This application is the U.S. National Stage of PCT/EP2011/056831, filed Apr. 29, 2011, which in turn claims priority to French Patent Application No. 1053429, filed May 3, 2010, the entire contents of all applications are incorporated herein by reference in their entireties.
The present invention relates to a method for opening a session of a first machine using session checking means.
It is applicable particularly, but not exclusively, in the field of medical care institutions.
A method for opening a session of a first machine using session checking means, known to one skilled in the art, enables a session to be opened by a user with his user identifier (commonly referred to as “login”), which generally consists of a user name and associated password.
In the field of medical care institutions, it is common to use a machine set comprising a plurality of machines. The various machines are equipped with common applications, and a machine may also have one or more applications that run exclusively on that machine.
Multiple operators, such as doctors or nurses, may be able to use the various machines, in order to access the common applications and the applications that run exclusively on each given machine. To access these applications, they open a session with their “login”.
Thus, during the day, an operator can open a user session on several machines in the machine set.
One drawback with this state of the art is that often an operator forgets to close an open session after using the machine. Consequently, another operator is able to use the applications on the machine via a user session that is not his, and thus has access to applications for which he is not authorized.
The object of the present invention is a method for opening a session of a first machine using session checking means that provide a solution to the problem described in the preceding.
This object is achieved with a method for opening a session of a first machine using session checking means for a machine set comprising at least said first machine and a second machine, said second machine comprising security means, and the method comprising the steps of:
As will be explained in detail in the following, the activity of verifying whether a user already has an open session of another machine and of modifying his session status before allowing him to open another session of a different machine makes it possible to render the machine the user is no longer using more secure.
According to non-limiting embodiments, the method may further comprise one or more additional characteristics from the following list:
The invention further relates to a software product comprising one or more instruction sequences that are executable by an information processing unit, the execution of which instruction sequences enables the session opening method according to any of the preceding characteristics to be implemented when the software is loaded on a computer.
The invention further relates to a machine for managing a machine set and capable of carrying out a method a for opening a session on a first machine via session checking means for said machine set that includes at least said first machine and a second machine, said second machine comprising security means, said management machine comprising said session checking means, said session checking means being designed to:
The invention also relates to a computer system that is designed to carry out a session opening of a first machine via session checking means for a machine set that includes at least said first machine and a second machine, said second machine comprising security means, said system comprising:
According to a non-limiting embodiment, the session management module of the second machine comprises a plugin.
The invention and its various applications will be understood more clearly upon reading the following description and reviewing the accompanying drawing.
The figures are presented for illustrative purposes only and are not intended to be limiting of the invention in any way.
The method for opening a session of a first machine using session checking means for a machine set comprising at least said first machine and a second machine, said second machine comprising security means, is described in a non-limiting embodiment shown in
The method for opening a session is implemented by session checking means SRV shown in
In the same way, the security means are also referred to as the security service. In the rest of this description, the two terms will be used interchangeably. The security means are a computer software product.
The term machine is understood to mean any computer equipment comprising a user interface via which a user may have himself authenticated by means of his identifier and password (commonly called “login”). In non-limiting examples, a machine may be a single workstation or a server.
In a first embodiment illustrated in
In a second embodiment illustrated in
When a user USR wishes to access second machine PC2, he connects in a user session unique to him via an identifier that is unique to him and an associated password, the activity as a whole constituting the “login”. The connection (also called opening a session) is established via a session management user interface UI2, which is a component of the machine's user interface (not shown).
In the rest of this description, the terms user session and session will be used interchangeably.
When the same user USR wishes to access first machine PC1, he connects in a user session that is unique to him via the same “login”. The connection (also called opening a session on the machine) is established via a session management user interface UI1, which is a component of the machine's user interface (not shown).
During this attempt to connect, which corresponds to a request to open a session DDE_OPSESS on the part of the user, first machine PC1 sends a request to open a session RQ_OPSESS to session checking service SRV.
At this time, the session opening method is implemented.
It comprises the following steps, as illustrated in
In a non-limiting embodiment, the session status modification request RQ_MODIFST is of type Tp session locking (session status locked, ST=slo) or session closure (session status closed, ST=scl).
It will be noted that locking of a machine is understood to mean the act of locking a user session that is unlocked.
In a non-limiting embodiment, the method for opening a session comprises an additional step of sending an application message for modification of the session status MSG_MODIFST corresponding to session status modification request RQ_MODIFST to a session management module M2 of second machine PC2.
