1. Field of the Invention
The present invention concerns a method and system for establishing private control by a user host device of a shared remote process executing in a remote device, through a communication link between the user host device and the remote device via an intermediary communication device. The private control is established so that the user host device can send commands to the shared remote process without the intermediary communication device having knowledge of the commands.
2. Description of the Related Art
In networked computing environments, it is common for a user of a first computing device to control a shared process executing on a remote second computing device. In many cases, the communication link between the first computing device and the second computing device for controlling the shared remote process must pass through one or more other computing devices, such as a common controller which owns, and controls access to, the remote shared process. In such cases, it may be desirable for the user of the first device to maintain privacy of the control session with the shared remote process by preventing the other computing devices from having visibility of the commands to the remote process, and of the responses from the remote process.
There are many instances where the process owner (controller) needs to grant access and specific control of a particular remote shared process to a remote user. In this context, the process host grants or denies access, and has visibility into, the communications between the user and the shared process, and the results from the shared process to the user. The aerospace industry is one example of such a situation. In particular, a remote process may be executing in a satellite, and it may be desirable for the remote process to be under the control of a user who is external to the satellite command and control infrastructure (the satellite host). Historically, in such a situation, the remote user supplies control information to the satellite host for execution and trusts the satellite host (command and control infrastructure) to return correct and accurate response information.
The foregoing method is unsatisfactory for a class of remote satellite users who insist on being segregated from the process host (satellite command and control authority), both from a process control privacy perspective, and also from a process results trust perspective. In other words, the remote user does not want the satellite host to have visibility of the control commands to the shared remote process executing in the satellite, and the remote user does not want the satellite host to have visibility of the results returned from the remote process in response to the user's commands. The problem is further exacerbated by the need of multiple users to be private from one another and to access the shared remote process simultaneously.
One specific example of this problem in the aerospace industry is the need to allow a remote user to direct a communications beam onto a specific target on the earth from a satellite in geosynchronous orbit, wherein the direction of the beam is private from the satellite control facilities and only known by the remote user, the remote process and the target. While this represents an example of one such problem, the need for remote private process control has wider application, both in the aerospace industry and in other industries where private control of a remote shared process is desired.
Known approaches to the aforementioned satellite communications beam control problem include having the satellite collect data for the entire hemispherical spectrum of interest, and then transmit the entire collected spectrum data to the user on the ground from each of thirty-five feed sets on the satellite, and then have the user beamform (establish a correct beam direction) from the collected spectrum data on the ground, and thereby detect a signal of interest. In the alternative, another known approach is to have the remote process on the satellite perform beamforming in space by using a command link that gives the satellite host (controllers) visibility to the beamformed latitude and longitude locations.
The problem with the first approach is that performing beamforming on the ground requires thirty-five times (based on the number of feeds needed) the communications bandwidth to collect the digital representation of the entire spectrum, and this approach only works in the receive mode. The problem with the second approach is that beamforming by using a command link that is visible to the satellite host does not provide the private security required by the remote users.
The classic problem of remote process control has been solved previously through the introduction of a trusted third party known as a certificate authority (CA) that vouches for the validity of the public keys of the participants. The public keys are used to establish private remote process control. In the satellite scenario, for example, the use of a certificate authority by a remote user is equivalent to sharing remote the user's control information with the satellite operators (operating as the certificate authority). This gives the operators the knowledge of the beamformed location, destroying the privacy between the remote user and the beamformer process on the satellite.
Accordingly, a solution is need that allows a remote user to privately control a remote shared process, wherein the user's commands to the remote shared process, and the results from the shared process to the user, are kept private from the host/controller of the shared process, and are known only by the remote user and the remote shared process.