktop Security software from .sec file 50 , and the Registry is appropriately updated in accordance with the privileges noted in .sec file 50 .
- This allows network access and authorization step 308 and desktop operation step 310 to actually filter through Desktop Security GUI operation steps 309 and 311 , respectively.
- the Desktop Security software logs the user onto the various resources using the logon information received in the initial logon.
- the Desktop Security software monitors the user's operations such as accesses to the file system or network resources. During these operations, from the perspective of the network resources the workstation user has total freedom where in actuality, the Desktop Security software prevents any commands from being issued that contravene the privileges and restrictions contained in the user's .sec file 50 .
- the Desktop Security software returns the workstation to a neutral state in step 313 , with all secondary processes being deleted from the Registry, the Desktop Security software being established as the primary process, and any network related processes are released or terminated as appropriate.
- the microfiche appendix contains an implementation of the present invention.
- the source code files in the appendix are associated with various directories. Following is a table showing the directories and the related source code description: Directory Description dskgina This directory contains the source code of the GINA operating system version that takes control of the workstation and masks off other processes including operating systems, and the logon authentication software. dsknetp This directory contains the source code of the Registry load- ing and provider loop masking and monitoring operations of the workstation Desktop Security.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Business, Economics & Management (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Computing Systems (AREA)
- Theoretical Computer Science (AREA)
- Accounting & Taxation (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Finance (AREA)
- Strategic Management (AREA)
- General Business, Economics & Management (AREA)
- Human Computer Interaction (AREA)
- Automation & Control Theory (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Software Systems (AREA)
- User Interface Of Digital Computer (AREA)
- Computer And Data Communications (AREA)
Abstract
Description
- The present application is a continuation-in-part of U.S. patent application Ser. No. 08/854,490, filed May 12, 1997, which is a continuation-in-part of U.S. patent application Ser. No. 08/509,688, filed Jul. 31, 1995.
- Microfiche Appendix
- This application includes by reference the microfiche appendix of U.S. patent application Ser. No. 08/509,688, having 722 frames, and the microfiche appendix of U.S. patent application Ser. No. 08/854,490, having 1070 frames. This application also includes a microfiche appendix of 568 frames. A portion of the disclosure of this patent document contains material which is the subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure, as it appears in the Patent and Trademark Office patent files or records, but otherwise reserves all copyright rights whatsoever.
- 1. Field of the Invention
- The invention relates to network administration software. More specifically, the field of the invention is that of network administration software for managing user workstations access to resources on a network.
- 2. Description of the Related Art
- Computer networks are arranged so that a multitude of users can access common network resources. Each user has a workstation, typically a stand alone personal computer which is connected through a suitable communications link to the other computers of the network. The network administrator is a program which runs on the network server or an administrator workstation which coordinates and manages the access and security of the users on the network. The management of users involves allocating and facilitating access to resources such as programs and data files which are needed or desired by particular users. In the process of a user connecting to the network, a network interface program is used to identify, verify, and authorize a network user access to various network resources. The security provisions involve allowing only the appropriate users access to certain programs and data files to maintain the integrity and privacy of the network system.
- Networks can be administered by a single operating system running on the components of a network can coordinate desktop and servers, for example a version of the Windows NT operating system by Microsoft Corporation. Alternatively, a combination of single computer operating systems, including both desktop client and server based operating systems, interacting through a communications layer supported by a network operating system, for example a version of the Windows operating system by Microsoft Corporation and a version of the Netware operating system by Novell Corporation. In either situation, first a network user must gain access, or logon, to the computer network and second the network user must gain access to program(s) on the server. A logon interface package termed a GINA (Graphical Identification aNd Authentication) is used to obtain the user name and password from the workstation and assign operating system SIDs (Security Identifiers) to the user's workstation session. For the single operating system, the GINA provides a high level of security, but for the combination of single machine operating systems, a possible security breach may exist between the workstation logon and the network logon.
- Desktop administration programs provide each user with an individual view of the user's workstation configuration, the network, and the resources available over the network. Such programs conventionally provide a graphic user interface and operate under several constraints. One constraint involves the transparency of the desktop administration program. Transparency in this context means the ability of a user to ascertain the presence of the program merely from observing the operation of the user's workstation. Ideally, a user should not be able to detect the presence of the desktop administration program. Another constraint involves the underlying operating system of the workstation computer and the network. Ideally, the desktop administration program should not interfere with the operation of any portion of the underlying operating system. The management of individual user preferences also constrains desktop administration programs. Ideally, the user's modifications of a desktop configuration should not corrupt the desktop administration program's management of user desktops. Known desktop replacement or administration programs have difficulties in one or more of these constraints.
- In order for the desktop administration program to provide access to a network resource, the desktop user must create an authenticated connection over the network. A Registry program on the workstation sets up and helps to administer the authenticated connection, allowing the desktop user to operate with the network resources. The Registry maintains a list of network resources and identifiers so that the workstation can determine when a network message is intended for the local desktop. Also, the Registry may include access information relating to the user. Conventionally, the operating system is entered as the “primary process” and has precedence over all the other processes in the multi-tasking environment. All other processes are secondary processes, and can be interrupted, terminated, or otherwise controlled by the primary process. For secure communications with network resources, the Registry may include security identifiers (SIDs) such as session encryption keys, passwords, or the like. One potential problem with the aforementioned possible security breach involves corruption and manipulation of the Registry list and the information and codes contained within the Registry list.
- What is needed is a desktop administration program which alleviates the above identified constraints, works in concert with the operating system and its standard graphic user interface, and mitigates the risks involved with the possible security breach between the workstation logon and the network logon.
- The present invention is a desktop administration system and method which allows a network administrator to remotely create, protect, and manage desktops across a network. The invention operates to fill the gap between the workstation and network logon procedures so that the local user stays within the predefined security profiles. The methodology used involves the program of the present invention installing itself as the controlling process invoked by the workstation and preventing any other process from gaining control of the user terminal. The invention then provides a graphic user interface to construct user desktops, apply restriction options, maintain transaction logs, and password protect any object accessible from the user workstation. The invention allows these functions without altering how a user works on the desktop, or the capacities of the underlying operating system or network.
- Each workstation includes a personal desktop facility (PDF) and a Daemon which protects the user's desktop. The personal desktop facility receives desktop information from the network server and builds a desktop which the user manipulates to invoke local and/or network programs and access local and/or network utilities. The PDF further creates the expected links and interfaces with network resources for the user's profile, while the other programs running on the workstation have no cognition of the change of control. The Daemon serves as an interface for the personal desktop facility by channeling any communication to or from the user or the network, preventing unauthorized transactions at either the workstation or network level.
- The personal desktop facility (PDF) provides a graphic user interface using objects that represent collections of programs and data, such as user preferences, default directories, and access privileges. The PDF can create objects, remove objects, and alter object settings. Providing a user with the proper collection of objects with the proper settings creates a workstation tailored to the users needs, thus increasing the efficiency of the user.
- The daemon has many tasks, including starting the PDF, enumerating the windows of the graphic user interface, and recording operations. Starting the PDF may involve obtaining security clearance, and includes loading the user's desktop from the server. Enumerating the windows of the graphic user interface facilitates proper operation of the desktop and the programs running under it. Recording operations may involve creating a log of user operations, such as tagging or signaling events when they occur, noting the usage of passwords, and the startup and exit of the desktop from the network connection.
- The present invention provides several significant advantages. The network administrator may standardize desktops quickly and uniformly by manipulating the server's database of personal desktop profiles, or by modifying common desktop objects which are stored on the server. Users may also be mobile across the network, because regardless of which machine they use, the PDF will load their personal desktop file from the network server. The Daemon further protects the desktop from inadvertent damage, and prevents intentional alteration of the network architecture.
- The present invention, in one form, relates to.
- The present invention, in another form, is a method for.
- Further aspects of the present invention involve.
- Another aspect of the invention relates to a machine-readable program storage device for storing encoded instructions for a method of providing user access to resources in a network of computers including a server and a workstation according to the foregoing method.
- The above mentioned and other features and objects of this invention, and the manner of attaining them, will become more apparent and the invention itself will be better understood by reference to the following description of an embodiment of the invention taken in conjunction with the accompanying drawings, wherein:
- FIG. 1 is a schematic diagrammatic view of a computer network using the present invention.
- FIG. 2 is a flow chart diagram of the operation of the present invention relating to workstation desktop operation.
- FIG. 3 is a flow chart diagram of the operation of the present invention in an embodiment relating to the network provider loop.