In a non-limiting embodiment, the method for opening a session comprises an additional step according to which session management module M2 of second machine PC2 modifies to session status of said second machine PC2.
For the rest of the present description, in the non-limiting embodiment of the method described, the method will comprise these non-limiting embodiments.
The steps of the method for opening a session are described in detail hereinafter with reference to
It will be noted that second machine PC2 includes a session management user interface UI2, which is located in a session management module M2 such as is illustrated in
In a first step 1), session checking service SRV receives a request to open a session RQ_OPSESS for said first machine PC1, said request including at least one items of identification information IDU of a user USR.
It will be noted that this identification information IDU enables identification of the originator of the request to open the session DDE_OPSESS described in the preceding. In a non-limiting example, this identification information IDU is a unique identifier associated with the user (commonly called the “Global Unique Identifier”).
In non-limiting embodiments, the request to open a session RQOPSESS is a TCP/IP (“Transmission Control Protocol/Internet Protocol”) or UDP (“User Datagram Protocol”) request.
In a second step 2), session checking service SRV verifies whether said at least one item of identification information IDU of said user USR is associated with an item of identification data IDU of second machine PC2 in a repository BDD.
Thus, it is verified in repository BDD whether there exists a pair IDU, IDP having the same unique user identifier IDU and a machine identifier IDP that is different from first machine PC1, which in this case is that of second machine PC2.
If this is the case, this means that user USR has previously opened a session on another machine, in this case second machine PC2.
Of course, this assumes that when user USR opened the session previously on second machine PC2, session checking service SRV stored an item of user identification information IDU in repository BDD as well as an associated item of identification data IDP2 of second machine PC2.
In a non-limiting embodiment, repository BDD is managed by session checking service SRV.
In the first embodiment, in which session checking service SRV is installed on a management machine MGN, repository BDD is installed on said management machine MGN.
In the second embodiment, in which session checking service SRV is installed on second machine PC2, repository BDD is a remote repository.
It will be noted that identification data item IDP of a machine enables the associated machine to be identified uniquely. In non-limiting examples, an item of identification date IDU of a machine is its name, its IP address, or even its unique identifier, commonly called the “Global Unique Identifier”.
In a third step 3), session checking service SRV checks whether user USR has the right to open a session on first machine PC1.
It will be noted that the process of checking a user's rights to open a session on a machine is known to one skilled in the art and is not described here.
In a fourth step 4), if the results of verification and checking are positive (a user session has been opened on second machine PC2 and the same user has the right to open a session on first machine PC1), session checking service SRV sends a request to modify the session status RQ_MODIFST of said second machine PC2 to said security service SES2 of said second machine PC2.
The request to modify the session status RQ_MODIFST is of type Tp session locking RQ_MODIFST(slo) or session closing RQ_MODIFST(scl).
Accordingly, the session on second machine PC2 will either be locked or it will be closed.
In a non-limiting first embodiment, the type Tp of a session status modification request RQ_MODIFST is configured in session checking service SRV (step 0 called PARAM(Tp) as is indicated by the dashed lines in
In a second non-limiting embodiment, the choice of whether to close/lock is given to the user himself. In this way, session management user interface UI1 of first machine PC1 is designed to be able to:
Thus, in this second embodiment, the method for opening a session comprises the following additional steps, as illustrated in
These two additional steps are carried out before the step of sending session status modification request RQ_MODIFST.
It will be noted that in a non-limiting embodiment first machine PC1 comprises a security service SES1 for this purpose, as illustrated in
In non-limiting embodiments, a session status modification request RQ_MODIFST is a TCP/IP (“Transmission Control Protocol/Internet Protocol”) or UDP (“User Datagram Protocol”) request. In the latter case, the requests are called datagrams. The UPD communication protocol is a simple protocol that enables requests to be transmitted to another machine without a prior request to communicate. Of course, other communication protocols that enable a request to be sent between two machines may also be used.
It will be noted that security service SES2 is a task that runs in the background and operates independently of a user session, that is to say even if there is no user session. Security means SES2 are thus a computer software product that operates independently of a user session.
Accordingly, the fact that security service SES2 is autonomous with respect to session management user module M2 of second machine PC2 (session management module M2 which manages the user sessions) avoids the problem of having security service SES2 stop functioning when said session management user module M2 is no longer active, as is the case with certain operating systems (not shown in the figures), such as Windows Vista™ for example, on which said module M2 is based.
Also, it will be noted in general that the rights of a user on a machine are restricted to a given environment, and accordingly to certain actions.
