1. Field of the Invention
The present invention relates to computer network security, and more particularly, the present invention relates to an information processing apparatus, a server apparatus, a method of an information processing apparatus, a method of a server apparatus, an apparatus executable program useful in a networked environment with a means of securely executing programs on remote network environment.
2. Description of the Related Art
In recent years, security of a network system is strongly requested for protecting secret information, important information or computers itself in the network from non-certified attacks. For this purpose, several attempts are proposed such as Palladium (Trade Mark)[1]. In Palladium architecture, platform manufactures would install the so-called Nub in a newly manufactured PC while generating a public key private key pair within a kernel called as the Nub and obtaining maker's certificate for certifying that the PC has a genuine Palladium platform. These processes must be completed during the manufacturing process because the process or the manufacturer is regarded to be the only reliable for making a trusted binding between the Nub and the platform.
The conventional Nub system will have two control points in terms of certification, i.e., certifying the genuine Palladium (Trade Mark) platform and certifying the applications running thereon. The above policy is very similar to some conventional environment provided such as game titles running on some types of platform.
However, in a server technology as well as a networked computer systems, other security policies with further flexibilities are requested, because the server may receive many different types of information processing apparatuses (hereafter referred to simply clients) including computers, PDAs and sometimes cellular phones. The clients as well as servers may be configured to have to talk the Palladium-based platforms or other trusted architecture-based platforms and then the server may include more flexible policy upon providing services with different kind of clients. Therefore, it is required for the server to address the security requirement in more flexible and application independent policy.
The OSGi [3] specifies a framework designed for providing an environment for independent services and offers function for provision, administration and life-cycle managements of such services. Most importantly, the OSGi provides the protection of service bundles against interference from other bundles. Services for user management and for programmatic access control are available as well.
Typically, a platform such as clients and servers contains one single Java Virtual Machine instance, in which one single OSGi Framework instance is executed while executing all of the services. Each service bundle has its own class loader and the class loader is configured to avoid interference of bundle classes. OSGi builds on top of the standard Java 2 security mechanisms.