(12) United States Patent
`Gupta
`
`I lllll llllllll Ill lllll lllll lllll lllll lllll 111111111111111111111111111111111
`US006446109B2
`US 6,446,109 B2
`*Sep.3,2002
`
`(10) Patent No.:
`(45) Date of Patent:
`
`(54) APPLICATION COMPUTING
`ENVIRONMENT
`
`(75)
`
`Inventor: Abhay K. Gupta, Milpitas, CA (US)
`
`(73) Assignee: Sun Microsystems, Inc., Santa Clara,
`CA(US)
`
`( *) Notice:
`
`This patent issued on a continued pros(cid:173)
`ecution application filed under 37 CFR
`1.53( d), and is subject to the twenty year
`patent term provisions of 35 U.S.C.
`154(a)(2).
`
`Subject to any disclaimer, the term of this
`patent is extended or adjusted under 35
`U.S.C. 154(b) by 0 days.
`
`(21) Appl. No.: 09/106,868
`
`(22) Filed:
`
`Jun. 29, 1998
`
`Int. Cl.7 ................................................ G06F 15/16
`(51)
`(52) U.S. Cl. ........................................ 709/203; 345/853
`(58) Field of Search ................................. 709/203, 202,
`709/213, 214, 219, 224, 238, 302; 345/342,
`349, 853
`
`(56)
`
`References Cited
`
`U.S. PATENT DOCUMENTS
`5,790,789 A * 8/1998 Saurez ....................... 709/202
`
`(List continued on next page.)
`
`OIBER PUBLICATIONS
`
`"Servlet Tutorial," Copyright 1997, Sun Microsystems, Inc.
`"Introduction to Servlets," Copyright 1997, Sun Microsys(cid:173)
`tems, Inc.
`"The Java ServletAPI," Copyright 1997, Sun Microsystems,
`Inc.
`Fritzinger, J. Steven and Mueller, Marianne, "Java Security,"
`Copyright 1997, Sun Microsystems, Inc.
`
`Erdos, Marlena, Hartman, Bret, and Mueller, Marlena,
`"Security Reference Model For The Developer's Kit 1.0.2,"
`Dated: Nov. 13, 1996.
`"Secure Computing with Java. Now and the Future," Copy(cid:173)
`right 1995-98, Sun Microsystems, Inc.
`
`Primary Examiner-Robert B. Harrell
`Assistant Examiner---Bunjob Jaroenchonwanit
`(74) Attorney, Agent, or Firm-Gunnison, McKay &
`Hodgson, L.L.P.; Philip J. McKay
`
`(57)
`
`ABSTRACT
`
`A computing environment that offers a level of decentrali(cid:173)
`zation wherein application server code resident on a remote
`application server can be distributed to a local server. The
`local server becomes a local application server for a client.
`A request for information by a client is serviced by the local
`application server. If the information is available on the local
`application server, the local application server satisfies the
`request using this information. If the information is not
`available locally, the local application server can access the
`remote application server to obtain the requested informa(cid:173)
`tion. When the information is copied to the local application
`server, the local application server retains a copy of the
`information and forwards a copy to the client. Thus, subse(cid:173)
`quent requests can be satisfied without accessing the remote
`application server. Where the information cannot be trans(cid:173)
`ferred to the local application server, the local application
`server can establish a proxy to the remote application server
`that forwards a client request to the remote application
`server and a response from the remote application server to
`the client. The client communicates with the remote appli(cid:173)
`cation server via the proxy on the local application server
`and is unaware of the remote application server. During a
`login process, the client establishes its identity which can be
`used for multiple applications and information requests. The
`local server generates a credential for the client that can be
`used to authorize access to any application server and/or
`service needed by the client.
`
`19 Claims, 9 Drawing Sheets
`
`302
`,----------1,
`I Client
`I
`Tier
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`!
`I
`I
`
`306
`
`BROWSER
`
`; I
`322:
`I
`'-----~~~~~~ I
`I
`I
`I
`I
`L ___________ _J
`
`320
`,---------s._,
`Web Top
`Server Tier
`
`1
`
`I
`!