- Corresponding reference characters indicate corresponding parts throughout the several views. Although the drawings represent embodiments of the present invention, the drawings are not necessarily to scale and certain features may be exaggerated in order to better illustrate and explain the present invention. The exemplification set out herein illustrates an embodiment of the invention, in one form, and such exemplifications are not to be construed as limiting the scope of the invention in any manner.
- The embodiment disclosed below is not intended to be exhaustive or limit the invention to the precise form disclosed in the following detailed description. Rather, the embodiment is chosen and described so that others skilled in the art may utilize its teachings.
- The detailed descriptions which follow are presented in part in terms of algorithms and symbolic representations of operations on data bits within a computer memory representing alphanumeric characters or other information. These descriptions and representations are the means used by those skilled in the art of data processing arts to most effectively convey the substance of their work to others skilled in the art.
- An algorithm is here, and generally, conceived to be a self-consistent sequence of steps leading to a desired result. These steps are those requiring physical manipulations of physical quantities. Usually, though not necessarily, these quantities take the form of electrical or magnetic signals capable of being stored, transferred, combined, compared, and otherwise manipulated. It proves convenient at times, principally for reasons of common usage, to refer to these signals as bits, values, symbols, characters, display data, terms, numbers, or the like. It should be borne in mind, however, that all of these and similar terms are to be associated with the appropriate physical quantities and are merely used here as convenient labels applied to these quantities.
- Some algorithms may use data structures for both inputting information and producing the desired result. Data structures greatly facilitate data management by data processing systems, and are not accessible except through sophisticated software systems. Data structures are not the information content of a memory, rather they represent specific electronic structural elements which impart a physical organization on the information stored in memory. More than mere abstraction, the data structures are specific electrical or magnetic structural elements in memory which simultaneously represent complex data accurately and provide increased efficiency in computer operation.
- Further, the manipulations performed are often referred to in terms, such as comparing or adding, commonly associated with mental operations performed by a human operator. No such capability of a human operator is necessary, or desirable in most cases, in any of the operations described herein which form part of the present invention; the operations are machine operations. Useful machines for performing the operations of the present invention include general purpose digital computers or other similar devices. In all cases the distinction between the method operations in operating a computer and the method of computation itself should be recognized. The present invention relates to a method and apparatus for operating a computer in processing electrical or other (e.g., mechanical, chemical) physical signals to generate other desired physical signals.
- The present invention also relates to an apparatus for performing these operations. This apparatus may be specifically constructed for the required purposes or it may comprise a general purpose computer as selectively activated or reconfigured by a computer program stored in the computer. The algorithms presented herein are not inherently related to any particular computer or other apparatus. In particular, various general purpose machines may be used with programs written in accordance with the teachings herein, or it may prove more convenient to construct more specialized apparatus to perform the required method steps. The required structure for a variety of these machines will appear from the description below.
- The present invention deals with “object-oriented” software, and particularly with an “object-oriented” operating system. The “object-oriented” software is organized into “objects”, each comprising a block of computer instructions describing various procedures (“methods”) to be performed in response to “messages” sent to the object. Such operations include, for example, the manipulation of variables and the transmission of one or more messages to other objects. Messages are sent and received between objects having certain functions and knowledge to carry out processes. Messages are generated in response to user instructions, for example, by a user activating an icon with a “mouse” pointer. Also, messages may be generated by an object in response to the receipt of a message. When one of the objects receives a message, the object carries out an operation (a message procedure) corresponding to the message and, if necessary, returns a result of the operation. Each object has a region where internal states (instance variables) of the object itself are stored and where the other objects are not allowed to access. One feature of the object-oriented system is inheritance. For example, an object for drawing a “circle” on a display may inherit functions and knowledge from another object for drawing a “shape” on a display.
- A programmer “programs” in an object-oriented programming language by writing individual blocks of code each of which creates an object by defining its methods. A collection of such objects adapted to communicate with one another by means of messages comprises an object-oriented program. Object-oriented computer programming facilitates the modeling of interactive systems in that each component of the system can be modeled with an object, the behavior of each component being simulated by the methods of its corresponding object, and the interactions between components being simulated by messages transmitted between objects.
- An operator may stimulate a collection of interrelated objects comprising an object-oriented program by sending a message to one of the objects. The receipt of the message may cause the object to respond by carrying out predetermined functions which may include sending additional messages to one or more other objects. The other objects may in turn carry out additional functions in response to the messages they receive, including sending still more messages. In this manner, sequences of message and response may continue indefinitely or may come to an end when all messages have been responded to and no new messages are being sent. When modeling systems utilizing an object-oriented language, a programmer need only think in terms of how each component of a modeled system responds to a stimulus and not in terms of the sequence of operations to be performed in response to some stimulus. Such sequence of operations naturally flows out of the interactions between the objects in response to the stimulus and need not be preordained by the programmer.
- Although object-oriented programming makes simulation of systems of interrelated components more intuitive, the operation of an object-oriented program is often difficult to understand because the sequence of operations carried out by an object-oriented program is usually not immediately apparent from a software listing as in the case for sequentially organized programs. Nor is it easy to determine how an object-oriented program works through observation of the readily apparent manifestations of its operation. Most of the operations carried out by a computer in response to a program are “invisible” to an observer since only a relatively few steps in a program typically produce an observable computer output.
- In the following description, several terms which are used frequently have specialized meanings in the present context. The term “object” relates to a set of computer instructions and associated data which can be activated directly or indirectly by the user. The terms “windowing environment”, “running in windows”, and “object oriented operating system” are used to denote a computer user interface in which information is manipulated and displayed on a video display such as within bounded regions on a raster scanned video display. The terms “network”, “local area network”, “LAN”, “wide area network”, or “WAN” mean two or more computers which are connected in such a manner that messages may be transmitted between the computers. In such computer networks, typically one or more computers operate as a “server”, a computer with large storage devices such as hard disk drives and communication hardware to operate peripheral devices such as printers or modems. Other computers, termed “workstations”, provide a user interface so that users of computer networks can access the network resources, such as shared data files, common peripheral devices, and inter-workstation communication. Users activate computer programs or network resources to create “processes” which include both the general operation of the computer program along with specific operating characteristics determined by input variables and its environment.
- The terms “desktop”, “personal desktop facility”, and “PDF” mean a specific user interface which presents a menu or display of objects with associated settings for the user associated with the desktop, personal desktop facility, or PDF. When the PDF accesses a network resource, which typically requires an application program to execute on the remote server, the PDF calls an Application Program Interface, or “API”, to allow the user to provide commands to the network resource and observe any output. The term “Daemon” refers to a program which is not necessarily apparent to the user, but which is responsible for transmitting messages between the PDF and the network server and for protecting and regulating the user's ability to use and modify network resources. Although the following description details such operations in terms of a graphic user interface using icons, the present invention may be practiced with text based interfaces, or even with voice or visually activated interfaces.
- A computer network is shown in block diagram form in FIG. 1, showing the general orientation and arrangement of the software operating on the computer equipment, including the server administration, the workstation PDF, and the Daemon software.
