WO2002056174A2 - Method for managing computer applications by the operating system of a multi-application computer system - Google Patents

Method for managing computer applications by the operating system of a multi-application computer system Download PDF

Info

Publication number
WO2002056174A2
WO2002056174A2 PCT/FR2002/000111 FR0200111W WO02056174A2 WO 2002056174 A2 WO2002056174 A2 WO 2002056174A2 FR 0200111 W FR0200111 W FR 0200111W WO 02056174 A2 WO02056174 A2 WO 02056174A2
Authority
WO
WIPO (PCT)
Prior art keywords
applications
environment
application
secure
operating system
Prior art date
Application number
PCT/FR2002/000111
Other languages
French (fr)
Other versions
WO2002056174A3 (en
Inventor
David Naccache
Matthieu Vavassori
Original Assignee
Gemplus
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Gemplus filed Critical Gemplus
Publication of WO2002056174A2 publication Critical patent/WO2002056174A2/en
Publication of WO2002056174A3 publication Critical patent/WO2002056174A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/46Multiprogramming arrangements
    • G06F9/468Specific access rights for resources, e.g. using capability register

Definitions

  • the invention relates to a method of managing computer applications by the operating system of a multi-application computer system.
  • the field of the invention is that of computer systems allowing the operation of multiple applications simultaneously.
  • a fraudster can simulate such visual evidence.
  • the purpose of this invention is to separate two environments, the truly secure applications from those who are not, and allow the user to select a part of the environment in which he wishes to evolve and on the other hand to pass from one environment to another by a combination of particular keys.
  • a third environment can also group all the applications whether or not they are secure. '
  • the invention relates to a method for managing IT applications by f of operating a computer system multi-application system available to a user, mainly characterized in that it consists in providing in the operating system a mechanism making it possible to: a) create at least two environments allowing the user to access groups of applications corresponding to each of said environments, b) define a combination of keys allowing the user to switch from one environment to another, c) detect to which environment each of said resident and future applications corresponds, d) classify each of said applications in the environment which corresponds to him.
  • a first environment relates to a group of secure applications, a second environment, a group of non-secure applications.
  • step c) consists, before launching the application, of verifying that said code of the application is signed and, when this is the case, of verifying that the signature is valid.
  • step c) consists in verifying during the execution of one of said applications, on each request for opening a network connection, that said connection is secure.
  • the method consists in creating a third environment relating to secure applications and non-secure applications. Some of said applications can be downloaded into said computer system from of a network accessible via a navigation program.
  • Figure 2 already described is a simplified view of a browser screen showing an overlay image making believe that the transaction is secure;
  • Figure 3 is a flow diagram of the main steps for determining whether an application is secure or not.
  • Computer systems in general are understood to mean personal computers, portable or not, electronic agendas, electronic organizers, mobile phones with a graphic screen, etc.
  • the personal computer typically comprises a display screen, a keyboard composed of keys, often a mouse and a central unit comprising at least one microprocessor and memories, making it possible to - implement different programs consisting of a series of instructions.
  • the central unit also includes one or more input-output interfaces ⁇ which in particular allow the computer to be connected to a network.
  • the programs that of the operating system makes it possible to manage various functions such as the display, the entry of information, ..., and in particular the management of applications operating simultaneously.
  • the management of these applications includes in particular a function allowing the user to switch from one application to another by means of a combination of keys on the keyboard, without having to close the application that he is leaving.
  • a programmer inserts into the program of the operating system, a subroutine composed of a series of instructions whose execution makes it possible, during a prior step, to create at least two environments where applications will be classified according to characteristics determined by the programmer, and to define the key combination allowing to pass from one environment to another such as "Ctrl + Tab".
  • this key combination is proposed by default by the operating system.
  • This sequence of instructions ' is inserted' into the operating system because it is well protected and almost inaccessible from a network, in particular at from applets or programs that would be downloaded. It is therefore very difficult for a fraudster, for example, to transfer an application from one environment to another, unless he has physical access to the computer.
  • the user firstly creates, using the operating system, three environments, for example in the form of virtual bars; the environment El, on secure applications, the E2 environment for non-secure applications, and E3 environment for all applications that are or 'no' secure. It retains the key combination proposed by default by the operating system, for example "Ctrl + Tab", which will allow it to switch from El to E2, from E2 to E3 and from E3 to El.
  • the operating system itself '' optionally proposes to display the environment in which it will be found, somewhere on the display screen, for example at the level of the task bar of an application bar by means of a visual characteristic possibly chosen by the user from a list proposed by the operating system.
  • the operating system first determines whether the application is or is not sequenced. We will now describe, in relation to FIG. 3, different steps making it possible to distinguish a secure application of that which is not secure or more generally of that which the user cannot trust.
  • an authentic code is not always sufficient to classify the application in the El environment of secure applications. Indeed, if, during the execution of an application whose code is signed and whose signature is valid, the opening of a network connection (an Internet connection for example) is requested by the application, it is verified that the connection is also secure. If this is the case, i.e. if the certificate is valid and already known to the operating system or not yet known to the operating system but recognized by the user, the application is classified in the El environment of secure applications.
  • a network connection an Internet connection for example
  • the application is classified in the E2 environment of non-secure applications.

