WO2011064539A1 - Security system & method - Google Patents

Security system & method Download PDF

Info

Publication number
WO2011064539A1
WO2011064539A1 PCT/GB2010/002171 GB2010002171W WO2011064539A1 WO 2011064539 A1 WO2011064539 A1 WO 2011064539A1 GB 2010002171 W GB2010002171 W GB 2010002171W WO 2011064539 A1 WO2011064539 A1 WO 2011064539A1
Authority
WO
WIPO (PCT)
Prior art keywords
user
server
data
programs
virtual machine
Prior art date
Application number
PCT/GB2010/002171
Other languages
French (fr)
Inventor
Robert Cooley
Roland Baranowski
Christopher Howell
Original Assignee
Cloud Technology Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cloud Technology Limited filed Critical Cloud Technology Limited
Publication of WO2011064539A1 publication Critical patent/WO2011064539A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/34User authentication involving the use of external additional devices, e.g. dongles or smart cards
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/445Program loading or initiating

Definitions

  • This invention relates to a security system and method for enabling remote access to user- specific data and/or applications.
  • Modern computer operating systems can include a software framework, which is a set of libraries and tools to help improve the efficiency of creating new software. Developers are able to implement new programs, for example to run on a particular operating system or platform, by using provided building blocks or library functions, and by adding their own code to implement specific functionality.
  • a known software framework is Microsoft's .NET framework, which comprises a set of class libraries and an execution environment known as Common Language Runtime (CLR).
  • Microsoft .NET is provided as an inherent part of its newer operating systems such as Vista and Windows 7, allowing developers to develop new applications for execution on these Windows operating systems under the supervision of the CLR, guaranteeing certain properties and behaviours in the areas of memory management, security and exception handling.
  • the CLR is an example of an Application Virtual Machine which, as will be known, is a software implementation of a computer that executes programs like a physical machine but independently of the actual hardware, i.e. so that programmers need not know the capabilities of the underlying processor.
  • An Application Virtual Machine runs as a normal process, performing a particular function and allowing programs run on that virtual machine to operate independently of other programs being run on the same hardware but outside the instantiation of the virtual machine.
  • a key feature provided by many software frameworks, including the CLR of .NET is automated memory management. Software developers traditionally have the burden of managing memory, i.e. allocating and de-allocating RAM as part of the software design process. In the NET framework, the CLR virtual machine does memory management itself. When a program developed using .NET is executed using the CLR, memory is allocated and de-allocated automatically and continuously using what is known as the 'managed heap'.
  • a system for providing remote access to user- specific data and/or programs stored at a server using a data network comprising a portable memory device; a personal computer having software which provides a virtual machine capability for executing programs and which handles automatically the allocation and de-allocation of memory for programs executed by the virtual machine, wherein the portable memory device has stored thereon identification data unique to a user or group of users, and a shell program arranged, when executed by the personal computer (i) to open a shell application for being run as, or on, a virtual machine which allocates memory to said application, (ii) to automatically transmit the identification data to a network address associated with the server for authentication purposes, (iii) to present within the shell program user-specific data and/or programs stored at the server and (iv) to enable data and/or programs selectively to be downloaded from the server and executed within the shell application running on the virtual machine, and wherein, upon closing the shell application or upon disconnection of the portable memory device from the personal computer, its software or virtual
  • the system provides a means by which users can securely access data and/or applications specific to them by means of any personal computer having a virtual machine capability provided as part of the operating system.
  • the virtual machine allows the user, by connecting the portable device to such a computer and running the shell program, to work with their remote data/programs within the shell program, independently of other programs being run on the same machine outside of the shell program.
  • the inherent memory management means that memory for running the shell, and any data/programs run therein, is automatically allocated and de-allocated providing security when the shell program is closed or the portable device removed.
  • Programs can also be written for provision at the remote server independently of the shell application. The latter is a program which effectively acts as the application virtual computer when the portable storage device is connected to a selected personal computer.
  • connection of the portable storage device automatically causes the operating system to run the shell application, opening a window in which an authentication program is first downloaded, and provided this is verified, other programs and data particular to the identified user presented for downloading and interaction.
  • Multiple developers can, given knowledge of the framework providing the virtual machine capability, write new programs for storage at the remote server simply and efficiently. It is also worth mentioning that because the majority of personal computers use some variant of the Microsoft Windows OS with the .NET capability, users are able to access their data in this way by means of connecting the portable memory device with any framework- compliant computer, whether it be in an Internet cafe, at a workplace or home computer. Prior systems have tended to require a dedicated application to be installed on each computer to which the portable device is to be connected and/or do not allow other programs to run at the same time.
  • a portable memory device for use in the system according to any preceding claim, wherein the portable memory device has stored thereon a shell program arranged, when executed by the personal computer (i) to open a shell application for being run by the computer's virtual machine which allocates memory to said application, (ii) to automatically transmit the identification data to a network address associated with the server for authentication purposes, (iii) to present within the shell program user-specific data and/or programs stored at the server and (iv) to enable data and/or programs selectively to be downloaded from the server and executed within the shell application when being run on the virtual machine.
  • a shell program arranged, when executed by the personal computer (i) to open a shell application for being run by the computer's virtual machine which allocates memory to said application, (ii) to automatically transmit the identification data to a network address associated with the server for authentication purposes, (iii) to present within the shell program user-specific data and/or programs stored at the server and (iv) to enable data and/or programs selectively to be downloaded from the
