1. Field of the Invention
The present invention relates generally to information processing systems, and more particularly to a methodology and system for providing a screen-saver technique for obscuring sensitive or confidential information on a computer display.
2. Background of the Invention
Computer desktop environments of all major operating systems support multi-threaded processing and multiple window displays. Separate running computer processes or applications are represented by graphical interfaces in separate desktop windows. Many users try to maximize their usable display space by using large monitors or possibly using multiple monitors to display multiple overlapping windows on the display.
A screensaver for a computer work station provides a computer user with the means of manually or automatically obscuring the display when the computer user is either absent or inactive at the work station for some period of time. In operation, the screensaver blanks the display or presents an attractive pattern or image, which is usually repetitively displayed until the user engages the computer. Although screensaver functions are successful in obscuring the entire display, most screensavers are usually invoked only after a few minutes of keyboard or mouse inactivity on the computer system. There are periods during which the user is interacting with one window, while other windows of sensitive information are simultaneously fully or partially displayed on the computer. There are also periods of inactivity on a computer system prior to the screensaver activation during which sensitive information is displayed on the inactive computer. It can be seen that there is a need for a system and method to protect the display of windows or segments of windows on a screen during periods where the user is not interacting with the particular window displaying the sensitive information and prior to the screensaver function turns on.
In accordance with the present invention, improved methods, systems and articles of manufacture for windows security in a data processing system are disclosed. In one embodiment of the present invention, a windows security module displays first images generated from data sent by a first process for display within a first window frame of an active window displayed within a graphical user interface. The windows security module also automatically secures second images generated from data sent by a second process for display within a second window frame of an inactive window displayed within the windowing graphical user interface such that the second images are automatically obscured from view in the inactive window in response to the window becoming inactive.
All objects, features, and advantages of the present invention will become apparent in the following detailed written description.
This invention is described in a preferred embodiment in the following description with reference to the drawings, in which like numbers represent the same or similar elements, as follows:
A preferred embodiment provides a screensaver functionality at the individual window level. A windows security module monitors the windows displayed by the computer to detect when a window becomes inactive in the display, for example by the user clicking and working within another window in the display. Upon becoming inactive, the windows security module overrides the application data being sent to a secured window and displays a predetermined screensaver-type image in its place, thereby hiding sensitive information from being displayed by the window during periods of inactivity. The windows security module can implement any user selected security type to hide or obscure the windows content such as blanking the individual window, displaying a text message or other graphic in the window, or minimizing the individual window upon becoming inactive. As an additional option, a time delay can also be set to delay the assertion of the security feature until a specified time following the window becoming inactive.
With reference now to the figures, and in particular with reference to
Several of the major components of the system 101 are illustrated in the block diagram of
The system bus 203 is also connected through an input interface circuit 211 to a keyboard 213 and a mouse or pointing device 215. The bus 203 is also coupled to a network interface subsystem 217 and a diskette drive unit 219. A video subsystem 220, which may include a graphics subsystem, is connected to a display device 221. A storage device 218, which may comprise a hard drive unit and/or an optical CD, is also coupled to the bus 203. The diskette drive unit provides a means by which individual diskette programs may be loaded on to the hard drive, or accessed directly, for selective execution by the computer system 101. As is well known, program diskettes containing application programs represented by magnetic indicia on the diskette, may be read from the diskette drive, and the computer system is selectively operable to read such magnetic indicia and create program signals. Such program signals are selectively effective to cause the computer system to present displays on the screen of a display device and respond to user inputs in accordance with the functional flow of the application program on the diskette.
In general, an implementing computer system may include a plurality of processors in a multi-bus system in a network of similar systems. However, since the workstation or computer system implementing the present invention in an exemplary embodiment is generally known in the art and composed of electronic components and circuits generally known to those skilled in the art, the computer system details beyond those shown in
In
As illustrated in
WMM 311 coordinates the screen data flow from the various devices and applications into an orderly presentation of windowed information on the display device 221. Commands issued by WSM 309 override display commands from applications 319 issued to WMM 311 and generate an identified screensaver display for specified windows in the display, in accordance with the preferred embodiment of the present invention. When a “screensaver” function is invoked, some of the devices that interface with WMM 311 are masked off by the locking functions of WSM 309. Other devices may continue to function and therefore continue to update window images even though the screen is “locked”. The operation of WSM 309 is described in more detail below.
WMM 311 has many internal subroutines to accomplish its overall function. As part of integrating keyboard, mouse, and modem (e.g. Internet) input, WMM 311 must serve as the window manager for the system and handle window creation, window movement, window iconization, window resizing, window z-ordering and “bring-window-into-focus” (i.e., make it active), amongst many other functions. In order to manage these windows efficiently, it is necessary for WMM 311 to maintain a database, called a “Table of All Windows,” identifying all windows displayed or “inconified” for a particular session.
As shown in
The table entries in
An exemplary screen display of an individual window option screen, called “Create Windows Display Security Settings”, is illustrated in
After being set in the screen of
The operation of WSM 309 is now described. When windows are being displayed in the display 501 (
Upon detecting a window in the display becoming inactive and dropping from the top level in the z-order specified in table 400, WSM 309 identifies the nickname of the process running in the detected window and determines if that process has a “Secure Window” setting option set to “YES” in column 704. If so, any window listed in table 400 displaying data generated from the identified process (nickname 702) is to be secured by WSM 309 upon becoming inactive. Methods of securing an inactivated window by WSM 309 in accordance with alternative preferred embodiments of the present invention include (1) displaying a screen-saver-type static or dynamic image in place of the application data of the inactive window or within a viewable sector of the inactive window, (2) blanking the display within the inactive window, or (3) automatically minimizing an inactivated window.
