Secured system for accessing application services from a remote station

DC CAFC

US 5,889,942 A
Filed: 12/18/1996
Issued: 03/30/1999
Est. Priority Date: 12/18/1996
Status: Expired due to Term

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. A secured system for accessing application services from at least one application program, comprising:

at least one client station having low-level application independent logics stored therein and at least one controller for controlling said low-level application independent logics, said low-level application independent logics including a user interface logic, a device control logic for controlling devices, a file system logic, and a communication interface logic, wherein said file system logic includes a file system capable of storing data corresponding to said at least one application program;

at least one application server having high-level application logic stored in a server device for running said at least one application program, said server device being coupled to said at least one application server; and

a low-level interface between said at least one client station and said at least one application server for connecting said at least one client station to said at least one application server,wherein upon accessing by said at least one client station, said at least one application server runs said at least one application program which selectively controls said low-level application independent logics for controlling devices of said at least one client station and for accessing data of said at least one client station, and wherein said at least one application server processes said corresponding data from said at least one client station on said at least one application program without permanently storing said data in a server device coupled to said at least one application server.

View all claims

0 Assignments

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A secured system is provided for accessing application services running on a remote server from a client station. The system includes at least one client station, each having low-level graphical interface and file logic stored therein and at least one controller, such as a digital signal processor. The controller controls the graphical interface and the file logic. The file logic includes a file system capable of storing data corresponding to the application programs. Further, the system includes at least one remote application server, each server having high-level application logic for running corresponding application programs stored locally or remotely. In addition, a low-level interface connects each client and server. In this system, the cost of manufacturing such clients are far less expensive but far more robust than conventional general purpose computers. Further, the server application programs need not be written specific to or be dependent on any specific operating system platform.

Citations

62 Claims

1. A secured system for accessing application services from at least one application program, comprising:
- at least one client station having low-level application independent logics stored therein and at least one controller for controlling said low-level application independent logics, said low-level application independent logics including a user interface logic, a device control logic for controlling devices, a file system logic, and a communication interface logic, wherein said file system logic includes a file system capable of storing data corresponding to said at least one application program;
  
  at least one application server having high-level application logic stored in a server device for running said at least one application program, said server device being coupled to said at least one application server; and
  
