WO2002037287A1 - Network operating system - Google Patents

Network operating system Download PDF

Info

Publication number
WO2002037287A1
WO2002037287A1 PCT/AU2001/001389 AU0101389W WO0237287A1 WO 2002037287 A1 WO2002037287 A1 WO 2002037287A1 AU 0101389 W AU0101389 W AU 0101389W WO 0237287 A1 WO0237287 A1 WO 0237287A1
Authority
WO
WIPO (PCT)
Prior art keywords
applet
server
downloadable program
downloadable
user terminal
Prior art date
Application number
PCT/AU2001/001389
Other languages
French (fr)
Inventor
Dario Scopesi
Luca Sormani
Original Assignee
Ventia Pty Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ventia Pty Limited filed Critical Ventia Pty Limited
Priority to AU2002213648A priority Critical patent/AU2002213648A1/en
Publication of WO2002037287A1 publication Critical patent/WO2002037287A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating
    • G06F9/44521Dynamic linking or loading; Link editing at or after load time, e.g. Java class loading
    • G06F9/44526Plug-ins; Add-ons
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/168Implementing security features at a particular protocol layer above the transport layer

Definitions

  • the present invention relates to computer systems and a network operating system, and more specifically, to computer network downloadable software program applications which can communicate with one another.
  • the user browses the computer network with a browser application (browser), locates a specific program and executes the program.
  • the downloaded program (or downloadable program) is generally executed by the browser application itself, in the form of a plug-in or an applet.
  • Some of these downloaded programs can communicate with other programs running on a different computer, usually referred to as a server.
  • a server Such a program is typically used to offer a user special services, such as access to data stored on the server itself.
  • a downloaded program which uses the aforementioned approach communicates with its own server (or servers), to deliver a specific service.
  • the browser enforces heavy restrictions on the downloaded program.
  • the browser prevents the downloaded program access to any resource on the user's computer (terminal) except the computer's display device.
  • the browser typically prevents the downloaded program from being able to communicate with other computers on the computer network, other than the computer from which the downloaded program was actually downloaded.
  • Code-signing generally involves a prompt for user authorization when the program is downloaded, which increases the user's reluctance to trust the program.
  • program A By allowing programs downloaded from different computers or computer network locations to communicate, it would be possible for one of the downloadable programs (program A) to offer additional functionality to other downloadable programs (program B, program C, ...), so that the program developers that created program B, program C, ... do not have to spend time and money coding the additional functionality again.
  • program A exposes to program B, program C, ... services offered by the server software which program A connects to, even greater benefits may be achieved, because program B, program C, ... have a filtered and relatively simple means to access data/software stored on the server(s) associated with program A, without having to directly connect to the server themselves, or without having to access another server that can store that data.
  • program B, program C, ... have access to terminals which are capable of requesting and receiving information from local or remote information sources.
  • a terminal may be any type of computer or computerised device, a personal computer (PC), a mobile or cellular phone, a mobile data terminal, a portable computer, a personal digital assistant (PDA), a pager, a thin client, or any other similar type of electronic device.
  • the capability of the terminal to request and/or receive information can be provided by a downloadable program, an application program, hardware or other such entity.
  • a terminal may be provided with associated devices, for example an information storage device such as a hard disk drive.
  • an information source may be a server or any other type of terminal (for example, a PC computer) coupled to an information storage device (for example, a hard disk drive).
  • a connection referred to as a communication channel.
  • the communication channel can be physically realised via a metallic cable (for example, a telephone line), semi-conducting cable, an electromagnetic signal (for example, a radio frequency (RF) signal), an optical fibre cable, a microwave link, a satellite link or any other such medium or combination thereof connected to a network infrastructure.
  • RF radio frequency
  • the infrastructure may be a telephone switch, a base station, a bridge, a router, or any other such specialised component, which facilitates the connection between the terminal and the network.
  • the infrastructure may be a telephone switch, a base station, a bridge, a router, or any other such specialised component, which facilitates the connection between the terminal and the network.
  • the computer network itself may take a variety of forms. It may be located within a local geographic area, such as an office building, and consist of only a limited number of terminals and information sources. This type of computer network is commonly referred to as a Local Area Network (LAN). On a broader scale, it may be larger and support more users over a wider geographic area, such as across a city. This type of network is commonly referred to as a Wide Area Network (WAN). On an even broader scale LAN and WAN networks may be interconnected across a country or globally. An example of a globally connected computer network is the Internet.
  • LAN Local Area Network
  • WAN Wide Area Network
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • Hyper-text Mark-up Language HTML
  • Hyper-text Transfer Protocol HTTP
  • HTML Hyper-text Mark-up Language
  • HTTP Hyper-text Transfer Protocol
  • HTML tags are used to define the various components of an ASCII text file, image or sound which make up a hyper-text document, including such things as formatting and linking to other documents.
  • HTML tags which link documents on one Internet information source to those on another do so by associating a Uniform Resource Locator (URL) with the referenced information.
  • URL Uniform Resource Locator
  • An example of a downloadable program is an applet, which is a 'mini-program' that can be downloaded quickly and used by any computer or terminal equipped with a Java-capable browser.
  • Java is a programming language designed primarily for writing programs to leave on Internet web-sites and be downloadable over the Internet to a computer or other terminal.
  • Javascript is a scripting language for web-pages and can be embedded in HTML documents.
  • Files, data, information, ect. are stored at various information sources. A user can access files from an information source, if authorised, by connecting to a computer network and requesting the files for viewing or downloading.
  • a method, system or computer readable medium of instructions to allow downloaded programs to communicate with each other is sought to be provided.
  • the present invention seeks to provide a method, system and/or computer readable medium of instructions by which a downloadable program can instruct a browser to automatically download and launch another program, downloadable program, document, file or the like.
  • the present invention seeks to provide a system or method in which a downloadable program running on a user terminal operates as a network operating system for the user terminal, offering other downloadable program(s) running on the user terminal a set of services which the other downloadable program(s) can use, including, but not limited to, access to data, information, files, software or the like, kept on a terminal or information source on the computer network, which may or may not be associated with the downloadable program.
  • the downloadable program running on the user terminal in cooperation with code or programs running on other terminals, can keep a database of code or program modules that can be downloaded from the computer network, and can launch other downloadable programs without the user having to browse the computer network to locate and launch the other downloadable programs .
  • the present invention seeks to provide a method for facilitating a downloadable program to make use of at least one additional downloadable program, the method utilising at least two downloadable programs, each of the downloadable programs able to be downloaded to a user terminal via a computer network, the method including the steps of: downloading a first downloadable program to a user terminal from a first server via a computer network; downloading at least one further downloadable program (second downloadable program) to the user terminal from the first server or a second server via a computer network, or, the first downloadable program causing a second downloadable program to be downloaded to the user terminal from the first server or a second server via a computer network; whereby, the first downloadable program and the second downloadable program can communicate with each other.
  • the present invention also seeks to provide a computer readable medium of instructions for facilitating a downloadable program to make use of at least one additional downloadable program, each of the downloadable programs able to be downloaded to a user terminal via a computer network, the computer readable medium of instructions including: means to allow a first downloadable program, downloaded to a user terminal from a first server via a computer network, to communicate with a second downloadable program, downloaded to the user terminal from the first server or a second server via a computer network; whereby, the computer readable medium of instructions is at least partially embedded in the first downloadable program and the second downloadable program.
  • the present invention also seeks to provide a system for facilitating a downloadable program to make use of at least one additional downloadable program, the system utilising at least two downloadable programs, each of the downloadable programs able to be downloaded to a user terminal via a computer network, the system including: a user terminal; a first server; a second server; means for downloading a first downloadable program to the user terminal from the first server via a computer network; and means for downloading a second downloadable program to the user terminal from the first server or the second server via a computer network, or, means for the first downloadable program to cause the second downloadable program to be downloaded to the user terminal from the first server or the second server via a computer network; whereby, the first downloadable program and the second downloadable program can communicate with each other.
  • the present invention further seeks to provide that the second downloadable program and/or the first downloadable program can communicate with an information source, and at least one of the downloadable programs can then utilise information from the information source by communicating with at least one of the other downloadable program(s).
  • the present invention according to one aspect seeks to provide that the second downloadable program can communicate with the second server, or any other information source, and provide information gained therefrom to the first downloadable program.
  • the present invention according to another aspect seeks to provide that the second downloadable program can communicate with an application, obtain data, or the like on the first server via communicating with the first downloadable program.
  • the present invention provides a method of allowing a second downloadable program to utilise a first downloadable program, each of the downloadable programs able to be downloaded to a user terminal from a server via a computer network, the method including the steps of: downloading the first downloadable program from a first server to a user terminal; the first downloadable program being executed on the user terminal; downloading the second downloadable program from a second server to the user terminal; the second downloadable program being executed on the user terminal; the second downloadable program connecting with the first downloadable program and requesting access to functionality, services, data or information offered by, or accessible by, the first downloadable program; the first downloadable program effecting an authorization check on the request by the second downloadable program; if authorization is granted, then the request is accepted, thereby allowing the second downloadable program and the first downloadable program to communicate with each other and provide the second downloadable program with access to, via the first downloadable program, functionality, services, data or information offered by, or accessible by, the first downloadable program.
  • the present invention provides method of allowing a second downloadable program to utilise a first downloadable program, each of the downloadable programs able to be downloaded to a user terminal from a server via a computer network, the method including the steps of: downloading the first downloadable program from a first server to a user terminal; the first downloadable program being executed on the user terminal; downloading a further downloadable program from the first server to the user terminal; the further downloadable program being executed on the user terminal; the further downloadable program connecting to the first downloadable program and providing the first downloadable program with a computer network address for the second downloadable program; the first downloadable program checking if the second downloadable program is registered within the first server, or if the second downloadable program is not registered, the first downloadable program effecting an authorization check to download and execute the second downloadable program; if the second downloadable program is registered or authorization is granted, downloading the second downloadable program from the supplied computer network address for the second downloadable program to the user terminal; the second downloadable program beginning execution on the
  • the user terminal includes a browser and the browser downloads and executes the downloadable programs.
  • the downloadable programs can be applets. A user clicking on a hyperlink in a web-page can initiate downloading of a downloadable program.
  • the first downloadable program can initiate downloading of the second downloadable program.
  • User authentication can be required before the first downloadable program is downloaded or executes on the user terminal.
  • the first downloadable program running on the user terminal operates as a network operating system for the second downloadable program.
