Data processing: software development – installation – and managem – Software program development tool – Translation of code
Reexamination Certificate
1998-03-18
2001-11-27
Powell, Mark R. (Department: 2122)
Data processing: software development, installation, and managem
Software program development tool
Translation of code
C717S152000
Reexamination Certificate
active
06324685
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to computer operating systems and, in particular, to a server architecture providing application caching and security verification.
BACKGROUND OF THE INVENTION
The growth of the Internet's importance to business, along with the increased dependence upon corporate networks, has created a demand for more secure and efficient computer systems. The traditional solution to this problem has been to depend upon improvements in hardware performance to make up for the performance penalty that is typically incurred when a computer system is made more secure and stable. Increased interconnectivity has also created a need for improved interoperability amongst a variety of computers that are now connected to one another. One solution to the problem of the variety of computers interconnected via the Internet and corporate networks has been the development of portable architecture neutral programming languages. The most widely known of these is Java, though, there are numerous other architecture neutral languages.
Architecture neutral programming languages allow programs downloaded from a server computer to a client computer to be interpreted and executed locally. This is possible because the compiler generates partially compiled intermediate byte-code, rather than fully compiled native machine code. In order to run a program, the client machine uses an interpreter to execute the compiled byte-code. The byte-codes provide an architecture neutral object file format, which allows the code to be transported to multiple platforms. This allows the program to be run on any system which implements the appropriate interpreter and run-time system. Collectively, the interpreter and runtime system implement a virtual machine. This structure results in a very secure language.
The security of this system is premised on the ability of the byte-code to be verified independently by the client computer. Using Java or some other virtual machine implementing technology, a client can ensure that the downloaded program will not crash the user's computer or perform operations for which it does not have permission.
The traditional implementations of architecture neutral languages are not without problems. While providing tremendous cross platform support, the current implementations of architecture neutral languages require that every client performs its own verification and interpretation of the intermediate code. The high computation and memory requirements of a verifier, compiler and interpreter restrict the applicability of these technologies to powerful client computers.
Another problem with performing the verification process on the client computer is that any individual within an organization may disable some or all of the checks performed on downloaded code. The current structure of these systems makes security management at the enterprise level almost impossible. Since upgrades of security checking software must be made on every client computer, the cost and time involved in doing such upgrades makes it likely that outdated or corrupt copies of the verifier or interpreter exist within an organization. Even when an organization is diligent in maintaining a client based security model, the size of the undertaking in a large organization increases the likelihood that there will be problems.
There is a need for a scalable distributed system architecture that provides a mechanism for client computers to request and execute applets in a safe manner without requiring the client machines to have local resources to compile or verify the code. There is a further need for a system in which the applets may be cached in either an intermediate architecture neutral form or machine specific form in order to increase overall system performance and efficiency.
SUMMARY OF THE INVENTION
In accordance with one embodiment of the invention, an applet server architecture is taught which allows client computers to request and execute applets in a safe manner without requiring the client to have local resources to verify or compile the applet code. Compilation and byte-code verification in the present invention are server based and thereby provide more efficient use of resources and a flexible mechanism for instituting enterprise-wide security policies. The server architecture also provides a cache for applets, allowing clients to receive applet code without having to access nodes outside the local network. The cache also provides a mechanism for avoiding repeated verification and compilation of previously requested applet code since any client requesting a given applet will have the request satisfied by a single cache entry.
Machine specific binary code is essentially interpreted code since the processor for a given computer can essentially be viewed as a form of an interpreter, interpreting binary code into the associated electronic equivalents. The present invention adds a level of indirection in the form of an intermediate language that is processor independent. The intermediate language serves as the basis for security verification, code optimizations, or any other compile time modifications that might be necessary. The intermediate form allows a single version of the source to be stored for many target platforms instead of having a different binary for each potential target computer. Compilations to the target form can either be done at the time of a cache hit or they can be avoided all together if the target machine is able to directly interpret the intermediate form. If the compilation is done on the server, then a copy of the of the compiled code as well as the intermediate form can be stored in the cache. The performance advantage derived from caching the compiled form as well as the intermediate depends upon the number of clients with the same CPU.
The novel features believed characteristic of the invention are set forth in the appended claims. The invention itself, however, as well as other features and advantages thereof will best be understood by reference to the detailed description which follows, when read in conjunction with the accompanying drawings.
REFERENCES:
patent: 5805829 (1998-09-01), Cohen et al.
patent: 5828840 (1998-10-01), Cowan et al.
patent: 5848274 (1998-12-01), Hamby et al.
patent: 5872915 (1999-02-01), Dykes et al.
patent: 5884078 (1999-03-01), Faustini
“Eliminating Unnecessary Synchronization,” http://kimera.cs.washington.edu/synch/index.html [Accessed Oct. 4, 2000].
Sirer, Emin Gün, “Kimera Paper Trail,” http://kimera.cs.washington.edu/papers/index.html [Accessed Oct. 4, 2000].
Sirer, Emin Gün, “Java, Extensibility and Security Related Links,” http://kimera.cs.washington.edu/related/index.html [Accessed Oct. 4, 2000].
Sirer, Emin Gün, “Java-Relevant Articles in the Press,” http://kimera.cs.washington.edu/press/index.html [Accessed Oct. 4, 2000].
“Project Members” http://kimera.cs.washington.edu/members.html [Accessed Oct. 4, 2000].
Emin Gün Sirer, et al., “Distributed Virtual Machines: A System Architecture for Network Computing,” Dept. of Computer Science & Engineering, University of Washington, Seattle, Washington http://kimera.cs.washington.edu Feb. 26, 1998.
Emin Gün Sirer, et al., “Design and Implementation of a Distributed Virtual Machine for Networked Computers,” University of Washington, Department of Computer Science and Engineering, Seattle Washington, 17thACM Symposium on Operating system Principles, Dec. 1999.
Sirer, Emin Gün, “A System Architecture for Next Generation Network Computing,” Dept. of Computer Science & Engineering, University of Washington, Seattle, Washington http://www.dyncorp-is.com/darpa/meetings/gradmeet98/Whitepapers/darpa-wp.html Jun. 26, 1998.
Sirer, Emin Gün, http://www.cs.washington.edu/homes/egs/ [Accessed Oct. 4, 2000].
Sirer, Emin Gün, “Kimera—A System Architecture for Networked Computers,” http://kimera.cs.washington.edu/ [Accessed Oct. 4, 2000].
Emin Gün Sirer and Brian Bershad, “Kimera Architecture,” http://kimera.cs.was
BeComm Corporation
Nguyen-Ba Hoang-Vu Antony
Perkins Coie LLP
Powell Mark R.
LandOfFree
Applet server that provides applets in various forms does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Applet server that provides applets in various forms, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Applet server that provides applets in various forms will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2590780