Network 20 includes at least oneserver 22 and at least one, and typically dozens or hundreds, ofworkstations 24.Server 22 andworkstations 24 are connected bycommunication line 26 which may be an ethernet cable or another suitable device.Network 20 also includes several shared peripheral devices, such as disk storage 28 (typically coupled directly toserver 22, although connection throughcommunication line 26 is also possible),printers 30, modems 32, androuter 34. ADMIN (administration)software 36 resides onserver 22, and generally controls communications between the components ofnetwork 20. For example,ADMIN software 34 typically controls access todisk storage 28, the scheduling of printing jobs onprinters 30, the allocation of modems 32, and the transmission of information throughrouter 34. - Each
workstation 24 includes a computer with a monitor and keyboard, such as a standard personal computer (e.g., an IBM-PC type or Macintosh) or an advanced computer (e.g., a Next or SPARC workstation), and may include its own peripheral devices such aslocal printer 38,local modem 40, orlocal disk storage 42. With the present invention, eachworkstation 24 includesPDF 44 andDaemon 46.PDF 44 provides a graphic user interface, or “desktop”, to the programs and resources available on itsworkstation 24 and generally throughnetwork 20.Daemon 46 serves as an intermediary betweenADMIN 36 andPDF 44, filtering out unauthorized activities and maintaining the integrity of the desktop.ADMIN 36 only accepts requests and receives messages fromDaemon 46, soPDF 44 is required to access information and programs throughDaemon 46, and must send all of its information toADMIN 36 throughDaemon 46. Further,PDF 44 may only change the parameters of the desktop throughDaemon 46, andDaemon 46 determines what operations are permissible based on criteria supplied fromADMIN 36.Daemon 46 includes both an initiation routine (contained in the source code file KP2WPS.C of the first filed application) and a periodic checking routine (contained in the source code file KP2SHUF.C of the first filed application) to implement these functions. With this arrangement, which is explained in further detail below and in the source code appendix, the integrity of each desktop is maintained byDaemon 46, and permanently maintained byADMIN 36. - In accordance with the present invention,
disk 28 ofserver 22 stores .sec file 50 (the logical designation of .sec file 50 may include several separate physical files which are interrelated through logical connections).ADMIN software 36 uses the information contained in .sec file 50 to specify the menu of computer programs and network resources which may be referenced by the desktops of the users ofnetwork 20. .sec file 50 may be a general file for all the users ofnetwork 20. Alternatively, .sec file 50 may represent a collection of files, which each file corresponding to a particular user or a particular class of user. Another alternative is a hybrid approach, wherein the menu information has a common component and a user specific component. In any event, this arrangement allows for a network administrator to directly manipulate .sec file 50 withADMIN software 36 onserver 22 to modify, customize, and/or maintain the desktops across a network, rather than having to change each desktop configuration locally. - In addition to
ADMIN 36 creating .sec file 50 to record a user's desktop configuration onserver 22, the present invention usesPDF 44 to enforce the user's desktop configuration directly onworkstation 24.PDF 44 operates on the assumption that unless the user is specifically authorized to access a particular computer program or resource, that user's workstation should not be allowed to manipulate or interact with that particular item. Only upon receiving .sec file 50 fromADMIN 36 doesPDF 44 construct a desktop for the user, and that desktop only provides access to computer programs and resources which are specifically identified for the user on .sec file 50. Thus, with the first embodiment of the present invention (disclosed in the source code appendix of first filed application), access control is first maintained at the level ofworkstations 24 to enhance the protection ofserver 22. - In a second embodiment of the invention (disclosed in the source code appendix of the second filed application),
ADMIN 36 onserver 22 locks out the user from the file system software atworkstation 24, and only a properly configured desktop provided byPDF 44 can present a key to unlock the file system and access resources onserver 22. The implementation of the second embodiment with the OS/2 operating system includes several routines ofADMIN 36 which interact with certain security features of the OS/2 operating system to achieve this file lock out. However, one of ordinary skill in this art would readily appreciate that such server access control lock-outs may be implemented with any operating system by a suitably designed program operating with the benefit of system administration privileges. - The present invention may be best explained using the paradigm of an object oriented operating system. However, one of ordinary skill in the operating system programming art recognizes that all operating systems may be abstracted to conform with object oriented programming principles so that a programmer may impose object oriented programming principles on any operating system. The exemplary embodiment of the present invention works in conjunction with the OS/2* operating system developed and sold by International Business Machines, Incorporated (IBM) (* “OS/2” is a trademark of IBM). The OS/2 operating system formally identifies and utilizes objects as part of its operating schema, wherein the individual processes managed by the OS/2 operating system are encapsulated by objects which define the computer programs, data, icons, access privileges, and other attributes effecting the ability of the process to influence or alter other portions of the system. Many similar operating systems use an object oriented operating schema, and thus the present invention is directly applicable to many conventional operating systems, including Windows95 and WindowsNT made by Microsoft Corporation.
- In an object oriented operating system, programs and the processes they create may be associated with a class which has common characteristics. The class designation communicates to the operating system that the class member includes a predefined set of characteristics. Access privileges and security clearances may be set for classes rather than having to identify such information for every individual object or process. Also,
PDF 44 andADMIN 36 may be designed to include security and control algorithms which can target classes of processes rather than only singly identified processes. The following example of a .sec file used in the second embodiment of the invention as a default desktop profile, implemented in this embodiment as a flat text file, provides several class designations along with the other desktop information.