[go: up one dir, main page]

CN1225186A - Security system for accessing application servers from remote stations - Google Patents

Security system for accessing application servers from remote stations Download PDF

Info

Publication number
CN1225186A
CN1225186A CN97193893A CN97193893A CN1225186A CN 1225186 A CN1225186 A CN 1225186A CN 97193893 A CN97193893 A CN 97193893A CN 97193893 A CN97193893 A CN 97193893A CN 1225186 A CN1225186 A CN 1225186A
Authority
CN
China
Prior art keywords
client
server
application
application program
file
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN97193893A
Other languages
Chinese (zh)
Inventor
亚历山大S·奥伦斯坦
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN97193893A priority Critical patent/CN1225186A/en
Publication of CN1225186A publication Critical patent/CN1225186A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Information Transfer Between Computers (AREA)

Abstract

A security system is provided for accessing application services running on a remote server (12) from a client station (15). The system includes at least one client station (15), each having a low level graphical interface and file logic stored therein, and at least one controller such as a digital signal processor. The controller controls the graphical interface and the file logic. The file logic includes a file system capable of storing data corresponding to an application program. In addition, the system includes at least one remote application server (12), each having a high level of application logic for running a corresponding application program stored locally or remotely. In addition, a low level interface is connected to each client and server. In this system, the cost of manufacturing such a client (15) is much cheaper than a conventional general purpose computer, but far more robust than it. In addition, the server application is not specifically written to or dependent on any specific operating system platform.

