The invention relates to communication systems and more particularly to a process for executing a downloadable service receiving restrictive access rights to at least one profile file.
The constant progress of the Information Handling System (I.H.S.) technology and that of the communication systems, particularly with the explosion of the Internet and intranet networks, have resulted in the development of an era of information and services. With a single personal device, a user can get a connection to the Internet network, and have direct access to a wide range of information and services, including electronic business applications
Solutions were developed in the art for rendering easier the access to these huge amounts of resources and for improving the possibilities of negotiation and new services. For this purpose, agents were developed for allowing the customers to delegate some specific tasks to automatic modules in order to simplify part of the searching process.
U.S. Pat. No. 5,877,759 assigned to Netscape Communications Corp. and entitled Interface for user/agent interaction shows a first example of a user interface which provides assistance to the client user and an interface that is centred on autonomous processing of whole tasks rather than sequences of commands.
International application number WO 981472/50 assigned to IBM Corp. and entitled Apparatus and method for communicating between an intelligent agent and client computer process using disguised messages illustrates an agent for the communication with a client and which uses a selector known by both parties to generate and interpret messages and thereby to effectively disguise confidential information transmitted in the message from third parties.
International application number WO 98/43146 assigned to IBM Corp., and entitled Intelligent agent with negotiation capability and method of negotiation therewith is another example of an improvement brought to a so-called intelligent agent.
In addition to the development of agents, the use of one or more profile files located within the user""s machine, is clearly a very promising field of development. A profile file is usually more easily updated since the customer feels more concerned about the information that he loads into his own profile file(s). Further this information continuously remains under his/her own control. When the customer permits it, the use of the information loaded into that or those profiles shows to be a material of the highest interest for service providers since it clearly enhances the personalization and the possibilities of negotiation with the customer. Practically, the profile files can be used by product/service providers who wish to propose an offer well tailored to the customers needs.
Unpublished European patent application no 0041004.6 entitled xe2x80x9cprocess and apparatus for allowing transaction between an user and a remote serverxe2x80x9d by G. Brebner, filed on Jan. 21, 2000 and assigned to the Assignee of the present application, shows a profile file which is used for improving the possibilities of negotiation between a customer and a product or accessories provider. Basically, there is disclosed a process which receives an abstract request expressed by the user. The request is subject to contextual analysis for the purpose of preparing an aggregate request based on the abstract formulation of the client, which can then be completed with additional technical information which is extracted from a local profile Since the products/service providers are automatically given direct access to the internal configuration of the machine, of which the user may even not be aware, they can propose offers which are correctly tailored to the users, even when those are not versed in the field of computers.
While the use of one or more profiles substantially enhances the personalization of the access to the web, as well as the possibilities of negotiation between the customer and the service/product providers, it can be seen that the customers feel more and more concerned with the question of the privacy of their private data, and the risk of any misuse of that information.
Mechanisms have been developed for minimising the exposure of sensitive data on the Internet and particularly the highly confidential information that is contained within such profile files. Unpublished European patent application no 00410005.3 (HP50001003) entitled xe2x80x9cmethod for a personalised access to the Internet networkxe2x80x9d by G. Brebner et al, filed on Jan. 21, 2000 and also assigned to the Assignee of the present application brings a first solution to the problem of privacy. There is disclosed a process, still based on an agent, which avoids the dissemination of the users personal data over the web. For that purpose, an agent located on the user""s machine generates a Hyper Text Markup Language (HTML) page for the user and which takes into account private data contained into at least one profile file. At different predetermined intervals, the Agent module polls one or more predetermined service provider(s), and downloads a file that simultaneously contains both data representative of products or services, and rules for stating the conditions for the attribution of the data. By comparing the rules with the private data contained within said at least one profile, a local data mining process is achieved and the Agent can construct a personalised HTML page which contains an offer well tailored to the customer""s needs. This can be finally displayed into the web browser of the client machine Since the HTML page is locally generated with the private data that is contained in the profile(s), and which belongs to the user, the service provider does not need to create and maintain any kind of centralised database, and the user profile remains in the user""s machine.