Abstract

The invention concerns a method for managing computer applications by the operating system of a multi-application system wherewith a user is provided. It consists in providing in the operating system a mechanism for: a) creating at least two environments enabling the user to access groups of applications corresponding to each of said environments; b) defining a combination of keys enabling the user to shift from one environment to the other; c) detecting to which environment corresponds each of said resident and future applications; d) classifying each of said applications in the environment corresponding thereto.

Description

PROCEDE DE GESTION D'APPLICATIONS INFORMATIQUES PAR LE SYSTÈME D'EXPLOITATION D'UN SYSTÈME INFORMATIQUE MULTI- METHOD FOR MANAGING COMPUTER APPLICATIONS BY THE OPERATING SYSTEM OF A MULTI- COMPUTER SYSTEM
APPLICATIONSAPPLICATIONS
L'invention .concerne un procédé de gestion d'applications informatiques par le système d'exploitation d'un système informatique multi- applications . Le domaine de l'invention est celui des systèmes informatiques permettant le fonctionnement de multiples applications simultanément.The invention relates to a method of managing computer applications by the operating system of a multi-application computer system. The field of the invention is that of computer systems allowing the operation of multiple applications simultaneously.
Dans les systèmes multi-applications actuels, les applications s'exécutent en même temps- dans un- même environnement. Les utilisateurs de tels systèmes ont à leur disposition, des combinaisons de touches du clavier comme par exemple « Alt+Tab » leur permettant de passer d'une application à l'autre.In today's multi-application systems, the applications run at the same time - in the same environment. Users of such systems have at their disposal combinations of keyboard keys such as “Alt + Tab” allowing them to switch from one application to another.
Les utilisateurs ont besoin d'un moyen simple pour différencier différents groupes d'applications et pour pouvoir passer d'un groupe à l'autre.Users need a simple way to differentiate between different groups of applications and to be able to switch from one group to another.
On va considérer plus spécifiquement deux, groupes d'applications : les applications sécurisées et les applications non sécurisées. Certaines applications sont téléchargées à partir d'un réseau tel que le réseau INTERNET, sur le système informatique de l'utilisateur, au moyen d'un programme appelé navigateur (terme plus connu sous le vocable anglo-saxon « browser ») , tel que ceux connus sous les marques « NETSCAPE » ou « INTERNET EXPLORER ». Ces applications permettent d'effectuer des transactions sécurisées entre les utilisateurs du réseau, notamment des transactions monétaires.We will more specifically consider two groups of applications: secure applications and non-secure applications. Certain applications are downloaded from a network such as the INTERNET network, onto the user's computer system, by means of a program called browser (term better known by the English term “browser”), such as those known under the brands "NETSCAPE" or "INTERNET EXPLORER". These applications allow transactions secure between network users, including monetary transactions.
Dans le réseau INTERNET, de plus en plus de sites marchands proposent des transactions .sécurisées en mettant en œuvre des certificats qui garantissent, dans une certaine mesure, que les informations que l'acheteur va rentrer à l'écran sur le site du vendeur ne peuvent pas être "dérobées" par un tiers à la transaction. Ceci est réalisé en établissant une communication signée et/ou chiffrée entre le vendeur et l'acheteur, par exemple à l'aide de la norme SSL.In the INTERNET network, more and more merchant sites offer secure transactions by implementing certificates which guarantee, to a certain extent, that the information that the buyer will enter on the screen on the seller's site does not cannot be "stolen" by a third party from the transaction. This is achieved by establishing a signed and / or encrypted communication between the seller and the buyer, for example using the SSL standard.
