Electrical computers and digital processing systems: multicomput – Computer-to-computer data routing – Least weight routing
Reexamination Certificate
2000-10-11
2003-11-18
Follansbee, John (Department: 2126)
Electrical computers and digital processing systems: multicomput
Computer-to-computer data routing
Least weight routing
C713S167000, C709S241000
Reexamination Certificate
active
06651109
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to object oriented programming. More specifically, the present invention relates to a secure method of communication between untrusted JAVA™ objects.
BACKGROUND OF THE INVENTION
JAVA™ is a portable language that generates intermediate code that can be downloaded and run on a machine with a JAVA™ interpreter. The portability of JAVA™ applets allows processing to be off-loaded to a local system that has the potential capability of performing the processing at a faster rate than the source of the applet.
Because applets are designed to be loaded from a remote site and then executed locally, security is an important issue. In order to prevent untrusted code from damaging the local system, web browsers with JAVA™ interpreters often implement safeguards that restrict what applets can do. Some safeguards include, preventing applets from running any local executable program and preventing applets from communicating with any host other than their originating host. Other safeguards include preventing applets from reading or writing the local computer's file system and preventing applets from finding information about the local client system other than the JAVA™ version used, the name and version of the operating system, the characters used to separate files, paths, and lines.
The safeguards implemented by web browsers, however, are ineffective in providing a secure method of communication between untrusted objects from the untrusted code and objects in the local system. The safeguards implemented by current web browsers allow trusted objects to communicate with other trusted objects in the local system by making direct method calls directly on the objects in the local system. Direct method calls are messages from one object to another that request the receiving object to carry out one of its methods. A direct method call typically consists of three parts: a reference to the receiver object, the name of the method in the receiver object to be executed, and any parameters that the method may require to fulfill its charge. If untrusted objects were allowed to make direct method calls to other objects in the local system, untrusted objects could potentially do damage to a file system, a network, invoke methods in an inappropriate manner, or negatively affect other parts of the local system.
Thus, a method for inter-object communication among objects that minimizes the dangers associated with allowing untrusted objects to make direct method calls is desired.
SUMMARY
A method of communication between a first object and a second object is disclosed. A first direct method call is made on an intermediary object from the first object. The first direct method call contains information regarding a location in memory of the intermediary object instead of a location in memory of the second object and a name of the method to be called on the second object. The name of the method to be called on the second object is delivered from the intermediary object to a message queue object. The name of the method to be called on the second object is accessed from the message queue object by the second object.
A method for requesting a channel of communication with a receiver object via a trusted intermediary is disclosed. A first direct method call is made to a session object to request a channel with the receiver object. A location in memory of a channel object is received from the session object on behalf of the receiver object.
A method of allocating a channel of communication is disclosed. A direct method call is received from a session object on behalf of a sender object requesting a channel of communication. The direct method call contains an object identifier (ID) of the sender object. A degree of access to grant the sender object is determined. A channel object with the degree of access appropriate for the sender object is created. A location in memory of the channel object is returned to the session object.
A method for arbitrating a channel of communication between a first object and a second object is disclosed. A first direct method call is received from the first object requesting a channel of communication with the second object. The first direct method call contains an object identifier (ID) of the first object and the second object. A second direct method call is made to the second object requesting the channel of communication on behalf of the first object. A location in memory of a channel object is received from the second object. The location in memory of the channel object is sent to the first object.