`I
`
`1
`
`I
`I
`I
`
`308
`
`316
`,---------s._,
`Application
`Server Tier
`
`1
`
`I
`I
`
`1
`1
`I
`
`318
`
`i-o~cili~s; 1_ i
`
`I
`I
`
`Tier
`
`I
`I
`
`310
`
`312
`I
`
`WEB TOP
`SERVER
`
`I
`I
`I
`DATABASE
`i 326 I ~'ERVER !I
`:324;
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`L __________ J
`L _______ _J
`L __________ J
`
`APPLICA 110N
`SERVER
`
`I
`
`IPR2017-00184
`UNIFIED EX1005
`
`

`
`US 6,446,109 B2
`Page 2
`
`U.S. PATENT DOCUMENTS
`5,826,024 A * 10/1998 Higashimura et al.
`...... 709/214
`5,857,201 A * 1/1999 Wright, Jr. et al. ......... 707/104
`5,862,344 A * 1/1999 Hart ........................... 709/238
`5,875,322 A * 2/1999 House et al.
`............... 395/561
`5,878,218 A * 3/1999 Maddalozzo, Jr. et al.
`. 709/213
`5,881,230 A * 3/1999 Christensen et al. ........ 709/203
`5,883,626 A * 3/1999 Glaser ........................ 345/342
`5,889,520 A * 3/1999 Glaser ........................ 345/349
`5,919,257 A * 7/1999 Trostle ....................... 713/200
`5,922,045 A * 7/1999 Hanson ...................... 709/206
`5,930,768 A * 7/1999 Hooban ....................... 705/27
`5,958,010 A * 9/1999 Agarwal et al.
`............ 709/224
`
`5,960,200 A * 9/1999 Eager et al.
`................ 395/705
`5,961,582 A * 10/1999 Gaines .......................... 709/1
`5,987,454 A * 11/1999 Hobbs ........................... 707/4
`5,987,608 A * 11/1999 Roskind ..................... 713/200
`6,012,067 A * 1/2000 Sarkar ........................ 707/103
`6,012,083 A * 1/2000 Savitzky et al. ............ 709/202
`6,025,474 A * 2/2000 Carter et al. ................ 711/202
`6,061,738 A * 5/2000 Osaka et al. ................ 709/245
`6,073,168 A * 6/2000 Mighdol et al.
`............ 709/217
`6,112,228 A * 8/2000 Earl et al. ................... 709/205
`6,119,247 A * 9/2000 House et al.
`................. 714/38
`6,202,200 Bl * 3/2001 House et al.
`............... 345/759
`* cited by examiner
`
`

`
`102
`1- - - -- - -- --1,
`Client
`Tier
`
`106
`
`1
`
`1
`
`I
`I
`I
`I
`I
`I
`I
`
`BROWSER
`
`I
`I 104
`I
`I
`I
`I
`I
`L __ ______ __ _ _J
`
`116
`,- -- -- -- --i_,
`Application
`Tier
`
`1
`I
`I
`
`1
`I
`I
`
`Cj
`•
`00
`•
`
`118
`l _ ___ _ _ )_I
`Database
`Tier
`
`1
`
`1
`I
`
`1
`1 108
`I
`
`110
`
`112
`
`APPLICATION
`SERVER
`
`DATABASE
`SERVER
`
`114
`
`L _______ __ _ J
`
`L _______ _J
`
`FIG. 1
`
`

`
`219
`
`1/0
`
`216
`
`217
`
`, _v_1D.--E0_ 1-----i Q
`L:_j
`
`_ AMP
`
`213
`
`214
`
`VIDEO
`MEMORY
`
`MAIN
`MEMORY
`
`215
`
`220
`
`CPU
`
`218
`
`210
`
`211
`
`212
`
`KEYBOARD
`
`MOUSE
`
`MASS
`STORAGE
`
`~ •
`00
`•
`
`SERVER
`
`226
`
`225
`
`224
`
`222
`
`HOST
`
`223
`
`COMM
`INT
`
`LOCAL
`NETWORK
`LINK 221 NETWORK
`
`200
`
`FIG. 2
`
`

`
`320
`r - ----- ---5--,
`Web Top
`Server Tier
`
`1
`
`1
`I
`I
`I
`I
`
`306
`
`1
`I
`I
`I
`I
`I
`I
`I
`I
`
`302
`,-------- - - _s_,
`1 Client
`Tier
`I
`I
`I
`!