  • a method of remotely accessing user-specific data and/or programs stored at a server comprising: pre-registering with a data server; connecting a portable memory device to a personal computer, wherein the portable memory device has stored thereon identification data unique to a user or group of users, and a shell program arranged, when executed on the personal computer (i) to open a shell application using a virtual machine function provided as part of the personal computer's software using an area of memory allocated automatically by the virtual machine, (ii) to automatically transmit the identification data to a network address associated with the server for authentication purposes, (iii) to present within the shell program user-specific data and/or programs stored at the server and (iv) to enable data and/or programs selectively to be downloaded from the server and executed within the shell application running on the virtual machine, and wherein, upon closing the shell application or upon disconnection of the portable memory device from the personal computer, the virtual machine de-allocates the allocated memory automatically, and wherein, upon closing the shell application or upon
  • a security system providing remote access to data and/or programs stored remotely at a server using a data network
  • the system comprising: a portable memory device; a personal computer having a software framework which inherently provides a virtual machine capability for executing programs and which handles automatically the allocation and de-allocation of memory for programs executed by the virtual machine, wherein the portable memory device has stored thereon identification data, and a shell program arranged, when executed on the personal computer (i) to instantiate a virtual machine for opening a shell application in an automatically-allocated area of memory (ii) to automatically transmit the identification data to a network address associated with the server for authentication purposes, (iii) to present within a window associated with the shell application user-specific data and/or programs stored at the server and (iv) to enable data and/or programs selectively to be downloaded from the server and executed within the shell application window independently of other programs being run by the computer, and wherein, upon closing the shell application or upon disconnection of the portable memory device from the personal computer, the
  • a security system for providing remote access to user-specific data and/or programs stored at a server, the system comprising a portable memory device for connection to a personal computer, the memory device having stored thereon identification data unique to a user or group of users, and a program arranged, when run on the personal computer, to transmit the identification data to a network address associated with the server for authentication purposes, to cause allocation of an area of memory on the personal computer for storing data and/or programs received from the server and to de-allocate said memory area upon closing the program or upon disconnection of the portable memory device.
  • the program may be arranged to run automatically upon connection to the personal computer.
  • the portable memory may comprise a USB flash drive, as an example.
  • the identification data is preferably a unique token associated with a pre-registered user or group of users.
  • the network address may identify the initial authentication system associated with the remote server.
  • the program may further be arranged to download one or more program modules and/or user specific data from the server in accordance with the identification data.
  • the program may be arranged to first download an authentication module for handling a log-in routine between the program and an authentication system associated with the server. Only after successful authentication, e.g. by means of password, smartcard or biometric checks, may other programs or user data be downloaded.
  • the program may be arranged to be run by a virtual machine provided as part of the personal computer's operating system, the virtual machine being responsible for memory allocation and de-allocation.
  • a virtual machine is a software implementation of a computer, or rather its processor, that can execute programs as a real processor would. Memory allocation and de-allocation can therefore be handled independently of the processor in this implementation.
  • the program may be constructed so as to run under the Microsoft .NET framework such that the virtual machine of the operating system allocates and de-allocates memory as part of its managed heap algorithm.
  • a method of remotely accessing user-specific data and/or programs stored at a server comprising: pre-registering with a data server; connecting a portable memory device as defined with respect to the first aspect to a personal computer and causing the program stored thereon to run; and downloading over a network identified in the portable memory device one or more programs and/or user-specific data.
  • a computer program stored on a computer readable medium, the computer program being arranged, when run on a processor or virtual machine of an operating system, to cause said operating system to allocate an area of volatile memory for use in handling one or more programs and/or user data, to connect to a remote network address and transmit a unique user identifier to said remote address, to download programs and/or user data specific to a user associated with the identifier for storage in the allocated memory, and to de-allocate the area of volatile memory if the program is terminated.
  • a method of providing a remote access system comprising: registering users; assigning each registered user with a unique identifier; and issuing a portable memory device to registered users, the portable memory device being connectable to a personal computer and having stored thereon a program which, when run on a processor or virtual machine, is arranged to cause said operating system of the personal computer to allocate an area of volatile memory for use in storing one or more programs and/or user data, to connect to a remote network address and transmit the unique identifier, to download programs and/or user data specific to the identified user, and to de-allocate the area of volatile memory if the program is terminated or the portable memory device disconnected from the personal computer.
  • Figure 1 is a block diagram showing functional components of a secure remote access system according to the invention
  • Figure 2 is a block diagram of a portable storage device forming one part of the secure remote access system of Figure 1 ;
  • Figure 3 is a block diagram of a secure server forming one part of the secure remote access system of Figure 1 ;
  • Figure 4 is a flow chart showing the steps involved in operating the secure remote access system of Figure 1.
  • the various high-level components comprise a remote secure server, hereafter referred to as the 'Comms Key Service' 2, which incorporates a database (not shown) storing data and applications specific to registered users. Said users are able to access their data and applications using any remote personal computer (PC) 4 via a network connection 6, e.g. the Internet.
  • the PC 4 can be a desktop PC, laptop, PDA or indeed any processing device having appropriate connection capabilities.
  • the Comms Key Service 2 also includes registration, authentication and general management functionality. Operation of the Comms Key Service 2 will be discussed in detail further on.
  • a portable memory device 8 In order to access data and applications stored in the database of the Comms Key Service 2, users are required to connect a portable memory device 8, hereafter referred to as 'the key' 8, to their PC 4.
  • the key 8 is preferably provided in the form of a USB flash drive but can also be another form of portable memory.
  • the key 8 is particular to the user and is issued in association with the user creating their account with the Comms Key Service 2. To this end, the key 8 is supplied to the user with pre-stored data comprising the network address 10 of the Comms Key Service 2, an encrypted token 12 comprising authentication information particular to the user and a Comms Key Shell Application, hereafter referred to simply as the Shell Application 14.