  a low-level interface between said at least one client station and said at least one application server for connecting said at least one client station to said at least one application server,wherein upon accessing by said at least one client station, said at least one application server runs said at least one application program which selectively controls said low-level application independent logics for controlling devices of said at least one client station and for accessing data of said at least one client station, and wherein said at least one application server processes said corresponding data from said at least one client station on said at least one application program without permanently storing said data in a server device coupled to said at least one application server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 2. The system of claim 1, wherein said at least one client station lacks a general purpose central processing unit to prevent execution of application program code on said at least one client station, so as to decrease cost and protect said at least one client station.
  - 3. The system of claim 1, wherein program code of said at least one application program remains on said at least one application server, so as to protect said at least one client station from data or internal state corruption by said at least one application server and to protect said program code of said at least one application program stored on said at least one application server.
  - 4. The system of claim 1, wherein said at least one client station further includes a low-level quasi-operating system for supporting client station connections to said at least one application server, for controlling any peripheral devices attached to said at least one client station and for controlling said user interface logic, said device control logic, said file system logic, and said communication interface logic as commanded by said at least one application program running on said at least one application server, said quasi-operating system being permanently stored in a read-only-memory in said at least one client station such that said quasi-operating system is not alterable, wherein said quasi-operating system is able to restrict which functions, data, and devices can be used by said at least one application program running on said at least one application server, and is unable to load any executable code which is not part of said quasi-operating system.
  - 5. The system of claim 4, wherein said user interface logic, controlled by said quasi-operating system, is graphical user interface logic.
  - 6. The system of claim 1, wherein said at least one client station further comprises at least one storage device.
  - 7. The system of claim 6, wherein said corresponding data is stored in a storage device of said at least one client station in a respective at least one data file of said file system, such that said at least one client station selectively restricts access by said at least one application server to said at least one data file to protect said at least one client station from data or internal state corruption by said at least one application server and to prevent access of said at least one data file by an application program which is not authorized to access said at least one data file.
  - 8. The system of claim 7, wherein said at least one application server requests access to a predetermined data file but is granted access to another data file selected by said at least one client station.
  - 9. The system of claim 7, wherein upon authorization by said at least one client station, said at least one application server may read, write, append, move, rename, perform low-level file control operations, and create said data files in the file system of said at least one client station.
  - 10. The system of claim 1, wherein said at least one controller is a microprocessor for performing permanently fixed quasi-operating system functions and permanently fixed digital signal processing functions stored in said at least one client station, wherein said microprocessor is not able to load and execute application program code.
  - 11. The system of claim 6, wherein said at least one controller is unable to access and logically control data stored in said storage device on behalf of said at least one application program running on said at least one application server without authorization from said at least one client station.
  - 12. The system of claim 11, wherein denial of access and control of data is based on parameters selected from the group consisting of said at least one application program, said at least one application server, a date, a file name, a file type, and a directory.
  - 13. The system of claim 1, wherein said low-level interface includes a fixed set of application independent functions callable from an application program running on said at least one application server to create and dispatch command packets according to operating system service interface protocol to said at least one client station, said command packets comprising a user interface protocol and a file system and device control protocol so that said at least one application server can control through application programs running on said at least one application server the functioning of said at least one client station and the processing of data from peripheral devices or storage devices coupled to said at least one client station.
  - 14. The system of claim 1, wherein file systems or devices of at least two client stations are controlled and accessed by said at least one application server for processing data corresponding to said at least one application program with said at least one application program, wherein said at least one application program accesses data which corresponds to said at least one application program from at least one of said at least two client stations, processes data which corresponds to said at least one application program from at least one of said at least two client stations, and outputs said processed data to at least one of said at least two client stations, such that each client station may cooperate with each other and share data, files, and devices as permitted by each client station.
  - 15. The system of claim 1, wherein said at least one application server further includes a file system having code of said at least one application program stored therein, and wherein said at least one client station is denied access to said file system of said at least one application server to protect said at least one application server from corruption by said at least one client station and to protect said code of said at least one application program stored on said at least one application server from corruption or copying by said at least one client station.
  - 16. The system of claim 1, wherein said at least one application server is a computational server, such that said at least one application server loads code of said at least one application program from a separate file server or super-client to protect said code of said at least one application program from corruption by a running application program and wherein said at least one client station is denied access to said file server or super-client to protect said code of said at least one application program from being copied or corrupted by said at least one client station.
  - 17. The system of claim 1, wherein said interface is connected over one of a local area network, a wide area network, and an interface bus.
  - 18. The system of claim 1, wherein said at least one client station further includes at least one means for obtaining or outputting data external to said at least one client station.
  - 19. The system of claim 18, wherein said at least one application program running on said at least one application server selectively accesses and logically controls said at least one means for obtaining or outputting data external to said at least one client station via said at least one controller of said at least one client station.
  - 20. The system of claim 1, wherein said at least one client station and said at least one application server share a common transport protocol.
  - 21. The system of claim 1, wherein address and security privilege settings of said at least one application program is stored in a configuration file or database within said file system coupled to said at least one client station, and wherein said at least one client station connects to said at least one application program in said configuration file to receive application program icon information and to access said application services.
  - 22. The system of claim 1, wherein said at least one application server is capable of accessing multiple devices or file systems, each resident on a respective client station, when at least two client stations access said at least one application server to access said at least one application program, wherein said at least one accessed application server accesses said multiple devices or file systems to form a centralized device and file management system for controlling said multiple devices, said file systems, or configurations of said at least two client stations.
  - 23. The system of claim 1, wherein said at least one client station has at least a low-level quasi-operating system for supporting client station connections to said at least one application server to run said at least one application program on said at least one application server, and for controlling any peripheral devices attached to said at least one client station, wherein said at least one application server runs at least one of software service application programs and hardwired service application programs.
  - 24. The system of claim 23, wherein said hardwired service application programs are operational via ASIC chips or a combination of a software application program and ASIC chips.
  - 25. The system of claim 1, wherein a conventional application program is written using specific operating system application programming interface function calls and is converted to a network application program that runs on said at least one application server, said at least one application server having an operating system different from or the same as the operating system for which said conventional application program was designed, and wherein said network application program is able to use operating system services on said at least one client station by utilizing operating system service interface protocol over said low-level interface that connects said at least one client station to said at least one application server.
  - 26. The system of claim 25, further comprising conventional application program conversion means for substituting operating system function calls of said conventional application program with code for generating command packets using said operating system service interface communications protocol, without modifying application program code of said conventional application program, to convert said conventional application program to said network application program,wherein the command packets are transmitted to said at least one client station for controlling specific operating system or device operations of said at least one client station, andwherein said network application program runs within said at least one application server and accesses and controls said specific operating system or device operations of said at least one client station as required by said network application program.
  - 27. The system of claim 26, wherein said at least one client station is unable to load and run a conventional application program and is able to interpret and selectively process or restrict processing of said command packets.
  - 28. The system of claim 1, wherein said at least one application server is unable to connect to said at least one client station unless said at least one client station first connects to said at least one application server.
  - 29. The system of claim 1, wherein said at least one application program is a directory service application program which provides said at least one client station with addresses of other application programs, and retrieves other application program icons for display by said at least one client station.

