Network provider loop security system and method
First Claim
1. A computer network for providing a workstation user access to resources including at least one of local and network computer programs, local and network peripheral devices, and external communication devices, said network comprising:
- a server;
a plurality of workstations coupled to said server, each said workstation including display means for providing a graphic user interface for a user; and
communication means for transmitting messages between said server and said plurality of workstations;
said server including means for providing access to at least one resource for a user, said user operating one of said workstations, said server including an operating system program which coordinates communications over said communication means;
said workstation including desktop means for creating and displaying items referencing resources on a display means of the workstation, said workstation also including an operating system program which coordinates operation of said workstation, said desktop means including means for supervising operations of said workstation operating system according to user specific parameters.
4 Assignments
0 Petitions
Accused Products
Abstract
The present invention involves a desktop administration system and method which allows a network administrator to remotely create, protect, and manage desktops and control file systems across a network. The method involves masking operation of the network providers while obtaining a user security information record relating to the user'"'"'s allowed scope of access to the network providers. Next, the operation of the user is enabled only with the network providers authorized based on the user security information record. Finally, the user'"'"'s interaction with each network provider is monitored and the user is only allowed to act consistent with the user security information record. Each workstation includes a personal desktop facility (PDF) and a Daemon which protects the user'"'"'s desktop. The PDF receives desktop information from the network server and builds a desktop which the user manipulates to invoke local and/or network programs and access local and/or network utilities, providing appropriate keys or other authentication information to access restricted network resources. The Daemon serves as an interface for the PDF by channeling any communication to or from the user or the network, preventing unauthorized transactions at either the workstation or network level. The PDF provides a graphic user interface using objects that encapsulate programs with data, such as user preferences, default directories, and access privileges. The Daemon performs many tasks, including starting the PDF, enumerating the windows of the graphic user interface, and recording operations.
66 Citations
30 Claims
-
1. A computer network for providing a workstation user access to resources including at least one of local and network computer programs, local and network peripheral devices, and external communication devices, said network comprising:
-
a server;
a plurality of workstations coupled to said server, each said workstation including display means for providing a graphic user interface for a user; and
communication means for transmitting messages between said server and said plurality of workstations;
said server including means for providing access to at least one resource for a user, said user operating one of said workstations, said server including an operating system program which coordinates communications over said communication means;
said workstation including desktop means for creating and displaying items referencing resources on a display means of the workstation, said workstation also including an operating system program which coordinates operation of said workstation, said desktop means including means for supervising operations of said workstation operating system according to user specific parameters. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. In a network of computers including a server and a workstation, a method of providing user access to network providers, said method comprising the steps of:
-
masking operation of the network providers while obtaining user specific parameters relating to the user'"'"'s allowed scope of access to the network providers;
enabling operation of the user only with the network providers authorized based on the user specific parameters; and
monitoring the user'"'"'s interaction with each network provider and only allowing user actions consistent with the user specific parameters. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A machine-readable program storage device for storing encoded instructions for a method of providing user access to network providers, said method comprising the steps of:
-
masking operation of the network providers while obtaining user specific parameters relating to the user'"'"'s allowed scope of access to the network providers;
enabling operation of the user only with the network providers authorized based on the user specific parameters; and
monitoring the user'"'"'s interaction with each network provider and only allowing user actions consistent with the user specific parameters. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30)
-
Specification