`I
`I
`I
`I
`I
`J I
`I
`322 1
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`L ______ __ _ _ _ _I
`
`BROWSER
`
`SOS
`
`WEB TOP
`SERVER
`
`316
`,- - ----- - -s._ 1
`Application
`Server Ti er
`
`1
`
`I
`I
`I
`I
`I
`I
`I
`I
`
`310
`
`APPLICATION
`SERVER
`
`1
`
`I
`I
`I
`I
`I
`I
`I
`I
`
`1
`
`1
`I
`I
`I
`I
`I
`I
`I
`
`~ •
`rJ). .
`
`318
`, -- --- - l,
`Database
`Tier
`
`1
`I
`I
`I
`I
`
`312
`
`1
`I
`I
`I
`I
`I
`I
`I
`I
`
`DATABASE
`SERVER
`
`I
`I
`I
`I
`1326 I
`1324 I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`I
`1
`I
`I
`L _ __ _ _ _ _ _J
`L _ _____ ____ _J
`L _ __ _ ___ _ _ _ J
`
`FIG. 3
`
`

`
`U.S. Patent
`
`Sep.3,2002
`
`Sheet 4 of 9
`
`US 6,446,109 B2
`
`406
`\
`
`~410A
`
`~4108
`
`408
`\
`/
`
`WEB TOP
`SERVER
`
`-
`
`CLIENT
`
`CLIENT
`
`~ ~410C
`CLIENT
`
`416 s
`
`~420A
`
`CLIENT
`
`~4208
`
`~420C
`
`CLIENT
`
`
`CLIENT
`
`/
`
`- ~
`
`418
`\
`
`WEB TOP
`SERVER
`
`426
`\
`
`~430A
`
`~4308
`
`428
`\
`/
`
`WEB TOP
`SERVER
`
`-
`
`CLIENT
`
`CLIENT
`
`~ ~430C
`CLIENT
`
`FIG. 4A
`
`402
`\
`
`404A
`\
`l\PPLICA TION
`SERVER
`
`4048
`\
`APPLICATION
`SERVER
`
`404C
`\
`~PPLICA TION
`SERVER
`
`

`
`4~4A
`1
`
`DATABASE
`SERVER
`
`-
`
`'
`
`414B
`(\
`
`DATABASE
`SERVER
`
`414C
`\
`
`DATABASE
`SERVER
`
`'
`
`402
`\
`
`404A
`\
`APPLICATION
`SERVER
`
`404B
`(
`\
`
`APPLICATION
`SERVER
`
`-
`404C
`\
`APPLICATION
`SERVER
`-
`
`408
`\ v~410A
`
`d •
`\JJ.
`•
`
`WEB TOP
`SERVER
`
`I
`
`i
`
`I
`CLIENT
`T
`CLIENT
`
`418
`(
`
`WEB TOP
`
`\ I~ CLIENT
`SERVER H CLIENT
`
`I
`
`I
`CLIENT
`-
`
`4108
`
`410C
`
`420A
`
`4208
`
`420C
`
`\28
`.
`]~ CLIENT
`I
`SERVER --1 CLIENT 1~4308
`
`430A
`
`-
`
`WEB TOP
`
`1-----
`
`416
`
`r--- 4
`26
`
`FIG. 4B
`
`L__
`
`I
`CLIENT
`
`430C
`
`

`
`308
`\
`
`d •
`\JJ.