30. A method of accessing application services from at least one application program, comprising the steps of:
- accessing at least one application server by at least one client station to connect to said at least one application program running on said at least one application server,wherein said at least one client station has low-level application independent logics stored therein and at least one controller for controlling said low-level application independent logics, said low-level application independent logics including a user interface logic, a device control logic for controlling devices, a file system logic, and a communication interface logic, wherein said file system logic includes a file system capable of storing data corresponding to said at least one application program, andwherein said at least one application server has high-level application logic stored in a server device coupled to said at least one application server, for running said at least one application program;
  
  having said at least one application server selectively retrieve data corresponding to said at least one application program from said at least one client station upon authorization from said at least one client station;
  
  processing the retrieved data on said at least one application program; and
  
  storing no retrieved data and storing no processed data within said at least one application server when said application services are complete.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
- - 31. The method of claim 30, further comprising the step of transmitting said processed data from said at least one application server to said at least one client station during said application services or when said application services are complete.
  - 32. The method of claim 30, wherein said at least one client station lacks a general purpose processing unit and is unable to load and execute application program code, so as to decrease cost and to protect said at least one client station.
  - 33. The method of claim 30, wherein application program code of said at least one application program remains on said at at least one application server and said at least one client station is denied access to said application program code, so as to protect said at least one client station from data or internal state corruption by said at least one application server and to protect said application program code stored on said at least one application server from corruption or copying by said at least one client station.
  - 34. The method of claim 30, further comprising the steps of:
    - supporting client station connections to said at least one application server via a low-level quasi-operating system;
      
      performing mutual authentication to protect data of said at least one client station from said at least one application program running on said at least one application server and to prevent said application services from being used by an unauthorized client station;
      
      controlling any peripheral devices attached to said at least one client station via said low-level quasi-operating system; and
      
      controlling said low-level application independent logics of said at least one client station as commanded by said at least one application program running on said at least one application server via said low-level quasi-operating system,wherein said low-level quasi-operating system is permanently stored in a read-only-memory in said at least one client station, such that said low-level quasi-operating system is not alterable, and wherein said low-level quasi-operating system is able to restrict which functions, data, and devices within said client station can be used by said at least one application program running on said at least one application server, and wherein said low-level quasi-operating system is unable to load any executable code which is not part of said low-level quasi-operating system.
  - 35. The method of claim 34, wherein said user interface logic, controlled by said low-level quasi-operating system, is graphical user interface logic.
  - 36. The method of claim 30, wherein said at least one client station further comprises at least one storage device.
  - 37. The method of claim 36, further comprising the step of storing said data corresponding to said at least one application program in one storage device of said at least one client station in a respective at least one data file of said file system, such that said at least one client station selectively restricts said access by said at least one application server to said at least one data file to protect said at least one client station from data or internal state corruption by said at least one application server and to prevent unauthorized access of said at least one data file by said at least one application server.
  - 38. The method of claim 37, further comprising at least one of the following steps:
    - reading said at least one data file upon authorization by said at least one client station;
      
      modifying said at least one data file upon authorization by said at least one client station;
      
      appending said at least one data file upon authorization by said at least one client station;
      
      deleting said at least one data file upon authorization by said at least one client station;
      
      copying said at least one data file upon authorization by said at least one client station;
      
      changing names of said at least one data file upon authorization by said at least one client station,creating new data files upon authorization by said at least one client station; and
      