[Master] ENABLESECURITY=OBJECTS;RESTRICTUNDEF=YES;DESC=Default Workstation Desktop;PASSWORD=æSéùöJöEÿcEô┌à∥sí┌▴uGܧ▾Σ≡⋄;LOG=BCD; [Folder] TITLE=Desktop; CLASS=DskDesktop; OBJECTID=<WP_DESKTOP>; ICONRESOURCE=56,PMWP.DLL; DEFAULTVIEW=OPEN_DEFAULT; POPUP=6258802; HELPPANEL=4000; MINWIN =VIEWER; NOCOPY=YES; NODELETE=YES; NOPRINT=YES; BYPSSETUP=YES; WINLIST=YES; INCCHLD=YES; BACKGROUND= C:\OS2\BITMAP\BUBBLPAD.BMP, T, 0, I, 163 163 148; ICONFONT=8.Helv; ICONVIEW=NOGRID,NORMAL; TREEFONT=8.Helv; TREEVIEW=MINI,LINES; DETAILSFONT=8.Helv; [Folder] TITLE=OS/2 System; CLASS=PRDirectory; OBJECTID=<DO_OS2SYS>; PARENTID=<WP_DESKTOP>;SHADOWID=<WP_OS2SYS>; ICONPOS=8, 80; DEFAULTVIEW=184, 345, 716, 291; HELPPANEL=4002; MINWIN=VIEWER; NOCOPY=YES; NODELETE=YES; NODRAG=YES; NODROP=YES; NOMOVE=YES; NORENAME=YES; NOLINK=YES; NOSETTINGS=YES; NOPRINT=YES; WINLIST=YES; BACKGROUND=(none),,,C,255 255 236; ICONFONT=8.Helv; ICONVIEW=FLOWED,MINI; TREEFONT=8.Helv; TREEVIEW=MINI,LINES; DETAILSFONT=8.Helv; [Folder] TITLE=Connections; CLASS=PRDirectory; OBJECTID=<DO_CONNECTIONSFOLDER>; PARENTID=<WP_DESKTOP>; SHADOWID=<WP_CONNECTIONSFOLDER>; ICONPOS=8,62; DEFAULTVIEW=OPEN_DEFAULT; HELPPANEL=1277; MINWIN=VIEWER; NOPRINT=YES; WINLIST=YES; BACKGROUND=(none), , , C, 255 255 236; ICONFONT=8.Helv; ICONVIEW=NOGRID, NORMAL; TREEFONT=8.Helv; TREEVIEW=MINI,LINES; DETAILSFONT=8.Helv; [Folder] TITLE=Assistance Center; CLASS=PRDirectory; OBJECTID=<DO_ASSISTANCE>; PARENTID=<WP_DESKTOP>; SHADOWID=<WP_ASSISTANCE>; ICONPOS=8,71; DEFAULTVIEW=OPEN_DEFAULT; HELPPANEL=1277; MINWIN=VIEWER; NOPRINT=YES; WINLIST=YES; BACKGROUND=(none),,,C,255 255 236; ICONFONT=8.Helv; ICONVIEW=FLOWED,MINI; TREEFONT=8.helv; TREEVIEW=MINI,LINES; DETAILSFONT=8.Helv; [Folder] TITLE=Programs; CLASS=PRDirectory; OBJECTID=<DO_PROGRAMSFOLDER>; PARENTID=<WP_DESKTOP>; SHADOWID=<WP_PROGRAMSFOLDER>; ICONPOS=8,53; DEFAULTVIEW=OPEN_DEFAULT; HELPPANEL=1277; MINWIN=VIEWER; NOPRINT=YES; WINLIST=YES; BACKGROUND=(none),,,C,255 255 236; ICONFONT=8.Arial; ICONVIEW=FLOWED,MINI; TREEFONT=8.Arial; TREEVIEW=MINI,LINES; DETAILSFONT=8.Arial; [Folder] TITLE=WebExplorer; CLASS=PRDirectory; OBJECTID=<DO_WC_WEBEX_FOLD0>; PARENTID=<WP_DESKTOP>; SHADOWID=<WC_WEBEX_FOLD>; ICONPOS=8,44; DEFAULTVIEW=OPEN_DEFAULT; HELPPANEL=1277; MINWIN=VIEWER; NOPRINT=YES; WINLIST=YES; BACKGROUND=(none),,,C,255 255 236; ICONFONT=9.WarpSans; ICONVIEW=NOGRID,NORMAL; TREEFONT=9.WarpSans; TREEVIEW=MINI,LINES; DETAILSFONT=9.WarpSans; [Object] TITLE=Shredder: CLASS=WPShredder; OBJECTID=<DO_SHRED>; PARENTID=<WP_DESKTOP>; SHADOWID=<WP_SHRED>; ICONPOS=88,32; ICONRESOURCE=28,PMWP.DLL; DEFAULTVIEW=OPEN_DEFAULT; HELPPANEL=1190; MINWIN=VIEWER; NOCOPY=YES; NODELETE=YES; NOPRINT=YES; WINLIST=YES; [Object] TITLE=Templates; CLASS=DskShadow; OBJECTID=<DO_Templates0DskShadowDSkDesktop>; PARENTID=<WP_DESKTOP>; SHADOWID=<WP_TEMPS>; ICONPOS=8,34; DEFAULTVIEW=OPEN_DEFAULT; HELPPANEL=15680; MINWIN=VIEWER; NOPRINT=YES; WINLIST=YES; [Object] TITLE=Black Hole; CLASS=BlackHole; OBJECTID=<DO_BLACKHOLE0>; PARENTID=<WP_DESKTOP>; SHADOWID=<BLACKHOLE>; ICONPOS=80,32; ICONRESOURCE=22,PMWP.DLL; DEFAULTVIEW=OPEN_DEFAULT; MINWIN=VIEWER; NOPRINT=YES; WINLIST=YES; [Pad] TITLE=LaunchPad; CLASS=WPLaunchPad; OBJECTID=<DO_LAUNCHPAD>; PARENTID<WP_DESKTOP>; ICONPOS=79,87; ICONRESOURCE=74,PMWP.DLL; DEFAULTVIEW=OPEN_DEFAULT; HELPPANEL=32253; CCVIEW=NO; MINWIN=VIEWER; NOPRINT=YES; WINLIST=YES; FPOBJECTS=<WPPO_IBMLASER>,<WP_DRIVE_A>, <WP_OS2WIN>,<WP_ASSISTANCE>,<WP_SHRED>; LPACTIONSTYLE=TEXT; LPHIDECTLS=YES; DRAWEROBJECTS=3,<WP_WIN2WIN>,<WP_DOSWIN>{circumflex over ( )};2,<WP_DRIVES>; [Program] TITLE=Verify {circumflex over ( )}r{circumflex over ( )}nDefects; CLASS=WPProgram; OBJECTID=<DO_Verify_Defects0WPProgramDskDesktop>; PARENTID=<WP_DESKTOP>; SHADOWID=<DU_Verify_Defects0WPProgramDskDesktop>; ICONPOS=88,67; DEFAULTVIEW=OPEN_DEFAULT; HELPPANEL=4083; CCVIEW=NO; MINWIN=VIEWER; NOPRINT=YES; USEPARENT=YES; WINLIST=YES; EXENAME=D:\TOOLS\VERDFCT.CMD; PROGTYPE=WINDOWABLEVIO; [Program] TITLE=SkyScraper; CLASS=WPProgram; OBJECTID=<DO_SkyScraper0WPProgramDskDesktop>; PARENTID=<WP_DESKTOP>; SHADOWID=<DU_SkyScraper0WPProgramDskDesktop>; ICONPOS=9,90; DEFAULTVIEW=OPEN_DEFAULT; HELPPANEL=4083; CCVIEW=NO; MINWIN=DESKTOP; NOPRINT=YES; LNCHPROG=C:\OS2\E.EXE; EXITPROG=C:\OS2\ICONEDlT.EXE; EVENTEXIT=YES; EVENTLNCH=YES; GLBLPW=YES; EXENAME==C:\SKY\SKY.EXE;PARAMETERS=/ao /r1 /d2 /j1 /g2 /m1 /x2; STARTUPDIR=C:\SKY;PROGTYPE=PM; [Program] TITLE=Rejected{circumflex over ( )}r{circumflex over ( )}nDefects; CLASS=WPProgram;OBJECTID=<DO_Rejected_Defects0WPProgramDskDesktop>; PARENTID=<WP_DESKTOP>; SHADOWID=<DU_Rejected_Defects0WPProgramDskDesktop>; ICONPOS=89,45; DEFAULTVIEW=OPEN_DEFAULT; HELPPANEL=4083; MINWIN=VIEWER NOPRINT=YES; WINLIST=YES; EXENAME=D:\TOOLS\REJECT.CMD; PROGTYPE=WINDOWABLEVIO; [Datafile] TITLE=config.sys; CLASS=WPDataFile; OBJECTID=<DO_C_config_sys0>; PARENTID=<WP_DESKTOP>; SHADOWID= C:\config.sys; DEFAULTVIEW=OPEN_DEFAULT; NVBLDORIG=YES; VPF=C:\DSKOBV; HELPPANEL=4082; CVIEW=YES; HIDEBUTTON=YES; MINWIN=DESKTOP; WINLIST=YES; LOG=ABCD; [Object] TITLE=Drive D;CLASS=PRDisk; OBJECTID=<DO_DRIVE_D>; PARENTID=<WP_DESKTOP>; SHADOWID=<WP_DRIVE_D>; ICONRESOURCE=13,PMWP.DLL; DEFAULTVIEW=120; HELPPANEL=8015; MINWIN=VIEWER; NOCOPY=YES; NODELETE=YES; NOMOVE=YES; NOPRINT=YES; WINLIST=YES; [Printer] TITLE=IBM Laser - Optra E; CLASS=WPRPrinter; OBJECTID=<DO_WPPO_IBMLASER0>; PARENTID=<WP_DESKTOP> ;SHADOWID=<WPPO_IBMLASER>; DEFAULTVIEWOPEN=CONTENTS; HELPPANEL=15409; CCVIEW=NO; MINWIN=VIEWER ;NOPRINT=YES; WINLIST=YES; NETID=LS:\\*COLORADO\LASER ;ALIAS=IBMLASER;SHOWJOBS=ALL;REFRESH=25; [Program] TITLE=Sample Program; CLASS=WPProgram; OBJECTID=<DO_SAMPLEPROG>; PARENTID=<WP_DESKTOP>; DEFAULTVIEW=OPEN_DEFAULT; CCVIEW=YES; HIDEBUTTON=YES; MINWIN=HIDE; NOTVISIBLE=YES; NOMOVE==YES; NORENAME=YES; NOSETTINGS=YES; TEMPLATE=YES; WINLIST=YES; EXENAME=C:\OS2\ATTRIB.EXE; PARAMETERS=+r [Enter file to write-protect]; PROGTYPE=PM; [Ses] TRUSTEDAPP=c:\os2\e.exe;RUNWARN=I;LOG=AD; [Ses] FILE=autoexec.bat;DIR=c:;LOCK=FILE;RUNWARN=0;FILEATTR=RWDM;LOG=aceg; [Ses] DIR=c:\os2; LOCK=DIR; SUBDIR=YES; RUNWARN=0; FILEATTR=WDM; DIRATTR=CGDM; LOG=cegkmo; [Ses] FILE=protocol.ini; DIR=c:\ibmlan; UNLOCK=FILE; OCCUR=ALL; RUNWARN=0; FILEATTR=RWDM; [Device] PORTS=COM1,COM2,COM3,COM4,LPT1; LOG=ABCD; [Filter] TEXT=WarpCenter; BEGMTCH=YES; NOCLSWPS=YES; [Filter] TEXT=System; PASSWORD=æ=éöö ┌ÿíÉcôSàsΓ<iô&″▾Σ≡⋄; MIDMTCH=YES; WINLIST=YES; IGNCASE=YES; LOG=ABCD; [End] - Each initial bracketed item identifies the class of the object, including desktop objects, devices, filters, or file system objects, which is utilized by
PDF 44 to invoke the appropriate program, install the appropriate desktop icon, or initialize the appropriate resource. The first item, [Master], is a header block identifying the .sec file, in this instance a Master file for a default workstation desktop. The statement ENABLESECURITY=OBJECTS instructsPDF 44 to use security privileges on an object level (“FS” would instructPDF 44 to use file system security privileges, while “BOTH” would enable both object and file system security), while the statement RESTRICTUNDEF=YES instructsPDF 44 to check for, and if an undefined process is found, restrict its access toworkstation 24 andserver 22. The PASSWORD statement identifies the default security password, which is encrypted, and the statement LOG=BCD activates a transaction log in the background of the desktop operation. These and other high level instructions can thus be provided toPDF 44 on the workstation from the .sec file provided byADMIN 36.ADMIN 36 can then block all access to network resources by the workstation until supplied the appropriate information (e.g., keys, predefined requests, or passwords) fromPDF 44. - The second item of the .sec file of the example, [Folder] TITLE=Desktop, is the highest level class and identifies the desktop user interface representation of the object. The statement CLASS=DskDesktop indicates that the object belongs to the class of top level desktop display which is created by inheriting characteristics from the WPShell class and adds further characteristics utilized by the inventional method (the DskDesktop class is sometimes referred to as a replacement class as it replaces the WPShell class). This desktop class of object represents
PDF 44 to the user, and the statements within this item of the .sec file provide the default parameters for the user interface toPDF 44. However,PDF 44 does not include security and privilege information relating to workstation process, such information being stored on a local .sec file which is referred to byPDF 44. - The third item of the .sec file of the example, [Folder] TITLE=OS/2 System, identifies the desktop user interface representation of the object, and the statement CLASS=PRDirectory indicates that the object belongs to a class of program directories. Such a PRDirectory may be a subclass of a folder class, such as created by a LAN network system. This object represents a directory of programs to the user, specifically in this case a collection of OS/2 operating system programs. Any program activated from a particular folder inherits the privileges of the folder unless the program object itself overrides the inherent privileges. This item includes three identifications used by