  • the second downloadable program can access data, information, files, or software, via the first downloadable program, from another information source connected to the computer network, in addition to the first server.
  • the second downloadable program can directly access information on the user terminal or the first server without communicating via the first downloadable program.
  • more than one second downloadable program can be downloaded, and the further second downloadable programs can utilise the first downloadable program in accordance with the claimed method.
  • the first downloadable program, the first server, or the user terminal keeps a database of second downloadable programs that can be downloaded from the computer network, and the second downloadable program can be launched without the user browsing the computer network to locate and launch the second downloadable programs.
  • the first downloadable program can also access functionality, services, data or information offered by, or accessible by, the second downloadable program.
  • a user causes the first downloadable program to be downloaded to the user terminal from the first server; thereafter, the user causes a browser hosted on the user terminal to view a web-page with a link, the user activating the link which results in a dynamic web-page to be dynamically generated by the first server; the dynamic web-page containing the second downloadable program which is hosted on a server not being the first server.
  • the present invention provides a method of allowing two or more applets to communicate and gain access to further functionality, each of the applets downloaded to a browser on a user terminal from a server(s), via a computer network, the method including the steps of: a user viewing a first web-page, originating from a first server, on the browser; the browser downloading a first applet from the first server to the user terminal, and the browser launching the first applet; the first applet authenticating the user, and then, if authentication has occurred, the user using the first applet; the browser downloading a second web-page from the first server to the user terminal to be displayed by the browser; the second web-page containing a second applet as embedded code, or causing the second applet to be downloaded from a second server; the browser launching the second applet; the second applet connecting with the first applet and requesting access to functionality, services, data or information offered by, or accessible by, the first applet; the first applet effecting an authorization
  • the present invention provides a method of allowing two or more applets to communicate and gain access to further functionality, each of the applets downloaded to a browser on a user terminal from a server, via a computer network, the method including the steps of: a user viewing a first web-page, originating from a first server, on the browser; the browser downloading a first applet from the first server to the user terminal, and the browser launching the first applet; the first applet authenticating the user, and then, if authentication has occurred, the user using the first applet; the browser downloading a second web-page from the first server to the user terminal to be displayed by the browser; the second web-page containing a further applet as embedded code or causing a further applet to be downloaded from the first server; the browser launching the further applet; the further applet sending a computer network address for a second applet to the first applet; the first applet checking if the second applet is registered, or if the second applet is
  • the first applet can be used to relaunch the second applet without requiring authorization. Also, if the first applet is closed, the second applet can no longer communicate with the first server.
  • the present invention provides a system for allowing a second downloadable program to utilise a first downloadable program, each of the downloadable programs able to be downloaded to a user terminal from a server or servers via a computer network
  • the system including: a user terminal including a web browser; a first server including a communication module, a server application, and a web server; a second server including a web server; a computer network; the web browser interacting with the web server on the first server to download the first downloadable program from the first server to the user terminal, via the computer network, and the first downloadable program being executed in the browser on the user terminal; the first downloadable program able to communicate with the server application residing on the first server, via the communication module; following an authentication process, the web browser interacting with the web server on the second server to download the second downloadable program from the second server to the user terminal, via the computer network, and the second downloadable program being executed in the browser on the user terminal, if authentication is obtained; the second
  • the present invention provides . a computer readable medium of instructions for allowing a second applet to access to functionality, services, data or information offered by, or accessible by, a first applet, each of the applets having been downloaded to, and launched on, a user terminal from a server, or servers, via a computer network, the instructions resulting in: the second applet obtaining a reference to a second window containing the second applet; the second applet serializing parameters to be passed to invoked methods in the first applet; the second applet obtaining and providing parameters to the first applet which include: the name of a first window containing the first applet; the name of the first applet; the name of the service in the first applet which provides the specific method to be called; the name of the method to be invoked inside the service; and the serialized parameters; a function locating the first window containing the first applet; a further function locating the first applet; de-serializing functions in the first applet used to obtain the
  • the first applet can also invoke methods in the second applet.
  • the present invention provides that the first downloadable program and the second downloadable program communicate by combining Javascript scripting language, Java Object Serialization, and Java Reflection with an encoding/decoding algorithm to effectively combine at least two of the aforementioned technologies.
  • the present invention provides that the computer network can be any network of two or more communicating computers or terminals including but not limited to, an internetwork, an intranetwork, a LAN, a WAN, or the Internet.
  • the computer network can be any network of two or more communicating computers or terminals including but not limited to, an internetwork, an intranetwork, a LAN, a WAN, or the Internet.
  • Figure 1 illustrates a preferred embodiment of the present invention wherein, the figure illustrates the interaction between the user's browser and the servers that provides HTML documents and applets .
  • Figure 2 illustrates a preferred embodiment of the present invention wherein, the figure illustrates the process by which the user's browser loads the different applets that will communicate with each other.
  • Figure 3 illustrates a preferred embodiment of the present invention wherein, the figure illustrates the interaction between applet B and applet A and server A.
  • Figure 4 illustrates a preferred embodiment of the present invention wherein, the figure illustrates the process by which applet B is authorised to perform operations involving data stored on server A.
  • Figure 5 illustrates a second preferred embodiment of the present invention wherein, the figure illustrates the interaction between the user's browser and the servers that provides HTML documents and applets.
  • Figure 6 illustrates a second preferred embodiment of the present invention wherein, the figure illustrates the process by which the user's browser loads the different applets that will communicate with each other.
  • Figure 7 illustrates a second preferred embodiment of the present invention wherein, the figure illustrates the interaction between applet B and a first applet A and second applet A, and server A.
  • Figure 8 illustrates a second preferred embodiment of the present invention wherein, the figure illustrates the process by which applet B is authorised to perform operations involving data stored on server A.
  • a preferred, but non-limiting, embodiment of the present invention is shown in the figures 1 to 4.
  • a Java-enabled browser is running on a user terminal, which is typically a user computer (4).
  • a server application runs on a different server computer (2), connected through a computer network to the user computer (4).
  • the user of a Java-enabled browser visits an Internet web-page A, whose content is downloaded by the browser as document A (1), and displays it in a window A of the display device of the user computer (4), for example a window on a PC monitor.
  • the computer that hosts the web-page A is server A (2) (first server).
  • a Java applet embedded in document A (1), applet A (3) (first downloadable program), is then executed within a Java virtual machine by the browser application hosted on the user computer (4).
  • Applet A (3) authenticates the user by an authentication mean (for example, by requesting a login name and a password). Applet A (3) communicates with the server application on server A (2) to verify the user's identity. After the authentication phase is completed, the user can start using applet A (3).
  • an authentication mean for example, by requesting a login name and a password.
  • at least one of the other web-pages contains a link, called link B, to a web-page generated dynamically by server A (2).
  • the contents of this dynamically generated web-page B is document B (5).
  • An applet B (6) (the second downloadable program) is embedded in document B (5), and executed by the browser application.
  • Applet B (6) is hosted on a server different from server A (2), namely server B (7) (second server). This detail is especially important, since server A (2) does not need to know anything about applet B (6), except its address which is passed in the link to the dynamically generated web-page B (5). The content and ownership of applet B (6), and the availability of applet B (6) to the public, is entirely in the hands of the developer of applet B (6).
  • Applet B (6) initiates a communication process with applet A (3) (which is running on the same user computer (4)), and identifies itself.
  • the communication protocol used is described in detail hereinafter.
  • Applet A (3) prompts the user and requests the user's authorization to allow applet B (6) access to functionality and data provided by applet A (3) and the server application. If the user authorization fails or is denied, further communication attempts made by applet B (6) will be refused.
  • applet A (3) sends a message to the server application on server A (2), containing a meaningful name to identify applet B (6), and the full Internet address (URL) of applet B (6).
  • This information is provided by applet B (6) and stored in a database by the server application on server A (2).
  • the authorization is finally notified to applet B (6).
  • Applet B (6) can now invoke the functionality provided by applet A (3), and importantly use applet A (3) as a gate to communicate with the application server on server A (2). Applet B (6) does not need (and typically is actually prevented) to communicate directly with the server application on server A (2). Applet B (6) can therefore, for example, retrieve and store data from/to a remote database controlled by the server application on server A (2). This database can contain data that specifically pertains to the user. More generally, applet B (6) can invoke any service on server A (2), through applet A (3).
  • applet B (6) can no longer communicate with the server application. If the user logs out from applet A (3) and a new user logs in (i.e. provides different authentication information), applet B (6) can no longer communicate with the server application unless explicitly authorized by the new
  • applet B (6) is closed, the user can launch it again without having to use the Internet browser and to explicitly follow link B again, since the web address of applet B (6) is stored on the server A (2) and can be retrieved by applet A (3) at any time. The user can then instruct applet A (3) to launch applet B (6).
  • Applet A (3) can accomplish this task by retrieving the Internet URL (Uniform Resource Locator) of applet B (6) from the server application on server A (2), and creating a new browser window which will point to the required web address.
  • the Internet URL Uniform Resource Locator
  • applet B (6) When applet B (6) is launched by the Internet browser, applet B (6) will try to connect to applet A (3) as previously described. Applet A (3) will not again prompt the user to authorize applet B (6), since information about the authorization previously granted is stored on a database by the server application, and accessed by applet A (3).
  • Applet B (6) is therefore the Internet equivalent of an application, and the combination of applet A (3) and the server application on server A (2) is the equivalent of an operating system.
  • the benefits of using this system is that no application is effectively installed on the user computer (4), and that if the user does not use applet B (6) for a long time, the image of applet B (6) will be automatically removed from the browser cache, freeing storage space on the user computer (4).
  • applet B (6) If the developer of applet B (6) releases a new version of applet B (6), then as long as applet B (6) has the same name and is loaded from the same web address, the user does not need to do anything to use the new version.
  • the browser application will automatically download the updated applet B (6), and the authentication previously granted will remain valid.
  • applets can be "installed" in this virtual operating system, exactly in the same way as applet B (6). They may all be required to obtain individual authorization by the user.
  • the first method is documented by the official Java API documentation, and consists of using the getAppletContext() method of the Java. applet. Applet class. It is possible to call the getApplets() method of the AppletContext object returned by the first call. This method returns only the applets that were embedded in the same HTML document as the calling applet. It is therefore not useful for the present invention, where it is expected that applet B (6) (and potentially all installable applets C, D, ...) is to be loaded at a later time than applet A (3), therefore requiring two different HTML pages.