`•
`
`SERVICE
`LOCATOR
`
`r---506
`
`~--P-R_ox_Y __ __,r-
`I
`
`SERVICES
`
`-
`
`510
`
`APPLICATION
`SOFTWARE
`
`~516
`
`5148
`\
`
`514C
`\
`
`512
`
`(
`
`514D
`\
`
`502~
`
`APPLICATION
`LOCATOR
`
`504~
`
`DOWNLOAD
`SERVICE
`
`LOCAL SERVICES
`514A
`\
`
`FILE
`SERVICE
`
`PRINT
`SERVICE
`
`LOGIN
`SERVICE
`
`PROFILE
`SERVICE
`
`FIG. 5
`
`

`
`610A
`\
`APPLICATION
`SERVER
`
`6108
`\
`APPLICATION
`SERVER
`
`610C
`\
`APPLICATION
`SERVER
`
`WEB TOP
`SERVER
`
`308
`\
`
`I
`
`PROXY
`SERVICES
`
`I
`
`604
`~
`
`I
`
`SERVER
`
`~ 606A
`
`-
`SERVI CD
`'
`(
`608A
`
`SERVER
`
`~ 6068
`
`I
`
`~
`
`~I
`
`6088
`
`602A
`\
`
`6~28
`
`602C
`\
`
`CLIENT
`
`CLIENT
`
`CLIENT
`
`FIG. 6
`
`SERVER
`
`~ 606C
`
`-
`SERVICE
`' (
`608C
`
`d •
`\JJ.
`•
`
`'Jl
`~ '?
`~~
`
`N c c
`
`N
`
`'Jl =-~
`~ .....
`-..J
`0 .....,
`\C
`
`

`
`U.S. Patent
`
`Sep.3,2002
`
`Sheet 8 of 9
`
`US 6,446,109 B2
`
`START
`
`REQUEST FOR
`APPLICATION SOFTWARE
`RECEIVED FROM CLIENT
`
`702
`
`>--- YES -~
`
`NO
`
`DETERMINE LOCATION
`OF REQUESTED
`SOFTWARE
`
`DOWNLOAD
`APPLICATION SOFTWARE
`
`STORE APPLICATION
`SOFTWARE ON WEBTOP
`SERVER
`
`706
`
`708
`
`710
`
`SEND APPLICA TlON
`SOFTWARE TO CLIENT
`
`712
`
`END
`
`714
`
`FIG. 7
`
`

`
`U.S. Patent
`
`Sep.3,2002
`
`Sheet 9 of 9
`
`US 6,446,109 B2
`
`.---- YES
`
`START
`
`REQUEST FOR SERVICE
`HANDLE RECEIVED
`FROM CLIENT
`
`802
`
`NO
`
`DETERMINE LOCATION
`OF REQUESTED
`SERVICE
`
`806
`
`810
`
`NO
`
`DOWNLOAD
`SERVICE PROXY
`
`YES
`
`DOWNLOAD SERVICE
`
`SEND HANDLE TO
`CLIENT
`
`812
`
`814
`
`END
`
`816
`
`FIG. 8
`
`

`
`US 6,446,109 B2
`
`1
`APPLICATION COMPUTING
`ENVIRONMENT
`
`20
`
`2
`involve the client tier. That is, if the calculator application
`software and data are resident on the client, there is no need
`to access the application or database tiers. An application
`that makes use of persistent storage such as a word process-
`ing application and the documents created therein may
`involve both the client and the application tiers. An enter(cid:173)
`prise's application (e.g., an accounting or personnel) may
`involve all three tiers as data that is used by the application
`may be stored in a database.
`FIG. 1 provides an overview of a three-tier architecture.
`Client tier 102 typically consists of a computer system that
`provides a graphic user interface (GUI) generated by
`browser 106. Browser 106 generates a display from a
`specification of GUI elements (e.g., a file containing input,
`15 form, and text elements defined using the Hypertext Markup
`Language (HTML) and/or by an applet (i.e., a program such
`as a program written using the Java programming language
`that runs when it is loaded by the browser).
`Application server 110 is pre-configured to include those
`applications that are needed by its clients. In an effort to keep
`the size of the client minimal or "thin," applets that are
`executed in client tier 102 generally do not include any
`significant application logic. Application server 110 is pre(cid:173)
`configured to include the application logic that is not
`included in client tier 102. The majority of an application's
`functionality is performed by the application logic that
`resides on and is managed by application server 110 in
`application tier 116. Database tier 118 contains the data that
`is accessed by the application logic in application tier 116.
`Database server 112 manages the data, its structure and the
`operations that can be performed on the data and/or its
`structure.
`Application server 110 and database server 112 reside in
`35 production data center 108. Application server 110 can be
`pre-configured with applications such as a corporation's
`accounting, personnel and payroll applications, for example.