Description

Be used for from the security system of distant station access application service routine
Invention field:
The present invention relates generally to the network system of reciprocity client server, and in particular for obtain application services (promptly embedding service/application) from server, and the security system and the method that these services are sent to the client/bench device of the request of sending, in this client/bench device, the applied logic of this service (senior expression, commerce and data base logic) is irrelevant with client's low-level operation system and I/O peripherals.
Technical background:
When we looked forward to 2000 even when farther, a problem has produced.What can following calculating become? this trend that we see is conspicuous; Every some months of crossing just has more powerful chip issue, and software development meanwhile is out for catching up with hardware, but never has been.Certainly, we have one new a little stranded now, promptly newfound internet, net and (by SUN Exploitation) Java Code popular.Such as, with regard to network, generally be from server to multi-purpose computer download code (as image, the attached program of Java), and the browser software of computing machine is translated the code that these are used to show.Yet translation and download code have spent a large amount of time.
Some say (as independent platform), and Java finally provides a kind of instrument to computer market, to break respectively the master chip developed by Intel Company and Microsoft company and the advantage of operating system (OS) in desk-top industry.Yet different software business mans has set up themselves Java extender, and like this, Java has lost its portability.For example, Microsoft developed he the Java interpretive routine, have specific for Microsoft network browsing Explorer The MS J++ of expansion And other relevant Microsoft technology, as Active-X.
In addition, we see that Intel and Mcrosoft are not disappointed to network development, be that Yemen does not think that general at present Internet technology can constitute a threat to its monopolization separately, to continue control powerful general PC as " Intel Inside ", the OS that reaches Microsoft will continue to manage them, and the network browsing Explorer of its Microsoft Support the Java code now.In addition, the exclusive Active-X technology of Microsoft is the rival of Java, and this still makes the effort of industry turn to and uses open standard.Therefore, the advantage of Intel and Microsoft remains unchanged.
Existing people has foretold and has calculated particularly that rapid variation will take place network calculations in the near future, so that do not have company/businessman can control any market, but because the existing effort of many software business mans " expansion " Java standard make this prophesy fall under suspicion again.Along with further developing of the attached program of Java, insert off-gauge expansion and can finally cause the attached program supplying merchant's of one and another Java appearance.In this, almost nothing can be suspected, it can become current stream software giant Microsoft.By revising its exclusive operating system as Windows96 and Windows NT, so that more effectively handle attached program of Java or Active-X object, Mcrosoft has controlled the software application development again.
(for example Windows 95 promptly to have a standard OS on the table ) and a microprocessor (resemble Pentium Chip) desk-top multi-purpose computer, must be substituted by a system that can have more cheaply and safeguard, but can the user ceaselessly be changed planes simultaneously because of performance reduces, these performances all are that we wish to obtain from our PC, make software and hardware industry continue to take the lead with brand-new and mode ingenious as adaptability, extensibility, high security, easy to use and initial proprietorial reasonable expense etc.
With regard to network and Java, the foreseeable shortcoming of the universal PC of standard comprises following content.The application program of Java can increase complicacy, therefore, need processor and bigger storer faster in table-top unit, so that make their operations (problem that often has with PC is identical), this forces the user to enter in the endless circulation to hardware and software upgrading again.At present, slow 4 to 5 times than compiled code of the attached programs of Java in order to obtain having similar performance to the application program of this machine of operation binary code, just need stronger processor.In addition, transferring application program to (or even transferred by C++) Java from another kind of higher level lanquage is very expensive, labor-intensive work, so also often use traditional COBOL application program just not at all surprising commercial.
This also has a kind of stake, i.e. the source write of computing machine, and hardware device for example can be by destroying that the attached program of Java is compromised or destroyed.On the other hand, if computing machine does not have the source of can writing, then the user generally makes his or her file stay remote unit for example in the telefile server, thereby the danger that causes any company all can't bear to the user's data file.An example that does not have the computing machine in the source of can writing be the plan network computer " NC " (by Apple , Netcape , IBM , Oracle And SUN Produce jointly).
Fig. 1 has shown a typical network system, and it has and can be used for server-user structure of the present invention.In Fig. 1, network 10 comprises a central server 7 that links to each other with plurality of client 5 by the transmission medium of sharing 8.Network 10 is the transmission that are used to be supported in the data on Local Area Network or the wide area network (WAN).
A typical server 7 can change its structure fully.It can be the device of single or multiprocessor, PC or main frame, workstation that comes autonomous manufacturer or based on computing machine of exclusive technology or the like.It in addition can be equipment without any the specific function of OS or software.But server 7 should be able to be operated in a predefined manner, maybe can move any software, and this software is that the company that has this server moves required software thereon.It also should be able to adherence to standard host-host protocol, for example tcp/ip that uses by the internet or other host-host protocol that on wireless or wired lan, uses.
What processor 7 can have it is used to store the file relevant with server and the file system of data, or server 7 can be an accurate calculation server, its software is to load from the file system of another server, another server promptly be for security reasons only a kind of file server or the file system (all not demonstrating) of superclient.If calculation server moves the program that is directed from RAM alone, then after software is encased in its primary memory (RAM), calculation server will can not be visited this local file system.
Fig. 1 has shown so-called double-deck computation structure.In addition, as what hereinafter will discuss, also can use computation structure three layers or the N layer.
Traditionally, in first main structure, client stations 5 is basically by transmission medium 8 " making mute " terminal that links to each other with central server 7.Central server comprises client's user's data and application programs code.In addition, central server is all programs of its client's 5 operations.
Substantially, all applied logics (being presentation logic, business logic and data logic) all are stored in the central server.This applied logic (expression, commercial, database) comprises and transmits and/or move any one relevant programmed logic of described application service.Yet be noted that each client might protect some rudimentary image interface logics as the X11 agreement.These clients are diskless, and carry out non-general-purpose computations task.In addition, share between a plurality of clients in the database on the server (file system) logic.An example of this system is the one group of X-terminal that links to each other with central server.
In second main structure, central server 7 had both comprised program code, had comprised the file system that the client uses again, this and first structural similarity, but do not move Any Application here.The substitute is, application program is downloaded to the client 5 of the request of sending by network, and in each customers' place operation.Yet this client continues to use central server as customer database/file system source.Client in this structure is diskless usually, but all comprises really such as by SPARC , MIPS And ALPHA Efficient CPU Deng company's manufacturing.Though (when operation) all expression, commerce and data base logics all are stored in the customers' place, file system is positioned on the central server, and is shared by a plurality of client.An example of second structure comprises that a LAN with central database and one group do not have program code and the data of disk bench device to obtain them, this central database is such as operating in ORACLE, Informix on the IBM AS/100 file server or Sybase etc., and so-called no disk bench device is SUN or RS6000 workstation such as the use central file server.
In addition, the NC that is advised and second structural similarity, except a bit, the formula of promptly flying ground is with the Java code translation or be compiled as this machine code in the client stations, replaces this machine code is transferred to the way of customers' place with this.This promptly is both can translate the Java code by the browser software on the client, also can be at first by browser editor Java code, bootup window afterwards.The remarkable shortcoming of this solution is that decoding and editor are very slow, and increase along with the Java code complexity, the combination of the CPU/ storer of NC or the combination of universal PC/browser also will increase the size of calculating strength and storer, so that can adapt to this growth.In addition, the Java code should be that the form with source program code is sent to desktop computer, and this source program code form makes determines that fault or shortcoming are whether with the attached program of Java or browser software itself is relevant becomes very difficult.
In addition, because the Java code that provided is used for moving on the client, so received the application program that is unsuitable for this client, this may be mala fide or the source program write of (as by using the security breaches in the browser) destruction PC mistakenly.In addition, because NC lacks local memory, all customer datas all will be stored in the central location like this, so NC can't protect user's private data to avoid other user's interference.For software vendors, Java makes copyright implement to become the very work of difficulty equally.Because the attached program of Java is transmitted with source program form, so they are subjected to exempt from the protection of other client/subscriber equipment copy anything but.
