Network provider loop security system and method

US 6,584,568 B1
Filed: 04/12/1999
Issued: 06/24/2003
Est. Priority Date: 07/31/1995
Status: Expired due to Term

First Claim

Patent Images

1. A computer network for providing a workstation user access to resources including at least one of local and network computer programs, local and network peripheral devices, and external communication devices, said network comprising:

a server;

a plurality of workstations coupled to said server, each said workstation including display means for providing a graphic user interface for a user; and

communication means for transmitting messages between said server and said plurality of workstations;

said server including means for providing access to at least one resource for a user, said user operating one of said workstations, said server including an operating system program which coordinates communications over said communication means;

said workstation including desktop means for creating and displaying items referencing resources on a display means of the workstation, said workstation also including an operating system program which coordinates operation of said workstation, said desktop means including means for supervising operations of said workstation operating system according to user specific parameters.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention involves a desktop administration system and method which allows a network administrator to remotely create, protect, and manage desktops and control file systems across a network. The method involves masking operation of the network providers while obtaining a user security information record relating to the user'"'"'s allowed scope of access to the network providers. Next, the operation of the user is enabled only with the network providers authorized based on the user security information record. Finally, the user'"'"'s interaction with each network provider is monitored and the user is only allowed to act consistent with the user security information record. Each workstation includes a personal desktop facility (PDF) and a Daemon which protects the user'"'"'s desktop. The PDF receives desktop information from the network server and builds a desktop which the user manipulates to invoke local and/or network programs and access local and/or network utilities, providing appropriate keys or other authentication information to access restricted network resources. The Daemon serves as an interface for the PDF by channeling any communication to or from the user or the network, preventing unauthorized transactions at either the workstation or network level. The PDF provides a graphic user interface using objects that encapsulate programs with data, such as user preferences, default directories, and access privileges. The Daemon performs many tasks, including starting the PDF, enumerating the windows of the graphic user interface, and recording operations.

66 Citations

View as Search Results

30 Claims

1. A computer network for providing a workstation user access to resources including at least one of local and network computer programs, local and network peripheral devices, and external communication devices, said network comprising:
- a server;
  
  a plurality of workstations coupled to said server, each said workstation including display means for providing a graphic user interface for a user; and
  
  communication means for transmitting messages between said server and said plurality of workstations;
  
  said server including means for providing access to at least one resource for a user, said user operating one of said workstations, said server including an operating system program which coordinates communications over said communication means;
  
  said workstation including desktop means for creating and displaying items referencing resources on a display means of the workstation, said workstation also including an operating system program which coordinates operation of said workstation, said desktop means including means for supervising operations of said workstation operating system according to user specific parameters.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The system of claim 1 wherein said desktop means includes means for calling network resources in accordance with said user specific parameters.
  - 3. The system of claim 1 wherein said server includes a security kernel for blocking user access to resources and only allowing user access to resources upon receipt of a corresponding key, said user specific parameters including one of said keys for allowing user access to resources via said security kernel, and said desktop means including means for unlocking user access to said resources by transmitting one of said keys to said security kernel.
  - 4. The system of claim 1 wherein said desktop means includes means for initiating processes on said workstation and daemon means for monitoring processes initiated by said desktop means.
  - 5. The system of claim 4 wherein said daemon means includes enumeration means for checking processes on the workstation against the information record received from said server.
  - 6. The system of claim 1 wherein said workstation operating system program including a registry of processes, said desktop means including means for establishing said supervising means as the primary process of said registry.
  - 7. The system of claim 6 wherein said supervising means includes supervisor means for logging onto said server operating system with supervisor privileges.
  - 8. The system of claim 7 wherein said supervisor means establishes user processes on said server according to said user specific parameters.
  - 9. The system of claim 6 wherein said desktop means includes means for clearing said registry of processes except said supervising means.
  - 10. The system of claim 9 wherein said desktop means includes neutralizing means for clearing all processes from said registry except said supervising means and ending connections with network resources.