Lorsqu'un site vendeur est sécurisé pour la transaction à effectuer, cet état est porté à la connaissance de l'acheteur, par des caractéristiques visuelles du navigateur qui consistent comme représenté figure 1) en : l'apparition d'un cadenas 2 fermé en bas de la fenêtre 1 du navigateur, à gauche, à droite ou ailleurs selon le navigateur utilisé, et - l'apparition, dans la barre 3 d'adresse du site, de la lettre "s" après "http" pour obtenir "https" en début d'adresse 4.When a seller's site is secure for the transaction to be carried out, this state is brought to the attention of the buyer, by visual characteristics of the browser which consist as shown in FIG. 1) in: the appearance of a padlock 2 closed in bottom of browser window 1, left, right or elsewhere depending on the browser used, and - the appearance, in site address bar 3, of the letter "s" after "http" to obtain "https "at the beginning of address 4.
Pour l'acheteur, ces caractéristiques visuelles sont, en général, les seules preuves que la transaction à effectuer sera sécurisée.For the buyer, these visual characteristics are, in general, the only evidence that the transaction to be carried out will be secure.
Comme on va le voir à présent, un fraudeur peut simuler de telles preuves visuelles. Un fraudeur qui voudrait "dérober" • les informations confidentielles d'un acheteur potentiel ou, au contraire, 1/ induire en erreur en lui présentant des fausses informations, peut faire apparaître ces caractéristiques visuelles sur son site vendeur de manière à faire croire que la transaction à effectuer sera sécurisée.As we will see now, a fraudster can simulate such visual evidence. A fraudster who would like to "steal" • the confidential information of a potential buyer or, on the contrary, 1 / mislead by presenting false information to him, can reveal these visual characteristics on his seller site so as to make believe that the transaction to be carried out will be secure.
Dans l'état actuel de fonctionnement des navigateurs, il lui est en effet possible de faire apparaître de fausses caractéristiques visuelles de sécurité en utilisant un langage de programmation, notamment ceux connus sous les marques "JAVA" ou « ActiveX ».In the current operating state of browsers, it is indeed possible for it to reveal false visual security characteristics by using a programming language, in particular those known under the brands "JAVA" or "ActiveX".
En effet, ces langages permettent d'afficher par une "applet" une image 10 en surimpression de l'image 1 affichée par le navigateur comme représenté figure 2) et ainsi faire apparaître les caractéristiques visuelles de sécurité 12 en vue de tromper l'acheteur sur la réalité de la sécurité. .L' acheteur ne peut finalement plus se fier à ces preuves visuelles de sécurité.Indeed, these languages make it possible to display by an "applet" an image 10 superimposed on the image 1 displayed by the browser as shown in FIG. 2) and thus bring up the visual security characteristics 12 in order to deceive the buyer on the reality of security. The buyer can no longer trust this visual security evidence.
Le but de la présente invention est donc de séparer en deux' environnements, les applications réellement sécurisées de celles qui ne le sont pas, et de permettre à l'utilisateur d'une part de choisir l'environnement dans lequel il souhaite évoluer, et d'autre part de passer d'un environnement à l'autre par une combinaison de touches particulières. Un troisième environnement peut également regrouper toutes les applications qu'elles soient ou non sécurisées.' So the purpose of this invention is to separate two environments, the truly secure applications from those who are not, and allow the user to select a part of the environment in which he wishes to evolve and on the other hand to pass from one environment to another by a combination of particular keys. A third environment can also group all the applications whether or not they are secure. '
L'invention a pour objet un procédé de gestion d'applications informatiques par lef système d'exploitation d'un système informatique multi- applications dont dispose un utilisateur, principalement caractérisé en ce qu'il consiste à prévoir dans le système d'exploitation un mécanisme permettant de: a) créer au moins deux environnements permettant à l'utilisateur d'accéder à des groupes d'applications correspondant à chacun desdits environnements, b) définir une combinaison de touches permettant à l'utilisateur de passer d'un environnement à l'autre, c) détecter à quel environnement correspond chacune desdites applications résidentes et futures, d) classer chacune desdites applications dans l'environnement qui lui correspond.The invention relates to a method for managing IT applications by f of operating a computer system multi-application system available to a user, mainly characterized in that it consists in providing in the operating system a mechanism making it possible to: a) create at least two environments allowing the user to access groups of applications corresponding to each of said environments, b) define a combination of keys allowing the user to switch from one environment to another, c) detect to which environment each of said resident and future applications corresponds, d) classify each of said applications in the environment which corresponds to him.