In the third structure, adopted the computational grid of three layers or N layer.Forte Technologies has just used this structure at present.They provide a kind of programming tool, with the client-server application programe reduction is presentation logic, business logic and data base logic, wherein presentation logic moves on each client 5, and business logic moves on central server 7, and data base logic moves (not shown) on file server.But commerce can be moved in identical physical server with data base logic.Because use first kind and second kind of structure, database/file system logic of client is stored in from the far place of client, again because it is to share between a plurality of clients, so can produce security risk.Because presentation logic moves on the client, so this system also is faced with upgrading constantly and to the problem of the high maintenance costs of client stations.The big problem of in this pattern another is application code must be write specially in a software business man's the N layer network device, and generally force the user to permit and the part of distribution system to move his application program.
Therefore, an object of the present invention is to overcome the shortcoming of prior art.
Brief summary of the invention
Above-mentioned and other purpose is to realize by a system ingenious and a kind of visit method from the application service of selected application program.Selected application storage is on the remote computation server, and operation thereon, and application program is used the operating system grade service of the client such as memory devices, to be used for its nonvolatil storage demand.
Selected remote server is used as the client as peripherals, so that it is connected with the I/O of client's keyboard, mouse, monitor, file system or any peripherals that other links to each other with the client, and is used to control the equipment that those are attached thereto.
Especially, this system comprises at least one client stations, each client stations has and is stored in one of them rudimentary graphic interface (a for example graphical user interface (GUI)) and file I/O logic, and at least one is used to control the controller circuitry (a for example digital signal processor (DSP)) of client I/O peripherals.Described file I/O logic can be stored and recovery and the corresponding data of a plurality of application program, otherwise will particularly move rudimentary document control operation on the device file in file system.In addition, described controller manipulating graphics interface and file I/O logic.
In addition, system comprises at least one special-purpose remote application server.Each server comprises senior applied logic, and it can be stored in the server, is used to move corresponding application, also can be stored in the corresponding file server.A low-level interface (as an operating system service interface (OSSI)) has been set up one and has been used for puppy parc that each client is linked to each other with each server.The OSSI agreement prevents that senior applied logic from directly visiting next stage operating system, allows advanced application to obtain the OSSI service from the different operating system that can understand the OSSI agreement or from specialized control equipment like this.OSSI makes advanced application might use the service of OS level on the far-end client who is separated by network.
In operation, owing to started by the client, selected server has produced the selected application program of operation thereon, and the access file system reaches and the corresponding data of client of asking selectively.Like this, a peripherals (one " Window on the World ") of described client's effect as if the selected attendant application that is used on server, moving out and away.Remote server (for the client) again passes through the attendant application that produced and handles corresponding data from the client and not be used in and permanently store these data in the server.In other words, to client's applied logic and when calculating power supply service is provided, the client provides service for file system, screen, keyboard, mouse and other equipment that links to each other with server at server.
In addition, can use " catalogue " attendant application that resides on the server.Like this, the client can activate the application program of being chosen by directory service." catalogue " attendant application can directly be carried out little service (for example showing some texts or graphical information), and reference is at another attendant application on the same server or with reference to an application service on another server.By this way, multiple directory service can be linked at together, so that this client user can be with reference to the some application programs of being made by different dealer on the different server of being stored in.By in the above described manner " catalogue " attendant application being linked, the network of various application services is very easily to the client.The user can find to be fit to the application program of its task up to him on " catalogue " service network " roaming ".In addition, also can adopt search.In case find an applying Internet address and port, then they can be noted, so that can be used for client's structural database/file future.
Application program on the remote server does not rely on special-purpose client OS, and does not preferably aim at special-purpose client OS thus and write.Like this, applied logic is just separated from rudimentary " standard " OS logic of client.In other words, application program does not directly link to each other with (OS's) core stage service of client, to carry out required function.The substitute is, application program is by calling a suitable command functions from the function library of server, and prepares required " order bag " (representing required function and necessary data).Command functions from the storehouse of this server is encoded to the order bag according to the OSSI agreement.Standard-the OS that can the order bag send the client by common transmission protocols (as tep/ip etc.) to.Standard-OS of client can identify and be received, is used to carry out the required I/O or the bag of control operation by what OSSI encoded.
In addition, this standard-OS has adaptability, and with the ability according to the ability of himself or the equipment of being visited according to it, and response special-purpose " order bag " is to adjust its operation.Therefore, there is the difference of environment, can be performed to such an extent that differ widely from the special logic order of application program with standard-OS.If X11 is used to GUI, then application program looks like it is " X " application program.Similarly, if used another GUI (as Windows95), then application program seems or sensuously as if the Windows95 application program.
The present invention is different from all three kinds of modes of above-mentioned discussion, and this shows following main aspect.The present invention only allows to select is limited application access client's from remote server permanent storage, such as hardware driver, CD-ROM drive, tape drive, floppy disk, and any other I/O or other equipment that can link to each other with the client etc.In other words, remote server executable operations on client's local data and equipment.Like this, server can be handled the data from the client; But these data never permanently reside on the server.Only be that local data could be read from client file system or write simply to it simply when applied logic needs.
All above-mentioned traditional modes have all adopted the file system of centralization on server, shared so that file system can be asked the client.Therefore, rascal user can be without permission just have access to another client's data from shared file system.Yet, the present invention does not but share a file system between different clients, but deposit client's data in be attached thereto memory device, so (if directly not authorized from this user) they are inaccessibles for other client or server.
In addition, in the present invention, if at one time in the section, there is client to need identical application program more than one, if then application program allows, each client can make some file can be at one time section visited by the application program on the server, in the described same time, can allow shared cooperation target of being distributed between two clients that reach an agreement.
Illustrate that the present invention forbids moving in fact various applied logics on the client.Second kind of structure carried out all applied logics in client's one side, and the third structure has been moved senior expression and business logic on the client.In addition, application program depends on the server section of application program and the pre-fixed platform of an advanced interface between the client and a compatibility.
Because the present invention has deleted all applied logics from the client, so no longer need carry out any versatility code on the client here.Remote server is to decide on the client who is attached thereto fully, so that be client's I/O peripherals service, so server no longer needs any its hardware device, so that obtain the I/O service, it is that the client can provide that these I/O serve.So expensive common treatment CPU can be substituted by the inexpensive but powerful controller as dsp chip better.Although without any applied logic, it uses as if the direct universal PC that runs application on PC on the client in the present invention.Neoteric client allows client user to preserve his or her private data on the dish of oneself, it also can make all public I/O equipment be attached thereto, this public I/O equipment outside peripheral equipment such as printer, plotting apparatus and the similar devices, also has such as CD-ROM and floppy disk etc. among others.