  • the second method involves the use of static attributes of a Java class by both applet A and applet B. Since the attributes are static, they are unique throughout the entire Java virtual machine, and can be accessed by any applet running within the Java virtual machine. These attributes can therefore include the reference to an Object that provides the communication between applets.
  • This method does not require applet A (3) and applet B (6) to be embedded in the same HTML document.
  • This method relies on the fact that applet A (3) and applet B (6) are executed within the same Java virtual machine. This condition is met only if the two applets are loaded from the same 'codebase', which roughly speaking means that they are loaded from the same web address. Again, because of this limitation this method is not suitable for the present invention.
  • inter-document applet communication is achieved by combining three different existing technologies, and adding a further encoding/decoding algorithm to effectively combine two of them.
  • the first technology utilised is Javascript scripting language, provided by all the major web browsers.
  • the second technology utilised is Java Object Serialization, which allows the transmission of Java objects over any digital transport mean.
  • the third technology used is Java Reflection, which allows for the dynamic location of methods within a Java object.
  • Applet B (6) obtains a reference to the window containing the applet, in the form of a netscape. javascript. JSObject.
  • Applet B serializes all the parameters to be passed to the invoked method in applet A (3) using Java's object serialization.
  • the byte stream is converted to a java.lang.
  • special bytes hexadecimal values 'DA' and 'Dl ') are inserted, and used as a marker to identify the string as an especially encoded parameter string.
  • applet B (6) invokes a specific JavaScript function contained in document B (5), named "AppletCommlnvoke” , passing the following parameters: a) the name (title) of the window containing document A (1) (Window A). b) the name of the applet A (3) c) the name of the service in applet A (3) that provides the specific method to be called d) the name of the method to be invoked inside the service e) the parameter string built at step number 2
  • applet A (3) defines functionality to applet B (6).
  • Each one of these objects is called a 'service', and. it exposes its own functionality's (i.e. Java methods) by calling a specific method in applet A (3). This step is called 'service registration' .
  • applet B (6) can access its functionality's specifying the name of the service and the name of the method.
  • the AppletCommlnvoke JavaScript Function will locate Window A using parameter 3a. If this parameter is null, by convention the window that opened document B (5) in Window B (identified using the window. opener JavaScript variable in Window B) will be assumed as the target window (Window A). If parameter 3a is not null, Window A is located by the javascript call window. open(" " , ⁇ parameter 3a > ).
  • the AppletCommlncominglnvocations function will locate applet A (3) using parameter 3b: if this is null, the first applet embedded in the document will be assumed to be applet A (3). If this is not null, it will look in the Applets [] array of the document for the one whose name is equal to the value of parameter 3b.
  • AppletCommlncominglnvocations function will call the 'accept' Java method in applet A (3), passing to it the parameters 3c, 3d and
  • the accept Java method will decode the parameter 3e, by checking for the string header, which must contain 2 bytes of hexadecimal value DA and Dl , respectively), then by decoding every 2 characters in a byte, then applying Java Object Deserialization to obtain an array of Java Objects, which is the actual parameter list. This step is the exact inverse of step 2.
  • the accept Java method will lookup for the service whose name equals the value of parameter 3c.
  • the lookup is done in a hash table that holds all the registered services.
  • the accept method will invoke the method whose name equals the value of parameter 3d, and that is contained in the service object located in step 9.
  • the parameters passed to the method are the actual parameters decoded in step 8.
  • the result value of the invocation can be null, an Object, or a Java primitive data type.
  • Object serialization is used to generate a result string, exactly as in step 2.
  • the primitive data type is converted in a primitive data type Object wrapper (eg. a java.lang. Integer object for an int) and then serialized.
  • Applet B (6) will decode the result String using the same method as in step 8, and use the resulting Object accordingly.
  • applet A (3) can invoke methods in applet B (6), and vice versa.
  • the end user should obtain maximum benefit by this cooperation of user software, because more software would be available to the user, since it costs less to develop shared software. Besides this, a uniform user software environment is generally easier to use. Also, the user could have a greater choice of tools to view or modify data.
  • Applet A (13) can be digitally signed, ie. its author has signed it using a specific cryptographic certificate issued by a Certification Authority and trusted by the browser running on the user computer (14). If applet A (13) is digitally signed by the author, and the signature is trusted by the browser (which in any case prompts the user, displaying the author's details), it is given full access to computer resources and functionalities. This can include initiating communication with computers other than server A (12) from which it was downloaded, and listening for communication requests originating from any computer, including the user computer (14).
  • Applet A (13) authenticates the user by an authentication mean (for example, by requesting a login name and a password). Applet A (13) communicates with the server application on server A (12) to verify the user's identity. After the authentication phase is completed, the user can start using applet A (13).
  • at least one of the other web-pages contains a link, called link C, to a web-page dynamically created by server A (12).
  • the content of this dynamically generated web-page C is document C (15).
  • An applet C (16) is embedded in document C (15), and executed by the browser application.
  • the applet C (16) resides on server A (12), and is also digitally signed.
  • Applet C (16) initiates a communication process with applet A (13).
  • applet A (13) and applet C (16) are both digitally signed, they can either communicate directly using TCP/IP protocol, or can use the same process described earlier in the section "Inter-applet communication" .
  • applet A (13) listens for incoming communication requests on a particular IP port. IP ports are identified with a number. This number can be a fixed, well known value or, alternatively, be stored by applet A (13) in a file on the local file system of the user computer (14), stored in a well known position.
  • applet C (16) can initiate a communication by contacting applet A (13) on the specific port, using either the well known number or retrieving it by reading from the known file.
  • applet C (16) sends a message to applet A (13), instructing it to load applet B (18).
  • Applet B (18) is stored on server B (17), possibly different from server A (12).
  • the full address of applet B (18), including the address of server B (17) and the address of applet B (18) within that server, is part of a link A, and is included in the dynamically generated web-page C (15).
  • the address is then read from this page by applet C (16) and passed in the communication process to applet A (13). This address is all applet A (13) needs to know in order to locate applet B (18).
  • the address contained in link A is that of a document B, located on server B (17).
  • Document B contains, in a well know format (for example, XML), the address of applet B (18), which can also be composed of multiple components, each with its own address.
  • Other properties of applet B (18) can include, but are not limited to, its title, the author's name, the system requirements to run the applet B (18), and so on.
  • Document B can also specify multiple addresses for applet B (18) and its components, based on the properties of the computer in which applet B (18) is to be run. This allows for the deployment of different versions of applet B (18), each version appropriate for a specific type of execution environment (processor, operating system, software libraries available, and so on).
  • applet B (18) (and, if any, document B) can be hosted on a server B (17), generally different from server A (12), is extremely important, since server A (12) does not need to know a priori of the existence of applet B (18), document B or server B (17).
  • Server A (2) simply dynamically generates web- page C (15) in response to the request represented by link A, and such request is initiated by the user.
  • applet B (18), and the availability of applet B (18) to the public is entirely in the hands of the developer of applet B (18). In the same fashion, the content and ownership of document B, and the availability of document B to the public, is entirely in the hands of the developer of document B.
  • applet C (16) terminates its execution.
  • applet A (13) After receiving the message from applet C (16), applet A (13) prompts the user and requests the user authorization to allow applet B (18) to access functionality and data provided by applet A (13) and the server application on server A (12). If the user authorization is denied, the process terminates and applet B (18) is not loaded or executed.
  • applet A (13) loads the applet B (18) from server B (17). It is allowed to do this by the user browser, because of its digital signature.
  • applet A (13) loads document B from server B (17) and reads its content. Based on the properties of the system on which it is running, applet A (13) decides which version of applet B (18), if multiple versions are specified in document B, to load, and then reads from document B the address of applet B (18) or the addresses of its components.
  • applet B (18) is performed by applet A (13) by using language- specific mechanisms.
  • a mechanism In the case of the Java language, such a mechanism is generally referred to as dynamic class loading, and it makes use of the Java system class "java.lang.ClassLoader" .
  • applet A (13) Once applet A (13) has loaded applet B (18), it sends a message to server A (12) containing the title of applet B (18) and its Internet address, or the address of document B, if it exists. Finally, applet A (13) begins the execution of applet B (18). Since applet B (18) is effectively run within applet A (13) itself, it can access directly functionalities provided by applet A (13), and it can also access functionalities and data provided and stored by server A (12), using applet A (13) as a gate.
  • applet B (18) can no longer communicate with the server application on server A (12). If the user logs out from applet A (13) and a new user logs in (i.e. provides different authentication information), applet B (18) can no longer communicate with the server application on server A (12) unless explicitly authorized by the new user. Alternatively, if applet B (18) is closed, the user can launch it again without having to use the Internet browser and to explicitly follow link A again, since the web address of applet B (18) is stored on the server and can be retrieved by applet A (13) at any time. The user can instruct applet A (13) to launch applet B (18). This time applet A (13) will not request the user's authorization, since such authorization is stored on the database by the server application, and retrieved by applet A (13).
  • the present invention is not limited to any particular type of computer network or any particular type of code.
  • the invention has been described with reference to an embodiment in which the Internet is the computer network over which the user-executed code is delivered, and the user-executed portion of a database application is delivered as a Java applet in Java byte-code to a user computer (4) running a Java-enabled web browser (8).
  • the Internet is the computer network over which the user-executed code is delivered
  • the user-executed portion of a database application is delivered as a Java applet in Java byte-code to a user computer (4) running a Java-enabled web browser (8).
  • the computer network as referenced in this specification should be taken to include all forms of connected or communicating computers or terminals having at least two terminals connected or communicating as hereinbefore described. That is, the term computer network should be taken to include any type of terminal as hereinbefore defined, computer, computerised device, peripheral computer equipment, computerised accessory, mobile or cellular phone, digital electronic device or other similar type of computerised electronic device or part thereof which is rendered such that it is capable of communicating with at least one of any of the aforementioned entities.
  • Said communication of information or data can occur over any data communications network, computer network, wireless network, internetwork, intranetwork, local area network (LAN), wide area network (WAN), the Internet and developments thereof, transient or temporary network, combinations of the above or any other type of network providing for computerised, electronic or digital devices.
  • data communications network computer network, wireless network, internetwork, intranetwork, local area network (LAN), wide area network (WAN), the Internet and developments thereof, transient or temporary network, combinations of the above or any other type of network providing for computerised, electronic or digital devices.
  • references to the terms connecting, communicating, transmitting, requesting, receiving, exchanging and the like, and permutations thereof, as applied to the term computer network and/or components thereof should be taken to pertain to the transfer of information or data.
  • Such transfers of information or data can be facilitated for by any form of entity/entities for facilitating such, including, but not limited to, metallic wires or cables, semiconducting wires or cables, optical fibres and optical devices, wireless means, electromagnetic waves and the like and modulations thereof, acoustic waves and the like and modulations thereof, control of electric and/or magnetic fields, and/or the transportation of all forms of memory devices.
  • the invention may also be said broadly to consist in the parts, elements and features referred to or indicated in the specification of the application, individually or collectively, in any or all combinations of two or more of said parts, elements or features, and where specific integers are mentioned herein which have known equivalents in the art to which the invention relates, such known equivalents are deemed to be incorporated herein as if individually set forth.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Stored Programmes (AREA)
  • Information Transfer Between Computers (AREA)