The present invention extends the possibilities of exploitation of the profile files, which substantially increases the security of the access to the important information therein contained.
It is an object of the present invention to enhance the flexibility and the use of profile files containing highly sensitive information, while ensuring a high degree of security in respect of that information.
This object is achieved by the present invention which provides a process for executing a downloadable service within the client machine which receives very restricted access rights to the user""s profile file(s).
Basically, there is provided a process which involves the step of accessing a server on the Internet or a intranet network through a web browser which is assigned a first port and socket for the communication with the web server. When the user requests the downloading of an executable service from a web server, the web browser launches confined run time environment which is assigned a second port and socket for receiving the downloadable service. The confined run time environment is arranged to provide restrictive access rights to at least one profile file(s), so that the executable service may only access the profile file(s) through the methods and access rights which are defined by the confined run time environment. This substantially minimize the risk of any misuse of the valuable information contained with the user""s profile.
Preferably the confined run time environment corresponds to an extended sandbox in the context of the Java programming. The personal service is received under the form of set of data (remote information, sorting code, requested data) which reference is contained within an Hyper Text Mark-up Language (H.T.M.L.) page accessed by the web browser. The service is received in an archive file, such as a jar file for instance, which is signed and which contains a class structure of java code. The lava code may also be received from a File Transfer Protocol (FTP) server.
In one embodiment, the process validates the archive file and in accordance with the signature existing within the determined archive file, uses a predefined jar and secure class loader for embodying a specific corresponding sandbox associated to that class structure. Therefore there is achieved a direct association between the signature of the applet file and the java security mechanisms which will be used for executing the service.
Preferably, the predefined jar loader is used for controlling the access to at least one profile file so that the service which arrives within the extended sandbox and which is compiled in accordance with the predetermined jar loader receives a personalized access to said profile(s) file. There is therefore achieved a high control and security on the information belonging to the user.
More preferably, the predefined personalised sandbox is used for providing methods allowing a selective access to some specific areas or sections of the profile file(s) which contains an hierarchical structure of data, user display, and remote communications. In one application, the profile file includes personal data belonging to the user, while an additional section comprises technical data concerning his/her computer.
When the signed archive file is received and opened with the corresponding jar loader, the latter implements methods, according the user policy, to the already contained classes for the purpose of personalizing the access rights to the profile. The java service code can then be executed in its personalized environment and starts processing tasks, possibly on the personal data of the user. A local service can then be executed on the local machine with some of the user""s private data. As soon as the result of the service is made available, the latter can be transmitted back to the web server for additional process and negotiation without requiring the exchange and transmission of the private data of the user loaded within the profile files.
In one embodiment, the service is used for executing a data mining process on the information loaded into the profile(s).
The process according to the invention increases the possibilities of personalization of the access for service providers since different jar loaders may be used for different signatures and different service providers Additionally, there is provided a wide range of new high added-value services for the customers.
Even in the case of one unique jar loader, the latter can be used to arrange a set of different access rights to some specific areas or sections of the profile(s).
A powerful downloadable service can be executed within the local machine of the customer while minimising any risk of misuse or abuse of the user""s private data. The validation process based on the signature and, additionally, the access of the profile through the restrictive access permissions arranged by the sandbox and the class loader substantially secures the use of the user""s profile.
In one embodiment, when the archive file of the service is received within the extended sandbox, the service is being executed and initiates a processing task which may continue, even if the connection with the web server is being discontinued. When the task completes and the result is made available, the latter will be transmitted to the web server at the next dial-up and connection for the purpose of a further processing of the negotiation.
In some extent, there is achieved the concept of xe2x80x9cconsumablexe2x80x9d servicexe2x80x94requiring no installation process as for the other software packagesxe2x80x94which can be downloaded in an archive file and received in a very personalized environment, with restrictive access to the profile file of the user. When the execution of the service completes, the useful result is provided to the user or to a web server and the service is discontinued. A wide range of applications and new added-value services can use the process for the benefit of the customers, such as travel or flight booking service, electronic business, data mining and book-keeping processing tasks.