  • the Shell Application 14 is a computer program arranged to run automatically when the key 8 is plugged into the PC 4. It acts as a client application under which other subprograms or modules can be run. One of its functions is to invoke a secure connection (such as SSL) between the PC 4 and the Comms Key Service 2 using the network address 10 and to perform an initial token authentication. The purpose of this token authentication is to identify the user to the Comms Key Service 2 which may determine that the token 12 is, for example, invalid or nonexistent or out of date. If token authentication is successful, a Security Module is downloaded to the Shell Application 14 for verifying the user by means of a subsequently-entered password, smartcard or biometric information. Only if this stage is passed can the user view, access and work on their data.
  • a secure connection such as SSL
  • the Shell Application 14 is in this case designed/developed using the Microsoft .NET framework and so will run with compatible Operating Systems (OS) such as Microsoft Vista and others including Microsoft Windows 7 which include this framework as an inherent part of the OS for enabling development and execution of programs within the framework's CLR.
  • OS Operating Systems
  • the Shell Application 14 when run, causes the OS of the PC 4 to automatically instantiate a virtual machine which allocates an area of its volatile memory (RAM) for use by the Shell Application 14 and sub programs under its control.
  • RAM volatile memory
  • the .NET framework refers to this allocated memory as the 'managed heap' and details of its memory management algorithm are readily available, for example at http://msdn.microsoft.com/en-us/magazine/bb985010.aspx.
  • the user can only access and edit data when the key 8 is connected to the PC 4 and the Shell Application 14 is run. Moreover, no data is stored in the key 8 itself which is useless without its associated authentication details, e.g. the password, smartcard or biometric information.
  • the rightful user can notify an administrator of the Comms Key Service 2 that the key 8 is lost so that the token 12 can be invalidated to prevent fraudulent access.
  • a database 20 stores modules 22 and user data 24.
  • Modules 22 are bespoke components or sub-programs that are designed and constructed using the .NET framework application program interface (API) to operate under the control of the Shell Application 14.
  • the modules 22 allow end users to view and edit their user data 24 within the Shell Application 14 and may comprise document viewers, word processing editors and so on.
  • Modules 22 can work with any instance of the Shell Application 14 provided that it has access to the particular module. In this regard, not all users will have access to all available modules 22; some will have access to only a limited number and so, in this sense, modules can be considered user-specific.
  • User data 24 refers to data specific to a particular user which cannot be accessed by others.
  • User data 24 may comprise a Microsoft Word document which is viewable and editable within a Microsoft Word module when downloaded to the Shell Application 14.
  • Comms Key Application Service 26 Connected to the database 20 is a Comms Key Application Service 26. Its role is to host and assign modules 22 and user data 24 according to the privileges indicated in the relevant user tokens 12.
  • An Administration Service 30 is provided for handling user registrations, payments and other administrative tasks associated with all components of the Comms Key Service 2.
  • An Authentication Service 28 is provided for handling the initial token authentication stage and the subsequent verification stage which requires the user password, smartcard or biometric data. As well as containing the authentication logic and business logic, it also acts as a gateway for the main database 20.
  • the Authentication Service 28 also provides the means of secure communication between the Shell Application 14 and itself, for example by means of the HTTP, HTTPS, CTP/IP, P2P, MSMQ protocols, amongst others.
  • a user wishing to use the Comms Key Service 2 must first register with the Service. This can be done by means of a web page portal to the Administration Service 30 in which the user enters their name, address, telephone and email details, together with details of the modules they wish to use. The user is also prompted to enter a username and password (or to submit biometric data via a reader) for use in subsequent verification processes. Once all details are submitted, with any required payment, the Administration Service 30 creates the user account and transmits a message for the Authentication Service 28 to generate a token 12 for that user account. The generated token 12 is written to a secure memory location of a new key 8, in the form of a USB flash memory drive. Also stored on the key 8 is the network address of the Comms Key Service 2 and the Shell Application 14. The key 8 is then sent by post to the registered address of the user.
  • step 4.1 the key 8 is plugged it into any spare USB port on their PC 4.
  • step 4.2. the OS automatically detects the USB connection and runs the Shell Application 14 which, in the subsequent step (4.3) invokes a network connection to the address 10 of the Comms Key Service 2, particularly its Authentication Service 28. As indicated previously, this is done in an area of RAM allocated automatically by the OS.
  • step 4.4 the Authentication Service 28 performs the initial authentication step by identifying the token of the key 8 to determine whether or not the token 12 is valid; it may not be recognised, may have expired or may be reported as lost or stolen. If the token 12 is deemed invalid, access is denied (4.5). If the token 12 is valid, the Authentication Service 28 sends details of the Application Service 26 to the Shell Application 14 (step 4.6).
  • the Shell Application 14 is only permitted to access the Authentication Module 23 by the Application Service 26.
  • the Authentication Module is downloaded to the Shell Application 14 which, in step 4.8, displays a log-in screen prompting the user to enter their User ID and password (and/or biometric data if appropriate).
  • the offered credentials are verified (step 4.11) at the Application Service 26 to see if they correspond to the offered token 12. If so, the user is permitted to access and download all modules 22 assigned to their account through the Shell Application 14 (step 4.12). Access to user data 24 is granted in step 4.13 and the modules 22 can display, allow editing and saving of user data (step 4.14).
  • a security system and method employing a physical key which is unique to a particular user (or, optionally, group of users) by virtue of it containing a unique token.
  • the key also comprises an application which runs when the key is connected to a computer.
  • the application serves to connect to a predetermined network service, transmits the unique token identifying the user and prompts for a password or other verification of credentials. This being achieved, access to the user's modules and user- specific data is possible. Closing the application and/or removing the physical key will result in all data stored in the volatile memory of the local computer being effectively lost.
  • the above described method and system offers clear advantages in terms of not requiring users to carry portable storage media containing sensitive data. Rather, applications and data are held in a remote and secure location.
  • the physical key that enables access to the remotely held information can be kept in a safe location at the user's home. Even if carried around, loss of the key will not put the information in the hands of potentially fraudulent users since no actual user data is stored on the key; the correct user can simply report the key lost to an administrator whereafter the token is marked as invalid.
  • the method and system also provides a way of providing secure access to user-specific brochures, catalogues and other documents. If particular price plans are to be advertised to a particular target user or group of users, for example, data corresponding to a first subset of brochures can be segregated from a more general, second set of brochures, with target users for the first subset being given a key with the appropriate token stored thereon.

