The rapid increase in the popularity of the Internet has led to a corresponding increase in the need for processing network traffic. This processing includes both that which is mandatory (e.g., encrypted data that must be decrypted before it can be used), and that which is recommended (e.g., executable code retrieved from public Internet archives that should be checked for viruses before it is used).
Typically, when a user wants to process data retrieved from the Internet, they do so by installing and running a program that performs the desired processing on their client machine. Employees of a company, for example, might be asked or required to install and run a particular virus checking program (e.g., the AntiVirus.TM. product sold by International Business Machines Corporation (IBM)) on all data that they obtain from the Internet, in order to protect the company's intranet from infestation. Having individual users perform required processing like this is not a practical solution for several reasons:
Non-technical users may not be able to use the required software due to a lack of technical knowhow. PA1 Other users may not use the software simply because it is too much bother. PA1 If a given type of processing has any idiosyncrasies (e.g., executables whose filenames end in "exebin" sometimes, rather than simply "exe"), all users will have to be trained to handle them. PA1 Adding and changing the required processing can be difficult for users. PA1 An organization has no way to check that all users are performing the required processing, and thus it is difficult to implement an enforceable processing policy. PA1 Also, if three users pull in the same piece of data, then each user will have to check the data, each performing exactly the same processing on exactly the same piece of data. PA1 To perform the additional processing, the firewall must run an additionally complex network-traffic filtering program, thereby increasing the chances that hackers will be able to find a way through the firewall. PA1 Since most firewalls are not meant to process assembled data streams, the speed of communication through the firewall will be decreased because, in addition to processing data objects from the outside Internet, the firewall will also have to assemble the data objects from the IP packet streams running through it. PA1 It is impossible to provide different processing for subgroups within the organization (e.g., additional virus checking to the financial department), without either degrading the firewall's security and performance further, or requiring the individual user of the relevant subgroups to perform the processing by themselves. PA1 In deciding whether or not to process a given data object, a low level server has no way to know whether a higher level server has already performed the given processing. PA1 A nearly saturated higher level server has no way of passing an unprocessed object to a lower level server, indicating to the lower level server that the given object still needs to be processed. PA1 1. Processing the object content based on meta-information associated with the object; PA1 2. Updating/adding the meta-information to reflect the processing accomplished; and PA1 3. Communicating the object content and meta-information to a next server in the path for further processing. PA1 a data object's type; PA1 current load condition of the server; PA1 a number of times the data object has been requested; PA1 whether the object is for multicasting; PA1 if the object is to be cached; PA1 whether the requested processing can be provided for a specified price; and PA1 whether the requested processing can be accomplished within a specified time window. PA1 1. Processing object content across multiple servers on the communication path to the destination node; and PA1 2. Using meta-information associated with the object to convey the processing accomplished by prior servers in the communication path. PA1 1. A higher level server passing down the meta-information on the virus checking already performed on the object; and PA1 2. A lower level server either performing further virus checking and then updating the meta-information on the virus checking; or simply passing the object through without further checking. PA1 The load condition of the server; PA1 the user specification; PA1 the data object's types; PA1 the number of times the object has been requested; PA1 whether the object is for multicasting; and PA1 whether the object is to be cached. PA1 1. Maintaining statistics and/or classification of the reliability (of virus detection) of content sources; PA1 2. Applying virus checking based on the reliability classification of the source; and PA1 3. Passing source classification with the object. PA1 The checking performed by the server; and PA1 The reliability of the content source.
In an attempt to centralize the processing of data retrieved from the Internet, intranets that connect to the Internet through a firewall can have the processing performed by the firewall itself (e.g., see the Norton AntiVirus for Firewalls product sold by Symantec Corporation, which runs on PC/s running the WinNT 3.51 Operating System sold by Microsoft). However, this solution creates other problems:
Compare theorem 3: Exposed machines should run as few programs as possible, the ones that are run should be as small as possible, of William R. Cheswick and Steven M. Bellovin, Firewalls and Internet Security: Repelling the Wily Hacker, Addison-Wesley Professional Computing Series, Reading, Mass., 1994. Cited on: p. 7.
Based upon the above, there exists a need for a collaborative method for processing of data objects. The present invention is directed to this need.