More than another major defects of three kinds of structures be database/file system of concentrating.Under common internet environment, it may be a feasible solution that the central file system of server is conducted interviews, in described common internet environment, each user can both be known (specially arranging in inside although also know many a breach of securities) by others and can be followed the tracks of by others that above-mentioned way can complete failure in the anonymous environment of internet.The present invention can not suffer the puzzlement of same shortcoming.Because server application always is to use file system on the client, so client's file system of access server not thus, neither can yet can not had a mind to or be not intended to destroyedly fall mala fide.The client only links to each other with a port of server, and generally can only could be in sight when receiving its services request at server (by an application program).In addition, server (computer server) does not have any for the file system of damaging, and replacing might be from another server (for example correspondent file system or power user) guiding suitable applications program.In this case, when moving in the RAM of application program at computer server, file server can disconnect with computer server.
Another advantage with the file I/O logic that is placed on the client is the integrality that each client can guarantee its data by backup and similar operations.This has eliminated many problems of ISP, otherwise the ISP will be responsible for guaranteeing client's routine data safety, makes it avoid worsening or the interference that caused by the third party.People can find out at an easy rate in Internet circles that owing to resemble the existence of this absolute limitations of disk space in the server, admitting not, the user of limited number is absolutely not.Yet, in the present invention, only there is the calculating source to share, therefore can admit more user.In addition, because calculation server visit local file system is arranged, so the performance of server also is improved, this is because the general file I/O in the file system of centralization is " bottleneck " (promptly having reduced) estimated performance in estimated performance.Because in this invention, server can be seen many file system on different clients, so there is not the problem of fighting for limited storage source by different clients or application program.
In addition, replacement must be set up the secure group or the way of user ID, application service can be sent at once a new user.In other words, because client's data can not visit when unauthorized, so this safety installations is unnecessary (unless being used to the purposes of keeping accounts), and owing to never client's data are delivered to required user place, and they can not be copied or destroyed.In addition, reside in this client's the file system owing to be exclusively used in this client's application data, so each client can receive multiple service with hiding, and users can not obtain visiting the privilege of this server file system.
In addition, although customer service in its file system and equipment, is the client set up and a plurality of server between get in touch.Be not used in a plurality of servers with the device of getting in touch of acquisition, unless the client seeks connection energetically with the client.Therefore, potential invador can't obtain entering the inlet of client's file system.Although so customer service in its file, it only just can serve above-mentioned file with a plurality of servers that this client self links to each other.
Preferably, owing on the client, do not carry out general-purpose computations, so the firmware that moves on client of the present invention (being stored among the ROM) is not that the user is revisable.Thus, because do not need to load or manage a plurality of user program/processors, so need the general-purpose operating system (OS) of expensive power supply and storer just optional.Only need in needs, deposit a required little standard-OS in, like this, client I/O and file system that the server may command that is authorized to is all.For example, can control graphical user interface with standard-OS according to the X11 agreement in the public domain.
Because the present invention neither needs traditional universal PC, does not also need traditional OS, so because this client stations can move 10 years or the longer time fully, thereby the client becomes a long-range investment for the user.On the other hand, both can have all, also can have the commerce/applied logic on the client of residing in of part because second and third retransmits system structure, thus the user always be compelled to system upgrade so that can move the more complicated application program widely that reaches.
In addition, with regard to server, the present invention is best, and part is the public service of having saved such as telnet, ftp, rsh, rlogin etc.This server thereby be left to the application service of the special use that does not allow the visit order shell.Set up a system as safe as a house like this, in fact this system is not subjected to the influence of outside world, and its dirigibility is enough to provide multiple service to the concealment piece of internet.
Finally, in the present invention, only need application programs to carry out primary development.Afterwards, application program has been developed selected an only hardware (but also application programs specialized designs it) for server.Be replaced by on different platform operation and selling software, only need to be provided with this application program for having service, and link to each other with network such as the common interconnection network agreement of tcp (or udp)/ip etc.Because the client does not comprise the application-specific logic, so Any Application all can use client and a plurality of file service that is used to show.Standard-OS of client has according to its this function power, the dirigibility of the order bag that explanation receives, this order bag is the server that links to each other from the client, so if the client have one can only videotex display, then standard-OS will be with the Text Mode display message.If used X11, then will adopt the function performance of X.Yet,, will use Windows equipment if Windows is basic OS.The looks of Any Application, sense of touch and performance all will adapt to looks, sense of touch and the performance of standard-OS.Meanwhile, the general operation of standard-OS is subjected to the control of attendant application.
Client's standard-OS and application program will become the relation of symbiosis---and application program tells what standard-OS does, and how this does and standard-OS determines it.Although there is not application program, standard-OS does not just have any useful function or its characteristic, if do not have standard-OS I/O and control service, application program can not be done any operation.The related function function of all hardware/OS is compressed in " front end " of standard-OS, and the logic/characteristic of all application programs is compressed in the application code.The two is together connected to each other by OSSI host-host protocol (himself uses a basic host-host protocol).Like this, this application program is never carried out low level code, replaces " inquiry " standard-OS, so that represent it to carry out the sort of operation.In other words, standard-OS does not carry out any operation of not crossed by remote applications request (when being asked by client user, document manipulation except).
It has been the existing application of writing such as dedicated platforms such as UNIX/X and Windows95/NT, can be when upholding one's heritage UNIX/X or Windows APIs (application programming interface), the storehouse that is used for producing the order bag by use can be changed the existing application program at an easy rate, and OSSI has been used in storehouse wherein.
In addition, owing to, wasted so client's disk space no longer counts the OS file and the application code of megabyte only to client's disk storage data.Meanwhile, server need not be stored the Any user data or make backup.Simultaneously, because this maintenance issues can be passed to software vendors fully, so the user no longer worries for upgrading his or her software.In addition, because software vendors only needs a kind of application program of upgrading to each server, and this process can be carried out at leisure by stages by them, so upgrading is easily to them.Just be ready that with regard to the company of purchase applications, these companies can buy the server ingenious with pre-build-in services application program, these servers can serve into hundred and even thousands of client immediately.Or by (general or special-purpose) CPU, or set up a suitable servers by dedicated processes chip with the suitable storer that links to each other with (hardware or software) network interface, so simplified widely the hardware of server demand now.
Brief description of drawings:
Enable to understand better following detailed explanation now with reference to accompanying drawing, this explanation provides by example, but the present invention can't be limited to this fully:
Fig. 1 is the synoptic diagram that has shown the two-tier network with server, transmission medium and a plurality of client;
Fig. 2 has shown according to two or three-layer network synoptic diagram with some calculation servers, transmission medium and plurality of client of the present invention; And
Fig. 3 A and 3B have shown the flow chart of steps that is used for visiting and producing from the remote client application on the traffic device.
The detailed description of the invention:
Referring to Fig. 2, this system 11 ingenious comprises some private servers 12,13,16,17, and they link to each other with plurality of client 15 by sharing transmission medium 18.Owing to used the network 10 among Fig. 1, system 11 is applicable to the transmission that is supported in the data in LAN or the WAN system.In general, each customer service is in its monitor, keyboard, mouse, file system or other I/O that links to each other with peripherals and desktop.These server services are in their corresponding calculated power supplys, applied logic, and control I/O and these clients' miscellaneous equipment.
In general, each server all is by independently dealer's support, so that move themselves software application as required.For example server 12 can be supported by the A of dealer, is used to carry out word-processing application, and server 13 can be supported by the B of dealer, is used for performance of work class application program.In addition, server can be supported from different company but carry out the attendant application of similar application.This promptly is, for example, can come back-level server 12 by an ISP, and described ISP will be based on the application program relevant with tables of data of many software vendors.Certainly, a plurality of attendant applications of carrying out on same server must be not identical.
Demonstrate among the figure, server 16 only links to each other with server 17, and the effect of server 17 resembles a file server.File server 16 storages also guide selected application program, it is done as calculation server 17 indications.For example, server 16 can be used as so-called power user, it injects selected application program to calculation server 17, disconnects with server 17 more afterwards.Because it has added safe level, with the attempt that prevents that the client who links to each other with server 17 from worsen application program, so this configuration is best.