Abstract

A security system for providing remote access to user-specific data and/or programs stored at a server. The system comprises a portable memory device for connection to a personal computer, the memory device having stored thereon identification data unique to a user or group of users, and a program arranged, when run on the personal computer, to transmit the identification data to a network address associated with the server for authentication purposes, to cause allocation of an area of memory on the personal computer for storing data and/or programs received from the server and to de-allocate said memory area upon closing the program or upon disconnection of the portable memory device.

Description

Security System & Method
Field of the Invention
This invention relates to a security system and method for enabling remote access to user- specific data and/or applications.
Background to the Invention
It is common for people to work on data remotely from their work location, for example at their home personal computer, on a laptop or PDA. One way of doing this is for the user to upload the relevant work data, e.g. a word processing document or spreadsheet, onto a flash memory drive which can then be taken away and connected to the appropriate remote computer. However, this has clear disadvantages in that the flash drive can be easily lost or misplaced. If the drive contains sensitive information, there is also a security risk. Similar disadvantages exist with other portable storage devices, such as CD-ROMs. Another method is to upload the work data to a secure server which can be accessed remotely over the Internet, e.g. from the user's home computer. Again, there exists the problem that, should someone acquire or crack the user's password, they will have access to the data.
Modern computer operating systems can include a software framework, which is a set of libraries and tools to help improve the efficiency of creating new software. Developers are able to implement new programs, for example to run on a particular operating system or platform, by using provided building blocks or library functions, and by adding their own code to implement specific functionality. A known software framework is Microsoft's .NET framework, which comprises a set of class libraries and an execution environment known as Common Language Runtime (CLR). Microsoft .NET is provided as an inherent part of its newer operating systems such as Vista and Windows 7, allowing developers to develop new applications for execution on these Windows operating systems under the supervision of the CLR, guaranteeing certain properties and behaviours in the areas of memory management, security and exception handling.
The CLR is an example of an Application Virtual Machine which, as will be known, is a software implementation of a computer that executes programs like a physical machine but independently of the actual hardware, i.e. so that programmers need not know the capabilities of the underlying processor. An Application Virtual Machine runs as a normal process, performing a particular function and allowing programs run on that virtual machine to operate independently of other programs being run on the same hardware but outside the instantiation of the virtual machine. A key feature provided by many software frameworks, including the CLR of .NET is automated memory management. Software developers traditionally have the burden of managing memory, i.e. allocating and de-allocating RAM as part of the software design process. In the NET framework, the CLR virtual machine does memory management itself. When a program developed using .NET is executed using the CLR, memory is allocated and de-allocated automatically and continuously using what is known as the 'managed heap'.
A further explanation of virtual machines in this context can be found at http://en.wikipedia.org/wikiA irtual_machine.
It is an aim of the present invention to provide an improved system and method for enabling secure remote access to user-specific data and/or applications. Summary of the Invention
According to a first aspect, there is provided a system for providing remote access to user- specific data and/or programs stored at a server using a data network, the system comprising a portable memory device; a personal computer having software which provides a virtual machine capability for executing programs and which handles automatically the allocation and de-allocation of memory for programs executed by the virtual machine, wherein the portable memory device has stored thereon identification data unique to a user or group of users, and a shell program arranged, when executed by the personal computer (i) to open a shell application for being run as, or on, a virtual machine which allocates memory to said application, (ii) to automatically transmit the identification data to a network address associated with the server for authentication purposes, (iii) to present within the shell program user-specific data and/or programs stored at the server and (iv) to enable data and/or programs selectively to be downloaded from the server and executed within the shell application running on the virtual machine, and wherein, upon closing the shell application or upon disconnection of the portable memory device from the personal computer, its software or virtual machine de-allocates the allocated memory automatically.
The system provides a means by which users can securely access data and/or applications specific to them by means of any personal computer having a virtual machine capability provided as part of the operating system. The virtual machine allows the user, by connecting the portable device to such a computer and running the shell program, to work with their remote data/programs within the shell program, independently of other programs being run on the same machine outside of the shell program. The inherent memory management means that memory for running the shell, and any data/programs run therein, is automatically allocated and de-allocated providing security when the shell program is closed or the portable device removed. Programs can also be written for provision at the remote server independently of the shell application. The latter is a program which effectively acts as the application virtual computer when the portable storage device is connected to a selected personal computer. In the preferred embodiment, connection of the portable storage device automatically causes the operating system to run the shell application, opening a window in which an authentication program is first downloaded, and provided this is verified, other programs and data particular to the identified user presented for downloading and interaction. Multiple developers can, given knowledge of the framework providing the virtual machine capability, write new programs for storage at the remote server simply and efficiently. It is also worth mentioning that because the majority of personal computers use some variant of the Microsoft Windows OS with the .NET capability, users are able to access their data in this way by means of connecting the portable memory device with any framework- compliant computer, whether it be in an Internet Cafe, at a workplace or home computer. Prior systems have tended to require a dedicated application to be installed on each computer to which the portable device is to be connected and/or do not allow other programs to run at the same time.
According to a further aspect, there is provided a portable memory device for use in the system according to any preceding claim, wherein the portable memory device has stored thereon a shell program arranged, when executed by the personal computer (i) to open a shell application for being run by the computer's virtual machine which allocates memory to said application, (ii) to automatically transmit the identification data to a network address associated with the server for authentication purposes, (iii) to present within the shell program user-specific data and/or programs stored at the server and (iv) to enable data and/or programs selectively to be downloaded from the server and executed within the shell application when being run on the virtual machine.
According to a further aspect, there is provided a method of remotely accessing user-specific data and/or programs stored at a server, the method comprising: pre-registering with a data server; connecting a portable memory device to a personal computer, wherein the portable memory device has stored thereon identification data unique to a user or group of users, and a shell program arranged, when executed on the personal computer (i) to open a shell application using a virtual machine function provided as part of the personal computer's software using an area of memory allocated automatically by the virtual machine, (ii) to automatically transmit the identification data to a network address associated with the server for authentication purposes, (iii) to present within the shell program user-specific data and/or programs stored at the server and (iv) to enable data and/or programs selectively to be downloaded from the server and executed within the shell application running on the virtual machine, and wherein, upon closing the shell application or upon disconnection of the portable memory device from the personal computer, the virtual machine de-allocates the allocated memory automatically, and wherein, upon closing the shell application or upon disconnection of the portable memory device from the personal computer, the virtual machine de-allocates the allocated memory automatically.
