Electrical computers and digital processing systems: support – Data processing protection using cryptography
Reexamination Certificate
2001-07-31
2003-06-10
Hayes, Gail (Department: 2131)
Electrical computers and digital processing systems: support
Data processing protection using cryptography
C713S168000, C713S170000, C709S225000, C709S226000
Reexamination Certificate
active
06578146
ABSTRACT:
REFERENCE TO MICROFICHE APPENDIX
This application is not referenced in any microfiche appendix.
TECHNICAL FIELD OF THE INVENTION
The invention relates generally to a data processing system, method and article of manufacture allowing for the dynamic reconfiguration of an input/output device controller. In particular, the present invention relates to a computer-based system, method and article of manufacture which supports and facilitates a remote configuration and utilization of an emulated input/output device controller via encrypted data communication between a plurality of users and said controller.
BACKGROUND OF THE INVENTION
The present invention provides for secured, real-time, configuration and utilization of an emulated input/output device controller. The instant invention advances the art by allowing its practice to be supported via an encrypted communications protocol interfacing with, and relying upon, the teachings, practices and claims disclosed in co-pending U.S. patent application Ser. Nos. 09/239,425 and 09/255,837 (hereinafter synonymously referred to as “Secure Agent” or “SA”).
Secure Agent Service Overview
The following overview is provided to facilitate a comprehensive understanding of the teachings of the instant invention. Secure Agent utilizes a secure login sequence wherein a client connects to a Secure Agent server using a key known to both systems and a client connects and presents the server with user identification (as used herein the term “client” refers synonymously to a remote user establishing, and communicating with the instant invention through Secure Agent allocation and encryption processes as taught in the above noted applications). If recognized, the Secure Agent server initiates a protocol whereby the client's identification is verified and subsequent communication is conducted within a secured (encrypted) construct. For purposes of this overview, the term “server” should be considered a hardware configuration represented as a central processing unit wherein Secure Agent, a Host DLL and driver reside, and are executed. The term “DLL” as used herein refers to a Secure Agent host dynamically linked library (a.k.a. Host DLL). The term “DLL” or “dynamically linked library” is used in a manner consistent with that known to those skilled in the art. Specifically, the term “DLL” refers to a library of executable functions or data that can be used by a Windows application. As such, the instant invention provides for one or more particular functions and program access to such functions by creating a static or dynamic link to the DLL of reference, with “static links” remaining constant during program execution and “dynamic links” created by the program as needed.
The Secure Agent server presents a variable unit of data, such as the time of day, to the client as a challenge. The client must then encrypt that data and supply it back to the server. If the server is able to decrypt the data using the stored client's key so that the result matches the original unencrypted challenge data, the user is considered authenticated and the connection continue. The key is never passed between the two systems and is therefore never at risk of exposure.
The initial variable unit of data seeds the transmission of subsequent data so that the traffic for each client server session is unique. Further, each byte of data transmitted is influenced by the values of previously sent data. Therefore, the connection is secure across any communication passageway including public networks such as, but not limited to, the Internet. The distance between the client and server is not of consequence but is typically a remote connection. For accountability purposes, the actions of a client may be recorded (logged) to non-volatile storage at almost any detail level desired.
The access rights of each client (what the client is able to accomplish during a session) is governed by data stored on the Secure Agent server to which the client is associated. As an example, such rights might encompass the ability to administer and utilize the services of the server system, which would, in turn, include capabilities such as adding new client users, changing a user's rights, transferring new code to the server, using a feature (or service) of the server and more.
Consequently, Secure Agent allows for the transmission of new code to the server and for that code to be implemented upon demand by a client. Such dynamic, real-time implementation in turn, allows for the behavior of the server to be modified. It is to this behavior modification the instant invention addresses its teachings, and thereby advances the contemporary art.
As will be readily appreciated by those skilled in the art, though the instant invention utilizes encryption/decryption and code recognition technology associated with Secure Agent, an alternative technology may be employed in support of the instant invention without departing from the disclosure, teachings and claims presented herein.
BRIEF SUMMARY OF THE INVENTION
The present invention is best viewed as comprised of two server components with one or more client subcomponents or sub-processes disclosed in association thereto. It can be further conceptualized that a distinguishable client component exists for each emulated device type recognized by the invention's server, with an individual client supporting the simultaneous use of a plurality of client-side components. As used throughout the instant invention specification and claims, the term “server” is used synonymously with “emulated device controller”, “server central processing unit”, “server CPU”, and “remotely configurable input/output device controller” and the term “client” is used synonymously with “host user”, “client central processing unit”, “client CPU” and “remote user”.
The invention's lower-most server component layer is a device driver to communicate directly with one or more hardware components attached to one or more computer systems, such as, but not limited to, mainframe computers (a.k.a. host processors). The driver controls the hardware in a manner prescribed by its design, causing it to interact with the other computer systems to which it is connected as if it were one or more device types (emulation). The driver additionally acts as a conduit to a higher level server component that governs the overall behavior of the emulated devices. This higher level component primarily supplies the driver with new data to provide through the emulated devices to the other computers to which it is connected and accepts data arriving to the emulated devices carried up by the device driver. Both layers predomoninantly operate on a device by device basis. The higher level server component, in turn, serves as the interface between Secure Agent technology and remotely connected clients allowing for the encrypted transmission of all data external to the server.
Using the example of an IBM 3215 console, a client would connect to a server and request a list of the 3215 devices which shared membership to the user's security groups. The user would select a device and a logical pathway from the mainframe computer to the client's system would become established. The client would communicate through the server layers with the end result of messages transported from a mainframe through an emulated device to the client for presentation within a window on a computer screen. Conversely, commands to the mainframe may be issued at the client's workstation and are transported through to the emulated device then through it to the mainframe.
Just as a client might have the ability to administer users (i.e. add/remove), a client might be able to modify the presence and behavior of emulated devices, via Secure Agent administrative functions as taught by the afore noted pending patent applications. Allowable configuration ranges and values are verified and enforced according to rules by the server. The various data elements that may be controlled are listed at the bottom of this section. The server
Hayes Gail
Head Johnson & Kachigian
Seal James
LandOfFree
System, method and article of manufacture to remotely... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with System, method and article of manufacture to remotely..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and System, method and article of manufacture to remotely... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3100296