`Application server 110 manages requests directed to the
`applications that are stored on application server 110. Data-
`40 base server 112 manages the database(s) that manage data
`for applications. Database server 112 responds to request to
`access the accounting, personnel and payroll applications'
`data, for example.
`Connection 104 is used to transfer the graphical user
`45 interface layer to client tier 102 and to transmit enterprise
`data between client tier 102 and production data center 108.
`The client tier can communicate with the application tier via
`a Remote Method Invocation (RMI) application program-
`ming interface (API) available from Sun Microsystems. The
`RMI API provides the ability to invoke methods, or software
`modules, that reside on another computer system. Param-
`eters are packaged (or marshalled) and unpackaged (or
`unmarshalled) for transmittal to and from the client tier.
`Connection 114 represents the transmission of requests for
`data and the responses to such requests from applications
`that reside in application server 110.
`In a typical computing environment, production data
`center 108 is located at a centralized site. In this way,
`applications can be centrally managed such that updates can
`be made and a standardized application base can be provided
`to users. However, an application's users can be spread
`across a wide geographical area. Thus, client tier 102 is not
`necessarily located at the same site or proximately con(cid:173)
`nected to application server 110 (e.g., via a local area
`65 network, or LAN). Information may be transmitted, for
`example, via a wide area network (WAN) or the Internet that
`involve remote transmissions (e.g., overseas) and lower
`
`Portions of the disclosure of this patent document may
`contain material that is subject to copyright protection. The
`copyright owner has no objection to the facsimile reproduc(cid:173)
`tion by anyone of the patent document or the patent disclo(cid:173)
`sure as it appears in the Patent and Trademark Office file or
`records, but otherwise reserves all copyright rights whatso(cid:173)
`ever. Sun, Sun Microsystems, the Sun logo, SPARC, Java, 10
`JavaBeans and all Java-based trademarks and logos are
`trademarks or registered trademarks of Sun Microsystems,
`Inc. in the United States and other countries.
`
`5
`
`BACKGROUND OF THE INVENTION
`This invention relates to computing systems, and more
`particularly to the architecture and environment for com(cid:173)
`puting and applications executing therein.
`Computers are used to send and receive data using a
`transport mechanism or communications network. The
`Internet is one example of a transport mechanism and other
`examples include local area networks (LANs) and wide area
`networks (WANs). Using a network, a software application
`(a sender) that resides on one computer system can exchange
`information (e.g., corporate data or executable code) with a 25
`software application (a receiver) that resides on a remote
`computer system, for example. The exchange of information
`between computers typically occurs between a "server appli(cid:173)
`cation" that provides information or services, and a "client
`application" that receives the provided information and 30
`services.
`A problem with existing server applications is that they
`must be pre-configured to include the information that they
`are to provide to a client application. Further, issues such as
`transmission efficiency and security are raised when infor(cid:173)
`mation is exchanged between computers. Transmission inef(cid:173)
`ficiencies are especially apparent where information is com(cid:173)
`municated over a long distance and/or lower speed or
`bandwidth lines. Further, where transmission is being
`received by a computer system, security measures are typi(cid:173)
`cally used to ensure that the transmitted information (e.g.,
`program code) does not corrupt the computer system.
`Unfortunately, security measures can restrict access to the
`computer system's resources which can hinder an applica(cid:173)
`tion's efficiency and usability.
`As will be discussed below, computing environments that
`use an application architecture initially developed for use
`with the Internet can be significantly affected by the type of
`medium used to form the Internet connection. The type of
`connection that a user has to the Internet can impact the 50
`speed at which :information is transmitted.
`The application architecture that is typically used in the
`Internet environment is referred to as a three-tier application
`architecture, or three-tier architecture. The three-tier archi(cid:173)
`tecture was originally designed to allow a client to have 55
`access to data and applications. In this architecture, a client
`communicates requests to a server for data, software and
`services, for example. The three-tier architecture includes a
`database tier that includes a database server, an application
`tier that includes an application server and application logic 60
`(i.e., software application programs, functions, etc.), and a
`client tier. The application server responds to application
`requests (e.g., a request for a software applet, etc.) received
`from the client. The application server forwards data
`requests to the database server.
