Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1998-11-04
2001-12-04
Barron, Jr., Gilberto (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C705S051000, C713S152000
Reexamination Certificate
active
06327658
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to security in a distributed object system comprising one or plural server objects for supplying various services, and one or plural client objects for using these services.
2. Description of the Related Art
A distributed object system which is established by combining a client server system (distributed computing system) and an object oriented technique are starting to attract a lot of attention.
Unlike the client server system (distributed computing system), in the distributed object system, a client application (client object) is not required to beforehand know where a server program (server object) operates. Further, even in a case where the system is expanded, no change is required at a client side. Therefore, a highly flexible system can be built up.
The flexibility and mechanism of the distributed object system as described above is described in “Client/Server Programming With Java and CORBA” written by Robert Orfali, Dan Harkey and published by John Wiley & Sons, for example.
In practice, there are many cases that all the communications between an client object and a server object are frequently performed via an object intermediate program, whereby establishment of a highly flexible distributed object system can be performed.
In order to build up such a flexible system, activities for standardization on the distributed object system have been recently carried out. The above publication briefly describes the activities for standardization.
In the information processing field, much attention has been paid to a software component technique for fabricating software such as applications, data used by the applications, etc. as components.
This technique has a lot of merits. For example, a component serving as a basic portion of an application is pre-installed in a client terminal, and when the application is started, the client terminal is first connected to an indicated server through a network to download an additive component which completes the application in combination with the basic portion of the application, and then it actually executes the application. As a result, the same client component can be used for various processing by merely preparing components which are different among servers, so that the development efficiency of the system is enhanced.
With the development and propagation of the information processing technique as described above, requirements for a security technique for authorization, access control, enciphering of information, etc. have been increasing more than ever.
The security function of the distributed object technique is described in “Instant CORBA” written by Robert Orfali, Dan Harkey, Jeri Edwards and published by John Wiley & Sons, for example. According to this publication, it is specified that the following six security functions are supplied as common services in the standardization activities of the distributed object system as described above.
(1) An identification function of checking the identity of a principal such as a user, an object or the like. The principal identifies itself by exhibiting secret information (password or the like) known only by itself and a server which performs authentication.
(2) An access control function of checking whether a principal whose identity is authenticated has authority to access resources such as objects, etc., and controlling the access.
(3) A security auditing function of recording various events relating to security.
(4) A communication protection function of protecting communications between a client object and a server object from a third party. This function contains a function of detecting tampering or breakdown of data, and a function of preventing data from being tapped.
(5) A non-repudiation function of verifying the fact of transmission/reception of data between a client and a server so that both the client and the server are disabled to afterwards deny that they performed the transmission/reception of the data.
(6) An operation management function of setting the security policy, etc. by a manager.
The security function of the software component technique is described in “Java Security” written by Scott Oaks and published by O'Reilly & Associates, Inc., for example. According to this publication, the following restrictions are imposed on the client components which are down-loaded through a network.
(1 ) A down-loaded client component cannot access any local resource (file, device, etc.) at a client terminal.
(2) A down-loaded client component can only communicate with a server in which the component has been kept.
(3) A down-loaded client component cannot create any new process.
Such security functions have been proposed to protect the system from a hostile client component. However, it is apparent from these restrictions that they lose the merits of the software component technique. Therefore, the following extension function has been also proposed That is, a client component down-loaded through a network is beforehand added with a signature of a creator who created the component (the signature is electronically made, and thus it is known as a “digital signature”), and when a user using a client terminal agrees that if it is a creator's client component, the client component is trusted, the above restrictions are excluded from the client component.
SUMMARY OF THE INVENTION
Both the distributed object technique and the software component technique are based on an object oriented technique. Therefore, there is such a movement that client objects, server objects and object intermediating programs are built up as components.
If the above two techniques are used in cooperation with each other, the following characteristics will be achieved.
(1) A client object is not required to recognize a server in which a server object operates, and it can use the same service irrespective of the server in which the server object operates.
(2) A client object which is not beforehand installed in a client terminal, but down-loaded from a server via a network can be automatically executed at that place.
In the case of the system in which the distributed object technique and the component technique are used in cooperation with each other, the following problems occur if the system has merely the above security functions which are independent from one another.
Assume that an unauthorized person U
1
tries to unjustly copy a file F
1
which is under the management of a server S
1
(in which a server object OS
1
operates) and to which no access can be made with the privilege of the unauthorized person Ul. The unauthorized person U
1
generates a client object OC
1
which is a signed object and which accesses the server object OS
1
for unjustly copying a file F
1
and then transmits the copy to the unauthorized person U
1
. The unauthorized person U
1
keeps the client object OC
1
and other signed object OC
2
, OC
3
(in which no unjustified processing is installed) in a WWW server S
2
managed by the unauthorized person U
1
in such a state that these client object can be down-loaded.
Further, assume that a user U
2
having authorization to access the file F
1
down-loads the signed client object OC
1
from a client terminal C
1
by using a browser program. If the user U
2
has experience of previously down-loading the client objects OC
2
, OC
3
and sets them so as to give credit to the client object with the signature created by the user U
1
at any time or at the time when the user U
2
down-loads OC
1
, the signed client object OC
1
starts to operate on the basis of the privilege of the user U
2
(not the privilege of the unauthorized person U
1
).
As a result, the unauthorized person U
1
can unjustly gain the file F
1
to which access should not be possible by using the privilege thereof. Further, when the signed client object OC
1
is set so as to apparently perform the same operation as the normal signed client object OC
2
or OC
3
, the user U
2
may be unaware that the signed client object OC
1
c
Akaosugi Takashi
Kaji Tadashi
Kito Akira
Sasaki Ryoichi
Susaki Seiichi
Antonelli Terry Stout & Kraus LLP
Barron Jr. Gilberto
Hitachi , Ltd.
Zand Kambiz
LandOfFree
Distributed object system and service supply method therein does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Distributed object system and service supply method therein, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Distributed object system and service supply method therein will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2562662