PDF 44 in manipulating this or related objects, namely OBJECTID (the identifier of the object itself), PARENTID (the identifier of the parent of the object), and SHADOWID (the pointer to the original object). The item also includes several display parameters, and several security/privilege indicators. This “OS/2 System” item includes several identifiers and indicators which are used in [Folder] class items. Icons are located inside the folders, and processes started by invoking the icons will have default access privileges according to the security/privilege statements of the originating folder, and all parent folders (folders which contain other folders). - The items identified by [Pad], [Program], [Datafile], and [Printer] all deal with discreet logical and/or physical devices. The [Pad] item refers to a facility which can initiate other operations or applications, or “launch” them, e.g., represented by a “LaunchPad” icon. The [Program] item refers to an executable file which when launched creates a process on
workstation 24 and/orserver 22, and may include API initialization strings and other related data. The [Datafile] item refers to a data file which when launched will activate an associated application program executable file. The [Printer] item (or other “Device” item) refers to a peripheral computer device such as a printer, modem, joystick, or similar input and/or output device. - The [Ses] item specifically relates to executables, directories, and/or devices of
PDF 44 andDaemon 46 which interact with the Security Enabling Services kernel features of the OS/2 operating system. Alternatively, such an item could relate to separate parts ofADMIN 36 and/orDaemon 46 which initially lock and can later unlock the file system,ADMIN 36,PDF 44, andDaemon 46 are programmed to recognize specially designated objects as “trusted applications” and allow such trusted applications access to certain system level files. As implemented by the present invention,ADMIN 36,PDF 44, andDaemon 46 also allow “Device” items to be locked and/or monitored to maintain a log file of all operations occurring on or through the device. - The [Filter] item can be used by
PDF 44 when creating or operating a desktop, or byDaemon 46 during an enumeration routine. The filtering process may be implemented on a class level, or alternatively object titles may be subject to such filtering For example, a filter item may be used to remove window list entries from a desktop without a user prompt or acknowledgment. Another use of a filter may be to keep certain processes running during the creation or re-creation of a desktop (for example, to keep an external communication link active even though the local desktop is being rebuilt). A filter may also be used to require a password fromPDF 44 or the user before invoking certain objects or classes of objects. - For objects which do not fall within one of the foregoing classes, the item designation [Object] provides a format for a user defined object, such as an abstract non-file system object. These types of abstract objects are of the .dll type, which are not necessarily with executable files rather are substantiated by the shell (often referred to as work place shell applications). Statements within this object shall be interpreted as if the statement occurred in one of the previously defined classes.
- Although the above mentioned items may be stored in a single .sec file, it is also possible to store items in several files associated with a user. For example, the user having the user ID of JANEDOE may have the files JANEDOE.SEC for general configuration information, JANEDOE.SCC for common items on the desktop and start menu, JANEDOE.USR for user defined setting created on logon, JANEDOE.NSO for namespace objects that are built upon loading of the profile, and JANEDOE.POL for policy or security restrictions, each type of file storing those various aspects of the JANEDOE user profile.
- The present invention also provides two additional ways to secure the desktop, one being a hardware based restriction and the other a context based validation. The hardware based restriction is maintained by an additional file (RESTRICT.TXT) resident on the local computer which
PDF 44 checks before creating desktop objects. In this manner, localcomputers can be configured so that certain sensitive applications cannot be created or invoked at certain physical locations, regardless of the privilege level of the user. The context based validation is a statement in a .sec file item, VPF=<path>|<filename>, which requires that the path or file specified be present and/or accessible by the user on the network beforePDF 44 creates the specified desktop object. -
PDF 44 thus creates a desktop which includes a graphic display of icons representing programs, files, network resources, and other related information. When the user launches a program or network resource and thereby creates a new process,PDF 44 displays a new window on the monitor ofworkstation 24 showing the activity of the new process. In the exemplary embodiment with a multi-tasking operating system, more than one process can appear on the desktop simultaneously.PDF 44 presents the most current window in the forefront, with the other windows accessible through a command. Also in the exemplary embodiment with an object oriented operating system, the communication and implementation of processes are achieved through the use of objects which contain the needed information for executing the process and interacting with other portions of the system. Each icon on the desktop has an associated object so that whenPDF 44 observes the operator activating a particular icon, the corresponding object may be launched and a new display window may be created. - Before
PDF 44 can operate, however, the objects whichPDF 44 displays must be created. The user may first required to log in to network 20 before accessingworkstation 24.Daemon 46 obtains the user's desktop profile fromADMIN 36, the desktop profile being a list of objects with appropriate restrictions and privileges, which may include keys or other authentication information. In addition,ADMIN 36 may also imposed other restrictions on that desktop profile transmitted toDaemon 46 based on the physical location or node of the user logging on tonetwork 20. That desktop profile includes general information about the restrictions and boundaries applicable toPDF 44, as well as the objects available toPDF 44.Daemon 46 also obtains local attribute information, such as the presence or absence of local peripheral devices fromworkstation 24.PDF 44 may then transmit requests for creation of processes toDaemon 46, which determines if the requested process is permitted according toADMIN 36's desktop profile for that user. This arrangement allows a user to log in at anyworkstation 24 ofnetwork 20 and have the same desktop displayed byPDF 44. - In the second embodiment of the invention,
ADMIN 36 operates to lock out any user from accessing network resources. By enabling file system level blocking, no program or process can access a network file except through the enabled security procedure which requires a previously established access privilege to have existed for the user. The .sec file 50 may contain the information needed to “unlock” the security procedure and allow a user access to the network resource. In this way, any user attempt to access a network resource without usingPDF 44 will fail. Only by usingPDF 44, which is enabled by an appropriate key or other authentication information in the user's .sec file 50, can a user access network resources. - The general sequence of operation is shown in the flow chart diagram of FIG. 2.
