1. Field of the Invention
The present invention relates to security in a distributed object system comprising one or plural server objects for supplying various services, and one or plural client objects for using these services.
2. Description of the Related Art
A distributed object system which is established by combining a client server system (distributed computing system) and an object oriented technique are starting to attract a lot of attention.
Unlike the client server system (distributed computing system), in the distributed object system, a client application (client object) is not required to beforehand know where a server program (server object) operates. Further, even in a case where the system is expanded, no change is required at a client side. Therefore, a highly flexible system can be built up.
The flexibility and mechanism of the distributed object system as described above is described in "Client/Server Programming With Java and CORBA" written by Robert Orfali, Dan Harkey and published by John Wiley & Sons, for example.
In practice, there are many cases that all the communications between an client object and a server object are frequently performed via an object intermediate program, whereby establishment of a highly flexible distributed object system can be performed.
In order to build up such a flexible system, activities for standardization on the distributed object system have been recently carried out. The above publication briefly describes the activities for standardization.
In the information processing field, much attention has been paid to a software component technique for fabricating software such as applications, data used by the applications, etc. as components.
This technique has a lot of merits. For example, a component serving as a basic portion of an application is pre-installed in a client terminal, and when the application is started, the client terminal is first connected to an indicated server through a network to download an additive component which completes the application in combination with the basic portion of the application, and then it actually executes the application. As a result, the same client component can be used for various processing by merely preparing components which are different among servers, so that the development efficiency of the system is enhanced.
With the development and propagation of the information processing technique as described above, requirements for a security technique for authorization, access control, enciphering of information, etc. have been increasing more than ever.
The security function of the distributed object technique is described in "Instant CORBA" written by Robert Orfali, Dan Harkey, Jeri Edwards and published by John Wiley & Sons, for example. According to this publication, it is specified that the following six security functions are supplied as common services in the standardization activities of the distributed object system as described above.
(1) An identification function of checking the identity of a principal such as a user, an object or the like. The principal identifies itself by exhibiting secret information (password or the like) known only by itself and a server which performs authentication. PA1 (2) An access control function of checking whether a principal whose identity is authenticated has authority to access resources such as objects, etc., and controlling the access. PA1 (3) A security auditing function of recording various events relating to security. PA1 (4) A communication protection function of protecting communications between a client object and a server object from a third party. This function contains a function of detecting tampering or breakdown of data, and a function of preventing data from being tapped. PA1 (5) A non-repudiation function of verifying the fact of transmission/reception of data between a client and a server so that both the client and the server are disabled to afterwards deny that they performed the transmission/reception of the data. PA1 (6) An operation management function of setting the security policy, etc. by a manager. PA1 (1 ) A down-loaded client component cannot access any local resource (file, device, etc.) at a client terminal. PA1 (2) A down-loaded client component can only communicate with a server in which the component has been kept. PA1 (3) A down-loaded client component cannot create any new process. PA1 (1) A client object is not required to recognize a server in which a server object operates, and it can use the same service irrespective of the server in which the server object operates. PA1 (2) A client object which is not beforehand installed in a client terminal, but down-loaded from a server via a network can be automatically executed at that place.
The security function of the software component technique is described in "Java Security" written by Scott Oaks and published by O'Reilly & Associates, Inc., for example. According to this publication, the following restrictions are imposed on the client components which are down-loaded through a network.
Such security functions have been proposed to protect the system from a hostile client component. However, it is apparent from these restrictions that they lose the merits of the software component technique. Therefore, the following extension function has been also proposed That is, a client component down-loaded through a network is beforehand added with a signature of a creator who created the component (the signature is electronically made, and thus it is known as a "digital signature"), and when a user using a client terminal agrees that if it is a creator's client component, the client component is trusted, the above restrictions are excluded from the client component.