Selon un mode de réalisation de l'invention, un premier environnement concerne' un groupe d'applications sécurisées, un deuxième environnement, un groupe d'applications non sécurisées.According to one embodiment of the invention, a first environment relates to a group of secure applications, a second environment, a group of non-secure applications.
Selon une caractéristique de l'invention, l'étape c) consiste préalablement au lancement de l'application à vérifier que ledit code de l'application est signé et lorsque c'est, le cas, à vérifier que la signature est valide .According to a characteristic of the invention, step c) consists, before launching the application, of verifying that said code of the application is signed and, when this is the case, of verifying that the signature is valid.
Selon une caractéristique additionnelle, l'étape c) consiste à vérifier pendant l'exécution d'une desdites applications, à chaque demande d'ouverture d'une connexion réseau, que ladite connexion est sécurisée.According to an additional characteristic, step c) consists in verifying during the execution of one of said applications, on each request for opening a network connection, that said connection is secure.
Selon une autre caractéristique de l'invention, le procédé consiste à créer un troisième environnement concernant les applications sécurisées et les applications non sécurisées. Certaines desdites applications peuvent être téléchargées dans ledit système informatique à partir d'un réseau accessible par l'intermédiaire d'un programme de navigation.According to another characteristic of the invention, the method consists in creating a third environment relating to secure applications and non-secure applications. Some of said applications can be downloaded into said computer system from of a network accessible via a navigation program.
D'autres particularités et avantages de l'invention apparaîtront clairement à la lecture de la description faite à titre d'exemple non limitatif et en regard des dessins annexés sur lesquels :Other features and advantages of the invention will appear clearly on reading the description given by way of nonlimiting example and with reference to the appended drawings in which:
- la figure 1 déjà décrite est une vue simplifiée d'un écran de navigateur montrant que la transaction monétaire à effectuer sera sécurisée ;- Figure 1 already described is a simplified view of a browser screen showing that the monetary transaction to be carried out will be secure;
- la figure 2 déjà décrite est une vue simplifiée d'un écran de navigateur montrant une image en surimpression faisant croire que la transaction est sécurisée ; la figure 3 est un organigramme des principales étapes permettant de déterminer si une application est sécurisée ou pas .- Figure 2 already described is a simplified view of a browser screen showing an overlay image making believe that the transaction is secure; Figure 3 is a flow diagram of the main steps for determining whether an application is secure or not.
On entend par systèmes informatiques en général, les ordinateurs personnels, portables ou non, les agendas • électroniques, les organisateurs électroniques, les téléphones mobiles munis d'un écran graphique, etc.Computer systems in general are understood to mean personal computers, portable or not, electronic agendas, electronic organizers, mobile phones with a graphic screen, etc.
On va - considérer l'exemple de l'ordinateur personnel. Il comporte typiquement un écran d'affichage, un clavier composé de touches, souvent une souris et une unité centrale comportant au moins un microprocesseur et des mémoires, permettant de - mettre en œuvre différents programmes constitués d'une suite d'instructions. L'unité centrale comporte également une ou plusieurs interfaces d'entrée-sortie τ permettant notamment de connecter l'ordinateur à un réseau. Parmi les programmes, celui du système d'exploitation permet de gérer différentes fonctions telles que l'affichage, la saisie d'informations, ..., et en particulier la gestion d'applications fonctionnant simultanément. La gestion de ces applications inclut notamment une fonction permettant à l'utilisateur de passer d'une application à l'autre au moyen d'une combinaison de touches du clavier, sans avoir à fermer l'application qu'il quitte. On peut citer les touches "Alt+Tab" comme exemple d'une telle combinaison