With the increased processing power available on desktop computers and the expanding use of various types of media to present information, computer systems have been developed which combine these two technologies in a network that can selectively distribute audio-visual information from any of a number of sources to individual workstations on the network. Examples of such systems are disclosed in commonly assigned, copending U.S. patent application Ser. Nos. 08/207,779 and 08/207,957, filed Mar. 8, 1994, the disclosures of which are incorporated herein by reference. Generally speaking, the systems disclosed in these applications comprise a number of multimedia workstations and a plurality of audio-visual sources that are connected to one another over two parallel networks. A multichannel A/V network delivers audio-visual information from the sources to the various workstations. A digital data network transmits data and control information between the various workstations, as well as from the workstations to the audio-visual sources.
An arrangement of this type offers a number of features that are particularly useful in classrooms and other educational environments. For example, a teacher can make an announcement to any number of selected students, and can carry on a two-way conversation with any given student. The teacher and the students can watch videos from a multiplicity of different sources, and the teacher can remotely control individual student workstations to receive the video information from a particular source. The teacher is provided with the ability to observe student workstations within a working space on the teacher's display screen, as well as to control the operation of any particular workstation. For further information regarding the details of such a system, reference is made to the previously cited patent applications.
In previous applications of the aforementioned systems, such networks have typically been limited to a single classroom, or like setting. Legitimate administrative access to network workstations is not generally an issue in such an environment because the individual performing the administrative functions (e.g., the teacher) is usually operating a master workstation within the same room. Since security is ordinarily not an important issue in such a network environment, conventional systems assume that a message originating from a master workstation are inherently valid. In such a situation, the only security provided is a password prompt to invoke administrator's software associated with a master workstation. There are generally no additional checks to ensure that a workstation requesting administrative access is authentic. Because the classroom or lab involved with such a situation is relatively confined, administrators need not be concerned with any higher degree of security. As networks expand to multiple rooms, or even outside of a building, network workstations can be more vulnerable to sophisticated modes of attack such as impersonating an administrator.
Because the network workstations become more vulnerable to attack as a network expands beyond a classroom or lab, it is desirable to have an additional security mechanism beyond source address checking. One possibility is to require administrator validation through password entry each time an administrative function or session is initiated. However, as networks grow and the sophistication of administrative tasks expand, requiring the administrator to enter a password every time an administrative task is performed becomes unduly burdensome. More desirable is a security system for automatically authenticating a legitimate administrator to a network workstation in a fashion that does not interrupt the administrator or require action on the administrator's part unless necessary.
Another shortcoming in conventional systems is the inability of an administrator to quickly and efficiently gather information concerning various attributes of network workstations in the network. On a one-on-one basis, it is a fairly simple task to gain access to a network workstation to manually investigate and gather desired information. However, as the size of networks of the type described above grows, determining the software and hardware attributes of the network workstations can be a daunting task if performed on a machine-by-machine basis. Hence, it is desirable to be able to assess the hardware and software configuration status of network workstations without having to engage the administrator in the tedious task of forming connections with individual workstations for the purpose of gathering needed information.