11. In a network of computers including a server and a workstation, a method of providing user access to network providers, said method comprising the steps of:
- masking operation of the network providers while obtaining user specific parameters relating to the user'"'"'s allowed scope of access to the network providers;
  
  enabling operation of the user only with the network providers authorized based on the user specific parameters; and
  
  monitoring the user'"'"'s interaction with each network provider and only allowing user actions consistent with the user specific parameters.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The method of claim 11 further comprising the step of blocking user access to resources via a security kernel, wherein said user specific parameters include a key for only allowing user access to resources via said security kernel, and further comprising the step of allowing user access to resources upon receipt of a corresponding key from said desktop user interface.
  - 13. The method of claim 11 further comprising the step of monitoring processes initiated by the desktop user interface.
  - 14. The method of claim 13 wherein said monitoring step includes the step of checking processes on the workstation against the user specific parameters.
  - 15. The method of claim 11 further comprising the step of preventing unauthorized access to the network resources through said desktop.
  - 16. The method of claim 11 wherein a workstation operating system program includes a registry of processes, further including the step of establishing a security process as the primary process of said registry.
  - 17. The method of claim 16 further including the step of the security process logging onto said server operating system with supervisor privileges.
  - 18. The method of claim 17 wherein said logging step establishes user processes on said server according to the user specific parameters.
  - 19. The method of claim 16 further including the step of clearing the registry of processes except for the security process.
  - 20. The method of claim 19 further including the step of neutralizing the workstation by clearing all processes from the registry except the security process and ending connections with network resources.

21. A machine-readable program storage device for storing encoded instructions for a method of providing user access to network providers, said method comprising the steps of:
- masking operation of the network providers while obtaining user specific parameters relating to the user'"'"'s allowed scope of access to the network providers;
  
  enabling operation of the user only with the network providers authorized based on the user specific parameters; and
  
  monitoring the user'"'"'s interaction with each network provider and only allowing user actions consistent with the user specific parameters.
- View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 22. The machine-readable program storage device of claim 21 further comprising encoded instructions for the step of blocking user access to resources via a security kernel, wherein said user specific parameters include a key for only allowing user access to resources via said security kernel, and further comprising the step of allowing user access to resources upon receipt of a corresponding key from said desktop user interface.
  - 23. The machine-readable program storage device of claim 21 further comprising encoded instructions for the step of monitoring processes initiated by the desktop user interface.
  - 24. The machine-readable program storage device of claim 23 further comprising encoded instructions for the step of checking processes on the workstation against the user specific parameters.
  - 25. The machine-readable program storage device of claim 21 further comprising encoded instructions for the step of preventing unauthorized access to the network resources through said desktop.
  - 26. The machine-readable program storage device of claim 21 wherein a workstation operating system program includes a registry of processes, further comprising encoded instructions for the step of establishing a security process as the primary process of said registry.
  - 27. The machine-readable program storage device of claim 26 further comprising encoded instructions for the step of the security process logging onto said server operating system with supervisor privileges.
  - 28. The machine-readable program storage device of claim 27 further comprising encoded instructions for the step of establishing user processes on said server according to the user specific parameters.
  - 29. The machine-readable program storage device of claim 26 further comprising encoded instructions for the step of clearing the registry of processes except for the security process.
  - 30. The machine-readable program storage device of claim 29 further comprising encoded instructions for the step of neutralizing the workstation by clearing all processes from the registry except the security process and ending connections with network resources.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Fa Hasset Co LLC (Intellectual Ventures LLC)
Original Assignee
Pinnacle Technology, Inc.
Inventors
Osmann, Eric E., Dircks, Charles E.
Primary Examiner(s)
HUA, LY

Application Number

US09/290,120
Time in Patent Office

1,534 Days
Field of Search

713/200, 713/201, 713/156, 713/167, 713/157, 713/183, 380/28, 380/30, 380/277, 705/32, 705/44, 705/59, 705/77, 705/412
US Class Current

726/2
CPC Class Codes

G06F 21/604   Tools and structures for ma...

G06Q 10/1091   Recording time for administ...

G06Q 20/085   involving remote charge det...

G06Q 20/40   Authorisation, e.g. identif...

H04L 41/22   comprising specially adapte...

H04L 41/28   Restricting access to netwo...

H04L 63/083   using passwords cryptograph...

H04L 63/10   for controlling access to d...

H04L 63/102   Entity profiles

H04L 63/104   Grouping of entities

H04L 63/105   Multiple levels of security

H04L 67/306   User profiles

Network provider loop security system and method

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

66 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Network provider loop security system and method

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

66 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links