Each client 15 preferably is not a universal PC, but cheap and extremely durable data acquisition equipment.Like this, a client just need not be such as traditional CPU such as Pentium, PowerPC or Alphas.Equally, the client need be such as MS-DOS yet Or traditional OS such as Windows95.Can use controller circuitry cheap but powerful in function to replace traditional universal cpu, to be used for control store equipment and other I/O hardware.An example of sort controller is TT TMS320C4x or C3x dsp chip.This controller or some controllers will be controlled client file system (file I/O logic) and rudimentary graphic interface logic (as GUI).For example, each client can have an independently controller that is used for file system/disk controller piece, client's transmission block and display/people's interface block, or all three pieces of dsp controller may command.
Because the function of file I/O and graphic interface logic is by strict difinition and make sense, and need not change for different application programs, so can be machine language with the fastest speed height optimization with them, and they are used as the firmware among the client ROM rather than are used as traditional software (because traditional OS is programmable) and provide.In fact, most of function can be cast in the hardware as ASIC and so on.It must be understood that multi-purpose computer (by minor modifications or do not make an amendment) also can be worked in invention, like this, the existing owner of PC can visit the server of any special use as required to produce the application program of a selection.In this case, substitute standard-OS with front end " calculating browser ", this front end " calculating browser " must resemble and enter the OS (Window95/NT, UNIX/X, OS2 and similar operations system) of multi-purpose computer other program, and resembles under the normal operations system as mentioned above as the user program and move.Like this, this " calculating browser " uses basic OS source to represent the local device of remote service application program with control.In addition, can use a plurality of nondedicated servers of having stored legacy application by using " catalogue " attendant application, and directory service application will provide service to the client, but it can use one or more traditional programs to carry out its task.Also can by traditional application program is recompilated and with them with new start-up code, newly I/O and OS storehouse link, and at an easy rate they are modified as attendant application.
Return to illustrate special-purpose client again, one rudimentary " standard-OS " being based on X11 agreement (X11 is a common software) with for example its graphical user interface replaces traditional OS, rudimentary " standard-OS " can be made amendment, being used for data compression and coding, and they can be stored among each client's the ROM.This accurate OS operates as a driver basically, is exclusively used in the work of client's hardware with execution, simultaneously also as the basis of window formula structure.Notice that this standard-OS does not carry out any applied logic and do not load or move user's handling procedure of any client.
Because these special-purpose clients do not need traditional CPU or OS, they all are cheap concerning producing and selling, and it is durable more than traditional universal PC.Because these clients have more permanent serviceable life than universal PC and other desk-top workstation, client's expense is delivery by instalment chronically, so greatly reduce client's full payment.Because or even attendant application become more complicated in, application program is still being moved on corresponding server out and away, rather than is loaded into and handles on the client.So special-purpose client does not need CPU and additional storer faster yet.
In addition, because the client does not comprise special-purpose OS platform, so the application program of moving on server only needs to use such as tcp/ip that is used for the order bag and the more senior standard internet protocols such as agreement of OSSI.Like this, required compatibility is the compatibility of file layout between each client and server application.As what hereinafter will illustrate, generally be by the data in the application program establishment client file system itself, so its compatible being out of question.
Now, the application program of their different editions is sold by instead of software dealer, and with the way of moving on different available platform, the program residence that generally has only a kind of version is on server.Because these application programs and client file system and standard-the OS compatibility (in fact, because standard-OS will control this interface, so these application programs do not need to know the inner structure of file system), so any vertical application will be operated with the client, like this, the different application of infinite number can be visited with client that a server or a plurality of server link to each other by each.The client can (according to the order of its peripherals) be supplied to the attendant application of arbitrary number with them, and they are offered the private server of arbitrary number.
These servers can have different hardware configurations, and these hardware configurations and client carry out on what OS, or which type of device independent they use.Therefore, the software business man can fully freely design and have the maximum speed and the device and the software of dirigibility.In fact, server may not move any OS, but can directly move guidable attendant application.Software vendors also need not be handled compatible correlativity, stores tcp (or udp)/ip and X11 agreement.By using the OSSI can compatible storehouse, this software be need not any source code correction just compatible automatically.
Each client only needs to comprise one or more memory device such as hard disk, floppy disk or CD-ROM drive.As indicated such, each client also comprises a file system.As the server that is attached thereto by use, this client's storage system and (not demonstrating) client are separated.If this client does not have any memory devices that is attached thereto, then spendable unique application program is those application programs that do not need memory device as html browser etc.A plurality of files in file system comprise a configuration file, and it tells client standard-OS where connection at network (LAN or WAN/ internet), and at which port can obtain and the connecting of service-specific application program.In addition, this document system has comprised corresponding each application program that produces in advance and has stored the several data file of data, when being used in the connection end of each application program simultaneously in addition, represented the inspection file of program state.This check point file allows to recover under the situation of network failure.But, need be distorted arbitrarily by a plurality of clients to prevent it the check point file encryption with server.In addition, the temporary transient stores service application program of this document system any workspace file that might need.
Therefore, all be stored in this locality with all data of each corresponding client user of application program who is produced, like this, when user and network disconnected, these user's data were difficult for being destroyed by other things on the network.System in the central server file system compares with this system and data storage.In those systems, data can suffer by malice or wrong destruction of causing.
In addition, each client also comprises rudimentary graphic interface logic, so which server application client user can select to start.This non-general client carries out non-higher-order logic function.Preferably, only have the function that is allowed to should comprise directly peripherals and request attendant application connected together, make data backup, demonstration, and open, rename and deleted data file, but it can not comprise any processing to this class file.Document manipulation should be embedded among standard-OS, and only carries out the task of a pre-strict difinition of determining.The document manipulation that is based upon in standard-OS can not be started by any remote service application, but only may directly call it from standard-OS by client user.Yet, in the scope that standard-OS allowed, can manage by the server execute file, and need not comprise its inner management function.
Each client can at random comprise such as frame grabber, audio/video interface, numeral---the plug-in type I/O module of simulation and A-D converter, microphone, gamma camera, compressive plate, temp probe, encryption chip or other required equipment etc.Then, server is by means of application program, sends suitable order by the accurate OS to the client and wraps the I/O equipment of controlling the client (and client's file system etc.).In addition, as described above, each server need not just can comprise any specialized hardware that is used to carry out other application program or service with client's compatibility.
For example, the move edit server can comprise all expensive hard edit devices that link to each other with this server.Such film is broadcast the chamber can have a client who contains video frequency camera I/O equipment.Then can edit the film on the gamma camera, rather than must remove to buy editor's hardware of themselves costliness by the editor's hardware on the server.Like this, application program will be controlled by the gamma camera data feed, editor passes the data of coming on resident editing machine, again with the described client of edited data back, so that can be stored on client's the dish, be used for printing on demonstration immediately or the printer on client's the monitor, or be used to output to CD-ROM, DVD dish or videotape the client.
Below, with reference to the process flow diagram among Fig. 3 A and the 3B, illustrate that this has the operation of the system of intention.Yet as prelude, should be noted that client's operation resembles Window on the World, be the application program that is used to select, and the user-selected application program of client is moving on corresponding server.In other words, the client be used for server " people-machine-interface " (HIM).According to authorization, application access client's file system, the user data that is used to handle with retrieval.Note that by standard-OS, application program is controlled all operations, and all peripherals on the control client.