Abstract

In one embodiment, a Java applet embedded in document A (1), applet A (3), is executed within a Java virtual machine by a browser application hosted on the user computer (4). Applet A (3) authenticates the user and communicates with the server application on server A (2) to verify the user's identity. At any time thereafter, whilst applet A (3) is still running, the user can browse the Internet and visit a dynamically generated web-page B (document B (5)). An applet B (6) is embedded in document B (5), and executed by the browser application. Applet B (6) is hosted on a server different from server A (2), namely server B (7). Applet B (6) initiates a communication process with applet A (3) (which is running on the same user computer (4)), and identifies itself. If the user gives authorization, applet B (6) can invoke the functionality provided by applet A (3), and use applet A (3) as a gate to communicate with the application server on server A (2). Applet B (6) can retrieve and store data from/to a remote database controlled by the server application. Applet B (6) can invoke any service on server A (2), through applet A (3).

Description

NETWORK OPERATING SYSTEM
Technical Field
The present invention relates to computer systems and a network operating system, and more specifically, to computer network downloadable software program applications which can communicate with one another.
Background Art
Existing computer technology allows users to download and execute software (a downloadable program) on a computer from a computer network without actively installing the program (software) on the computer.
The user browses the computer network with a browser application (browser), locates a specific program and executes the program. The downloaded program (or downloadable program) is generally executed by the browser application itself, in the form of a plug-in or an applet.
Some of these downloaded programs can communicate with other programs running on a different computer, usually referred to as a server. Such a program is typically used to offer a user special services, such as access to data stored on the server itself.
Normally, a downloaded program which uses the aforementioned approach communicates with its own server (or servers), to deliver a specific service. Typically, unless the downloaded program is authenticated by means of some code-signing method, the browser enforces heavy restrictions on the downloaded program. Usually, the browser prevents the downloaded program access to any resource on the user's computer (terminal) except the computer's display device. Also, the browser typically prevents the downloaded program from being able to communicate with other computers on the computer network, other than the computer from which the downloaded program was actually downloaded.
These restrictions greatly limit the usefulness of a downloadable program once downloaded. Additionally, the process of code-signing is rather long and expensive for a program developer. Code-signing generally involves a prompt for user authorization when the program is downloaded, which increases the user's reluctance to trust the program.
In addition, there is no cooperation between programs downloaded from different computer network locations at different times. This prevents the establishment of a synergy between different downloaded programs or program modules that could offer a more integrated and coherent user experience.
By allowing programs downloaded from different computers or computer network locations to communicate, it would be possible for one of the downloadable programs (program A) to offer additional functionality to other downloadable programs (program B, program C, ...), so that the program developers that created program B, program C, ... do not have to spend time and money coding the additional functionality again.
If program A exposes to program B, program C, ... services offered by the server software which program A connects to, even greater benefits may be achieved, because program B, program C, ... have a filtered and relatively simple means to access data/software stored on the server(s) associated with program A, without having to directly connect to the server themselves, or without having to access another server that can store that data. In a networked data communications system, users have access to terminals which are capable of requesting and receiving information from local or remote information sources. In such a system a terminal may be any type of computer or computerised device, a personal computer (PC), a mobile or cellular phone, a mobile data terminal, a portable computer, a personal digital assistant (PDA), a pager, a thin client, or any other similar type of electronic device. The capability of the terminal to request and/or receive information can be provided by a downloadable program, an application program, hardware or other such entity. A terminal may be provided with associated devices, for example an information storage device such as a hard disk drive.
In such a system an information source may be a server or any other type of terminal (for example, a PC computer) coupled to an information storage device (for example, a hard disk drive). The exchange of information (i.e. , the request and/or receipt of information) between the terminal and the information source, or other terminal(s), is facilitated by a connection referred to as a communication channel. The communication channel can be physically realised via a metallic cable (for example, a telephone line), semi-conducting cable, an electromagnetic signal (for example, a radio frequency (RF) signal), an optical fibre cable, a microwave link, a satellite link or any other such medium or combination thereof connected to a network infrastructure. The infrastructure may be a telephone switch, a base station, a bridge, a router, or any other such specialised component, which facilitates the connection between the terminal and the network. Collectively, the interconnected group of terminals, physical connections, infrastructure and information sources is referred to as a computer network or data communications network.
The computer network itself may take a variety of forms. It may be located within a local geographic area, such as an office building, and consist of only a limited number of terminals and information sources. This type of computer network is commonly referred to as a Local Area Network (LAN). On a broader scale, it may be larger and support more users over a wider geographic area, such as across a city. This type of network is commonly referred to as a Wide Area Network (WAN). On an even broader scale LAN and WAN networks may be interconnected across a country or globally. An example of a globally connected computer network is the Internet.
To a user the Internet appears to be a single unified computer network, although in reality it consists of many different types of computer platforms utilising many diverse data communications technologies. The technologies are connected together in such a manner so they appear transparent to the user. This transparency is made possible through the use of a standard communications protocol suite known as Transmission Control Protocol/Internet Protocol (TCP/IP).
The Hyper-text Mark-up Language (HTML) and Hyper-text Transfer Protocol (HTTP) have developed to make the Internet or World Wide Web very accessible. The exchange of information on the Internet is further facilitated through hyper-text documents, typically by using a browser. Hyper-text documents are unique in that they use tags to define links which, when selected, fetch the related information from within the same document or from a new document altogether. The links are defined using HTML which provides a document formatting method which adapts in a consistent manner to any computer on which it is displayed. HTML tags are used to define the various components of an ASCII text file, image or sound which make up a hyper-text document, including such things as formatting and linking to other documents. HTML tags which link documents on one Internet information source to those on another do so by associating a Uniform Resource Locator (URL) with the referenced information. The ability to link Internet files of similar and/or differing formats to each other, and to link documents on other Internet sites, is a powerful feature of the Internet. An example of a downloadable program is an applet, which is a 'mini-program' that can be downloaded quickly and used by any computer or terminal equipped with a Java-capable browser. Java is a programming language designed primarily for writing programs to leave on Internet web-sites and be downloadable over the Internet to a computer or other terminal. Javascript is a scripting language for web-pages and can be embedded in HTML documents. Files, data, information, ect. are stored at various information sources. A user can access files from an information source, if authorised, by connecting to a computer network and requesting the files for viewing or downloading.
This identifies a need for a new type of method, system and/or computer readable set of instructions relating to computer network downloadable software program applications which overcome, or at least ameliorate, the problems inherent in the prior art.
Disclosure Of Invention
In a particular embodiment of the present invention, a method, system or computer readable medium of instructions to allow downloaded programs to communicate with each other is sought to be provided.
In a further embodiment of the present invention, it is sought to provide a method, system and/or computer readable medium of instructions to enable a downloadable program to utilise services provided by another downloadable program, or provided by a server to which the other downloadable program can connect.
In yet a further embodiment of the present invention, it is sought to provide a method, system and/or computer readable medium of instructions by which a downloadable program can instruct a browser to automatically download and launch another program, downloadable program, document, file or the like. In still a further embodiment of the present invention, the present invention seeks to provide a system or method in which a downloadable program running on a user terminal operates as a network operating system for the user terminal, offering other downloadable program(s) running on the user terminal a set of services which the other downloadable program(s) can use, including, but not limited to, access to data, information, files, software or the like, kept on a terminal or information source on the computer network, which may or may not be associated with the downloadable program.
The downloadable program running on the user terminal, in cooperation with code or programs running on other terminals, can keep a database of code or program modules that can be downloaded from the computer network, and can launch other downloadable programs without the user having to browse the computer network to locate and launch the other downloadable programs .
The present invention seeks to provide a method for facilitating a downloadable program to make use of at least one additional downloadable program, the method utilising at least two downloadable programs, each of the downloadable programs able to be downloaded to a user terminal via a computer network, the method including the steps of: downloading a first downloadable program to a user terminal from a first server via a computer network; downloading at least one further downloadable program (second downloadable program) to the user terminal from the first server or a second server via a computer network, or, the first downloadable program causing a second downloadable program to be downloaded to the user terminal from the first server or a second server via a computer network; whereby, the first downloadable program and the second downloadable program can communicate with each other.
The present invention also seeks to provide a computer readable medium of instructions for facilitating a downloadable program to make use of at least one additional downloadable program, each of the downloadable programs able to be downloaded to a user terminal via a computer network, the computer readable medium of instructions including: means to allow a first downloadable program, downloaded to a user terminal from a first server via a computer network, to communicate with a second downloadable program, downloaded to the user terminal from the first server or a second server via a computer network; whereby, the computer readable medium of instructions is at least partially embedded in the first downloadable program and the second downloadable program.
The present invention also seeks to provide a system for facilitating a downloadable program to make use of at least one additional downloadable program, the system utilising at least two downloadable programs, each of the downloadable programs able to be downloaded to a user terminal via a computer network, the system including: a user terminal; a first server; a second server; means for downloading a first downloadable program to the user terminal from the first server via a computer network; and means for downloading a second downloadable program to the user terminal from the first server or the second server via a computer network, or, means for the first downloadable program to cause the second downloadable program to be downloaded to the user terminal from the first server or the second server via a computer network; whereby, the first downloadable program and the second downloadable program can communicate with each other.