de touches .We will - consider the example of the personal computer. It typically comprises a display screen, a keyboard composed of keys, often a mouse and a central unit comprising at least one microprocessor and memories, making it possible to - implement different programs consisting of a series of instructions. The central unit also includes one or more input-output interfaces τ which in particular allow the computer to be connected to a network. Among the programs, that of the operating system makes it possible to manage various functions such as the display, the entry of information, ..., and in particular the management of applications operating simultaneously. The management of these applications includes in particular a function allowing the user to switch from one application to another by means of a combination of keys on the keyboard, without having to close the application that he is leaving. One can cite the keys "Alt + Tab" as an example of such a combination of keys.
Conformément à l'invention, un programmeur insère dans le programme du système d'exploitation, un sous- programme composé d'une suite d'instructions dont l'exécution permet, lors d'une étape préalable, de créer au moins deux environnements où seront classées les applications en fonction de caractéristiques déterminées par le programmeur, et de définir la combinaison de touches permettant de passer d'un environnement à l'autre telle que "Ctrl+Tab". De manière préférentielle, cette combinaison de- touches est proposée par défaut par le système d'exploitation.According to the invention, a programmer inserts into the program of the operating system, a subroutine composed of a series of instructions whose execution makes it possible, during a prior step, to create at least two environments where applications will be classified according to characteristics determined by the programmer, and to define the key combination allowing to pass from one environment to another such as "Ctrl + Tab". Preferably, this key combination is proposed by default by the operating system.
Il est en outre prévu dans cette suite d'instructions, lors du chargement ou téléchargement d'une nouvelle application sur l'ordinateur, de déterminer au moyen des caractéristiques préalablement déterminées par le programmeur, dans quel environnement l'application doit être classée, puis de la classer.It is further provided in this sequence of instructions, when loading or downloading a new application on the computer, to determine by means of the characteristics previously determined by the programmer, in which environment the application must be classified, then to classify it.
Cette suite d'instructions' est insérée' dans le système d'exploitation car il est bien protégé et quasiment inaccessible à partir d'un réseau notamment à partir des applets ou des programmes qui seraient téléchargés. Il est ainsi très difficile pour un fraudeur par exemple, de transférer une application .d'un environnement vers un autre, à moins qu'il n'ait physiquement accès à l'ordinateur.This sequence of instructions ' is inserted' into the operating system because it is well protected and almost inaccessible from a network, in particular at from applets or programs that would be downloaded. It is therefore very difficult for a fraudster, for example, to transfer an application from one environment to another, unless he has physical access to the computer.
On va . prendre un exemple de classement d'applications selon qu'elles sont ou non sécurisées. L'utilisateur crée dans un premier temps à .1 ' aide du système d'exploitation, trois environnements par exemple sous forme de barreaux virtuels ; l'environnement El, concernant les applications sécurisées, l'environnement E2 concernant les applications non sécurisées, et l'environnement E3 concernant toutes les applications qu'elles soient ou ' non' sécurisées. Il retient la combinaison de touches proposée par défaut par le système d'exploitation, par exemple "Ctrl+Tab", qui lui permettra de passer de El à E2, de E2 à E3 et de E3 à El. Le système d'exploitation lui' propose éventuellement d'afficher l'environnement dans lequel il se trouvera, quelque part sur l'écran d'affichage, au niveau par exemple de la barre des tâches d'un barreau de l'application au moyen d'une caractéristique visuelle éventuellement choisie par l'utilisateur parmi une liste proposée par le système d'exploitation.We go . take an example of classifying applications according to whether or not they are secure. The user firstly creates, using the operating system, three environments, for example in the form of virtual bars; the environment El, on secure applications, the E2 environment for non-secure applications, and E3 environment for all applications that are or 'no' secure. It retains the key combination proposed by default by the operating system, for example "Ctrl + Tab", which will allow it to switch from El to E2, from E2 to E3 and from E3 to El. The operating system itself '' optionally proposes to display the environment in which it will be found, somewhere on the display screen, for example at the level of the task bar of an application bar by means of a visual characteristic possibly chosen by the user from a list proposed by the operating system.