Prior to securing an inactivated window, WSM 309 determines if a security delay 706 has been set for the process 702 executing in the inactivated window. If so, WSM 309 allows WMM 311 to continue displaying the window's active content requested by the executing process for a period equal to the specified security delay (for example in seconds) following the time when the window enters the inactive state. For example, table 700 specifies at column 706 that the content of the window containing the “Email Client” shall remain on screen for sixty seconds following that window becoming inactive on the display. Column 706 specifies that the content in the “Word Processor” window shall remain on screen for one hundred and twenty seconds following that window becoming inactive. Column 706 specifies that the content in the “Web Browser” window shall not remain on screen following that window becoming inactive.
Upon expiration of any security delay, WSM 309 sends instructions to WMM 311 to implement a security function within the indicated window as specified at column 708. In response, WMM 311 requires the display device driver 321 to generate a predetermined content at the pixels of the display identified in table 400 for the inactive window, instead of the content being driven by the window's application 319. The security style 708 sets the predetermined content that will be specified by WSM 309 for display on display 105. For example, the “standard” security style specified in table 700 could be a standard printed text message (“THIS WINDOW IS OBSURED”) indicating that the content of that window has been obscured or could comprise blanking the pixel display within the window frame of the inactive window. As another example, the “waterfall” security style is a picture or dynamic video image similar to a standard “screensaver” present on most computer systems. In an alternative response, WMM 311 requires the display device driver 321 to “minimize” the inactive window by replacing it with a small icon (for example in a task bar) or completely removing it from the display.
As will be appreciated, other obscure styles could be utilized by the system of the preferred embodiment. Other security styles include merely blanking the inactive window or displaying a facade image appearing to be a window generated by the applicable application but containing non-sensitive or non-confidential information in place of the actual application content. For example, a “dummy” email could be created by the user and stored in memory accessible by WSM 309 for display in window 807 when the inactive window security function is implemented. In this embodiment, this “dummy” obscure style is accessed by WMM 311 and displayed in the inactive email client window, instead of the actual data content currently loaded and being displayed by the email client application. In an alternative embodiment, only a portion of the inactive window is obscured by the replacement image, for example a viewable sector containing confidential information, while leaving other viewable sectors of the inactive window unobscured and displaying application data.
With reference now to
When the determination at decision 1006 is that a window has become active (i.e., set to the top level or level 1, as shown in
At step 1012, WSM 309 determines if a window has become inactive (out-of-focus) in the display, as detected by a window changing from a level 1 to a greater level display. In a preferred embodiment, WSM 309 considers a window inactive if it is not currently the window “in focus” on the windows desktop (as selected by the user's pointing device or other user interface) or if a pre-selected period of time has elapsed since the last received user input from trackball device driver 301 or keyboard device driver 305. If so, process 1000 proceeds to step 1014, where WSM 309 determines if the inactivated window is set as a secure window, as set at column 704. If not, the process returns to step 1004 to continue monitoring the table 400 for changes in the active/inactive status of windows in the display.
If set as a secure window (704), the process proceeds to step 1018 to wait the period specified by security delay setting 706 in table 700, while continuing to monitor the other windows in table 400. Upon the expiration of the security delay, process 1000 proceeds to step 1020, where WSM 309 obscures the inactivated window display by superimposing the security style 708 within pixel boundaries of the inactivated window, thereby obscuring the image data generated by the window's application. In particular, WSM 309 instructs WMM 311 to override any image data input from applications 319 and generate images identified by the inactivated process' security style 708 at the pixels specified for the inactivated window in table 400. After securing the inactivated window, process 1000 returns to step 1004 to continue monitoring table 400 for additional changes in the window levels specified therein.
Note that the background or desktop level of the windowing system presents a special case for the processing of the preferred embodiment. This results in the preferred embodiment of process 1000, which continues to monitor for both the activation and inactivation of windows (steps 1006 and 1012) because there are cases where one may occur without the other. In particular, if the user selects the background of the display instead of one of the windows running in the system, the background is set to level 1 in the table 400. In that case, while one window has become inactive in the display, another window has not simultaneously become active. Conversely, if when the background is active the user selects a window in the display via a user interface, the window becomes active in the display but no other window specified in the table 400 simultaneously becomes inactive. In an alternative embodiment of the present invention, the background of the display can be also be treated as a window by WSM 309 and designated window security settings 704, 706, 708.
While the invention has been particularly shown and described with reference to a preferred embodiment, it will be understood by those skilled in the art that various changes in form and detail may be made therein without departing from the spirit and scope of the invention. For example, the present invention may be implemented using any combination of computer programming software, firmware or hardware. As a preparatory step to practicing the invention or constructing an apparatus according to the invention, the computer programming code (whether software or firmware) according to the invention will typically be stored in one or more machine readable storage mediums such as fixed (hard) drives, diskettes, optical disks, magnetic tape, semiconductor memories such as ROMs, PROMs, etc., thereby making an article of manufacture in accordance with the invention. The article of manufacture containing the computer programming code is used by either executing the code directly from the storage device, by copying the code from the storage device into another storage device such as a hard disk, RAM, etc., or by transmitting the code for remote execution. The method form of the invention may be practiced by combining one or more machine-readable storage devices containing the code according to the present invention with appropriate standard computer hardware to execute the code contained therein. An apparatus for practicing the invention could be one or more computers and storage systems containing or having network access to computer program(s) coded in accordance with the invention. While this invention is described in terms of the best mode for achieving this invention's objectives, it will be appreciated by those skilled in the art that variations may be accomplished in view of these teachings without deviating from the spirit or scope of the present invention.