For example, by server application in all I/O modules of Long-distance Control (for example floppy disk).In case application program finishes, or (needs read or during write data) when running application, data processed is sent to client file system, be used for its this locality is stored in the client.Owing to application code is not sent to client's (resembling in Java or Active-x target), so the user can not copy this code.Therefore, software vendors can easily enter the market of China, Hong Kong, Korea S, Eastern Europe and other software piracy very rampant (up to 98%), and provides these not have the calculation services of pirate content.
Just as described, this system identification data ingenious and program code are promptly attempted client file system and can only be the remote server storage data, and never store their application code.From a plurality of servers separately (can not by client access) documentum privatum system or from (its function is limited at can only the convey program guidance code, but can not run application) in the corresponding file server, with program code these servers of packing into, to increase security.For this unique exception of separating is that to occur in executable file be to be an editing machine (or linker) in application program, and the editing machine server needs to intersect in editor's the situation oneself routine data for different structures.(for safety) this object routine can not move on the client, also should not move on editing server.On the contrary, can carry out this object routine on the runtime server that separates, this runtime server has the appropriate C PU and the software that can load and move this program from afar.In general, note that the server that moves this application program should be different from the server of creating this application program.
Fig. 3 A and 3B have shown a process flow diagram, and it provides the step of visiting and produce a server application from the remote client.At step 20 place, the client stations power connection reaches from the file system module initialization network, user interface from ROM.Mixed-media network modules mixed-media makes the transmission interface initialization that connects such as the modulator-demodular unit that is used to link to each other, Ethernet, ATM, cable or light transmitting fiber etc.In addition, a plurality of network interfaces also are available to the client, and promptly the client can be used for Ethernet system Intranet (intranet), except cable modem is used for the internet.But can conduct interviews simultaneously to a plurality of servers by all line interfaces.If one in a plurality of interfaces is conventional modulator-demodular unit, has then formed phone and connected, to set up a connection with ISP.Can use PPP, SLIP or other point-to-point host-host protocol.A plurality of Subscriber Interface Module SIMs are to display, keyboard and similar devices initialization.File system module carries out initialization to file system that has comprised service application information (producing application program, network, server and port in advance) and the relevant programming data that is stored on the customer memory equipment.
At step 25 place, the client detects whether there is any new hardware.This hardware comprises the peripherals as mentioned above of any interpolation.If detected new hardware,, in file system, create a corresponding apparatus file that is used to control this equipment just at step 30 place.If do not detected new hardware, then treatment step forwards step 35 place to, and here, the client is with Servers-all and be stored in its source profile/Database Application program and link to each other.
At step 40 place, if the application program position of user not being wanted to produce (being server ip address and port) is stored in the configuration file in advance, then at step 45 place, client user creates a new inlet in " configuration " file, so that comprise server and application program address (port).Yet if there has been required application program entry in source profile, at step 50 place, the client is connected with suitable address, so that be connected with selected server.If configuration file does not exist, then client user must enter suitable IP address and port by hand.In case after entering, this information can be stored in the configuration file, with convenient use in the future.
At step 55 place, authenticate described server according to the database of being commissioned.Only need transmit a predetermined serial data simply, can make this server obtain authentication.At step 60 place, if authentification failure to server, then at step 65 place, do not carry out and being connected of this server, and handle and turn back to step 35, at step 35 place, standard-OS of client will attempt to link to each other with other Service-Port in configuration file, or client user in configuration file all the inlet all exhausted after, can select a different server application by hand.
At step 70 place, the client receives a public keys from server that is used for client's oneself private key encryption, and transmits encrypted this private key to server.Then, this server is deciphered the encrypted private key of receiving with its private key.
By use client's private key, make all communications client and server between all very safe thereafter.The client also can produce a new key at every turn when linking to each other with server, or produces several new keys during a connection that is used for added security.Can use the random bit patterns that produces the private key that is used for the client as the dedicated encrypted hardware of diode and so on.
At step 75 place, server or continuous directory service application transmit the icon of representing the spendable application program of this server to the client.Like this, the client dynamically sets up a window that comprises the icon of each application program.Yet if do not pass the icon (neither one is available) of coming from server, the client can purpose by choice produce a general icon.At step 80 place, client user will " click " required icon, to produce corresponding application.Also can " fall " on this application icon, and begin to carry out an application program by " dragging " data file and with it.Client user also can knock in the unique service title and directly visit an application program in command cue, this command cue is to find in source profile/database of subsequently client, afterwards, the client need promptly produce corresponding application in the directory service on the corresponding server.
At step 85 place, determine whether server application needs any data client file in the access customer file system.For example, if the client links to each other with (generation) word-processing application that is used to edit, then this application program can require text data store in the client file system of this locality.If application program does not need the access customer file, then should service continue to carry out, up to finishing this user's service at step 90 place.As mentioned above, in service, application program also can be controlled client's peripherals by standard-OS.Application program need be used as it as parameter from the filename that client user uses usually and receive, or after producing application program, by the filename of client's user-interactive ground input.
If application program does not need the access customer file,, need to determine whether this server has the mandate of these files of visit (even after the manual import file name of client user, authorisation step still needs to prevent server change file name) then at step 95 place.This mandate can be used as based on " rule " of licensing system by client user and set up in advance, so that each (or before the client changes mandate) permits the mandate to private server, or permits authorizing when each the use.Can be based on the restriction of " rule " based on data file class, application program, server, required visit and described data.In addition, available name or catalogue restrict access that vertical application is carried out is for only conducting interviews to one group of private file.Like this, when each client access server application, client user must authorize this visit again.Even when having permitted the mandate of a server, still there is different mandates in each server.For example, any one or all following mandates all will provide: " reading ", " writing ", " interpolation " reach " establishment ".
If server is not visited the mandate of a plurality of files that are arranged in source profile, then processing procedure forwards step 100 to, and in this step, client user selects whether to permit once the mandate of use separately as described.If client user disapproves this mandate, then handle and forward step 90 to, in this step, service will be proceeded up to end, or server application can determine to finish.If the client disapproves this interim mandate, or this server/application has a predetermined mandate, then handle and forward step 105 to, in this step, owing to obtained client user's mandate, server application is allowed to reading and writing in file system, interpolation, rename, moves or create corresponding file.The client also has the ability to replace another with a file.If the file by application requests comprises that client user does not wish the information of visiting, then the user can replace it with another file, and application program can not known any situation of relevant this conversion.This can allow client's " conversion again " to be hard coded into the filename in the application program.
In when service, accurate OS can act on the request of application program with 3 kinds of different modes, to carry out specific operation: 1) but its executable operations and will successfully be notified to application program, 2) can not executable operations, and can give application program with failure notification; 3) can not executable operations, but still can will successfully be notified to application program.The third operation is useful for allowing to move its " order " improper or illegal remote application safely and be not out of order immediately.
Processing procedure jumps to step 90 from step 105, and in this course, before client user finished, the application program that is produced continued operation.Finally, at step 110 place, if necessary, will pass a suitable file in client file system from the data processed of server application.If owing to data file has been upgraded in the operation of application program, then data file will be closed simply.
Though selected several embodiment that the present invention is described, yet those skilled in the art person will be understood that can obtain many change and corrections that do not break away from defined purport of the present invention of accessory claim and scope from presents.