Workstation 24 is powered on instep 200, which may include the use of appropriate access control software.Daemon 46 obtains the parameters associated with thatparticular workstation 24, typically by accessing a locally stored file or performing a diagnostic routine, instep 202. For example, in the exemplary embodiment,Daemon 46 first kills any old objects which are apparent onworkstation 24. After this initial cleansing,Daemon 46 loads a binary file stored onlocal disk 42 which contains a set of all the possible objects forworkstation 24, then hides those objects from display byPDF 44.Next Daemon 46 loads a second binary file of the active objects forworkstation 24. Typically, this set of active objects includes a self-launching network log on procedure, typically involving typing in a usemame and password atstep 204. Further elaboration of the interface of the software of the present invention with the network provider loop is provided in the description of FIG. 3 below. - In accordance with the present invention,
Daemon 46 may then obtain a user network profile fromADMIN Software 36 in step 206. In the second embodiment of the invention,ADMIN 36 initially blocks the user by denying all access privileges to network resources. OnceDaemon 46 has the information regarding the local workstation and the user's network profile, typically by accessing .sec file 50 onserver 22,PDF 44 may set up the user's desktop instep 208 by creating a list of objects representing the possible available resources, both onnetwork 22 andworkstation 24. In the second embodiment,PDF 44 may also obtain suitable access enabling information from .sec file 50 to allow the user to access security protected resources, such as a security key or other suitable authentication. At this point,workstation 24 is able to receive input from the user to initiate or interact with processes and accomplish the desired computing functions. -
Daemon 46 continues to monitor the operations ofworkstation 24 so that the user does not modify the desktop created byPDF 44 in circumvention of the user's access and security provisions. Instep 210, a timer is set so thatDaemon 46 is activated periodically. In the exemplary embodiment of the invention, an interval of approximately three (3) seconds has been selected as a suitable period for activatingDaemon 46 with the hardware and software being used with the inventional system. This interval is selected to check sufficiently frequently to catch violations before significant damage has occurred, without significantly reducing the efficiency and responsiveness ofworkstation 24. Also, this interval is adjustable by simply changing initialization parameters, without requiring reconfiguration of any other part of the system. However, one of ordinary skill understands that the periodic interval used to callDaemon 46 is dependent upon the hardware and software speed. - While the timer is running,
step 212 allows the user to activate and manipulateworkstation 24 as desired. During this period of operation,step 214 involves determining whether a termination condition has occurred, e.g., a user activated exit or a fatal system error, so thatworkstation 24 may be shut down. Should a termination condition be observed, step 222 (described in greater detail below) would then occur. In the typical case, however, processing would continue until timer interruptstep 216 occurs. The timer interrupt causesDaemon 46 to become the active program of the system, which allowsDaemon 46 to check on the status of the other processes atworkstation 24. - In the
run Daemon 218 step, an enumeration process is conducted by the processor ofworkstation 24.Daemon 46 checks every process that is present inworkstation 24 against the process information contained in its local copy of .sec file 50. Every process which is not found in the listing of .sec file 50 is processed further byDaemon 46, typically deleting and removing the unknown process fromworkstation 24. However, other operations are possible, and sometimes desired. For example, a message box may be displayed and the process may be modified according to the user's response to correspond to a known process. Another alternative may be to record the presence of the unknown process in a log for use by diagnostic software. - Known processes encountered by
Daemon 46 during the enumeration routine may be dealt with in several ways. Typically,Daemon 46 checks for consistency between the process as noted by the desktop files byPDF 44 and the information from .sec file 50, making corrections when appropriate. Also,Daemon 46 checks the security protection of the process and the user for compliance with network security privileges. If an inconsistency is discovered, or a security violation, or another similar condition, thenDaemon 46 may respond by: requesting a password from the user before allowing further access or processing; delete and remove the process from the desktop; record the presence of the process on a log file; rebuild the process using the original process and a user response to a message box; and/or another suitable response to the observed inconsistency. WhenDaemon 46 completes all of its operations on the processes ofworkstation 24, the timer is reset atstep 210 and the foregoing steps are repeated. - Finally, when the user is ready to terminate operation of
workstation 24,PDF 44 requests that the potentially modified desktop be saved instep 222.Daemon 46 receives this request, first filtering the newer desktop with the original user profile to make sure that the new desktop does not violate any of the user's profile information stored onserver 22. After the new desktop has been so filtered,Daemon 46 saves the filtered new desktop by storing the representative file or files onserver 22. Now, the operation ofworkstation 24 can be properly terminated atstep 224. - The general sequence of the network provider loop, as modified by an embodiment of the present invention, is illustrated in FIG. 3. While to the network, the provider loop sequence is operating as normal, FIG. 3 illustrates how the software of the present invention operates on
workstation 24 to achieve the objectives of the present invention. As noted below, several of the steps in the conventional, prior art provider loop operation are shown (as would be apparent at the network level) with the workstation alterations being noted in association with the several changed steps. - From the perspective of the server, the provider loop for allowing workstation access to network programs and devices may be conceptually represented in six steps. The first step is start-
up 300, in which the workstation is first operably connected and enabled for communication with the network. This start-upstep 300 may involve the actual power on of the workstation computer, or alternatively may involve the initialization and connection of a remotely operating computer to the communication structure of the network such as by an ethernet connection or telecommunications hook up using telephone, ISDN, DSL, wireless, or cable modems. Once start-upstep 300 is completed, the user is then prompted with a logon screen instep 302, logon window. -
Logon window step 302 may involve a single logon screen, such as the GINA interface of WindowsNT, or may have separate logon screens for the workstation operating system and the network operating system. Conventionally, users have logon names and passwords which authenticate the user and authorize access to the computer system. Once the logon process is completed, the workstation initiates the various processes needed to enable operation of the workstation operating system and the associated network interface programs in system initialization step 304. Next,provider initialization step 306 involves loading the Registry in the workstation with the appropriate information relating to the network processes, typically including associating the API responsible for the user access to the network resource and any security or user interface parameters. - Once the workstation is initialized, as the user attempts to access network resources, network access and
authentication step 308 involves the Registry information to appropriately invoke API's to provide the user with an interface to the network resources such as application programs, communications devices, printers, etc. Finally,desktop operation step 310 involves the user calling such workstation and server based programs and/or other resources for the user's computing needs. Such operations may continue as long as the network connection to the workstation is maintained, but if the workstation's operation is broken then connection or re-connection to the network would occur instep 300. - In accordance with the present invention, while the steps300-310 remain unchanged from the viewpoint of the server, the operation of the workstation is significantly altered to maintain the security desired under the invention. Conceptually,
PDF 44 andDaemon 46 operate to mask off the operating system components and directly control, through the parameters of .sec file 50, the user's access to workstation and network resources. Initially, this is accomplished byPDF 44 and/orDaemon 46 being the first process started (for purposes of explaining the provider loop in foregoing description,software comprising PDF 44 and/orDaemon 46 is collectively referred to as “Desktop Security” software), which secures control of the workstation by preventing the user from exiting the provider loop and prevents any other programs from obtaining access to the user. Through the use of custom API's, network resources may be accessed by the user, but only using the security profiles and preferences indicated by the user's .sec file 50. This creates Registry entries which are specifically limited by the parameters provided byADMIN 36 for the operations and permissions of the associated user. - Thus, while the network observes
logon window step 302, the workstation executes DesktopSecurity Override step 303 where instead of the workstation allowing the conventional progression to system initialization 304, Desktop Security software is positioned placed first in the load sequence for system initialization step 304. Conventionally, the load sequence includes a Primary provider and the other provider processes. With the present invention, the Desktop Security software changes this sequence by naming itself as the Primary provider, allowing the Desktop Security software to secure the workstation operation against user intervention and mask off the potentially insecure portions of the operating system. This step can be combined with an additional authentication device, such as a fingerprint, eye retina, or other biometric device or a smartcard or the like, to authenticate the identity of the user. This allows the Desktop Security initialization step 305 to occur, which involves the Desktop Security disabling user overrides, such as the control-alt-del sequence, clearing the Registry, and obtaining the user's .sec 50 file. The Desktop Security masks calls by either the workstation or network operating systems, and sets up the communication protocols for the workstation and network, e.g., by initializing IPX addresses and the like. In the situation where the workstation operates with separate local and network operating systems, the Desktop Security is then able to logon to the network as a supervisor and obtain the .sec file 50 for the user of the workstation. In a situation where a single operating system operates the workstation and network, the Desktop Security replaces the network GINA and initially logs on as a supervisor. - When the network is ready for
provider initialization step 306, the workstation executes customized API called by the Desktop Security using parameters suitable for the user as denoted in the user's associated .sec file 50. This involves the Desktop Security software again clearing and filling the empty Registry and starting customized API's for the various network resources available to the user in Desktop Securityprovider initialization step 307. The customized API calls are made according the user profile information available to the Desktop Security software from .sec file 50, and the Registry is appropriately updated in accordance with the privileges noted in .sec file 50. This allows network access andauthorization step 308 anddesktop operation step 310 to actually filter through Desktop Security GUI operation steps 309 and 311, respectively. In step 309, the Desktop Security software logs the user onto the various resources using the logon information received in the initial logon. In step 311, the Desktop Security software monitors the user's operations such as accesses to the file system or network resources. During these operations, from the perspective of the network resources the workstation user has total freedom where in actuality, the Desktop Security software prevents any commands from being issued that contravene the privileges and restrictions contained in the user's .sec file 50. Before operation of the workstation is terminated, the Desktop Security software returns the workstation to a neutral state instep 313, with all secondary processes being deleted from the Registry, the Desktop Security software being established as the primary process, and any network related processes are released or terminated as appropriate. - The microfiche appendix contains an implementation of the present invention. The source code files in the appendix are associated with various directories. Following is a table showing the directories and the related source code description:
Directory Description dskgina This directory contains the source code of the GINA operating system version that takes control of the workstation and masks off other processes including operating systems, and the logon authentication software. dsknetp This directory contains the source code of the Registry load- ing and provider loop masking and monitoring operations of the workstation Desktop Security. - While this invention has been described as having an exemplary design, the present invention may be further modified within the spirit and scope of this disclosure. This application is therefore intended to cover any variations, uses, or adaptations of the invention using its general principles. Further, this application is intended to cover such departures from the present disclosure as come within known or customary practice in the art to which this invention pertains.