Since security service SES2 is independent of the user session, session management user interface UI2 does not have the same rights as said security service SES2 and therefore does not have access to the actions performed by security service SES2.
The notes provided in the preceding with regard to security service SES2 of second machine PC2 also apply to security service SES1 of first machine PC1.
It will be noted that if the verification carried out the second step is negative (a session has not been opened on second machine PC2), the third step is still carried out (as shown in
Also, it will be noted that if the check carried out in the third step is negative (the user does not have the necessary rights to open a session on first machine PC1), session checking service SRV sends a request to prohibit opening of a session RQ_OPSESSOK to first machine PC1 (ninth step TX(RQ_OPSESSNOK(IDU, IDP1), shown in
Upon receipt of session status modification request RQ_MODIFST by the security service SES2 of second machine PC2, in a fifth step 5), as shown in
It will be noted that a session status modification application message MSG_MODIFST is an application message that is defined on the basis of session management module M2 of second machine PC2, and more particularly on the basis of session management user interface UI2.
Thus for example, in the case of a Windows™ session management user interface, a session status modification message is a notification generated by. Windows. In another example, in the case of a Linux™ session management user interface, a session status modification message is an event generated by Linux™.
In a first non-limiting embodiment, session status modification application message MSG_MODIFST is sent directly to session management user interface UI2 of session management module M2, as is shown by a solid arrow in
In a second non-limiting embodiment, session status modification application message MSG_MODIFST is sent to a plugin PLGN2 of session management module M2, as shown by a discontinuous arrow in
The use of a plugin PLGN2 avoids having to modify the existing session management user interface in a machine to integrate a function for receiving an application message MSG_MODIFST or replacing it with a new session management user interface that integrates the function for receiving an application message MSG_MODIFST, as is the case in the first embodiment described in the preceding.
In a non-limiting example, the low-level session status modification functions, FCTv(slo), FCTc(scl) are located in a dynamic link library. Depending on the operating system types, this library will have a different extension (for example .dll for “dynamic link library”; .so for “shared object”; .dylib for “dynamic library”; .a for “archive”; .si for “shared library”; .sa for “archive”). Such libraries are known to one skilled in the art and will not be described in greater detail here.
In another non-limiting example, the low-level session status modification functions, FCTv(slo), FCTc(scl) are binary functions. In this case, unlike the dynamic link libraries, when they are used session management user module M2 has to be recompiled.
Accordingly, in a sixth step 6), upon receipt of session status modification application message MSG_MODIFST, said session management module M2 carries out said session status modification (step MODIFST(slo, scl), as shown in
Session management user module M2 is a suite of computer software products with which it is possible to perform the function of user session management and particularly that of modifying session statuses.
In particular, this session status modification is carried out by session management user interface UI2 with low-level function FCTv(slo) or FCTc(scl) as explained in the preceding.
Thus, in the given example, the session opened by user USR on second machine PC2 is either locked (locked status ST=slo) or closed (closed status ST=scl).
It should be noted that when the user session is locked, this means that the user is unable to carry out any actions at all except from the keyboard of second machine PC2, via which the only action possible is to reactivate the user session by entering the user ID and password associated with user USR.
In a seventh step 7), if the session status of second machine PC2 is modified, session checking service SRV sends a request for authorization to open a session RQ_OPSESSOK to first machine PC1.
Finally, a session is opened on first machine PC1. It will be noted that first machine PC1 is also equipped with a session management module M1, as shown in
It will be noted that in a non-limiting embodiment, when first machine PC1 includes a security service SES1, said security service receives this request to authorize session opening RQ_OPSSSOK.
In an eighth step 8), session checking service SRV, stores said at least one item of identification information IDU of said user USR associated with an items of identification data IDP of said first machine PC1 in said repository BDD.
It is thus possible to record the fact that user USR has opened a session on first machine PC1.
In a non-limiting example, repository BDD is an LDAP directory that is managed by an administrator of machine set GRP.
It will be noted that following receipt of a session status modification application message MSG_MODIFST such as is described in step 6), a session status modification corresponding to closing a session of second machine PC2 may fail if an application is open and will not terminate, for example when documents are already open in this session. In this event, it will be noted that the session closing type is classic, that is to say it does not force an application to close.