In one embodiment, the present invention further seeks to provide that the second downloadable program and/or the first downloadable program can communicate with an information source, and at least one of the downloadable programs can then utilise information from the information source by communicating with at least one of the other downloadable program(s). The present invention according to one aspect seeks to provide that the second downloadable program can communicate with the second server, or any other information source, and provide information gained therefrom to the first downloadable program. The present invention according to another aspect seeks to provide that the second downloadable program can communicate with an application, obtain data, or the like on the first server via communicating with the first downloadable program.
In a further specific embodiment of the present invention, the present invention provides a method of allowing a second downloadable program to utilise a first downloadable program, each of the downloadable programs able to be downloaded to a user terminal from a server via a computer network, the method including the steps of: downloading the first downloadable program from a first server to a user terminal; the first downloadable program being executed on the user terminal; downloading the second downloadable program from a second server to the user terminal; the second downloadable program being executed on the user terminal; the second downloadable program connecting with the first downloadable program and requesting access to functionality, services, data or information offered by, or accessible by, the first downloadable program; the first downloadable program effecting an authorization check on the request by the second downloadable program; if authorization is granted, then the request is accepted, thereby allowing the second downloadable program and the first downloadable program to communicate with each other and provide the second downloadable program with access to, via the first downloadable program, functionality, services, data or information offered by, or accessible by, the first downloadable program.
In a further specific embodiment of the present invention, the present invention provides method of allowing a second downloadable program to utilise a first downloadable program, each of the downloadable programs able to be downloaded to a user terminal from a server via a computer network, the method including the steps of: downloading the first downloadable program from a first server to a user terminal; the first downloadable program being executed on the user terminal; downloading a further downloadable program from the first server to the user terminal; the further downloadable program being executed on the user terminal; the further downloadable program connecting to the first downloadable program and providing the first downloadable program with a computer network address for the second downloadable program; the first downloadable program checking if the second downloadable program is registered within the first server, or if the second downloadable program is not registered, the first downloadable program effecting an authorization check to download and execute the second downloadable program; if the second downloadable program is registered or authorization is granted, downloading the second downloadable program from the supplied computer network address for the second downloadable program to the user terminal; the second downloadable program beginning execution on the user terminal; the second downloadable program and the first downloadable program able to communicate with each other and provide the second downloadable program with access to, via the first downloadable program, functionality, services, data or information offered by, or accessible by, the first downloadable program.
In a specific embodiment, the user terminal includes a browser and the browser downloads and executes the downloadable programs. The downloadable programs can be applets. A user clicking on a hyperlink in a web-page can initiate downloading of a downloadable program. The first downloadable program can initiate downloading of the second downloadable program. User authentication can be required before the first downloadable program is downloaded or executes on the user terminal. Broadly, the first downloadable program running on the user terminal operates as a network operating system for the second downloadable program.
Furthermore, the second downloadable program can access data, information, files, or software, via the first downloadable program, from another information source connected to the computer network, in addition to the first server. In an alternate embodiment, the second downloadable program can directly access information on the user terminal or the first server without communicating via the first downloadable program. In another embodiment, more than one second downloadable program can be downloaded, and the further second downloadable programs can utilise the first downloadable program in accordance with the claimed method. In still a further embodiment, the first downloadable program, the first server, or the user terminal, keeps a database of second downloadable programs that can be downloaded from the computer network, and the second downloadable program can be launched without the user browsing the computer network to locate and launch the second downloadable programs. The first downloadable program can also access functionality, services, data or information offered by, or accessible by, the second downloadable program.
In yet another embodiment, a user causes the first downloadable program to be downloaded to the user terminal from the first server; thereafter, the user causes a browser hosted on the user terminal to view a web-page with a link, the user activating the link which results in a dynamic web-page to be dynamically generated by the first server; the dynamic web-page containing the second downloadable program which is hosted on a server not being the first server.
In a further specific embodiment of the present invention, the present invention provides a method of allowing two or more applets to communicate and gain access to further functionality, each of the applets downloaded to a browser on a user terminal from a server(s), via a computer network, the method including the steps of: a user viewing a first web-page, originating from a first server, on the browser; the browser downloading a first applet from the first server to the user terminal, and the browser launching the first applet; the first applet authenticating the user, and then, if authentication has occurred, the user using the first applet; the browser downloading a second web-page from the first server to the user terminal to be displayed by the browser; the second web-page containing a second applet as embedded code, or causing the second applet to be downloaded from a second server; the browser launching the second applet; the second applet connecting with the first applet and requesting access to functionality, services, data or information offered by, or accessible by, the first applet; the first applet effecting an authorization check on the request by the second applet; if authorization is granted, then the request is accepted, thereby allowing the second applet and the first applet to communicate with each other and provide access to functionality, services, data or information offered by, or accessible by, the other applet.
In still a further specific embodiment of the present invention, the present invention provides a method of allowing two or more applets to communicate and gain access to further functionality, each of the applets downloaded to a browser on a user terminal from a server, via a computer network, the method including the steps of: a user viewing a first web-page, originating from a first server, on the browser; the browser downloading a first applet from the first server to the user terminal, and the browser launching the first applet; the first applet authenticating the user, and then, if authentication has occurred, the user using the first applet; the browser downloading a second web-page from the first server to the user terminal to be displayed by the browser; the second web-page containing a further applet as embedded code or causing a further applet to be downloaded from the first server; the browser launching the further applet; the further applet sending a computer network address for a second applet to the first applet; the first applet checking if the second applet is registered, or if the second applet is not registered, the first applet effecting an authorization check before downloading the second applet; if the second applet is registered or authorization is granted, downloading the second applet from the supplied computer network address for the second applet to the user terminal; the second applet beginning execution in the browser on the user terminal; thereby allowing the second applet and the first applet to communicate with each other and provide access to functionality, services, data or information offered by, or accessible by, the other applet.
In a specific form, if the second applet is closed, the first applet can be used to relaunch the second applet without requiring authorization. Also, if the first applet is closed, the second applet can no longer communicate with the first server.
In yet a further various specific embodiment of the present invention, the present invention provides a system for allowing a second downloadable program to utilise a first downloadable program, each of the downloadable programs able to be downloaded to a user terminal from a server or servers via a computer network, the system including: a user terminal including a web browser; a first server including a communication module, a server application, and a web server; a second server including a web server; a computer network; the web browser interacting with the web server on the first server to download the first downloadable program from the first server to the user terminal, via the computer network, and the first downloadable program being executed in the browser on the user terminal; the first downloadable program able to communicate with the server application residing on the first server, via the communication module; following an authentication process, the web browser interacting with the web server on the second server to download the second downloadable program from the second server to the user terminal, via the computer network, and the second downloadable program being executed in the browser on the user terminal, if authentication is obtained; the second downloadable program communicating with the server application on the first server by communicating with the first downloadable program which in turn communicates with the communication module, whereby the second downloadable program can access the functionality, services, data or information associated with the server application.
In a further specific embodiment of the present invention, the present invention provides . a computer readable medium of instructions for allowing a second applet to access to functionality, services, data or information offered by, or accessible by, a first applet, each of the applets having been downloaded to, and launched on, a user terminal from a server, or servers, via a computer network, the instructions resulting in: the second applet obtaining a reference to a second window containing the second applet; the second applet serializing parameters to be passed to invoked methods in the first applet; the second applet obtaining and providing parameters to the first applet which include: the name of a first window containing the first applet; the name of the first applet; the name of the service in the first applet which provides the specific method to be called; the name of the method to be invoked inside the service; and the serialized parameters; a function locating the first window containing the first applet; a further function locating the first applet; de-serializing functions in the first applet used to obtain the parameters from the second applet; the first applet using a table that holds all the registered services to lookup the requested service; the first applet invoking the requested method and passing de-serialized parameters to the method and returning a result string to the second applet; the second applet decoding the result string and using the resulting object. Alternatively, the present invention can also provide a computer readable medium of instructions for allowing the first applet to directly load the second applet.
According to a specific form, the first applet can also invoke methods in the second applet.
Broadly, the present invention provides that the first downloadable program and the second downloadable program communicate by combining Javascript scripting language, Java Object Serialization, and Java Reflection with an encoding/decoding algorithm to effectively combine at least two of the aforementioned technologies.
