Electrical computers and digital processing systems: multicomput – Computer-to-computer data routing – Least weight routing
Reexamination Certificate
1998-10-09
2003-09-09
Follansbee, John (Department: 2127)
Electrical computers and digital processing systems: multicomput
Computer-to-computer data routing
Least weight routing
C707S793000, C707S793000, C709S241000
Reexamination Certificate
active
06618743
ABSTRACT:
FIELD OF THE INVENTION
This invention relates to a method and system for allowing multiple users to have autonomous work areas in a computer system, and specifically to a method and system for providing discrete user cells in a UNIX-based system which is part of a world-wide communications network.
BACKGROUND OF THE INVENTION
The UNIX operating system has proven to be particularly adaptable at providing communications over a world-wide communications network, often referred to as the Internet. The UNIX operating system is particularly adept at interactive time-sharing operations, and allowing a number of users to share data on a single disc storage facility, or hard drive.
As the Internet has grown, and large numbers of users have “logged-on”, the Internet is frequently taxed, along with the file servers which form the system. Obviously, one way to relieve the stress on the system is to provide a server for each user, with a “user” being that entity which occupies a discrete identifier, or domain name. In many instances, however, it is not practical for a user to have its own file server. While it is certainly feasible to partition a disc storage facility in a computer to provide space for a user, such partitioning does not provide the requisite autonomy and privacy required, nor is the partitioning of the hard drive sufficiently flexible to allow a user to occupy a required amount of space, without, at the same time, tieing up unused disc space. Additionally, the standard UNIX process table does not provide the requisite separation of multiple processes running at the request of multiple users. This can result in unwanted access to a process, or to one process interfering with a like process running for another user.
The UNIX system provides an environment in which user-mode programs may be executed. Once a program is running, it is referred to as a process. The UNIX kernel provides access to devices, such as network interface, CPU execution time and mass, or disc, storage. Each UNIX kernel has a notion of its own identity and a network Internet Protocol (IP) number. Generally, all of the activity on a particular system takes place in a global process arena, with each process associated with a given host being identifiable by other computers on the network as being associated with that host. Known systems, such as that described in U.S. Pat. No. 5,421,011 to Camillone et al., suggest accounting procedures for tracking various users, or groups of users, but does not teach or suggest segregation of multiple users in a single computer system, wherein the users have a discrete network identity.
From the standpoint of security, however, the ability of the system to cross partition boundaries, or the ability of one user to gain access to the space of another user by “hacking,” is of concern to users of the Internet. Existing systems do not provide adequate protection.
SUMMARY OF THE INVENTION
A system of multiple work areas for operating within a computer system, wherein the computer system includes a CPU, a memory module and a disc storage facility, includes plural autonomous resource units (ARUs) for running user processes, wherein each ARU includes a discrete IP address, and wherein a process running in one ARU is inaccessible by another ARU; a discrete identifier assigned to each ARU; and a connector which extends between each ARU and the computer system CPU and memory module.
A method of providing multiple, discrete, secure work areas in a computer system having a disc storage facility, a CPU, a memory module and a set of IP addresses, includes designating plural autonomous resource units in the disc storage facility; providing a barrier to prevent inter-ARU communications; assigning a discrete identifier to each ARU; and connecting each ARU to a CPU and memory module associated with the disc storage facility.
An object of the invention s to provide a computer system and method wherein a single user's processes are not visible or accessible by other users of the system.
Another object of the invention is to provide for plural, autonomous resource units on a disc storage facility wherein the autonomous resource units are not accessible from one another.
A further object of the invention is to provide secure division of a disc storage facility for multiple users.
REFERENCES:
patent: 5421011 (1995-05-01), Camillone et al.
patent: 5835482 (1998-11-01), Allen
patent: 6014715 (2000-01-01), Stoevhase
patent: 6078945 (2000-06-01), Hinsley
patent: 6263066 (2001-07-01), Shtivelman et al.
patent: 6295353 (2001-09-01), Flockhart et al.
patent: 6389421 (2002-05-01), Hawkins et al.
Follansbee John
OneWorld Internetworking, Inc.
Tang Kenneth
Varitz, P.C. Robert D.
LandOfFree
Method and system for providing discrete user cells in a... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method and system for providing discrete user cells in a..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method and system for providing discrete user cells in a... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3073304