According to a further aspect, there is provided a security system providing remote access to data and/or programs stored remotely at a server using a data network, the system comprising: a portable memory device; a personal computer having a software framework which inherently provides a virtual machine capability for executing programs and which handles automatically the allocation and de-allocation of memory for programs executed by the virtual machine, wherein the portable memory device has stored thereon identification data, and a shell program arranged, when executed on the personal computer (i) to instantiate a virtual machine for opening a shell application in an automatically-allocated area of memory (ii) to automatically transmit the identification data to a network address associated with the server for authentication purposes, (iii) to present within a window associated with the shell application user-specific data and/or programs stored at the server and (iv) to enable data and/or programs selectively to be downloaded from the server and executed within the shell application window independently of other programs being run by the computer, and wherein, upon closing the shell application or upon disconnection of the portable memory device from the personal computer, the virtual machine de-allocates the allocated memory automatically. According to a further aspect, there is provided a security system for providing remote access to user-specific data and/or programs stored at a server, the system comprising a portable memory device for connection to a personal computer, the memory device having stored thereon identification data unique to a user or group of users, and a program arranged, when run on the personal computer, to transmit the identification data to a network address associated with the server for authentication purposes, to cause allocation of an area of memory on the personal computer for storing data and/or programs received from the server and to de-allocate said memory area upon closing the program or upon disconnection of the portable memory device.
The program may be arranged to run automatically upon connection to the personal computer. The portable memory may comprise a USB flash drive, as an example. The identification data is preferably a unique token associated with a pre-registered user or group of users. The network address may identify the initial authentication system associated with the remote server.
The program may further be arranged to download one or more program modules and/or user specific data from the server in accordance with the identification data. The program may be arranged to first download an authentication module for handling a log-in routine between the program and an authentication system associated with the server. Only after successful authentication, e.g. by means of password, smartcard or biometric checks, may other programs or user data be downloaded.
The program may be arranged to be run by a virtual machine provided as part of the personal computer's operating system, the virtual machine being responsible for memory allocation and de-allocation. It will be appreciated that a virtual machine is a software implementation of a computer, or rather its processor, that can execute programs as a real processor would. Memory allocation and de-allocation can therefore be handled independently of the processor in this implementation. For example, the program may be constructed so as to run under the Microsoft .NET framework such that the virtual machine of the operating system allocates and de-allocates memory as part of its managed heap algorithm.
According to a further aspect, there is provided a method of remotely accessing user-specific data and/or programs stored at a server, the method comprising: pre-registering with a data server; connecting a portable memory device as defined with respect to the first aspect to a personal computer and causing the program stored thereon to run; and downloading over a network identified in the portable memory device one or more programs and/or user-specific data.
According to a further aspect, there is provided a computer program stored on a computer readable medium, the computer program being arranged, when run on a processor or virtual machine of an operating system, to cause said operating system to allocate an area of volatile memory for use in handling one or more programs and/or user data, to connect to a remote network address and transmit a unique user identifier to said remote address, to download programs and/or user data specific to a user associated with the identifier for storage in the allocated memory, and to de-allocate the area of volatile memory if the program is terminated.
According to a further aspect, there is provided a method of providing a remote access system, the method comprising: registering users; assigning each registered user with a unique identifier; and issuing a portable memory device to registered users, the portable memory device being connectable to a personal computer and having stored thereon a program which, when run on a processor or virtual machine, is arranged to cause said operating system of the personal computer to allocate an area of volatile memory for use in storing one or more programs and/or user data, to connect to a remote network address and transmit the unique identifier, to download programs and/or user data specific to the identified user, and to de-allocate the area of volatile memory if the program is terminated or the portable memory device disconnected from the personal computer..
Brief Description of the Drawings
The invention will now be described, by way of example, with reference to the accompanying drawings, in which: Figure 1 is a block diagram showing functional components of a secure remote access system according to the invention;
Figure 2 is a block diagram of a portable storage device forming one part of the secure remote access system of Figure 1 ;
Figure 3 is a block diagram of a secure server forming one part of the secure remote access system of Figure 1 ; and
Figure 4 is a flow chart showing the steps involved in operating the secure remote access system of Figure 1.
Detailed Description of a Preferred Embodiment
Referring to Figures 1 and 2, a system in which users can access user-specific data and/or applications from a remote location is shown.
The various high-level components comprise a remote secure server, hereafter referred to as the 'Comms Key Service' 2, which incorporates a database (not shown) storing data and applications specific to registered users. Said users are able to access their data and applications using any remote personal computer (PC) 4 via a network connection 6, e.g. the Internet. The PC 4 can be a desktop PC, laptop, PDA or indeed any processing device having appropriate connection capabilities. The Comms Key Service 2 also includes registration, authentication and general management functionality. Operation of the Comms Key Service 2 will be discussed in detail further on.
In order to access data and applications stored in the database of the Comms Key Service 2, users are required to connect a portable memory device 8, hereafter referred to as 'the key' 8, to their PC 4. The key 8 is preferably provided in the form of a USB flash drive but can also be another form of portable memory. The key 8 is particular to the user and is issued in association with the user creating their account with the Comms Key Service 2. To this end, the key 8 is supplied to the user with pre-stored data comprising the network address 10 of the Comms Key Service 2, an encrypted token 12 comprising authentication information particular to the user and a Comms Key Shell Application, hereafter referred to simply as the Shell Application 14.
The Shell Application 14 is a computer program arranged to run automatically when the key 8 is plugged into the PC 4. It acts as a client application under which other subprograms or modules can be run. One of its functions is to invoke a secure connection (such as SSL) between the PC 4 and the Comms Key Service 2 using the network address 10 and to perform an initial token authentication. The purpose of this token authentication is to identify the user to the Comms Key Service 2 which may determine that the token 12 is, for example, invalid or nonexistent or out of date. If token authentication is successful, a Security Module is downloaded to the Shell Application 14 for verifying the user by means of a subsequently-entered password, smartcard or biometric information. Only if this stage is passed can the user view, access and work on their data.