REFERENCES:
patent: 4325120 (1982-04-01), Colley et al.
patent: 5136716 (1992-08-01), Harvey et al.
patent: 5173939 (1992-12-01), Abadi et al.
patent: 5235642 (1993-08-01), Wobber et al.
patent: 5315657 (1994-05-01), Abadi et al.
patent: 5329619 (1994-07-01), Page et al.
patent: 5379426 (1995-01-01), Foss et al.
patent: 5396630 (1995-03-01), Banda et al.
patent: 5414852 (1995-05-01), Kramer et al.
patent: 5450593 (1995-09-01), Howell et al.
patent: 5485617 (1996-01-01), Stutz et al.
patent: 5539909 (1996-07-01), Tanaka et al.
patent: 5551035 (1996-08-01), Arnold et al.
patent: 5619710 (1997-04-01), Travis et al.
patent: 5742848 (1998-04-01), Burgess
patent: 5751962 (1998-05-01), Fanshier et al.
patent: 5758159 (1998-05-01), Collet
patent: 5758186 (1998-05-01), Hamilton et al.
patent: 5761421 (1998-06-01), van Hoff et al.
patent: 5778222 (1998-07-01), Herrick et al.
patent: 5784560 (1998-07-01), Kingdon et al.
patent: 5822585 (1998-10-01), Noble et al.
patent: 5848234 (1998-12-01), Chernick et al.
patent: 5892946 (1999-04-01), Woster et al.
patent: 5941945 (1999-08-01), Aditham et al.
patent: 5999986 (1999-12-01), McCauley, III et al.
patent: 6049838 (2000-04-01), Miller et al.
patent: 6192405 (2001-02-01), Bunnell
patent: 6192419 (2001-02-01), Aditham et al.
patent: 6278532 (2001-08-01), Heimendinger et al.
patent: 6282652 (2001-08-01), Scheifler
patent: 6425017 (2002-07-01), Dievendorff et al.
Bela Ban Dept. of Computer Science. “JavaGroups—Group Communication Patterns in Java”. Jul. 31, 1998, p. 1-16.*
Buschmann et al. “Pattern-Oriented Software Architecture, A System of Patterns”. Aug. 1996, p. 323-337.*
Chung, Goopeel, et al.; Generic and Composable Latecomer Accommodation Service for Centralized Shared Systems; Seventh International Conference on Engineering for Human-Computer Interaction, EHCI '98; http://www.zmms.tuberlin.de/~sandro/conferences/embed.en.phtml/ehci98; 16 pgs, 3 pgs introduction.
Edwards, W. Keith; Session Management for Collaborative Applications; the Association of Computing Machinery; CSCW 94-10/94; Chapel Hill, NC, USA; © 1994 ACM 0-89791-689—1/94/0010; pp. 323-330.
Girdley, Michael, et al.; Web Programming with JAVA™; Part 1, Chapter 1An Overview Of Java; Jun. 01, 2001; cover page, 2 pages about Security Manager.
Mates, Nathan, et al.; The Web meets MOOs, IRC and the MBone; Project Y Overview; California Institute of Technology; http://www.cs.caltech.edu/~schooler/overview; 13 pgs.
Schuckmann, Christian, et al.; Designing object-oriented synchronous groupware with COAST; http://citeseer.nj.nec.com/schuckmann96designing; pp. 1-10.
CORBA Security Draft 0.2 of merged submission; Sep. 1995; OMG Document No. 95-9-1; cover page, pp. 2-120.
JAVA Security; Chapter 4: The Security Manager Class; Using the Security Manager (Java Security) http://www.google.com/search?q=cac...2+and+%22socket+factories%22&hl=en; Aug. 27, 2001; pp. 1-19.
Yialelis, Nicholas, et al., “A Security Framework Supporting Domain Based Access Control in Distributed Systems,” Imperial College Research Report No. DoC 95/14, Sep. 15, 1995, 18 pages, Department of Computing, Imperial College, London, UK.
Yialelis, Nicholas, et al., “An Authentication Service Supporting Domain Based Access Control Policies,” Imperial College Research Report No. DoC 95/13, Sep. 15, 1995, 12 pages, Department of Computing, Imperial College, London, UK.
Lupu, Emil C., et al., “A Policy Based Role Framework For Access Control,” Firs
Beck Robert D.
Lewis Scott B.
Bullock, Jr. Lewis A.
Follansbee John
Intel Corporation
LandOfFree
Inter-object messaging does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Inter-object messaging, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Inter-object messaging will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3182460