In this case, in a ninth step 9), in a first non-limiting embodiment, if the session status modification of second machine PC2 fails, session checking service SRV sends a request to prohibit opening of a session RQ_OPSESSOK (step TX(RQ_OPSESSNOK(USR, IDP1) to first machine PC1, as shown in
In a second non-limiting embodiment, such as is illustrated in
It will be noted that the steps of verification and sending the session status modification request described in the preceding are carried out for every machine PC that belongs to machine set GRP and is not the first machine. Accordingly, in the machine set there will only be one user session for a given user that will be unlocked, that is to say open. The machines in machine set are thus rendered secure. A third party will not be able to use the user's user session illicitly when the user is no longer using his session, and the machines will not be rendered needlessly unavailable by inactive user sessions.
Thus, the method for opening a session avoids several sessions in the name of the same user from being unlocked on several machines at the same time (when the session status modification is locking). This enables access to the applications on the machines to be rendered secure.
Similarly, the method for opening a session avoids several sessions in the name of the same user from being open on several machines at the same time (when the session status modification is closing). This prevents the machines from being active unnecessarily.
The method for opening a session is implemented by session checking means SRV for a set of machines PC1, PC2 that are designed to be able to open a session of a first machine PC1, said machine set including at least said first machine PC1 and a second machine PC2, said second machine PC2 comprising security means SES2.
The session checking means SRV are designed to:
A computer system SYS designed to perform carry out session opening of a first machine PC1 by session checking means SRV for a set of machines PC1, PC2 including at least said first machine PC1 and a second machine PC2, said second machine PC2 comprising a session management module M2, is represented according to a first non-limiting embodiment in
Computer system SYS comprises:
In a first non-limiting embodiment, a management machine MGN of a set of machines PC1, PC2 comprises said session checking means SRV as represented in
Management machine MGN, first machine PC1 and second machine PC2 together constitute computer system SYS.
In a second non-limiting embodiment, second machine PC2 includes said session checking means SRV, as represented in
In a non-limiting embodiment represented in
Of course, the description is not limited to the application, the embodiments or the examples described in the preceding.
Accordingly, the described invention particularly offers the following advantages:
it offers the choice between closing and locking a session, this choice being determined either in advance by configuration, or by the user himself.
Number | Date | Country | Kind |
---|---|---|---|
10 53429 | May 2010 | FR | national |
Filing Document | Filing Date | Country | Kind | 371c Date |
---|---|---|---|---|
PCT/EP2011/056831 | 4/29/2011 | WO | 00 | 1/9/2013 |
Publishing Document | Publishing Date | Country | Kind |
---|---|---|---|
WO2011/138240 | 11/10/2011 | WO | A |
Number | Name | Date | Kind |
---|---|---|---|
6748420 | Quatrano et al. | Jun 2004 | B1 |
7487248 | Moran | Feb 2009 | B2 |
7856660 | Lagimonier | Dec 2010 | B2 |
8181206 | Hasek | May 2012 | B2 |
20020129142 | Favier et al. | Sep 2002 | A1 |
20030005121 | Washio | Jan 2003 | A1 |
20040143669 | Zhao et al. | Jul 2004 | A1 |
20050080906 | Pedersen | Apr 2005 | A1 |
20050256898 | Akagawa | Nov 2005 | A1 |
20060031779 | Theurer et al. | Feb 2006 | A1 |
20060277536 | Stein et al. | Dec 2006 | A1 |
20070162605 | Chalasani et al. | Jul 2007 | A1 |
20070169175 | Hall et al. | Jul 2007 | A1 |
20080183817 | Baek et al. | Jul 2008 | A1 |
20080298307 | Ohman | Dec 2008 | A1 |
20090083830 | Lum | Mar 2009 | A1 |
20090100266 | Abe | Apr 2009 | A1 |
20090172101 | Arthursson | Jul 2009 | A1 |
20090210536 | Allen | Aug 2009 | A1 |
20090249448 | Choi | Oct 2009 | A1 |
20090271848 | Leung | Oct 2009 | A1 |
20100017334 | Itoi | Jan 2010 | A1 |
20100162367 | LaJoie | Jun 2010 | A1 |
20100205642 | Foti | Aug 2010 | A1 |
20100215036 | Eom | Aug 2010 | A1 |
20100242045 | Swamy | Sep 2010 | A1 |
20110243553 | Russell | Oct 2011 | A1 |
Entry |
---|
International Search Report as issued for PCT/EP2011/056831. |
Anonymous; “Symantec pcAnywhere Solution User Guide Version 12.5”, Feb. 25, 2010, pp. 1-63, XP002607050, Symantec Retrieved from the Internet:URL:http://www.symantec.com/business/support/index?page=content&id=DOC1799>. |
Number | Date | Country | |
---|---|---|---|
20130212647 A1 | Aug 2013 | US |