      performing file control operations on said at least one data file upon authorization by said at least one client station.
  - 39. The method of claim 36, wherein said at least one controller is unable to access and logically control data stored in said storage device on behalf of said at least one application program running on said at least one application server without authorization by said at least one client station.
  - 40. The method of claim 39, wherein denial of access and control of data is based on parameters selected from the group consisting of said at least one application program, said at least one application server, a date, a file name, a file type, and a directory.
  - 41. The method of claim 30, further comprising the steps of:
    - selectively and simultaneously accessing file systems and devices for data, corresponding to said at least one application program, of at least two client stations by said at least one application server;
      
      accessing said data corresponding to said at least one application program from at least one of said at least two client stations;
      
      processing said data corresponding to said at least one application program of at least one of said at least two client stations;
      
      outputting said processed data to at least one of said at least two client stations;
      
      such that each client station may cooperate with each other and under control of said at least one application program share data, file systems, and devices as permitted by each client station.
  - 42. The method of claim 30, wherein said at least one application server further includes a file system having code of said at least one application program stored therein, and wherein said at least one client station is denied access to said file system of said at least one application server to protect said at least one application server from data or internal state corruption by said at least one client station and to protect code of said at least one application program stored on said at least one application server from being copied by said at least one client station and from being corrupted by said at least one client station.
  - 43. The method of claim 30, further comprising the step of launching said at least one application program from a separate file server or super-client to run on said at least one application server, wherein said at least one application server is a computational server, and wherein said at least one client station is denied access to said file server or super-client.
  - 44. The method of claim 30, wherein said steps of accessing and transmitting occur over one of a local area network, a wide area network, and an interface bus.
  - 45. The method of claim 30, wherein said at least one client station further includes at least one means for obtaining or outputting data external to said at least one client station.
  - 46. The method of claim 45, further comprising the step of having said at least one application server selectively access and logically control said at least one means for obtaining or outputting data external to said at least one client station.
  - 47. The method of claim 46, wherein the step of having said at least one application server selectively access and logically control said at least one means for obtaining or outputting data external to said at least one client station occurs by said at least one application server accessing and controlling said at least one controller of said at least one client station.
  - 48. The method of claim 30, wherein said at least one client station and said at least one application server share a common transport protocol.
  - 49. The method of claim 30, further comprising the step of accessing multiple devices or file systems by said at least one application server, each coupled to a respective client station, to form a centralized device and file management system for controlling said multiple devices, said file systems, or configurations of said client stations, when at least two client stations access said at least one application server to access said at least one application program.
  - 50. The method of claim 30, wherein said at least one client station has at least a low-level quasi-operating system which carries out the steps of:
    - interacting with a user of said at least one client station as required to control security settings for resources of said at least one client station;
      
      interacting with a user and a configuration file of said at least one client station to determine selection of application programs and servers;
      
      interacting with said said low-level application independent logics of said at least one client station as required by application programs;
      
      supporting client station connections to said at least one application server to run said application programs of said at least one application server; and
      
      controlling any peripheral devices coupled to said at least one client station, wherein said at least one application server runs at least one of software service application programs and hardwired service application programs.
  - 51. The method of claim 50, wherein said hardwired service application programs are operational via ASIC chips or a combination of a software application program and ASIC chips.
  - 52. The method of claim 30, wherein said at least one application program is a conventional application program that has an application programming interface specific to a particular operating system and is converted to a network application program that communicates to a client station via an operating system service interface communications protocol by steps comprising:
    - substituting operating system function calls of said conventional application program with code for generating command packets using said operating system service interface communications protocol, without modifying code of said conventional application program, to convert said conventional application program to said network application program;
      
      wherein said network application program is able to run within said at least one application server, and access and control specific operating system or device operations of said remote client station as required by said network application program.
  - 53. The method of claim 52, wherein said client station is unable to load and run a conventional application program and is able to interpret and selectively process or restrict processing of said command packets.
  - 54. The method of claim 30, wherein said at least one application server does not connect to said at least one client station unless said at least one client station first connects to said at least one application server.
  - 55. The method of claim 30, further comprising the steps:
    - having said at least one client station connect to a directory service application program;
      
      having said directory service application program provide said at least one client station with addresses of other application programs;
      
      retrieving other application program icons; and
      
      displaying said other application program icons on said at least one client station.