Claims (56)

1. security system that the application service that is used for the application program of selecting since some application programs conducts interviews comprises:
At least one client stations, described client has rudimentary graphic interface and the file logic that is stored in wherein, and at least one controls the controller of described graphic interface and file logic, wherein said file logic comprises the file system that can store data, and described data are corresponding with described some application programs;
At least one remote application server, each server have the senior applied logic that is used to move corresponding described some application programs that is stored in Local or Remote; And
A low-level interface between each described client and each described server,
Wherein, when described client access, one at least one selected server produces the described application program of choosing, and the described file system of visiting this client selectively, to obtain corresponding data, and wherein said server is not for good and all stored these data, just handle from described client about the corresponding data on the described selected application program.
2. system as claimed in claim 1 is characterized in that each client is not used in the general CPU (central processing unit) (CPU) of carrying out the programming function, so reduced described client's expense and increased its security.
3. system as claimed in claim 1; the program code that it is characterized in that selected application program is stored on the described server; so increased described client's security, prevent to suffer the destruction of described server, also protected the described a plurality of application programs that are stored on each described server.
4. system as claimed in claim 1, it is characterized in that each described client further comprises a rudimentary accurate operating system (OS), be used to support client's hardware of linking to each other with selected server, be used to control any peripherals that links to each other with described client, and be used for controlling the ROM (read-only memory) (ROM) that described graphic interface logic, described standard-OS are permanently embedded each respective client, so described standard-OS is non-programmable.
5. system as claimed in claim 4, the described graphic interface logic that it is characterized in that being controlled by described standard-OS is based on the X11 agreement.
6. system as claimed in claim 1 is characterized in that each described client further comprises at least one memory devices, and it is at least a in hard disk, floppy disk, CD-ROM, DVD and the tape drive.
7. system as claimed in claim 6, it is characterized in that it is to be stored in the described memory devices of respective client corresponding in the plurality of data file of described file system that Shun states corresponding data, like this, described client limits the visit of described server to described data file selectively, to increase described client's security, make it avoid the destruction of described server.
8. system as claimed in claim 7 is characterized in that predetermined data file of described server requests visit, but is allowed selected another data file of described client is conducted interviews.
9. system as claimed in claim 7 is characterized in that when having obtained described client's mandate, but described server reading and writing, interpolation, move, rename and create described data file.
10. system as claimed in claim 6 is characterized in that described at least one controller is a digital signal processor (DSP).
11. system as claimed in claim 6, it is characterized in that described at least one controller can not be visited and logic control is stored in corresponding data in the described memory devices, this control is for not from described customers' place when authorized, and application program of operation is carried out on described server.
12. system as claimed in claim 1 is characterized in that described low-level interface comprises a graphic interface assembly of protocols and file system and device control protocol set.
13. system as claimed in claim 1 is characterized in that the optional property released of at least two described clients' file system and corresponding data ground, simultaneously by selected server access, with the application program that treatment of selected is selected, each client can cooperate with one another like this.
14. system as claimed in claim 1; it is characterized in that described each server further comprises a file system with the described some application programs that are stored in wherein; and wherein each described client can not visit the described file system of each described server; to increase the security of described server; prevent the destruction that it suffers described client, and can protect the application program that is stored on each described server.
15. system as claimed in claim 1 is characterized in that described application server is a calculation server, described like this application service is the selected application program of guiding from the file server that separates or power user, to protect described application program.
16. system as claimed in claim 1, it is characterized in that described interface be with Local Area Network and wide area network (WAN) in one link to each other.
17. system as claimed in claim 1, it is characterized in that each described client further comprises at least one equipment of selecting, an audio/video interface, a numeral from the frame grabber group---simulation and an A-D converter, a microphone, a gamma camera, a compressive plate, a temp probe, a moisture probe and an encryption chip, wherein if do not obtain described client's mandate, each described server inaccessible and the described I/O equipment of logic control.
18. as the system of claim 17, it is characterized in that the selected application program of client on corresponding server, moved, visit selectively and the described I/O equipment of logic control by described at least one controller of respective client.
19. system as claimed in claim 1 is characterized in that each described client and described server share a general transmission agreement, described general transmission agreement is among tcp/ip and the udp/ip.
20. system as claimed in claim 1, each address that it is characterized in that described some application programs all is stored in the corresponding configuration file of described file system, and wherein said client links to each other with each described application program in the described respective profiles, to receive icon information.
21. the method that the application service from a selected application program is conducted interviews, wherein said application program is selected from some application programs, and this method may further comprise the steps:
From the client stations request to conducting interviews by one that selects some remote application servers so that link to each other with the selected application program of on corresponding server, moving,
Wherein said client has rudimentary graphic interface and the file logic that is stored in wherein, and at least one is used to control the controller of described graphic interface and file logic, wherein said file logic comprises a file system, this document system can store and the corresponding data of described some application programs, and
Each server wherein has and is stored in senior applied logic local or far-end, is used for moving corresponding some application programs;
According to the mandate that obtains from described client, optionally will be sent on the selected server with the corresponding described data of selected application program that are stored in the described client file system;
On selected application program, handle and pass the data of coming; And
When selected application program finishes, from described server, remove all data processed.
22. as the method for claim 21, it is characterized in that further comprising described step, promptly, data processed passed to the file system of respective client from described server at described viability or when described service finishes.
23., it is characterized in that each described client is not used in the general CPU (central processing unit) (CPU) of carrying out the programming function, so reduced described client's expense and increased its security as the method for claim 21.
24. method as claim 21; the program code that it is characterized in that selected application program is kept on the described server; so increased the security of this server; make its destruction of avoiding described server, and can protect the described a plurality of application programs that are stored on each described server.
25., it is characterized in that further may further comprise the steps as the method for claim 21:
Support by client's hardware that rudimentary standard-OS links to each other with selected server;
Control the peripherals that any and described client links to each other; And
Control described graphic interface logic;
Wherein said standard-OS permanently embeds in the interior ROM (read-only memory) (ROM) of each respective client, and described like this OS is non-programmable.
26., it is characterized in that being subjected to the described graphic interface logic of described standard-OS control based on the X11 agreement as the method for claim 25.
27. as the method for claim 21, it is characterized in that each described client further comprises at least one memory devices, this memory devices is in hard disk, floppy disk, CD-ROM, DVD and the tape drive at least.
28. method as claim 27, it is characterized in that further comprising described step, be about in the described memory devices that corresponding data deposit respective client in, and corresponding client is in a corresponding data file of the plurality of data file of described file system, so the described server of described customer selecting ground restriction is to the visit of described data, to increase described client's security, to avoid the destruction of described server.
29. as the method for claim 28, at least one in it is characterized in that further may further comprise the steps:
Read described a plurality of data file according to described client's mandate;
Revise described data file according to described client's mandate;
Add described data file according to described client's mandate; And
The new data file is created in mandate according to described client.
30. method as claim 27, it is characterized in that not from the client under the authorized situation described controller has at least one can not be stored in corresponding data in the described memory devices for the application access carried out and logic control on described server.
31., it is characterized in that further may further comprise the steps as the method for claim 21:
By selected server selectively and simultaneously at least two clients' of visit file system and corresponding data; And
Handle accessed data with selected application program, each client can cooperate each other like this.
32. method as claim 21; it is characterized in that described server further comprises having some file system that are stored in application program wherein; wherein do not allow the described file system of each described each described server of client access; to increase the security of described server; make its destruction of avoiding described client, and can protect the described application program that is stored on the described server.
33., it is characterized in that further may further comprise the steps as the method for claim 21, promptly send selected application program from the separate file server, it can be moved on selected application server, wherein said application server is a calculation server.
34., it is characterized in that described visit and transmitting step occur on Local Area Network and wide area network (WAN) one as the method for claim 21.
35. method as claim 21, it is characterized in that each described client further comprises from a frame grabber group, an audio/video interface, a numeral---at least one data acquisition or the specialized equipment selected simulation and A-D converter, microphone, gamma camera, compressive plate, temp probe, moisture probe and the encryption chip, wherein said server can not be visited and the described I/O equipment of logic control.
36. as the method for claim 35, it is characterized in that further may further comprise the steps, promptly selected server is visited and the described I/O equipment of logic control according to the mandate that obtains from the client.
37., it is characterized in that described server is visited selectively and the step of the described I/O equipment of logic control is to take place by described at least one controller of visiting and controlling respective client as the method for claim 36.
38. as the method for claim 21, it is characterized in that each described client and described server share common transmission protocols, described common transmission protocols is among tcp/ip and the udp/ip.
39. as the method for claim 29, it is characterized in that further comprising the mandate that obtains according to from described client, and copy described data file and change the step of its title;
40. system as claimed in claim 1, it is characterized in that at described at least one remote server of each described client stations visit, so that when visiting in described some application programs, at least one described remote application server can be visited a plurality of file system, and a plurality of file system all reside on the corresponding client stations.
41. method as claim 21, it is characterized in that described at least one remote application server is included in described at least one remote server of each client stations visit, so that in the time of visiting in described some application programs, visit the step of a plurality of file system selectively and simultaneously, each file system all is stored on the corresponding client stations, with the file management system of the central authoritiesization of the configuration that is formed for controlling described file system and described client stations.
42. system as claimed in claim 1, it is characterized in that described at least one client stations has the rudimentary standard-operating system (QOS) as driver at least, be used to support described client's hardware to link to each other with selected described at least one remote application server, so that the described application program of control selected server, and be used to control any peripherals that links to each other with described user, selected server one in operating software attendant application and the hardware service application program at least wherein.
43., it is characterized in that and to operate described hardware service application program by asic chip as the system of claim 42.
44. as the method for claim 21, it is characterized in that described at least one client stations has the rudimentary standard-operating system (QOS) as a driver at least, described QOS may further comprise the steps:
Support client's hardware to link to each other, so that the described application program of control selected server with selected described at least one remote application server; And
Control the peripherals that any and described client links to each other, wherein selected server is in operating software attendant application and the hardware service application program at least.
45., it is characterized in that to operate described hardware service application program by asic chip as the method for claim 44.
46. method as claim 21, it is characterized in that being converted to web application with at least one application program will from described a plurality of application programs, selecting in described some remote application servers, this web application can communicate by an OSSI (operating system service interface) communication protocol and a remote client, selected application program is to have a legacy application that is exclusively used in the API (application programming interface) of specific OS (operating system), and described server may further comprise the steps:
Need not write down described legacy application, just the OS function call with described legacy application is converted to the order bag that uses described OSSI communication protocol, so that described legacy application is converted to described web application; And
Described OSSI order bag is sent to described remote client, is used for controlling described client's dedicated operations, wherein said web application continues to move in described special-purpose OS.
47. as the method for claim 46, it is characterized in that described remote client can not explain the described function call of described legacy application, but can explain described OSSI order bag.
48. system as claimed in claim 1, it is characterized in that at least one application program will selecting in described some remote application servers is converted to web application from described application program, this web application can communicate by an OSSI (operating system service interface) communication protocol and remote client, and selected application program is a legacy application with the API (application programming interface) that is exclusively used in specific OS (operating system).
49. system as claim 48, it is characterized in that described remote application server further comprises a processor, be used for to write down described legacy application, just the OS function call of described legacy application can be converted to the order bag that uses described OSSI communication protocol, so that described legacy application is converted to described web application
Wherein described OSSI order bag is sent to the remote client, is used for controlling described client's dedicated operations, and
Wherein said web application continues to carry out in described special-purpose OS.
50. as the system of claim 49, it is characterized in that described remote client can not explain the described function call of described legacy application, but can explain described OSSI order bag.
51. be used for visiting simultaneously the security system of a plurality of file system at plurality of client station, comprise:
At least one remote application server, each server has the senior applied logic that is stored in Local or Remote, be used for moving corresponding some application programs, each server can be visited a plurality of file system, each file system all resides on the corresponding client stations, at this moment, each described client stations and described at least one remote server link together, so that can visit an application program in described some application programs, wherein each server that connects reaches selectively and side by side visits described file system, so that can form the file management system of the central authoritiesization of a described file system that is used to control described client stations and configuration.
52. a security system that is used for visiting from the application service of an application program of selected some application programs comprises:
At least one client stations, described client has at least one the rudimentary accurate operating system (QOS) as a driver, be used to support client's hardware of linking to each other with the server of selecting, attendant application with the control selected server, be used to control any peripherals that links to each other with described client, and be used to control the figure interface logic
Wherein said server is in operating software attendant application and the hardware service application program at least.
53., it is characterized in that to operate described hardware service application program by asic chip as the system of claim 52.
54. the application program that is used for having an API (application programming interface) who is exclusively used in specific OS (operating system) is converted to the method for web application, this web application communicates by an OSSI (operating system service interface) communication protocol and remote client, and this method may further comprise the steps:
Need not write down described legacy application, just the OS function call with described legacy application is converted to the order bag that uses described OSSI communication protocol, so that described legacy application is converted to described web application; And
Transmit OSSI order bag to described remote client, be used to control described client's dedicated operations,
Wherein said web application continues to carry out in described specific OS.
55. as the method for claim 54, it is characterized in that described remote client can not explain the described function call of described legacy application, but can explain described OSSI order bag.
56. the legacy application that is used for having an API (application programming interfaces) who is exclusively used in specific OS (operating system) is converted to the system of a web application, this web application communicates by an OSSI (operating system service interface) communication protocol and a remote client, and this system comprises:
A remote application server, have and to write down described legacy application, just the OS function call of described legacy application can be converted to the processor that uses described OSSI communication protocol, so that described legacy application is converted to described web application
Wherein said OSSI order bag is sent to described remote client, is used for described client's specific operation, and
Wherein said web application continues operation in described specific OS.
CN97193893A 1996-12-18 1997-12-09 Security system for accessing application servers from remote stations Pending CN1225186A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN97193893A CN1225186A (en) 1996-12-18 1997-12-09 Security system for accessing application servers from remote stations