In yet a further broad form, the present invention provides that the computer network can be any network of two or more communicating computers or terminals including but not limited to, an internetwork, an intranetwork, a LAN, a WAN, or the Internet. In another form of the invention there is provided a method, system, or computer-readable medium of instructions, substantially according to the embodiment described in the specification with reference to the accompanying figures.
Brief description Of Figures
The present invention will become apparent from the following description, which is given by way of example only, of a preferred but non-limiting embodiment thereof, described in connection with the accompanying figures, wherein: Figure 1 illustrates a preferred embodiment of the present invention wherein, the figure illustrates the interaction between the user's browser and the servers that provides HTML documents and applets .
Figure 2 illustrates a preferred embodiment of the present invention wherein, the figure illustrates the process by which the user's browser loads the different applets that will communicate with each other.
Figure 3 illustrates a preferred embodiment of the present invention wherein, the figure illustrates the interaction between applet B and applet A and server A.
Figure 4 illustrates a preferred embodiment of the present invention wherein, the figure illustrates the process by which applet B is authorised to perform operations involving data stored on server A.
Figure 5 illustrates a second preferred embodiment of the present invention wherein, the figure illustrates the interaction between the user's browser and the servers that provides HTML documents and applets. Figure 6 illustrates a second preferred embodiment of the present invention wherein, the figure illustrates the process by which the user's browser loads the different applets that will communicate with each other.
Figure 7 illustrates a second preferred embodiment of the present invention wherein, the figure illustrates the interaction between applet B and a first applet A and second applet A, and server A. Figure 8 illustrates a second preferred embodiment of the present invention wherein, the figure illustrates the process by which applet B is authorised to perform operations involving data stored on server A.
Modes For Carrying Out The Invention
In the figures, incorporated to illustrate the features of the present invention, like reference numerals are used to identify like parts throughout the figures.
A preferred, but non-limiting, embodiment of the present invention is shown in the figures 1 to 4. In the preferred, but non-limiting, description provided, a Java-enabled browser is running on a user terminal, which is typically a user computer (4). A server application runs on a different server computer (2), connected through a computer network to the user computer (4).
Referring to figure 1, the user of a Java-enabled browser, hosted by the user computer (4), visits an Internet web-page A, whose content is downloaded by the browser as document A (1), and displays it in a window A of the display device of the user computer (4), for example a window on a PC monitor. The computer that hosts the web-page A is server A (2) (first server). A Java applet embedded in document A (1), applet A (3) (first downloadable program), is then executed within a Java virtual machine by the browser application hosted on the user computer (4).
Applet A (3) authenticates the user by an authentication mean (for example, by requesting a login name and a password). Applet A (3) communicates with the server application on server A (2) to verify the user's identity. After the authentication phase is completed, the user can start using applet A (3).
At any time thereafter, whilst applet A (3) is still running, the user can browse the Internet and visit other web-pages. In accordance with the present invention, at least one of the other web-pages contains a link, called link B, to a web-page generated dynamically by server A (2). The contents of this dynamically generated web-page B is document B (5).
An applet B (6) (the second downloadable program) is embedded in document B (5), and executed by the browser application.
Applet B (6) is hosted on a server different from server A (2), namely server B (7) (second server). This detail is especially important, since server A (2) does not need to know anything about applet B (6), except its address which is passed in the link to the dynamically generated web-page B (5). The content and ownership of applet B (6), and the availability of applet B (6) to the public, is entirely in the hands of the developer of applet B (6).
Applet B (6) initiates a communication process with applet A (3) (which is running on the same user computer (4)), and identifies itself. The communication protocol used is described in detail hereinafter. Applet A (3) prompts the user and requests the user's authorization to allow applet B (6) access to functionality and data provided by applet A (3) and the server application. If the user authorization fails or is denied, further communication attempts made by applet B (6) will be refused.
If the user gives authorization, applet A (3) sends a message to the server application on server A (2), containing a meaningful name to identify applet B (6), and the full Internet address (URL) of applet B (6). This information is provided by applet B (6) and stored in a database by the server application on server A (2). The authorization is finally notified to applet B (6).
Applet B (6) can now invoke the functionality provided by applet A (3), and importantly use applet A (3) as a gate to communicate with the application server on server A (2). Applet B (6) does not need (and typically is actually prevented) to communicate directly with the server application on server A (2). Applet B (6) can therefore, for example, retrieve and store data from/to a remote database controlled by the server application on server A (2). This database can contain data that specifically pertains to the user. More generally, applet B (6) can invoke any service on server A (2), through applet A (3).
If the user closes applet A (3), applet B (6) can no longer communicate with the server application. If the user logs out from applet A (3) and a new user logs in (i.e. provides different authentication information), applet B (6) can no longer communicate with the server application unless explicitly authorized by the new
I user.
Alternatively, if applet B (6) is closed, the user can launch it again without having to use the Internet browser and to explicitly follow link B again, since the web address of applet B (6) is stored on the server A (2) and can be retrieved by applet A (3) at any time. The user can then instruct applet A (3) to launch applet B (6). Applet A (3) can accomplish this task by retrieving the Internet URL (Uniform Resource Locator) of applet B (6) from the server application on server A (2), and creating a new browser window which will point to the required web address.
When applet B (6) is launched by the Internet browser, applet B (6) will try to connect to applet A (3) as previously described. Applet A (3) will not again prompt the user to authorize applet B (6), since information about the authorization previously granted is stored on a database by the server application, and accessed by applet A (3).
Applet B (6) is therefore the Internet equivalent of an application, and the combination of applet A (3) and the server application on server A (2) is the equivalent of an operating system. The benefits of using this system is that no application is effectively installed on the user computer (4), and that if the user does not use applet B (6) for a long time, the image of applet B (6) will be automatically removed from the browser cache, freeing storage space on the user computer (4).
If the developer of applet B (6) releases a new version of applet B (6), then as long as applet B (6) has the same name and is loaded from the same web address, the user does not need to do anything to use the new version. The browser application will automatically download the updated applet B (6), and the authentication previously granted will remain valid.
Of course, many other applets can be "installed" in this virtual operating system, exactly in the same way as applet B (6). They may all be required to obtain individual authorization by the user.
The aforementioned method or system is further illustrated in figure 2.
Inter-applet communication:
The process by which two Java applets (applet A (3) and applet B (6)) can communicate is not trivial, if they are not digitally signed. Currently there are two known methods for applets to communicate.
The first method is documented by the official Java API documentation, and consists of using the getAppletContext() method of the Java. applet. Applet class. It is possible to call the getApplets() method of the AppletContext object returned by the first call. This method returns only the applets that were embedded in the same HTML document as the calling applet. It is therefore not useful for the present invention, where it is expected that applet B (6) (and potentially all installable applets C, D, ...) is to be loaded at a later time than applet A (3), therefore requiring two different HTML pages.
The second method involves the use of static attributes of a Java class by both applet A and applet B. Since the attributes are static, they are unique throughout the entire Java virtual machine, and can be accessed by any applet running within the Java virtual machine. These attributes can therefore include the reference to an Object that provides the communication between applets.
This method does not require applet A (3) and applet B (6) to be embedded in the same HTML document. This method relies on the fact that applet A (3) and applet B (6) are executed within the same Java virtual machine. This condition is met only if the two applets are loaded from the same 'codebase', which roughly speaking means that they are loaded from the same web address. Again, because of this limitation this method is not suitable for the present invention.
Therefore, a new method to achieve unrestricted inter-applet communication is used instead. This method is explained in detail in the following section.
Inter-applet communication - solution:
In a preferred form of the present invention, inter-document applet communication is achieved by combining three different existing technologies, and adding a further encoding/decoding algorithm to effectively combine two of them. The first technology utilised is Javascript scripting language, provided by all the major web browsers. The second technology utilised is Java Object Serialization, which allows the transmission of Java objects over any digital transport mean. The third technology used is Java Reflection, which allows for the dynamic location of methods within a Java object.
To summarize the environment addressed in the previous paragraphs, the common situation is the following:
• Applet A (3) is embedded in Document A (1), shown in Window A
• Applet B (6) is embedded in Document B (5), shown in Window B • Applet B (6) wants to invoke a method in Applet A (3), and to process its results. According a preferred embodiment of the present invention, the following steps are taken, which are also illustrated with reference to figure 3 and figure 4.
1) Applet B (6) obtains a reference to the window containing the applet, in the form of a netscape. javascript. JSObject.
2) Applet B (6) serializes all the parameters to be passed to the invoked method in applet A (3) using Java's object serialization. The byte stream is converted to a java.lang. String in which every byte is represented in 2 digits hexadecimal notation (eg. the byte whose decimal value is 244 will be appended to the string as the 2 characters 'F4'). At the beginning of the string 2 special bytes (hexadecimal values 'DA' and 'Dl ') are inserted, and used as a marker to identify the string as an especially encoded parameter string.
3) Using the JSObject. call() method, applet B (6) invokes a specific JavaScript function contained in document B (5), named "AppletCommlnvoke" , passing the following parameters: a) the name (title) of the window containing document A (1) (Window A). b) the name of the applet A (3) c) the name of the service in applet A (3) that provides the specific method to be called d) the name of the method to be invoked inside the service e) the parameter string built at step number 2
Definition of a service: within applet A (3), multiple objects can provide functionality to applet B (6). Each one of these objects is called a 'service', and. it exposes its own functionality's (i.e. Java methods) by calling a specific method in applet A (3). This step is called 'service registration' . Once a service is registered, applet B (6) can access its functionality's specifying the name of the service and the name of the method.
4) The AppletCommlnvoke JavaScript Function will locate Window A using parameter 3a. If this parameter is null, by convention the window that opened document B (5) in Window B (identified using the window. opener JavaScript variable in Window B) will be assumed as the target window (Window A). If parameter 3a is not null, Window A is located by the javascript call window. open(" " , < parameter 3a > ).