56. A secured system for managing devices and file systems of a plurality of client stations, comprising:
- at least one application server having high-level application logic stored within a server device coupled to said at least one application server for running at least one application program, and said at least one application server being capable of accessing multiple devices and file systems, each coupled to a respective client station, when each client station interfaces with said at least one application server to access said at least one application program;
  
  wherein each interfaced server selectively accesses said devices, said file systems or both to form a centralized device and file management system for controlling and accessing devices, file systems, states, or configurations of said client stations;
  
  wherein upon accessing by said client stations, said at least one application server runs at least one application program and selectively controls low-level application independent logics of said client stations for controlling devices of said client stations and for accessing data of said client stations and wherein said at least one application server processes said corresponding data from said client stations on said at least one application program without permanently storing said processed data in a server device coupled to said at least one application server.

57. A secured system for accessing application services from at least one service application, comprising:
- at least one client station having at least a low level quasi-operating system stored therein for supporting said at least one client station connections to at least one application server and low-level application independent logics stored therein, said low level quasi-operating system comprising low-level application independent logics including a user interface logic, a device control logic for controlling devices, a file system logic, and a communication interface logic, wherein said at least one application server runs said at least one service application which controls said low-level application independent logics stored within said at least one client station for controlling said quasi-operating system and devices of said at least one client station, wherein said at least one service application is one of software service applications and hardwired service applications.
- View Dependent Claims (58)
- - 58. The system of claim 57, wherein said hardwired service applications are operational via ASIC chips or a combination of a software application program and ASIC chips.

59. A method of converting a conventional application program which has application programming interface specific to a particular operating system to a network application program which communicates with a client station via an operating system service interface communications protocol, comprising the steps of:
- substituting operating system function calls of said conventional application program with code for generating command packets using said operating system service interface communications protocol, without modifying application code of said conventional application program, to convert said conventional application program to said network application program so that an application server is able to transportthe command packets to said client station for controlling specific operating system or device operations of said client station,wherein said code which generates command packets has identical application programming interface to said operating system functions of said particular operating system; and
  
  wherein said network application program runs within an application server, accesses data of said client station, and controls specific operating system and device operations of said client station, when said client station connects to said network application program, as required by said network application program.
- View Dependent Claims (60)
- - 60. The method of claim 59, wherein said client station is unable to load and run a conventional application program and is able to interpret and selectively process or restrict processing of said command packets.

61. A system for converting a conventional application program which has an application programming interface specific to a particular operating system to a network application program which communicates with said client station via an operating system service interface communications protocol for causing execution of operating system functions to control specific operations of said particular operating system of said client station, comprising:
- conventional application conversion means for substituting operating system function calls of said conventional application program with code which generates command packets using said operating system service interface communications protocol, without modifying code of said conventional application program, to convert said conventional application program to said network application program;
  
  wherein said code which generates command packets has identical application programming interface to said operating system functions of said particular operating system;
  
  wherein said command packets are transmitted to said client station for controlling specific operations of the particular operating system within said client station; and
  
  wherein said network application program runs within an application server and executes said code to create command packets and to transmit command packets to said client station for accessing and controlling said specific operating system or device operations of said client station and for retrieving needed data from said client station, as required by said network application program.
- View Dependent Claims (62)
- - 62. The system of claim 61, wherein said client station is unable to load and run a conventional application program and is able to interpret and selectively process or restrict processing of said command packets.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
Alexander S. Orenshteyn
Original Assignee
Alexander S. Orenshteyn
Inventors
Orenshteyn, Alexander S.
Primary Examiner(s)
Beausoliel, Jr., Robert W.
Assistant Examiner(s)
Elisca, Pierre E.

Application Number

US08/769,493
Time in Patent Office

832 Days
Field of Search

395/187.07, 395/186, 395/188.01, 395/200.59, 395/200.48, 395/200.33, 395/200.43, 395/200.49, 395/200.57, 280/4, 280/24, 280/25, 707/9
US Class Current

726/3
CPC Class Codes

G06F 21/6218   to a system of files or obj...

H04L 63/10   for controlling access to d...

H04L 67/08   specially adapted for termi...

H04L 69/329   in the application layer [O...

Secured system for accessing application services from a remote station

First Claim

0 Assignments

Litigations

0 Petitions

Accused Products

Abstract

Citations

62 Claims

Specification

Solutions

Use Cases

Quick Links

Secured system for accessing application services from a remote station

First Claim

0 Assignments

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

62 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links