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US08/769,493 1996-12-18
CN97193893A CN1225186A (en) 1996-12-18 1997-12-09 Security system for accessing application servers from remote stations

Publications (1)

Publication Number Publication Date
CN1225186A true CN1225186A (en) 1999-08-04

Family

ID=5179113

Family Applications (1)

Application Number Title Priority Date Filing Date
CN97193893A Pending CN1225186A (en) 1996-12-18 1997-12-09 Security system for accessing application servers from remote stations

Country Status (1)

Country Link
CN (1) CN1225186A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100385398C (en) * 2002-05-17 2008-04-30 西姆德斯克技术公司 Application generator
CN100388320C (en) * 1998-06-29 2008-05-14 通用电气公司 Electronic electricity meter
CN100530207C (en) * 2003-05-22 2009-08-19 国际商业机器公司 Distributed filesystem network security extension
CN101908033A (en) * 2009-06-05 2010-12-08 邓迪 Method and device for multiuser to remotely use multiple master computers
CN104516774A (en) * 2013-09-30 2015-04-15 华为技术有限公司 Operation method of remote application, terminal and server
CN113711140A (en) * 2019-03-29 2021-11-26 西门子股份公司 Method and system for embedding a web application to be embedded into a surrounding web application
CN114185319A (en) * 2014-07-25 2022-03-15 费希尔-罗斯蒙特系统公司 Process control software security architecture based on least privileges
CN116506511A (en) * 2023-06-25 2023-07-28 成都中科合迅科技有限公司 Application program control method and system based on X11 protocol

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100388320C (en) * 1998-06-29 2008-05-14 通用电气公司 Electronic electricity meter
CN100385398C (en) * 2002-05-17 2008-04-30 西姆德斯克技术公司 Application generator
CN100530207C (en) * 2003-05-22 2009-08-19 国际商业机器公司 Distributed filesystem network security extension
CN101908033A (en) * 2009-06-05 2010-12-08 邓迪 Method and device for multiuser to remotely use multiple master computers
CN104516774A (en) * 2013-09-30 2015-04-15 华为技术有限公司 Operation method of remote application, terminal and server
CN114185319A (en) * 2014-07-25 2022-03-15 费希尔-罗斯蒙特系统公司 Process control software security architecture based on least privileges
CN114217589A (en) * 2014-07-25 2022-03-22 费希尔-罗斯蒙特系统公司 Process control software security architecture based on least privileges
CN114217589B (en) * 2014-07-25 2024-08-16 费希尔-罗斯蒙特系统公司 Computer equipment
CN113711140A (en) * 2019-03-29 2021-11-26 西门子股份公司 Method and system for embedding a web application to be embedded into a surrounding web application
US12259716B2 (en) 2019-03-29 2025-03-25 Siemens Aktiengesellschaft Method and industrial automation system with a system for embedding a web application to be embedded in a surrounding web application
CN116506511A (en) * 2023-06-25 2023-07-28 成都中科合迅科技有限公司 Application program control method and system based on X11 protocol
CN116506511B (en) * 2023-06-25 2023-09-01 成都中科合迅科技有限公司 Application program control method and system based on X11 protocol

Similar Documents

Publication Publication Date Title
CN1236592C (en) Smart card security information structure and recovery system
JP5634574B2 (en) Rights assignment / management computing device
KR100264535B1 (en) Computer devices and methods for communicating between software applications and computers on the World Wide Web
US7356709B2 (en) Systems and methods for deterring software piracy in a volume license environment
CN1312879C (en) Method for coordinating actions among group of servers
CN1961307A (en) System, method, and API for progressively installing software application
US20020184398A1 (en) Secured system for accessing application services from a remote station
CN1905446A (en) Client-based method, system to manage multiple authentication
CN1292116A (en) Per-method designation of security requirements
JP2000215168A5 (en)
CN1790265A (en) Portable applications
CA2254936A1 (en) Secured system for accessing application services from a remote station
CN1901475A (en) Administration of access to computer resources on a network
US6959362B2 (en) Caching based on access rights in connection with a content management server system or the like
US20080162499A1 (en) System and Method for Facilitating Access to Content Information
US20080120415A1 (en) Filtering access to data objects
CN1946222A (en) Software certification device for mobile communication terminal and method thereof
JP2003122571A (en) Method for providing extensible set of auxiliary services for objects in an object-oriented system, and method for providing safe freeze service
NZ561944A (en) Split download for electronic software downloads
CN1372197A (en) Information process system, medium, equipment method, and relative storage medium
CN1225186A (en) Security system for accessing application servers from remote stations
CN1491506A (en) Method and device for safely assigning content of program
CN103218573A (en) Traceless access controlling method and device based on protection of visual magnetic disc
KR100499000B1 (en) Method for Providing Software by Virtual CD-ROM Drive
US8385554B2 (en) Preventing execution of pirated software

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C02 Deemed withdrawal of patent application after publication (patent law 2001)
WD01 Invention patent application deemed withdrawn after publication
REG Reference to a national code

Ref country code: HK

Ref legal event code: WD

Ref document number: 1023629

Country of ref document: HK