Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-02-24
2001-01-09
Beausoliel, Jr., Robert W. (Department: 2785)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C707S793000, C709S241000
Reexamination Certificate
active
06173404
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to secure interactions between software objects and, in particular, to a security process or mechanism that bases access to objects upon the commonality of the sources of the objects.
BACKGROUND AND SUMMARY OF THE INVENTION
A conventional interfaced software object provides software services, such as methods or properties, which are accessed by one or more interfaces. A method is typically a function or procedure that performs a specific action and is called via a corresponding interface. A property is typically information or data and is also called via a corresponding interface. Objects are commonly implemented in a server that, for example, may be a dynamic link library utilized by a software program or may be an entirely separate executable process.
The creation of and interaction between software objects can pose security risks to a user's computer system. In general, the security risks arise because the object definitions from which objects are created or instantiated sometimes are created by other users who are unknown and potentially untrusted. Some objects can cause damage to or improperly disclose information on a user's computer system. This damage or disclosure of information could arise as a result of either an unintentional error in the corresponding object definition or an intentional or malicious “Trojan horse,” virus or other program.
More specifically, the risk arises because an object would conventionally be run on computer system with the full rights and permissions of its user. The danger is that running an instance of the object created by one user, who is potentially unknown and untrusted, with the permissions of another user on his or her computer system could allow the object to cause damage to or improperly disclose information from the computer system. Typically such an object would seek to access properties or methods of another object (i.e., a target object) on the user's computer system. The damage or disclosure of information could arise as a result of the accessing object being permitted free access to all the properties and methods on the target object. Such access could be in the form of read, write, execute or add operations that are performed by the accessing object on a service of the target object.
According to the present invention, a security mechanism addresses such system security risks by imposing conditions on the accessing of targets by accessing object instances according to attributes of the accessing object and the target object. One security feature is that an owner identifier incorporated into objects. The owner identifier includes identification of the user, person, or entity (e.g., corporation) who or that creates the object, or identification of a computer system used by the user, person, or entity to create the object definition. The owner identifier provides a basis for distinguishing the creator of an object from the user of that object. This distinction allows instances of objects created by others to be given fewer access permissions or rights than the user implementing the object.
Another security feature is a set of access authorizations that allow different access rights to be made available to different object creators. In one implementation the access authorizations are All, Owner, and Exemplar. Object services or targets with the access authorization All indicate that all objects, regardless of their Owner, may perform access operations on the targets. However, the operations that can be performed with this access authorization could be limited to read and execute operations. Targets with the access authorization Owner indicate that only the owner of the target instance may access it. Object services with the access authorization Exemplar relate to an implementation utilizing hierarchical relationships between objects, as described below. This access authorization indicates that only services defined on the same exemplar as the target instance may access those targets. In this implementation, the Exemplar access authorization is the most restrictive and the All access authorization is the least restrictive.
These security features provide various security levels by which objects from trusted and secure sources can have extensive access to a user's computer system resources while objects from unknown or untrusted sources have only limited, relatively safe access rights. Such versatility allows a user to utilize safely objects from a wide variety of sources. This may be referred to as inter-object security.
Moreover, these security features are applicable to objects operating within a single computer system or in a client-server context in which objects and object components are transmitted between a client computer and a separate server computer. Another security feature applicable to such a context is the treatment of unverified client communications to the server as being from an unknown or untrusted source.
The Exemplar access authorization relates to an implementation utilizing objects having hierarchical relationships and inheritance characteristics. Conventional objects include the characteristic of interface inheritance in which the definitions of the methods that an interface supports may be inherited by another interface. The interfaces may be of different objects that may or may not be of the same class of objects. An object supporting an inherited interface can be treated like the object from which the interface is inherited. Such objects may be implemented by or in accordance with many object-oriented programming tools or models including, for example, the component object model (COM).
An interface of an object may not be changed once the design and implementation of the interface is complete and the object is established, distributed, or promulgated for general run-time use. Adding new services to or modifying existing services in such an object requires that a new interface be defined in a design-time operation. The new interface would then be distributed or promulgated for general run-time use. The new interface may inherit services from an existing interface, but the new interface remains distinct and has a unique identifier. Despite interface inheritance, therefore, interfaces remain static once they have been established, distributed, or promulgated for use at run-time.
While providing stability and predictability in the use of objects, the static nature of object services at run-time limits the flexibility of objects. In some applications the lack of flexibility in object definitions can pose an undesirable limitation. An example of such an application is an interactive virtual world environment that represents a real or imaginary place using graphic and audio data for presenting the place to a computer user and allowing the user to interact with it.
Objects with conventional static interfaces can be used to provide users of a virtual world environment with a predefined environment with which the user can interact. A disadvantage with objects having conventional static interfaces in such an environment is that changes to the environment cannot be made at run-time. Changes must be made by adding interfaces in a design-time operation. This restricts the level of interaction or control that users can have with or over the environment.
In one implementation of this invention, object services like methods or properties are provided to or inherited by objects dynamically during run-time. This dynamic inheritance may be provided within the context of an object model, such as the Component Object Model, that supports only design-time interface inheritance. As applied in a virtual world environment, for example, dynamic inheritance can provide users with increased levels of interaction or control.
In a method of providing dynamic inheritance, hierarchical relationships are defined between multiple objects such that each object references or is referenced by another object. One of the objects is a root object, or exemplar, that is re
Colburn Alex
Drucker Steven M.
Marple Kirk J.
Mitchell Don P.
Vellon Manny
Beausoliel, Jr. Robert W.
Ipsolon LLP
Microsoft Corporation
Revak Christopher
LandOfFree
Software object security mechanism does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Software object security mechanism, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Software object security mechanism will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2554257