5) The AppletCommlnvoke JavaScript Function will call the JavaScript function AppletCommlncominglnvocations contained in Document A (1) in Window A, passing to it the parameters 3b, 3c, 3d and 3e. This invocation is allowed by the browser because document A (1) and document B (5) are both generated by the same server (document B (5) being dynamically generated, in this non-limiting example).
6) The AppletCommlncominglnvocations function will locate applet A (3) using parameter 3b: if this is null, the first applet embedded in the document will be assumed to be applet A (3). If this is not null, it will look in the Applets [] array of the document for the one whose name is equal to the value of parameter 3b.
7) The AppletCommlncominglnvocations function will call the 'accept' Java method in applet A (3), passing to it the parameters 3c, 3d and
3e.
8) The accept Java method will decode the parameter 3e, by checking for the string header, which must contain 2 bytes of hexadecimal value DA and Dl , respectively), then by decoding every 2 characters in a byte, then applying Java Object Deserialization to obtain an array of Java Objects, which is the actual parameter list. This step is the exact inverse of step 2.
9) The accept Java method will lookup for the service whose name equals the value of parameter 3c. The lookup is done in a hash table that holds all the registered services.
10) Using Java Reflection, the accept method will invoke the method whose name equals the value of parameter 3d, and that is contained in the service object located in step 9. The parameters passed to the method are the actual parameters decoded in step 8.
11) The result value of the invocation can be null, an Object, or a Java primitive data type. In the first 2 cases, Object serialization is used to generate a result string, exactly as in step 2. In the third case, the primitive data type is converted in a primitive data type Object wrapper (eg. a java.lang. Integer object for an int) and then serialized.
12) If the invoked method generates an Exception, the exception is encoded instead.
13) The accept Java method returns this string to the AppletCommlncominglnvocations, which returns it to the AppletCommlnvoke function. The result string is therefore the return value of the JSObject. callQ method invoked by applet B (6) in step 3.
14) Applet B (6) will decode the result String using the same method as in step 8, and use the resulting Object accordingly.
This algorithm can be used in both directions at the same time, that is: applet A (3) can invoke methods in applet B (6), and vice versa. The end user should obtain maximum benefit by this cooperation of user software, because more software would be available to the user, since it costs less to develop shared software. Besides this, a uniform user software environment is generally easier to use. Also, the user could have a greater choice of tools to view or modify data.
A second, non-limiting, embodiment of the present invention is also now described, as follows. This further embodiment is described with reference to figures 5 to 8.
Loading of other applets:
Applet A (13) can be digitally signed, ie. its author has signed it using a specific cryptographic certificate issued by a Certification Authority and trusted by the browser running on the user computer (14). If applet A (13) is digitally signed by the author, and the signature is trusted by the browser (which in any case prompts the user, displaying the author's details), it is given full access to computer resources and functionalities. This can include initiating communication with computers other than server A (12) from which it was downloaded, and listening for communication requests originating from any computer, including the user computer (14).
Applet A (13) authenticates the user by an authentication mean (for example, by requesting a login name and a password). Applet A (13) communicates with the server application on server A (12) to verify the user's identity. After the authentication phase is completed, the user can start using applet A (13).
At any time thereafter, whilst applet A (13) is still running, the user can browse the Internet and visit other web-pages. In accordance with the present embodiment, at least one of the other web-pages contains a link, called link C, to a web-page dynamically created by server A (12). The content of this dynamically generated web-page C is document C (15). An applet C (16) is embedded in document C (15), and executed by the browser application. The applet C (16) resides on server A (12), and is also digitally signed.
Applet C (16) initiates a communication process with applet A (13). As applet A (13) and applet C (16) are both digitally signed, they can either communicate directly using TCP/IP protocol, or can use the same process described earlier in the section "Inter-applet communication" . In the case where they use TCP/IP communication, applet A (13) listens for incoming communication requests on a particular IP port. IP ports are identified with a number. This number can be a fixed, well known value or, alternatively, be stored by applet A (13) in a file on the local file system of the user computer (14), stored in a well known position. In the case where they use TCP/IP communication, applet C (16) can initiate a communication by contacting applet A (13) on the specific port, using either the well known number or retrieving it by reading from the known file.
Once the communication is established, applet C (16) sends a message to applet A (13), instructing it to load applet B (18). Applet B (18) is stored on server B (17), possibly different from server A (12). The full address of applet B (18), including the address of server B (17) and the address of applet B (18) within that server, is part of a link A, and is included in the dynamically generated web-page C (15). The address is then read from this page by applet C (16) and passed in the communication process to applet A (13). This address is all applet A (13) needs to know in order to locate applet B (18).
In a further embodiment of the present invention, the address contained in link A is that of a document B, located on server B (17). Document B contains, in a well know format (for example, XML), the address of applet B (18), which can also be composed of multiple components, each with its own address. Other properties of applet B (18) can include, but are not limited to, its title, the author's name, the system requirements to run the applet B (18), and so on. Document B can also specify multiple addresses for applet B (18) and its components, based on the properties of the computer in which applet B (18) is to be run. This allows for the deployment of different versions of applet B (18), each version appropriate for a specific type of execution environment (processor, operating system, software libraries available, and so on).
The fact that applet B (18) (and, if any, document B) can be hosted on a server B (17), generally different from server A (12), is extremely important, since server A (12) does not need to know a priori of the existence of applet B (18), document B or server B (17). Server A (2) simply dynamically generates web- page C (15) in response to the request represented by link A, and such request is initiated by the user.
The content and ownership of applet B (18), and the availability of applet B (18) to the public, is entirely in the hands of the developer of applet B (18). In the same fashion, the content and ownership of document B, and the availability of document B to the public, is entirely in the hands of the developer of document B. After sending the message to applet A (13), applet C (16) terminates its execution.
After receiving the message from applet C (16), applet A (13) prompts the user and requests the user authorization to allow applet B (18) to access functionality and data provided by applet A (13) and the server application on server A (12). If the user authorization is denied, the process terminates and applet B (18) is not loaded or executed.
If the user gives authorization, applet A (13) loads the applet B (18) from server B (17). It is allowed to do this by the user browser, because of its digital signature.
If link A is contained in the address of document B instead of the address of applet B (18), applet A (13) loads document B from server B (17) and reads its content. Based on the properties of the system on which it is running, applet A (13) decides which version of applet B (18), if multiple versions are specified in document B, to load, and then reads from document B the address of applet B (18) or the addresses of its components.
The loading of applet B (18) is performed by applet A (13) by using language- specific mechanisms. In the case of the Java language, such a mechanism is generally referred to as dynamic class loading, and it makes use of the Java system class "java.lang.ClassLoader" .
Once applet A (13) has loaded applet B (18), it sends a message to server A (12) containing the title of applet B (18) and its Internet address, or the address of document B, if it exists. Finally, applet A (13) begins the execution of applet B (18). Since applet B (18) is effectively run within applet A (13) itself, it can access directly functionalities provided by applet A (13), and it can also access functionalities and data provided and stored by server A (12), using applet A (13) as a gate.
If the user closes applet A (13), applet B (18) can no longer communicate with the server application on server A (12). If the user logs out from applet A (13) and a new user logs in (i.e. provides different authentication information), applet B (18) can no longer communicate with the server application on server A (12) unless explicitly authorized by the new user. Alternatively, if applet B (18) is closed, the user can launch it again without having to use the Internet browser and to explicitly follow link A again, since the web address of applet B (18) is stored on the server and can be retrieved by applet A (13) at any time. The user can instruct applet A (13) to launch applet B (18). This time applet A (13) will not request the user's authorization, since such authorization is stored on the database by the server application, and retrieved by applet A (13).
The present invention is not limited to any particular type of computer network or any particular type of code. However, for the purpose of explanation, the invention has been described with reference to an embodiment in which the Internet is the computer network over which the user-executed code is delivered, and the user-executed portion of a database application is delivered as a Java applet in Java byte-code to a user computer (4) running a Java-enabled web browser (8). These embodiments should not be considered limiting to the scope of the invention.
It should be further noted that the computer network as referenced in this specification should be taken to include all forms of connected or communicating computers or terminals having at least two terminals connected or communicating as hereinbefore described. That is, the term computer network should be taken to include any type of terminal as hereinbefore defined, computer, computerised device, peripheral computer equipment, computerised accessory, mobile or cellular phone, digital electronic device or other similar type of computerised electronic device or part thereof which is rendered such that it is capable of communicating with at least one of any of the aforementioned entities. Said communication of information or data can occur over any data communications network, computer network, wireless network, internetwork, intranetwork, local area network (LAN), wide area network (WAN), the Internet and developments thereof, transient or temporary network, combinations of the above or any other type of network providing for computerised, electronic or digital devices.
Furthermore, references to the terms connecting, communicating, transmitting, requesting, receiving, exchanging and the like, and permutations thereof, as applied to the term computer network and/or components thereof should be taken to pertain to the transfer of information or data. Such transfers of information or data can be facilitated for by any form of entity/entities for facilitating such, including, but not limited to, metallic wires or cables, semiconducting wires or cables, optical fibres and optical devices, wireless means, electromagnetic waves and the like and modulations thereof, acoustic waves and the like and modulations thereof, control of electric and/or magnetic fields, and/or the transportation of all forms of memory devices. Thus, there has been provided in accordance with the present invention, a method, system and computer readable medium of instructions which satisfies the advantages set forth above.
The invention may also be said broadly to consist in the parts, elements and features referred to or indicated in the specification of the application, individually or collectively, in any or all combinations of two or more of said parts, elements or features, and where specific integers are mentioned herein which have known equivalents in the art to which the invention relates, such known equivalents are deemed to be incorporated herein as if individually set forth.
Although the preferred embodiment has been described in detail, it should be understood that various changes, substitutions, and alterations can be made herein by one of ordinary skill in the art without departing from the spirit or the scope of the present invention as hereinbefore described and as hereinafter claimed.