The Shell Application 14 is in this case designed/developed using the Microsoft .NET framework and so will run with compatible Operating Systems (OS) such as Microsoft Vista and others including Microsoft Windows 7 which include this framework as an inherent part of the OS for enabling development and execution of programs within the framework's CLR. The Shell Application 14, when run, causes the OS of the PC 4 to automatically instantiate a virtual machine which allocates an area of its volatile memory (RAM) for use by the Shell Application 14 and sub programs under its control. As will be appreciated by those skilled in the art, the .NET framework refers to this allocated memory as the 'managed heap' and details of its memory management algorithm are readily available, for example at http://msdn.microsoft.com/en-us/magazine/bb985010.aspx. When the Shell Application 14 is closed, or when the key 8 is physically disconnected from the PC 4, the aforementioned allocated memory is de-allocated. In other words, although data stored in this area of RAM may remain until the PC 4 is switched off, the same memory space is no longer reserved for the Shell Application 14 and data stored in the space will be written over shortly thereafter as other resources on the PC 4 use the memory.
This being the case, the user can only access and edit data when the key 8 is connected to the PC 4 and the Shell Application 14 is run. Moreover, no data is stored in the key 8 itself which is useless without its associated authentication details, e.g. the password, smartcard or biometric information. The rightful user can notify an administrator of the Comms Key Service 2 that the key 8 is lost so that the token 12 can be invalidated to prevent fraudulent access.
Referring to Figure 3, functional modules of the Comms Key Service 2 are shown in greater detail.
A database 20 stores modules 22 and user data 24. Modules 22 are bespoke components or sub-programs that are designed and constructed using the .NET framework application program interface (API) to operate under the control of the Shell Application 14. The modules 22 allow end users to view and edit their user data 24 within the Shell Application 14 and may comprise document viewers, word processing editors and so on. Modules 22 can work with any instance of the Shell Application 14 provided that it has access to the particular module. In this regard, not all users will have access to all available modules 22; some will have access to only a limited number and so, in this sense, modules can be considered user-specific. User data 24 refers to data specific to a particular user which cannot be accessed by others. User data 24 may comprise a Microsoft Word document which is viewable and editable within a Microsoft Word module when downloaded to the Shell Application 14.
Connected to the database 20 is a Comms Key Application Service 26. Its role is to host and assign modules 22 and user data 24 according to the privileges indicated in the relevant user tokens 12.
An Administration Service 30 is provided for handling user registrations, payments and other administrative tasks associated with all components of the Comms Key Service 2.
An Authentication Service 28 is provided for handling the initial token authentication stage and the subsequent verification stage which requires the user password, smartcard or biometric data. As well as containing the authentication logic and business logic, it also acts as a gateway for the main database 20. The Authentication Service 28 also provides the means of secure communication between the Shell Application 14 and itself, for example by means of the HTTP, HTTPS, CTP/IP, P2P, MSMQ protocols, amongst others.
The steps involved in using the Comms Key Service 2 will now be described in greater detail.
A user wishing to use the Comms Key Service 2 must first register with the Service. This can be done by means of a web page portal to the Administration Service 30 in which the user enters their name, address, telephone and email details, together with details of the modules they wish to use. The user is also prompted to enter a username and password (or to submit biometric data via a reader) for use in subsequent verification processes. Once all details are submitted, with any required payment, the Administration Service 30 creates the user account and transmits a message for the Authentication Service 28 to generate a token 12 for that user account. The generated token 12 is written to a secure memory location of a new key 8, in the form of a USB flash memory drive. Also stored on the key 8 is the network address of the Comms Key Service 2 and the Shell Application 14. The key 8 is then sent by post to the registered address of the user.
Referring to Figure 4, at the user end, in a first step (4.1) the key 8 is plugged it into any spare USB port on their PC 4. Next (4.2.) the OS automatically detects the USB connection and runs the Shell Application 14 which, in the subsequent step (4.3) invokes a network connection to the address 10 of the Comms Key Service 2, particularly its Authentication Service 28. As indicated previously, this is done in an area of RAM allocated automatically by the OS. In step 4.4, the Authentication Service 28 performs the initial authentication step by identifying the token of the key 8 to determine whether or not the token 12 is valid; it may not be recognised, may have expired or may be reported as lost or stolen. If the token 12 is deemed invalid, access is denied (4.5). If the token 12 is valid, the Authentication Service 28 sends details of the Application Service 26 to the Shell Application 14 (step 4.6).
At this stage (step 4.7), the Shell Application 14 is only permitted to access the Authentication Module 23 by the Application Service 26. The Authentication Module is downloaded to the Shell Application 14 which, in step 4.8, displays a log-in screen prompting the user to enter their User ID and password (and/or biometric data if appropriate). The offered credentials are verified (step 4.11) at the Application Service 26 to see if they correspond to the offered token 12. If so, the user is permitted to access and download all modules 22 assigned to their account through the Shell Application 14 (step 4.12). Access to user data 24 is granted in step 4.13 and the modules 22 can display, allow editing and saving of user data (step 4.14).
When the user closes the Shell Application 14 (step 4.15) the session established between the PC 4 and Comms Key Service 2 is broken. The Authentication Service 28 considers this a shut-down event (step 4.16) and subsequent re-running of the Shell Application 14 and entry of security credentials is required to log in again. The same applies if the key 8 is removed from the PC 4. Crucially, this shut-down event will result in the memory space allocated to the Shell Allocation and modules being de-allocated and erased upon powering down the PC 4.
In summary, there is disclosed a security system and method employing a physical key which is unique to a particular user (or, optionally, group of users) by virtue of it containing a unique token. The key also comprises an application which runs when the key is connected to a computer. The application serves to connect to a predetermined network service, transmits the unique token identifying the user and prompts for a password or other verification of credentials. This being achieved, access to the user's modules and user- specific data is possible. Closing the application and/or removing the physical key will result in all data stored in the volatile memory of the local computer being effectively lost.
The above described method and system offers clear advantages in terms of not requiring users to carry portable storage media containing sensitive data. Rather, applications and data are held in a remote and secure location. The physical key that enables access to the remotely held information can be kept in a safe location at the user's home. Even if carried around, loss of the key will not put the information in the hands of potentially fraudulent users since no actual user data is stored on the key; the correct user can simply report the key lost to an administrator whereafter the token is marked as invalid.
Finally, given the unique nature of the token assigned to each user, the method and system also provides a way of providing secure access to user-specific brochures, catalogues and other documents. If particular price plans are to be advertised to a particular target user or group of users, for example, data corresponding to a first subset of brochures can be segregated from a more general, second set of brochures, with target users for the first subset being given a key with the appropriate token stored thereon. Although the above embodiment has been described for particular use with Microsoft's Windows operating systems running the .NET framework, it will be appreciated that the principle of operation can be applied to other operating systems capable of providing virtual machine capabilities, although the shell application may have to be tailored specifically for those other operating systems.

Claims

1. A system for providing remote access to user-specific data and/or programs stored at a server using a data network, the system comprising a portable memory device; a personal computer having software which provides a virtual machine capability for executing programs and which handles automatically the allocation and de-allocation of memory for programs executed by the virtual machine, wherein the portable memory device has stored thereon identification data unique to a user or group of users, and a shell program arranged, when executed by the personal computer (i) to open a shell application for being run as, or by, a virtual machine which allocates memory to said application, (ii) to automatically transmit the identification data to a network address associated with the server for authentication purposes, (iii) to present within the shell program user-specific data and/or programs stored at the server and (iv) to enable data and/or programs selectively to be downloaded from the server and executed within the shell application running on the virtual machine, and wherein, upon closing the shell application or upon disconnection of the portable memory device from the personal computer, its software or virtual machine deallocates the allocated memory automatically.
2. A security system according to claim 1 , wherein the virtual machine capability is an application virtual machine provided as an inherent part of a software framework provided on the personal computer.
3. A security system according to claim 2, wherein the software framework is Microsoft .NET.
4. A security system according to claim 3, wherein the shell application is written using the Microsoft .NET framework library for execution using Common Language Runtime (CLR) on Microsoft .NET.
5. A security system according to claim 3 or claim 4, wherein the user-specific data and/or programs are written using the Microsoft .NET framework library and executed using CLR.
6. A system according to any preceding claim, in which the shell program is arranged to run automatically upon connection to the personal computer.
7. A system according to any preceding claim, in which the portable memory comprises a USB flash drive.
8. A system according to any preceding claim, wherein the identification data is a unique token associated with a pre-registered user or group of users.
9. A system according to any preceding claim, wherein the network address identifies the initial authentication system associated with the remote server.
10. A system according to any preceding claim, wherein the shell program is further arranged to download one or more program modules and/or user specific data from the server in accordance with the identification data.
11. A system according to claim 10, wherein the shell program is arranged to first download an authentication module for handling a log-in routine between the program and an authentication system associated with the server.
12. A system according to claim 10 or claim 1 1 , wherein only after successful authentication, e.g. by means of password, smartcard or biometric checks, may other programs or user data be downloaded.
13. A portable memory device for use in the system according to any preceding claim, wherein the portable memory device has stored thereon a shell program arranged, when executed by the personal computer (i) to open a shell application for being run by the computer's virtual machine which allocates memory to said application, (ii) to automatically transmit the identification data to a network address associated with the server for authentication purposes, (iii) to present within the shell program user-specific data and/or programs stored at the server and (iv) to enable data and/or programs selectively to be downloaded from the server and executed within the shell application when being run on the virtual machine.
14. A method of remotely accessing user-specific data and/or programs stored at a server, the method comprising: pre-registering with a data server; connecting a portable memory device to a personal computer, wherein the portable memory device has stored thereon identification data unique to a user or group of users, and a shell program arranged, when executed on the personal computer (i) to open a shell application using a virtual machine function provided as part of the personal computer's software using an area of memory allocated automatically by the virtual machine, (ii) to automatically transmit the identification data to a network address associated with the server for authentication purposes, (iii) to present within the shell program user-specific data and/or programs stored at the server and (iv) to enable data and/or programs selectively to be downloaded from the server and executed within the shell application running on the virtual machine, and wherein, upon closing the shell application or upon disconnection of the portable memory device from the personal computer, the virtual machine de-allocates the allocated memory automatically, and downloading from the server one or more programs and/or user-specific data, and wherein, upon closing the shell application or upon disconnection of the portable memory device from the personal computer, the virtual machine de-allocates the allocated memory automatically.
15. A security system providing remote access to data and/or programs stored remotely at a server using a data network, the system comprising: a portable memory device; a personal computer having a software framework which inherently provides a virtual machine capability for executing programs and which handles automatically the allocation and deallocation of memory for programs executed by the virtual machine, wherein the portable memory device has stored thereon identification data, and a shell program arranged, when executed on the personal computer (i) to instantiate a virtual machine for opening a shell application in an automatically-allocated area of memory (ii) to automatically transmit the identification data to a network address associated with the server for authentication purposes, (iii) to present within a window associated with the shell application user-specific data and/or programs stored at the server and (iv) to enable data and/or programs selectively to be downloaded from the server and executed within the shell application window independently of other programs being run by the computer, and wherein, upon closing the shell application or upon disconnection of the portable memory device from the personal computer, the virtual machine de-allocates the allocated memory automatically.
16. A computer program stored on a computer readable medium, the computer program being arranged, when run on a processor or virtual machine of an operating system, to cause said operating system to allocate an area of volatile memory for use in handling one or more programs and/or user data, to connect to a remote network address and transmit a unique user identifier to said remote address, to download programs and/or user data specific to a user associated with the identifier for storage in the allocated memory, and to de-allocate the area of volatile memory if the program is terminated.
PCT/GB2010/002171 2009-11-25 2010-11-25 Security system & method WO2011064539A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
GB0920653A GB0920653D0 (en) 2009-11-25 2009-11-25 Security system and method
GB0920653.3 2009-11-25

Publications (1)

Publication Number Publication Date
WO2011064539A1 true WO2011064539A1 (en) 2011-06-03

Family

ID=41572668

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/GB2010/002171 WO2011064539A1 (en) 2009-11-25 2010-11-25 Security system & method

Country Status (2)

Country Link
GB (2) GB0920653D0 (en)
WO (1) WO2011064539A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9152797B2 (en) 2012-10-30 2015-10-06 Barclays Bank Plc Device and method for secure memory access
WO2016149889A1 (en) * 2015-03-20 2016-09-29 华为技术有限公司 Application protection method, server and terminal
CN107430669A (en) * 2014-12-02 2017-12-01 Gopc有限公司 computing system and method
US9916574B2 (en) 2012-10-30 2018-03-13 Barclays Bank Plc Secure computing device and method

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ES2702470T3 (en) * 2009-11-05 2019-03-01 Gemalto Sa Safe portable object
CN109324801B (en) 2018-09-18 2022-04-12 华为云计算技术有限公司 Algorithm downloading method, equipment and related product

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070016941A1 (en) * 2005-07-08 2007-01-18 Gonzalez Carlos J Methods used in a mass storage device with automated credentials loading
US20080256536A1 (en) * 2007-04-11 2008-10-16 Xiaoming Zhao Portable secured computing environment for performing online confidential transactions in untrusted computers
US20080307409A1 (en) * 2007-06-08 2008-12-11 Feitian Technologies Co., Ltd. Method for virtualizing a personal working environment and device for the same
US20090164775A1 (en) * 2007-12-19 2009-06-25 Andrew Holmes Broadband computer system

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7913252B2 (en) * 2006-04-11 2011-03-22 Installfree, Inc. Portable platform for executing software applications in a virtual environment
US20090319793A1 (en) * 2006-09-11 2009-12-24 John Joseph Zic Portable device for use in establishing trust
US9594581B2 (en) * 2008-07-14 2017-03-14 Dell Products L.P. Modular virtual machine server
US20100011358A1 (en) * 2008-07-14 2010-01-14 Kettler Kevin A Virtualization Based Personalizable Consumer Electronics Platform

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070016941A1 (en) * 2005-07-08 2007-01-18 Gonzalez Carlos J Methods used in a mass storage device with automated credentials loading
US20080256536A1 (en) * 2007-04-11 2008-10-16 Xiaoming Zhao Portable secured computing environment for performing online confidential transactions in untrusted computers
US20080307409A1 (en) * 2007-06-08 2008-12-11 Feitian Technologies Co., Ltd. Method for virtualizing a personal working environment and device for the same
US20090164775A1 (en) * 2007-12-19 2009-06-25 Andrew Holmes Broadband computer system

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9152797B2 (en) 2012-10-30 2015-10-06 Barclays Bank Plc Device and method for secure memory access
US9916574B2 (en) 2012-10-30 2018-03-13 Barclays Bank Plc Secure computing device and method
CN107430669A (en) * 2014-12-02 2017-12-01 Gopc有限公司 computing system and method
CN107430669B (en) * 2014-12-02 2021-07-30 邦克沃特有限公司 Computing system and method
WO2016149889A1 (en) * 2015-03-20 2016-09-29 华为技术有限公司 Application protection method, server and terminal

Also Published As

Publication number Publication date
GB0920653D0 (en) 2010-01-13
GB201019980D0 (en) 2011-01-05
GB2475787A (en) 2011-06-01

Similar Documents

Publication Publication Date Title
TWI380216B (en) System and method for automated operating system installation
JP3918827B2 (en) Secure remote access system
JP5534520B2 (en) System and method for browser-based access to smart cards
US8839234B1 (en) System and method for automated configuration of software installation package
JP4086313B2 (en) Computer control method and computer control system using externally connected device
US8532302B2 (en) System and method for registering a personal computing device to a service processor
US20110154441A1 (en) Online development environment server, online marketplace server, online development environment constituting method, and developed application providing method
CN102411693A (en) Inherited Product Activation For Virtual Machines
US20080148388A1 (en) Platform authentication via a transparent second factor
WO2011064539A1 (en) Security system & method
CN107169344A (en) Stop the method and the device using this method of unauthorized application program
US20180107812A1 (en) Security model for network information service
CN102216935A (en) Apparatus and method for inputting password using game
US8006009B2 (en) Methods and device for implementing multifunction peripheral devices with a single standard peripheral device driver
EP1542135B1 (en) A method which is able to centralize the administration of the user registered information across networks
WO2007100468A2 (en) Secure messaging facility system
JP2008146551A (en) Password information management system, terminal and program
CN106778193B (en) Client and UI interaction method
JP4358830B2 (en) Computer control method and computer control system using externally connected device
JP6773173B2 (en) Information processing system, information processing device, account registration method and program
Nepal et al. Trusted computing platform in your pocket
RU2731651C1 (en) Method and system of user authorization
JP2009260688A (en) Security system and method thereof for remote terminal device in wireless wide-area communication network
JP5212721B2 (en) Remote access management system and method
Jensen et al. Policy expression and enforcement for handheld devices

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 10803379

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 10803379

Country of ref document: EP

Kind code of ref document: A1