Ensuite, lorsque l'utilisateur souhaite lancer une application qui n'a pas encore été classée dans un de ces environnements, le système d'exploitation détermine d'abord si l'application est ou n'est pas séqurisée. On va à présent décrire en relation avec la figure 3, différentes étapes permettant de distinguer une application sécurisée de celle qui ne l'est pas ou plus généralement de celle à laquelle l'utilisateur ne peut faire confiance.Then, when the user wishes to launch an application which has not yet been classified in one of these environments, the operating system first determines whether the application is or is not sequenced. We will now describe, in relation to FIG. 3, different steps making it possible to distinguish a secure application of that which is not secure or more generally of that which the user cannot trust.
On va prendre comme exemple d'applications sécurisées, les applications dont le code a été signé par un dispositif mettant en œuvre un algorithme de cryptographie tel que l'algorithme RSA du nom de ses auteurs (Rivest, Shamir et Adleman) , bien connu de l'homme du métier. Lors du lancement d'une application résidente qui n'a pas encore été classée dans un environnement ou lors du chargement ou téléchargement d'une nouvelle application sur l'ordinateur, en l'occurrence du code de l'application, on procède à des vérifications avant de lancer l'exécution du code de l'application.We will take as an example of secure applications, applications whose code has been signed by a device implementing a cryptography algorithm such as the RSA algorithm named after its authors (Rivest, Shamir and Adleman), well known from the skilled person. When launching a resident application that has not yet been classified in an environment or when loading or downloading a new application on the computer, in this case the application code, checks before launching the execution of the application code.
Il s'agit de vérifier que le code est authentique c'est-à-dire vérifier d'une part que le code est signé et si c'est le cas que la signature est valide. Si l'une de ces deux conditions n'est pas vérifiée, l'application est classée dans l'environnement E2 des. applications non sécurisée.It is a question of verifying that the code is authentic, that is to say on the one hand verifying that the code is signed and if this is the case that the signature is valid. If one of these two conditions is not satisfied, the application is classified in the E2 environment. unsecured applications.
Mais un code authentique ne suffit pas toujours pour classer l'application dans l'environnement El des applications sécurisées. En effet si, pendant l'exécution d'une application dont le code est signé et dont la signature est valide, l'ouverture d'une connexion réseau (une connexion Internet par exemple) est demandée par l'application, on vérifie que la connexion est également sécurisée. Si c'est le cas, c'est-à-dire si le certificat est valide et déjà connu du système d'exploitation ou non encore connu du système d'exploitation mais reconnu par l'utilisateur, l'application est classée dans l'environnement El des applications sécurisées.However, an authentic code is not always sufficient to classify the application in the El environment of secure applications. Indeed, if, during the execution of an application whose code is signed and whose signature is valid, the opening of a network connection (an Internet connection for example) is requested by the application, it is verified that the connection is also secure. If this is the case, i.e. if the certificate is valid and already known to the operating system or not yet known to the operating system but recognized by the user, the application is classified in the El environment of secure applications.
Si l'une des conditions n'est pas remplie, l'application est classée dans l'environnement E2 des applications non sécurisées. If one of the conditions is not met, the application is classified in the E2 environment of non-secure applications.

Claims

REVENDICATIONS
1. Procédé de gestion d'applications informatiques par le système d'exploitation d'un système informatique multi-applications dont dispose un utilisateur, caractérisé en ce qu'il consiste à prévoir dans le système d'exploitation un mécanisme permettant de: a) créer au moins deux environnements permettant à l'utilisateur d'accéder à des groupes d'applications correspondant à chacun desdits environnements, b) définir une combinaison de touches permettant à l'utilisateur de passer d'un environnement à l'autre, c) détecter à quel environnement correspond chacune desdites applications résidentes et futures, d) classer chacune desdites applications dans l'environnement qui lui correspond.1. A method of managing computer applications by the operating system of a multi-application computer system available to a user, characterized in that it consists in providing in the operating system a mechanism making it possible to: a) create at least two environments allowing the user to access groups of applications corresponding to each of said environments, b) define a key combination allowing the user to switch from one environment to another, c) detect which environment each of said resident and future applications corresponds to, d) classify each of said applications in the environment which corresponds to it.
2. Procédé selon la revendication précédente, caractérisé en ce qu'un premier environnement concerne un groupe d'applications sécurisées, un deuxième environnement, un groupe d'applications non sécurisées.2. Method according to the preceding claim, characterized in that a first environment relates to a group of secure applications, a second environment, a group of non-secure applications.
3. Procédé selon la revendication précédente, l'application se présentant sous la forme d'un code, caractérisé en ce que l'étape c) " consiste préalablement au lancement de l'application à vérifier que ledit code de l'application est signé 'et lorsque c'est le cas, à vérifier que la signature est valide. 3. Method according to the preceding claim, the application being in the form of a code, characterized in that step c) "consists before launching the application in verifying that said code of the application is signed 'and when this is the case, to verify that the signature is valid.
4. Procédé selon la revendication 2 ou 3, caractérisé en ce que l'étape c) consiste à vérifier pendant l'exécution d'une desdites applications, à chaque demande d'ouverture d'une connexion réseau, que ladite connexion est sécurisée.4. Method according to claim 2 or 3, characterized in that step c) consists in verifying during the execution of one of said applications, on each request for opening a network connection, that said connection is secure.
5. Procédé selon l'une des revendications 2 à 4, caractérisé en ce qu'il consiste à créer un troisième environnement concernant les applications sécurisées et les applications non sécurisées.5. Method according to one of claims 2 to 4, characterized in that it consists in creating a third environment relating to secure applications and non-secure applications.
6. Procédé selon l'une des revendications précédentes, caractérisé en ce que certaines desdites applications sont téléchargées dans ledit système informatique à partir d'un réseau accessible par l'intermédiaire d'un programme de navigation. 6. Method according to one of the preceding claims, characterized in that some of said applications are downloaded into said computer system from a network accessible via a navigation program.
PCT/FR2002/000111 2001-01-12 2002-01-11 Method for managing computer applications by the operating system of a multi-application computer system WO2002056174A2 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
FR01/00427 2001-01-12
FR0100427A FR2819602B1 (en) 2001-01-12 2001-01-12 METHOD FOR MANAGING COMPUTER APPLICATIONS BY THE OPERATING SYSTEM OF A MULTI-APPLICATION COMPUTER SYSTEM

Publications (2)

Publication Number Publication Date
WO2002056174A2 true WO2002056174A2 (en) 2002-07-18
WO2002056174A3 WO2002056174A3 (en) 2002-11-14

Family

ID=8858775

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/FR2002/000111 WO2002056174A2 (en) 2001-01-12 2002-01-11 Method for managing computer applications by the operating system of a multi-application computer system

Country Status (2)

Country Link
FR (1) FR2819602B1 (en)
WO (1) WO2002056174A2 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6824064B2 (en) 2000-12-06 2004-11-30 Mobile-Mind, Inc. Concurrent communication with multiple applications on a smart card

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN100424642C (en) * 2005-10-24 2008-10-08 神基科技股份有限公司 Method of executing computer program by presetted priority order