`The number of tiers that are required for an application
`may vary. For example, a calculator application might only
`
`

`
`US 6,446,109 B2
`
`3
`bandwidth communication technologies (e.g., modem)
`which can result in unacceptable transmission times. Trans(cid:173)
`mission times are of concern since both data and application
`code may be transmitted between client tier 102 and appli(cid:173)
`cation server 110 in the three-tier architecture.
`The three-tier architecture can be used with various types
`of networks (e.g., Internet and intranet). Typically, client tier
`102 communicates with production data center 108 via
`browser 106 which issues a request of application server
`110. The client can request a resource that is identified by a
`uniform resource locator (URL) designation. For example,
`the URL can identify a page definition (e.g., an H1ML
`document) that browser 106 uses to generate a display, or the
`URL can identify an applet (i.e., executable program code)
`which is run inside browse 106.
`The information that is represented by a URL is down(cid:173)
`loaded to client tier 102. Thus, if a corporate application
`requires multiple downloads (e.g., multiple page definitions
`and/or applets) to run within client tier 102, the downloading
`process is inefficient when application server 110 is remote
`and/or slower transmission rates are used.
`Security measures adopted for use with the application
`architecture limit the applications that have been developed
`according to this architecture. For example, an application's
`efficiency and/or usability can be impacted as a result of
`security measures. Further, there are issues of security
`concerning the transmission of information. From the per(cid:173)
`spective of client tier 102, for example, it is necessary to
`ensure that the information that is being received is
`"trusted." That is, it is important to ensure that client tier 102
`is not corrupted by unauthorized software executing in client
`tier 102. Further, it is important to ensure that a client that
`attempts to access production data center 108 can be trusted
`with the corporation's data and applications.
`Optimally, client tier 102 executes only those applets that
`have been received from a known and trusted source (e.g.,
`production data center 108). A level of trust can be achieved
`between a client tier 102 and production data center 108
`such that data and applets can be transmitted freely between 40
`client tier 102 and production data center 108. However, this
`paradigm is limiting and does not always occur in practice.
`Browser 106 may request an applet from a source other than
`production data center 108, for example. If an applet is
`allowed to execute unchecked in client tier 102, it introduces 45
`the potential for serious breaches of security and/or mali(cid:173)
`cious access to the data and resources.
`Security models or approaches have been adopted to limit
`the damage that may be caused by a breach of security and
`maliciousness. One such security approach, referred to as 50
`the sandbox security model, limits the access given to
`applets from an "untrusted" (i.e., unknown) source to only
`its namespace (e.g., operating system-assigned boundaries
`of a program such as the addressable memory).
`An "untrusted" applet or software program is allowed to 55
`access only memory or other computer resources that are in
`its namespace. By limiting an "untrusted" applet to its own
`namespace, the applet can be prohibited from modifying
`areas of memory assigned to other applets or applications,
`for example.
`Further, an applet may be prohibited from establishing a
`connection to (and/or downloading code from) a server (e.g.,
`file or printer servers) other than the one from which it was
`retrieved. Client tier 102 may be forced to access another
`server via application server 110. To make a request of a file 65
`server, for example, client tier 102 sends the request to
`application server 110 which forwards the request to the file
`
`4
`server. This is inefficient particularly when the file server
`adjacent to client tier 102.
`Further, in the sandbox approach, printing is accom(cid:173)
`plished by displaying material to be printed in browser 106
`5 and relying on the user to print the material using the print
`functionality available in browser 106.
`The sandbox approach has clear disadvantages. An applet
`that is confined to its namespace cannot access information
`that is stored in a local file system. Further, confined applets
`10 cannot pool or share resources such as memory.
`Another security approach uses signatures or other forms
`of certification to certify that an applet is from a known
`source. An "untrusted" applet can become a "trusted" applet,
`if its digital signature can be verified by, for example, client
`15 tier 102. Verification can be accomplished with digital
`signatures using a public key/private key encryption tech(cid:173)
`nique. The recipient of the information (e.g., client tier 102)
`uses the digital signature and a public key (a key generated
`from the private key and distributed to the public) to verify
`20 the digital signature thereby verifying the information.
`Signed applet support is not provided by all clients. To
`support digitally signed applets, it is necessary for client tier
`102 to include the ability to verify the signature. Many
`25 currently available browsers do not have such a capability.
`In addition to the efficiency and security issues, in the
`three-tier model each application must log in to application
`server 110 separately. There is no ability to store user
`information (e.g., profile information) in client tier 102 or
`30 elsewhere so that it can be used for subsequent applications.
`SUMMARY OF THE INVENTION
`One or more embodiments of the invention comprise a
`computing environment that offers a level of decentraliza-
`35 tion wherein application code resident on a remote applica(cid:173)
`tion server can be distributed to a local server, or local
`application server, that services a client. A local application
`server can be dynamically configured to serve its clients
`based on requests for application code and/or services.
`Further, application code that is downloaded to a client from
`the local application server can be trusted such that access to
`the local application server's resources can be given to the
`downloaded application code. Efficiencies can be achieved
`for the transmission of information.
`Using embodiments of the invention, it is not necessary to
`pre-configure the local application server to satisfy a request
`of the server. The local application server can be configured
`dynamically (e.g., as needed) in response to requests. For
`example, there is no need to install application code or
`services on the local application server in anticipation of a
`request. If the local application server is not configured to
`handle a request, the local application server dynamically
`configures itself to satisfy the request.
`A request for information, such as application code (e.g.,
`an applet) by a client, can be serviced by the local applica(cid:173)
`tion server with its existing configuration or a new configu(cid:173)
`ration. If the local application server's configuration
`includes the requested application code, the local application
`server satisfies the request using its existing configuration. If
`60 the local application server's configuration does not include
`the requested application code, the local application server
`attempts to locate the requested application code (e.g., from
`another application server). When the requested application
`code is located, it is transferred to the local application
`server. The local application server retains a copy of the
`application code and forwards a copy to the client. Thus, if
`a subsequent request is made for the application code, it can
`
`

`
`US 6,446,109 B2
`
`6
`the client that can be used to authorize access to any
`application server and/or service requested by the client.
`
`BRIEF DESCRIPTION OF THE DRAWINGS
`
`FIG. 1 provides a block diagram of a three-tier computing
`architecture.
`FIG. 2 is a block diagram of an embodiment of a computer
`system capable of providing a suitable execution environ(cid:173)
`ment for an embodiment of the invention.
`FIG. 3 is provides a block diagram of a four-tier archi(cid:173)
`tecture according to one or more embodiments of the
`invention.
`FIG. 4A illustrates a portion of a four-tier architecture
`with localized servers accessing application servers accord(cid:173)
`ing to an embodiment of the invention.
`FIG. 4B illustrates a four-tier architecture with localized
`servers according to an embodiment of the invention.
`FIG. 5 provides an illustration of a webtop server accord-
`20 ing to an embodiment of the invention.
`FIG. 6 illustrates the use of proxies for connecting mul(cid:173)
`tiple clients to multiple servers according to an embodiment
`of the invention.
`FIG. 7 provides a application software acquisition process
`according to an embodiment of the invention.
`FIG. 8 provides a service acquisition process according to
`an embodiment of the invention.
`
`5
`be satisfied by the local application server (without access(cid:173)
`ing another application server).
`The local application server can further be dynamically
`configured with services that can satisfy a client request.
`When a service request is received from the client, the local 5
`application server attempts to satisfy the request using a
`service that resides on the local application server. If the
`requested service is resident on the local application server,
`the local application server forwards the request to the
`service. There is no need to reconfigure the local application 10
`server.
`If a request is for a service for which the local application
`server is not already configured, the local application server
`determines whether the service resides elsewhere (e.g., on
`another server). If the local application server finds the 15
`service, it determines whether the service can be acquired
`from its current location. If so, the service is copied to the
`local application server and is used to satisfy the client's
`request.
`Where the requested service cannot be transferred to the
`local application server, the local application server estab(cid:173)
`lishes a proxy for the service. The proxy resides on the local
`application server and forwards the client request to the
`service that resides on the other application server. If a
`response is generated by the service, the response is sent to 25
`the proxy on the local application server and forwarded to
`the client. Thus, where a proxy is used, the client need not
`be aware of the service's actual location. The client is
`unaware that the requested service does not reside on the
`local application server.
`In embodiments of the invention, the local application
`server includes an application locator, a service locator, a
`download service and none or more local services. The
`application and service locators are used by the local appli- 35
`cation server to locate application code and services
`(respectively) when a request is made that cannot be satis(cid:173)
`fied using the local application server's current configura(cid:173)
`tion. Services that are downloaded to the local application
`server can be used by the local application server to satisfy 40
`a request.
`The local application server can be configured with proxy
`services as needed. A proxy service acts as proxy for a
`service that resides elsewhere (e.g., on another server). A
`proxy service is used when, for example, a service cannot be 45
`transferred to the local application server. A service request
`is forwarded by the proxy service to the service. The service
`sends a response, if any, to the proxy service for forwarding
`to the requester.
`The local application server can be configured with appli- 50
`cation software as needed. When, for example, a client
`requests application code, the local application server can
`obtain the application code, if it does not already have the
`requested application code. Application code that is acquired
`by the local application server is retained and can be used to 55
`satisfy a subsequent request for the application code, if any.
`The local application server can be configured to include
`local services such as print, file, login or profile services that
`can be shared by multiple applications. Where the local
`application is configured to include local services, a client 60
`request for a local service is forwarded by the local appli(cid:173)
`cation server to the local service.
`One such local service allows a client to log in to the local
`application server. During a login process, the client estab(cid:173)
`lishes its identity which is stored on the local application 65
`server and can be used for multiple applications and infor(cid:173)
`mation requests. The local server generates a credential for
`
`30
`
`DETAILED DESCRIPTION OF THE
`INVENTION
`An enterprise computing environment is described. In the
`following description, numerous specific details are set forth
`in order to provide a more thorough description of the
`present invention. It will be apparent, however, to one
`skilled in the art, that the present invention may be practiced
`without these specific details. In other instances, well-known
`features have not been described in detail so as not to
`obscure the invention.
`Embodiment of Computer Execution Environment
`(Hardware)
`An embodiment of the invention can be implemented as
`computer software in the form of computer readable pro(cid:173)
`gram code executed on a general purpose computer such as
`computer 200 illustrated in FIG. 2. A keyboard 210 and
`mouse 211 are coupled to a bidirectional system bus 218.
`The keyboard and mouse are for introducing user input to
`the computer system and communicating that user input to
`processor 213. Other suitable input devices may be used in
`addition to, or in place of, the mouse 211 and keyboard 210.
`1/0 (input/output) unit 219 coupled to bi-directional system
`bus 218 represents such 1/0 elements as a printer, NV
`(audio/video) 1/0, etc.
`Computer 200 includes a video memory 214, main
`memory 215 and mass storage 212, all coupled to
`bi-directional system bus 218 along with keyboard 210,
`mouse 211 and processor 213. The mass storage 212 may
`include both fixed and removable media, such as magnetic,
`optical or magnetic optical storage systems or any other
`available mass storage technology. Bus 218 may contain, for
`example, thirty-two address lines for addressing video
`memory 214 or main memory 215. The system bus 218 also
`includes, for example, a 32-bit data bus for transferring data
`between and among the components, such as processor 213,
`main memory 215, video memory 214 and mass storage
`212. Alternatively, multiplex data/address lines may be used
`instead of separate data and address lines.
`
`

`
`US 6,446,109 B2
`
`10
`
`7
`In one embodiment of the invention, the processor 213 is
`a microprocessor manufactured by Motorola, such as the
`680XO processor or a microprocessor manufactured by Intel,
`such as the 80X86, or Pentium processor, or a SPARC
`microprocessor from Sun Microsystems, Inc. However, any
`other suitable microprocessor or microcomputer may be
`utilized. Main memory 215 is comprised of dynamic random
`access memory (DRAM). Video memory 214 is a dual(cid:173)
`ported video random access memory. One port of the video
`memory 214 is coupled to video amplifier 216. The video
`amplifier 216 is used to drive the cathode ray tube (CRT)
`raster monitor 2