Claims

The claims:
1. A method for facilitating a downloadable program to make use of at least one additional downloadable program, each of the downloadable programs able to be downloaded to a user terminal via a computer network, the method including the steps of: downloading a first downloadable program to the user terminal from a first server; downloading a second downloadable program to the user terminal from the first server or a second server, or, the first downloadable program causing the second downloadable program to be downloaded to the user terminal from the first server or the second server; whereby, the first downloadable program and the second downloadable program can communicate with each other, thereby allowing either of the downloadable programs to access functionality, services, data or information offered by, or accessible by, the other downloadable program.
2. A method of allowing a second downloadable program to utilise a first downloadable program, each of the downloadable programs able to be downloaded to a user terminal from a server via a computer network, the method including the steps of: downloading the first downloadable program from a first server to a user terminal; the first downloadable program being executed on the user terminal; downloading the second downloadable program from a second server to the user terminal; the second downloadable program being executed on the user terminal; the second downloadable program connecting with the first downloadable program and requesting access to functionality, services, data or information offered by, or accessible by, the first downloadable program; the first downloadable program effecting an authorization check on the request by the second downloadable program; if authorization is granted, then the request is accepted, thereby allowing the second downloadable program and the first downloadable program to communicate with each other and provide the second downloadable program with access to, via the first downloadable program, functionality, services, data or information offered by, or accessible by, the first downloadable program.
3. A method of allowing a second downloadable program to utilise a first downloadable program, each of the downloadable programs able to be downloaded to a user terminal from a server via a computer network, the method including the steps of: downloading the first downloadable program from a first server to a user terminal; the first downloadable program being executed on the user terminal; downloading a further downloadable program from the first server to the user terminal; the further downloadable program being executed on the user terminal; the further downloadable program connecting to the first downloadable program and providing the first downloadable program with a computer network address for the second downloadable program; the first downloadable program checking if the second downloadable program is registered within the first server, or if the second downloadable program is not registered, the first downloadable program effecting an authorization check to download and execute the second downloadable program; if the second downloadable program is registered or authorization is granted, downloading the second downloadable program from the supplied computer network address for the second downloadable program to the user terminal; the second downloadable program beginning execution on the user terminal; the second downloadable program and the first downloadable program able to communicate with each other and provide the second downloadable program with access to, via the first downloadable program, functionality, services, data or information offered by, or accessible by, the first downloadable program.
4. The method as claimed in one of the claims 1 to 3, wherein the user terminal includes a browser and the browser downloads and executes the downloadable programs.
5. The method as claimed in any one of the claims 1 to 4, wherein the downloadable programs are applets.
6. The method as claimed in any one of the claims 1 to 5, wherein a user clicking on a hyperlink in a web-page initiates downloading of a downloadable program.
7. The method as claimed in any one of the claims 1 to 6, wherein the first downloadable program can initiate downloading of the second downloadable program.
8. The method as claimed in any one of the claims 1 to 7, wherein user authentication can be required before the first downloadable program is downloaded or executes on the user terminal.
9. The method as claimed in any one of the claims 1 to 8, wherein the first downloadable program running on the user terminal operates as a network operating system for the second downloadable program.
10. The method as claimed in claim 9, wherein the second downloadable program can access data, information, files, or software, via the first downloadable program, from another information source connected to the computer network, in addition to the first server.
11. The method as claimed in any one of the claims 1 to 10, wherein, after authorization of the second downloadable program, the second downloadable program can directly access information on the user terminal or the first server without communicating via the first downloadable program.
12. The method as claimed in any one of the claims 1 to 11 , wherein more than one second downloadable program can be downloaded, and the further second downloadable programs can utilise the first downloadable program in accordance with the claimed method.
13. The method as claimed in any one of the claims 1 to 12, wherein the first downloadable program, the first server, or the user terminal, keeps a database of second downloadable programs that can be downloaded from the computer network, and the second downloadable program can be launched without the user browsing the computer network to locate and launch the second downloadable programs.
14. The method as claimed in any one of the claims 1 to 13, wherein the first downloadable program can also access functionality, services, data or information offered by, or accessible by, the second downloadable program.
15. The method as claimed in any one of the claims 1 to 14, wherein a user causes the first downloadable program to be downloaded to the user terminal from the first server; thereafter, the user causes a browser hosted on the user terminal to view a web-page with a link, the user activating the link which results in a dynamic web-page to be dynamically generated by the first server; the dynamic web-page containing the second downloadable program which is hosted on a server not being the first server.
16. A method of allowing two or more applets to communicate and gain access to further functionality, each of the applets downloaded to a browser on a user terminal from a server(s), via a computer network, the method including the steps of: a user viewing a first web-page, originating from a first server, on the browser; the browser downloading a first applet from the first server to the user terminal, and the browser launching the first applet; the first applet authenticating the user, and then, if authentication has occurred, the user using the first applet; the browser downloading a second web-page from the first server to the user terminal to be displayed by the browser; the second web-page containing a second applet as embedded code, or causing the second applet to be downloaded from a second server; the browser launching the second applet; the second applet connecting with the first applet and requesting access to functionality, services, data or information offered by, or accessible by, the first applet; the first applet effecting an authorization check on the request by the second applet; if authorization is granted, then the request is accepted, thereby allowing the second applet and the first applet to communicate with each other and provide access to functionality, services, data or information offered by, or accessible by, the other applet.
17. A method of allowing two or more applets to communicate and gain access to further functionality, each of the applets downloaded to a browser on a user terminal from a server, via a computer network, the method including the steps of: a user viewing a first web-page, originating from a first server, on the browser; the browser downloading a first applet from the first server to the user terminal, and the browser launching the first applet; the first applet authenticating the user, and then, if authentication has occurred, the user using the first applet; the browser downloading a second web-page from the first server to the user terminal to be displayed by the browser; the second web-page containing a further applet as embedded code or causing a further applet to be downloaded from the first server; the browser launching the further applet; the further applet sending a computer network address for a second applet to the first applet; the first applet checking if the second applet is registered, or if the second applet is not registered, the first applet effecting an authorization check before downloading the second applet; if the second applet is registered or authorization is granted, downloading the second applet from the supplied computer network address for the second applet to the user terminal; the second applet beginning execution in the browser on the user terminal; thereby allowing the second applet and the first applet to communicate with each other and provide access to functionality, services, data or information offered by, or accessible by, the other applet.
18. The method as claimed in either claim 16 or claim 17, wherein if the second applet is closed, the first applet can be used to relaunch the second applet without requiring authorization.
19. The method as claimed in any one of the claims 16 to 18, wherein if the first applet is closed, the second applet can no longer communicate with the first server.
20. The method as claimed in claim 17, wherein the first applet is digitally signed.
21. A system for allowing a second downloadable program to utilise a first downloadable program, each of the downloadable programs able to be downloaded to a user terminal from a server or servers via a computer network, the system including: a user terminal including a web browser; a first server including a communication module, a server application, and a web server; a second server including a web server; a computer network; the web browser interacting with the web server on the first server to download the first downloadable program from the first server to the user terminal, via the computer network, and the first downloadable program being executed in the browser on the user terminal; the first downloadable program able to communicate with the server application residing on the first server, via the communication module; following an authentication process, the web browser interacting with the web server on the second server to download the second downloadable program from the second server to the user terminal, via the computer network, and the second downloadable program being executed in the browser on the user terminal, if authentication is obtained; the second downloadable program communicating with the server application on the first server by communicating with the first downloadable program which in turn communicates with the communication module, whereby the second downloadable program can access the functionality, services, data or information associated with the server application.
22. A computer readable medium of instructions for allowing a second applet to access to functionality, services, data or information offered by, or accessible by, a first applet, each of the applets having been downloaded to, and launched on, a user terminal from a server, or servers, via a computer network, the instructions resulting in: the second applet obtaining a reference to a second window containing the second applet; the second applet serializing parameters to be passed to invoked methods in the first applet; the second applet obtaining and providing parameters to the first applet which include: the name of a first window containing the first applet; the name of the first applet; the name of the service in the first applet which provides the specific method to be called; the name of the method to be invoked inside the service; and the serialized parameters; a function locating the first window containing the first applet; a further function locating the first applet; de-serializing functions in the first applet used to obtain the parameters from the second applet; the first applet using a table that holds all the registered services to lookup the requested service; the first applet invoking the requested method and passing de-serialized parameters to the method and returning a result string to the second applet; the second applet decoding the result string and using the resulting object.
23. The computer readable medium of instructions claimed in claim 20, wherein the first applet can also invoke methods in the second applet.
PCT/AU2001/001389 2000-10-31 2001-10-30 Network operating system WO2002037287A1 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU2002213648A AU2002213648A1 (en) 2000-10-31 2001-10-30 Network operating system

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
AUPR1149 2000-10-31
AUPR1149A AUPR114900A0 (en) 2000-10-31 2000-10-31 Network operating system

Publications (1)

Publication Number Publication Date
WO2002037287A1 true WO2002037287A1 (en) 2002-05-10

Family

ID=3825192

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU2001/001389 WO2002037287A1 (en) 2000-10-31 2001-10-30 Network operating system

Country Status (2)

Country Link
AU (2) AUPR114900A0 (en)
WO (1) WO2002037287A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1513066A1 (en) * 2002-05-20 2005-03-09 NTT DoCoMo, Inc. Data usage managemnet electronic apparatus, method, program, and storage medium
US11907496B2 (en) 2013-02-08 2024-02-20 cloudRIA, Inc. Browser-based application management

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO1999026161A1 (en) * 1997-11-17 1999-05-27 Trend Micro, Inc. Controlled distribution of application programs in a computer network
US6009464A (en) * 1995-09-20 1999-12-28 Sun Microsystems, Inc. Method and apparatus for enabling application programs to communicate with network clients and servers
US6047318A (en) * 1997-11-19 2000-04-04 International Business Machines Corporation Method of downloading java bean files in a network
EP0991241A2 (en) * 1998-09-01 2000-04-05 Aidministrator Nederland B.V. Method and apparatus for communicating with a server

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6009464A (en) * 1995-09-20 1999-12-28 Sun Microsystems, Inc. Method and apparatus for enabling application programs to communicate with network clients and servers
WO1999026161A1 (en) * 1997-11-17 1999-05-27 Trend Micro, Inc. Controlled distribution of application programs in a computer network
US6047318A (en) * 1997-11-19 2000-04-04 International Business Machines Corporation Method of downloading java bean files in a network
EP0991241A2 (en) * 1998-09-01 2000-04-05 Aidministrator Nederland B.V. Method and apparatus for communicating with a server

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
HARTIG ET AL.: "Encapsulating mobile objects", ICDS'97 INTERNATIONAL CONFERENCE ON DISTRIBUTED COMPUTING SYSTEMS, pages 355 - 363 *

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP1513066A1 (en) * 2002-05-20 2005-03-09 NTT DoCoMo, Inc. Data usage managemnet electronic apparatus, method, program, and storage medium
EP1513066A4 (en) * 2002-05-20 2010-04-14 Ntt Docomo Inc Data usage managemnet electronic apparatus, method, program, and storage medium
EP2306316A3 (en) * 2002-05-20 2011-08-17 NTT DoCoMo, Inc. Electronic device, methods, programs and storage media for data management
EP2306317A3 (en) * 2002-05-20 2011-08-17 NTT DoCoMo, Inc. Electronic device, methods, programs and storage media for data management
US8418253B2 (en) 2002-05-20 2013-04-09 Ntt Docomo, Inc. Application data usage management system for an electronic device
US11907496B2 (en) 2013-02-08 2024-02-20 cloudRIA, Inc. Browser-based application management

Also Published As

Publication number Publication date
AU2002213648A1 (en) 2002-05-15
AUPR114900A0 (en) 2000-11-23

Similar Documents

Publication Publication Date Title
US6766353B1 (en) Method for authenticating a JAVA archive (JAR) for portable devices
US7565533B2 (en) Systems and methods for providing object integrity and dynamic permission grants
US6438600B1 (en) Securely sharing log-in credentials among trusted browser-based applications
US7634772B2 (en) Automatic software downloading from a computer network
EP0834818B1 (en) System, method, apparatus and article of manufacture for identity based caching
US6212640B1 (en) Resources sharing on the internet via the HTTP
KR100464839B1 (en) Apparatus and method for processing servlets
US6868448B1 (en) Resource locator
US20080147671A1 (en) System for Running Web Applications Offline and Providing Access to Native Services
US20010039587A1 (en) Method and apparatus for accessing devices on a network
EP1174793A2 (en) System and method providing multi-tier applications architecture
US20090276835A1 (en) Secure cross-domain communication for web mashups
EP2432186A1 (en) File uploading realization method and system for web application
EP1405493A2 (en) Application framework for mobile devices
US20120158396A1 (en) Application Compatibility Shims for Minimal Client Computers
BRPI0616473A2 (en) Method and system for invoking midlets from a web browser on a local device Method for invoking a video session of a web page using a midlet, local device, and not on a system communicating with a local device
CN109491887A (en) Test environment dispositions method, device, computer equipment and storage medium
JP2002182768A (en) Install server device, install service method and information recording medium
EP1969817B1 (en) Method and system for externalizing http security message handling with macro support
US20040133783A1 (en) Method for non repudiation using cryptographic signatures in small devices
WO2000054151A2 (en) Resource locator
WO2002037287A1 (en) Network operating system
KR100924076B1 (en) Internet application embodiment method independent of web browser and operating system
Kabat et al. Generic Security Service API Version 2: Java Bindings
van Engelen gSOAP 2.7. 0 User Guide

Legal Events

Date Code Title Description
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP