This invention relates generally to software protection and license monitoring of application software and information files for remote applications.
One example of a remote application is remote monitoring and diagnosing of equipment or systems. Currently, many companies are developing capabilities for remote monitoring and diagnosing of equipment or systems. The remote equipment or systems (hereinafter referred to as remote systems) span the gamut from industrial steam turbines to networked printers, from medical imaging equipment to home appliances. In almost all cases, there is some computational capability resident on the remote systems, such as a processor. Generally, the processor performs functions such as data gathering, operation monitoring, executing diagnostic applications, and providing the end-user or customer access to information and applications on the remote systems.
In a typical remote monitoring application, software and other information files resident on a remote system are out of the direct control of the vendor because they reside in the customer""s environment. But some of the software applications and information files within that processing environment are highly sensitive and need to be protected from tampering (e.g., inadvertent modification and malicious vandalism). Tampering with software applications or information files, such as configuration files that are resident on the remote system, may prevent a user from having access to a needed functionality. Alternatively, tampering could allow a user to access to a restricted functionality. It is even possible that tampering could lead to equipment failure.
Therefore, systems for protecting software applications and configuration information files that are resident on a remote system from tampering are known. One known system uses mechanisms for ensuring that files are not accessible to a customer that has not paid for them and whose access has been terminated. These mechanisms also ensure that diagnostic utilities are not accessible to non-vendor service providers that may service the remote system.
Typically authorized field engineers make service calls to the remote sites for the purpose of servicing the equipment at those sites. While in the field, the field engineer is able to communicate with a central service facility via a network using a field service unit. The field service unit may include a portable computer designed for use by field service engineers at remote sites. The unit includes a service platform which includes certain functional circuitry for establishing a uniform service base for the remote systems. Moreover, the service units include specific service tools which enable the field engineer to request and receive remote service messages, reports on specific diagnostic systems, service schedules, and so forth. Through the service platform, the field engineer may access system configurations, historic log information, system network information, analysis logs and data, and so forth. The field engineer may also update service records. Typically, the field service unit is programmed with an access module for allowing the service facility to verify the license and security status of the field service unit. For example, the access module, in cooperation with circuitry at the service facility, may permit a field service engineer to access data or applications providing some or all of the functionality offered to service engineers at the service facility. Such functionalities may be similar to those provided at the remote systems themselves, or may offer the service engineer a wider range of service options. In particular, the field service unit may be equipped with service applications, such as for analyzing diagnostic system performance data, scheduling regular or special service calls, scheduling for shipment of replacement parts, and so forth. Other applications may permit the field service engineer to address service requests from the remote system, and transmit service messages and updates via the field service unit. The field service units may comprise personal computers or laptop computers of any suitable processor platform.
Obviously, authorized field service engineers require access to different software applications than those accessed by other system users. In particular, the field service engineer requires access to proprietary and extremely sensitive software in the form of service tools, service documentation and service records to enable system problem-solving and proper servicing of equipment. It is in the business interest of the operator of the central service facility to limit access to proprietary and highly sensitive software to authorized individuals, i.e., persons having the required security clearance. Preferably, the security system would allow field service personnel and other authorized persons to access central software of a highly sensitive nature from the remote system being serviced, while preventing other authorized users who lack the necessary security clearance from accessing the same software.
Thus there is a need for a system for providing a wide variety of software applications to a wide variety of communities of remote system users on the basis of different levels of security. In the case where a business entity, such as a hospital, has a service contract with a vendor who provides on-site service and remote site access to software applications residing at a central facility, there is a need for a method of managing remote access to that software by users having different security classifications. The system should also be capable of providing different access rights to different persons having the same security clearance. For example, within each security level, users should be further distinguished based on different levels of authority and different job responsibilities (i.e., membership in different communities), which give rise to the need to access different software applications requiring a particular security level.
The invention is directed to a method and a system for delivery of protected software applications to remote systems from a central service facility wherein delivery is managed on the basis of the level of security clearance and on the basis of the community membership of the remote system user. A one-factor security scheme is utilized to determine whether remote system users seeking access to low-level protected software applications are authentic. Business rules are utilized to determine whether authenticated users seeking access should be authorized.
In accordance with the preferred embodiments of the invention, a multiplicity of web servers are programmed to allow selective access to one or more resident software applications by remote system users via a network. Some applications are open and others are protected, with preferably two levels of protection being enforced. Access is managed by a central policy server based on user and system information and community definitions stored in a database. The policy server communicates with each web server via an agency module incorporated in the web server.
The agency module intercepts requests for access from remote system users and interfaces with the policy server. The agency module determines whether the requested application is open or protected. If the requested software application is open, the agency module signals the web server to allow access. If the requested software application is protected, the agency module contacts the policy server. The policy server authenticates passwords, while referring the authentication of associated security codes to a security server. For low-level security software applications, if the password is authenticated, the policy server then applies the business rules to determine whether the requesting remote system user is authorized to access the protected software application. A particular individual may concurrently be a member of different communities.
In accordance with the preferred embodiment of the invention, different user authentication algorithms are employed depending on whether the user has a one-factor or a two-factor security clearance. Users having a one-factor security clearance are entitled to access software applications having a low-level of protection, while those with a two-factor security clearance are entitled to access both low-level and high-level protected software applications. Preferably, the particular remote system user sends a request to access a particular software application via a web browser at the remote system, the latter being connected via a network to the web server where the requested software application resides. If the user has a two-factor security clearance, during log-in he/she must input both factors, e.g., a password and a security code, in addition to a user identification. If the user has only a one-factor security clearance, then only that one factor (e.g., a password) and the user identification are input during log-in.
In either case, the agency module for the web server where the requested software resides intercepts the request for access and the logged-in user information, and then forwards them to the central policy server. Preferably, the distributed web servers are separated from the central policy server by a firewall. The transmitted information is processed by the policy server to determine whether the request for access should be approved. This processing involves two stages: (1) authentication of the user; and (2) authorization for access to the requested software application. The policy server authenticates the password by referring to an electronically accessible community management database. For access to low-level security software applications, if the password is authentic, the policy server then proceeds to determine whether access should be authorized based on user, site, system, contract and other information and business rules (i.e., community definitions) in the community management database. The business rules apply certain criteria to determine whether the particular community which the user belongs to is authorized to access the protected software applications being requested.