Claims (30)
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US10/425,497 US20030212890A1 (en) | 1995-07-31 | 2003-04-29 | Network provider loop security system and method |
Applications Claiming Priority (4)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US50968895A | 1995-07-31 | 1995-07-31 | |
US08/854,490 US6061795A (en) | 1995-07-31 | 1997-05-12 | Network desktop management security system and method |
US09/290,120 US6584568B1 (en) | 1995-07-31 | 1999-04-12 | Network provider loop security system and method |
US10/425,497 US20030212890A1 (en) | 1995-07-31 | 2003-04-29 | Network provider loop security system and method |
Related Parent Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/290,120 Continuation US6584568B1 (en) | 1995-07-31 | 1999-04-12 | Network provider loop security system and method |
Publications (1)
Publication Number | Publication Date |
---|---|
US20030212890A1 true US20030212890A1 (en) | 2003-11-13 |
Family
ID=29407738
Family Applications (2)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/290,120 Expired - Lifetime US6584568B1 (en) | 1995-07-31 | 1999-04-12 | Network provider loop security system and method |
US10/425,497 Abandoned US20030212890A1 (en) | 1995-07-31 | 2003-04-29 | Network provider loop security system and method |
Family Applications Before (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
US09/290,120 Expired - Lifetime US6584568B1 (en) | 1995-07-31 | 1999-04-12 | Network provider loop security system and method |
Country Status (1)
Country | Link |
---|---|
US (2) | US6584568B1 (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20030212908A1 (en) * | 2002-05-10 | 2003-11-13 | Lockheed Martin Corporation | Method and system for simulating computer networks to facilitate testing of computer network security |
US6944478B1 (en) * | 2000-07-07 | 2005-09-13 | Alcatel | Security module |
US20050278365A1 (en) * | 2004-06-09 | 2005-12-15 | Boucousis Patrick Christian M | Method and software product for storing and retrieving unstructured information |
US20070201374A1 (en) * | 2004-06-18 | 2007-08-30 | Wu Qing | Method and node equipment for guaranteeing service reliability in an end-to-end quality of service framework |
US20080040797A1 (en) * | 2006-08-10 | 2008-02-14 | Microsoft Corporation | Secure privilege elevation by way of secure desktop on computing device |
US20090187991A1 (en) * | 2008-01-22 | 2009-07-23 | Authentium, Inc. | Trusted secure desktop |
US20120324424A1 (en) * | 2011-06-14 | 2012-12-20 | International Business Machines Corporation | Software accessibility testing |
US8613045B1 (en) * | 2008-05-01 | 2013-12-17 | F5 Networks, Inc. | Generating secure roaming user profiles over a network |
CN105187449A (en) * | 2015-09-30 | 2015-12-23 | 北京恒华伟业科技股份有限公司 | Interface calling method and device |
US10367639B2 (en) * | 2016-12-29 | 2019-07-30 | Intel Corporation | Graphics processor with encrypted kernels |
Families Citing this family (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6282578B1 (en) * | 1995-06-26 | 2001-08-28 | Hitachi, Ltd. | Execution management method of program on reception side of message in distributed processing system |
US7523191B1 (en) * | 2000-06-02 | 2009-04-21 | Yahoo! Inc. | System and method for monitoring user interaction with web pages |
US7035825B1 (en) * | 2000-01-04 | 2006-04-25 | E.Piphany, Inc. | Managing relationships of parties interacting on a network |
US6766458B1 (en) * | 2000-10-03 | 2004-07-20 | Networks Associates Technology, Inc. | Testing a computer system |
US7024471B2 (en) * | 2000-12-12 | 2006-04-04 | International Business Machines Corporation | Mechanism to dynamically update a windows system with user specific application enablement support from a heterogeneous server environment |
US20020184406A1 (en) * | 2001-05-29 | 2002-12-05 | International Business Machines Corporation | Method and system for handling window-based graphical events |
US20030046557A1 (en) * | 2001-09-06 | 2003-03-06 | Miller Keith F. | Multipurpose networked data communications system and distributed user control interface therefor |
US7243226B2 (en) | 2001-12-12 | 2007-07-10 | Valve Corporation | Method and system for enabling content security in a distributed system |
US7392390B2 (en) | 2001-12-12 | 2008-06-24 | Valve Corporation | Method and system for binding kerberos-style authenticators to single clients |
US7373406B2 (en) | 2001-12-12 | 2008-05-13 | Valve Corporation | Method and system for effectively communicating file properties and directory structures in a distributed file system |
US7290040B2 (en) * | 2001-12-12 | 2007-10-30 | Valve Corporation | Method and system for load balancing an authentication system |
US8108687B2 (en) * | 2001-12-12 | 2012-01-31 | Valve Corporation | Method and system for granting access to system and content |
US7225461B2 (en) * | 2002-09-04 | 2007-05-29 | Hitachi, Ltd. | Method for updating security information, client, server and management computer therefor |
US20060123428A1 (en) * | 2003-05-15 | 2006-06-08 | Nantasket Software, Inc. | Network management system permitting remote management of systems by users with limited skills |
US7260833B1 (en) | 2003-07-18 | 2007-08-21 | The United States Of America As Represented By The Secretary Of The Navy | One-way network transmission interface unit |
US20050187963A1 (en) * | 2004-02-20 | 2005-08-25 | Steven Markin | Security and compliance testing system and method for computer systems |
WO2007030920A2 (en) * | 2005-09-12 | 2007-03-22 | Sand Box Technologies Inc. | System and method for controlling distribution of electronic information |
US8499330B1 (en) | 2005-11-15 | 2013-07-30 | At&T Intellectual Property Ii, L.P. | Enterprise desktop security management and compliance verification system and method |
US8190905B1 (en) * | 2006-09-29 | 2012-05-29 | Netapp, Inc. | Authorizing administrative operations using a split knowledge protocol |
US8661534B2 (en) | 2007-06-26 | 2014-02-25 | Microsoft Corporation | Security system with compliance checking and remediation |
US8392967B2 (en) * | 2009-11-26 | 2013-03-05 | Kyocera Document Solutions Inc. | Image forming system, image forming apparatus, and method for creating, maintaining, and applying authorization information |
US20110197144A1 (en) * | 2010-01-06 | 2011-08-11 | Terry Coatta | Method And System Of Providing A Viewing Experience With Respect To A Document Having Read-only Content |
US10673852B2 (en) * | 2014-12-23 | 2020-06-02 | Mcafee, Llc | Self-organizing trusted networks |
DE102018102608A1 (en) * | 2018-02-06 | 2019-08-08 | Endress+Hauser Conducta Gmbh+Co. Kg | Method for user management of a field device |
Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5023907A (en) * | 1988-09-30 | 1991-06-11 | Apollo Computer, Inc. | Network license server |
US5220604A (en) * | 1990-09-28 | 1993-06-15 | Digital Equipment Corporation | Method for performing group exclusion in hierarchical group structures |
US5297032A (en) * | 1991-02-01 | 1994-03-22 | Merrill Lynch, Pierce, Fenner & Smith Incorporated | Securities trading workstation |
US5315657A (en) * | 1990-09-28 | 1994-05-24 | Digital Equipment Corporation | Compound principals in access control lists |
US5349643A (en) * | 1993-05-10 | 1994-09-20 | International Business Machines Corporation | System and method for secure initial program load for diskless workstations |
US5369778A (en) * | 1987-08-21 | 1994-11-29 | Wang Laboratories, Inc. | Data processor that customizes program behavior by using a resource retrieval capability |
Family Cites Families (24)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JPH0357034U (en) | 1989-10-11 | 1991-05-31 | ||
US5469556A (en) | 1989-12-12 | 1995-11-21 | Harris Corporation | Resource access security system for controlling access to resources of a data processing system |
EP0540680A4 (en) | 1990-07-20 | 1993-11-18 | Temple University Of The Commonwealth System Of Higher Education | System for high-level virtual computer with heterogeneous operating systems |
US5224163A (en) * | 1990-09-28 | 1993-06-29 | Digital Equipment Corporation | Method for delegating authorization from one entity to another through the use of session encryption keys |
JPH04270436A (en) * | 1990-12-25 | 1992-09-25 | Fuji Xerox Co Ltd | Network system |
US5475625A (en) | 1991-01-16 | 1995-12-12 | Siemens Nixdorf Informationssysteme Aktiengesellschaft | Method and arrangement for monitoring computer manipulations |
US5940504A (en) * | 1991-07-01 | 1999-08-17 | Infologic Software, Inc. | Licensing management system and method in which datagrams including an address of a licensee and indicative of use of a licensed product are sent from the licensee's site |
GB9205774D0 (en) | 1992-03-17 | 1992-04-29 | Int Computers Ltd | Computer security system |
US5418854A (en) * | 1992-04-28 | 1995-05-23 | Digital Equipment Corporation | Method and apparatus for protecting the confidentiality of passwords in a distributed data processing system |
US5375244A (en) | 1992-05-29 | 1994-12-20 | At&T Corp. | System and method for granting access to a resource |
JP3135094B2 (en) * | 1993-03-13 | 2001-02-13 | 株式会社リコー | Integrated business network system |
US5379432A (en) | 1993-07-19 | 1995-01-03 | Taligent, Inc. | Object-oriented interface for a procedural operating system |
GB2280820A (en) * | 1993-07-29 | 1995-02-08 | Ibm | Distributed system for call processing |
GB2281645A (en) | 1993-09-03 | 1995-03-08 | Ibm | Control of access to a networked system |
US5513126A (en) * | 1993-10-04 | 1996-04-30 | Xerox Corporation | Network having selectively accessible recipient prioritized communication channel profiles |
US5455953A (en) | 1993-11-03 | 1995-10-03 | Wang Laboratories, Inc. | Authorization system for obtaining in single step both identification and access rights of client to server directly from encrypted authorization ticket |
US5481715A (en) | 1993-12-15 | 1996-01-02 | Sun Microsystems, Inc. | Method and apparatus for delegated communications in a computer system using trusted deputies |
US5604490A (en) | 1994-09-09 | 1997-02-18 | International Business Machines Corporation | Method and system for providing a user access to multiple secured subsystems |
US5553239A (en) | 1994-11-10 | 1996-09-03 | At&T Corporation | Management facility for server entry and application utilization in a multi-node server configuration |
US5696898A (en) | 1995-06-06 | 1997-12-09 | Lucent Technologies Inc. | System and method for database access control |
US5678041A (en) | 1995-06-06 | 1997-10-14 | At&T | System and method for restricting user access rights on the internet based on rating information stored in a relational database |
US6061795A (en) * | 1995-07-31 | 2000-05-09 | Pinnacle Technology Inc. | Network desktop management security system and method |
US6189105B1 (en) | 1998-02-20 | 2001-02-13 | Lucent Technologies, Inc. | Proximity detection of valid computer user |
US6449652B1 (en) | 1999-01-04 | 2002-09-10 | Emc Corporation | Method and apparatus for providing secure access to a computer system resource |
-
1999
- 1999-04-12 US US09/290,120 patent/US6584568B1/en not_active Expired - Lifetime
-
2003
- 2003-04-29 US US10/425,497 patent/US20030212890A1/en not_active Abandoned
Patent Citations (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US5369778A (en) * | 1987-08-21 | 1994-11-29 | Wang Laboratories, Inc. | Data processor that customizes program behavior by using a resource retrieval capability |
US5023907A (en) * | 1988-09-30 | 1991-06-11 | Apollo Computer, Inc. | Network license server |
US5220604A (en) * | 1990-09-28 | 1993-06-15 | Digital Equipment Corporation | Method for performing group exclusion in hierarchical group structures |
US5315657A (en) * | 1990-09-28 | 1994-05-24 | Digital Equipment Corporation | Compound principals in access control lists |
US5297032A (en) * | 1991-02-01 | 1994-03-22 | Merrill Lynch, Pierce, Fenner & Smith Incorporated | Securities trading workstation |
US5349643A (en) * | 1993-05-10 | 1994-09-20 | International Business Machines Corporation | System and method for secure initial program load for diskless workstations |
Cited By (18)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US6944478B1 (en) * | 2000-07-07 | 2005-09-13 | Alcatel | Security module |
US20030212908A1 (en) * | 2002-05-10 | 2003-11-13 | Lockheed Martin Corporation | Method and system for simulating computer networks to facilitate testing of computer network security |
US7379857B2 (en) * | 2002-05-10 | 2008-05-27 | Lockheed Martin Corporation | Method and system for simulating computer networks to facilitate testing of computer network security |
US20050278365A1 (en) * | 2004-06-09 | 2005-12-15 | Boucousis Patrick Christian M | Method and software product for storing and retrieving unstructured information |
US7706388B2 (en) * | 2004-06-18 | 2010-04-27 | Huawei Technologies Co., Ltd. | Method and node equipment for guaranteeing service reliability in an end-to-end quality of service framework |
US20070201374A1 (en) * | 2004-06-18 | 2007-08-30 | Wu Qing | Method and node equipment for guaranteeing service reliability in an end-to-end quality of service framework |
US7832004B2 (en) | 2006-08-10 | 2010-11-09 | Microsoft Corporation | Secure privilege elevation by way of secure desktop on computing device |
US20080040797A1 (en) * | 2006-08-10 | 2008-02-14 | Microsoft Corporation | Secure privilege elevation by way of secure desktop on computing device |
US20090187991A1 (en) * | 2008-01-22 | 2009-07-23 | Authentium, Inc. | Trusted secure desktop |
US8225404B2 (en) * | 2008-01-22 | 2012-07-17 | Wontok, Inc. | Trusted secure desktop |
US8613045B1 (en) * | 2008-05-01 | 2013-12-17 | F5 Networks, Inc. | Generating secure roaming user profiles over a network |
US8955050B1 (en) * | 2008-05-01 | 2015-02-10 | F5 Networks, Inc. | Generating secure roaming user profiles over a network |
US9306951B1 (en) * | 2008-05-01 | 2016-04-05 | F5 Networks, Inc. | Generating secure roaming user profiles over a network |
US20120324424A1 (en) * | 2011-06-14 | 2012-12-20 | International Business Machines Corporation | Software accessibility testing |
US8667468B2 (en) * | 2011-06-14 | 2014-03-04 | International Business Machines Corporation | Software accessibility testing |
CN105187449A (en) * | 2015-09-30 | 2015-12-23 | 北京恒华伟业科技股份有限公司 | Interface calling method and device |
US10367639B2 (en) * | 2016-12-29 | 2019-07-30 | Intel Corporation | Graphics processor with encrypted kernels |
US11018863B2 (en) | 2016-12-29 | 2021-05-25 | Intel Corporation | Graphics processor with encrypted kernels |
Also Published As
Publication number | Publication date |
---|---|
US6584568B1 (en) | 2003-06-24 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US6584568B1 (en) | Network provider loop security system and method | |
US6061795A (en) | Network desktop management security system and method | |
EP0980545B1 (en) | Network desktop management security system and method | |
US7716719B2 (en) | System and method for providing application services with controlled access into privileged processes | |
US6144959A (en) | System and method for managing user accounts in a communication network | |
US7516477B2 (en) | Method and system for ensuring that computer programs are trustworthy | |
US8423790B2 (en) | Module validation | |
US6947986B1 (en) | System and method for providing web-based remote security application client administration in a distributed computing environment | |
US5655077A (en) | Method and system for authenticating access to heterogeneous computing services | |
CA2285031C (en) | Network distributed system for updating locally secured objects in client machines | |
US9213513B2 (en) | Maintaining synchronization of virtual machine image differences across server and host computers | |
US7213153B2 (en) | Application program interface interception system and method | |
US6393569B1 (en) | Secured system for accessing application services from a remote station | |
US6442695B1 (en) | Establishment of user home directories in a heterogeneous network environment | |
US20070204153A1 (en) | Trusted host platform | |
EP0561509A1 (en) | Computer system security | |
US20050182963A1 (en) | Administrative security systems and methods | |
US20030233483A1 (en) | Executing software in a network environment | |
GB2521724A (en) | Computer device and method for isolating untrusted content | |
EP2033092A2 (en) | Remote network access via virtual machine | |
US11720712B2 (en) | Managing registry access on a computer device | |
US20230342498A1 (en) | Computer device and method for managing privilege delegation | |
Faden | RBAC in UNIX administration | |
US6542994B1 (en) | Logon authentication and security system and method | |
JP2004303242A (en) | Security attributes in trusted computing systems |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
AS | Assignment |
Owner name: CHARING CROSS CORPORATION, INDIANA Free format text: SECURITY AGREEMENT;ASSIGNOR:PINNACLE TECHNOLOGY, INC.;REEL/FRAME:015603/0436 Effective date: 20030318 Owner name: KAHN, GILBERT, FLORIDA Free format text: SECURITY AGREEMENT;ASSIGNOR:PINNACLE TECHNOLOGY, INC.;REEL/FRAME:015603/0431 Effective date: 20021210 |
|
STCB | Information on status: application discontinuation |
Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION |
|
AS | Assignment |
Owner name: FA HASSET CO., L.L.C., DELAWARE Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PINNACLE TECHNOLOGY, INC.;REEL/FRAME:023861/0597 Effective date: 20100114 |