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0778520A2 (en) * 1995-12-08 1997-06-11 Sun Microsystems, Inc. System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources
US5764889A (en) * 1996-09-26 1998-06-09 International Business Machines Corporation Method and apparatus for creating a security environment for a user task in a client/server system
WO2000045262A2 (en) * 1999-01-22 2000-08-03 Sun Microsystems, Inc. Techniques for permitting access across a context barrier in a small footprint device using global data structures
US6125447A (en) * 1997-12-11 2000-09-26 Sun Microsystems, Inc. Protection domains to provide security in a computer system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0778520A2 (en) * 1995-12-08 1997-06-11 Sun Microsystems, Inc. System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources
US5764889A (en) * 1996-09-26 1998-06-09 International Business Machines Corporation Method and apparatus for creating a security environment for a user task in a client/server system
US6125447A (en) * 1997-12-11 2000-09-26 Sun Microsystems, Inc. Protection domains to provide security in a computer system
WO2000045262A2 (en) * 1999-01-22 2000-08-03 Sun Microsystems, Inc. Techniques for permitting access across a context barrier in a small footprint device using global data structures

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
C. COSTELLO: FREEBSD/DOC/FAQ, [en ligne] 19 juillet 1999 (1999-07-19), XP002181488 Extrait de l'Internet: <URL:http://www.FreeBSD.org/cgi/cvsweb.cgi /doc/FAQ/Attic/x.sgml?rev=1.10&content-typ e=text/x-cvsweb-markup&hideattic=0> [extrait le 2001-10-24] *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6824064B2 (en) 2000-12-06 2004-11-30 Mobile-Mind, Inc. Concurrent communication with multiple applications on a smart card

Also Published As

Publication number Publication date
FR2819602B1 (en) 2003-02-21
WO2002056174A3 (en) 2002-11-14
FR2819602A1 (en) 2002-07-19

Similar Documents

Publication Publication Date Title
EP1327185B1 (en) Method and apparatus for protection against fraud in a network by icon selection
EP1238340B1 (en) Computerised device for applying accreditation data to a software or a service
EP1788507A2 (en) Electronic transaction terminal capable of operating in secure and non-secure mode, and method adapted to the device
WO2002056174A2 (en) Method for managing computer applications by the operating system of a multi-application computer system
FR2819067A1 (en) Method for controlling access to a secure system, such as an automatic teller machine, using a keyboard for PIN entry, where the values of the keys displayed on a touch screen are changed in a random manner to prevent fraud
WO2007060322A2 (en) Method and device for authentication by a user of a trustworthy interface and related computer programme
EP2009571B1 (en) Securing system and method using a security device
CA2998780C (en) Management of a display of a view of an application on a screen of an electronic data input device, corresponding method, device and computer program product
EP1337982A1 (en) Authenticating method and device
EP3113056B1 (en) Securing a validation of a character sequence, corresponding method, device and computer program product
FR2850772A1 (en) Electronic transaction securing device for use in electronic commerce, has analyzing unit to retransmit intercepted signals to processing unit without modification if they are not in order of passage in secured mode
EP1526431A1 (en) Microprocessor&#39;s peripherals access control
WO2014135526A1 (en) System and method for managing at least one online application, portable usb user object and remote device of the system
WO2023274979A1 (en) Transaction authentication method using two communication channels
EP3948596A1 (en) Method for running secure code, corresponding devices, system and programs
EP2537314B1 (en) Method and apparatus for propagating session-management events
WO2003065181A1 (en) Method for controlling the use of digital contents by means of a security module or a chipcard comprising said module
FR3003059A1 (en) SYSTEM AND METHOD FOR MANAGING AT LEAST ONE ONLINE APPLICATION, USER PORTABLE OBJECT COMMUNICATING WITH A RADIO PROTOCOL AND DEVICE REMOTE FROM THE SYSTEM
EP3788527A1 (en) Mutual authentication of a user-controllable device or system containing sensitive or confidential data
FR3118229A1 (en) Method for generating a form from a reference form and sending it to a terminal
FR2868570A1 (en) Digital identification and digital authentication performing process, involves personalizing digital unit from information from individual, where digital unit is recorded on client application software in temporary/permanent manner
WO2002023313A1 (en) Countermeasure method for improving security of transactions in a network
FR2780586A1 (en) AUTHENTICATION METHOD FOR PROTECTED ACCESS IN A NETWORKED COMPUTER SYSTEM
FR2808340A1 (en) Confidential network/computer secure access addition having monitor with memory forming grid display and control button selecting secure digital words/peripheral units sending.
FR2751455A1 (en) Sports competition timing chronometer and data processing system

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NO NZ OM PH PL PT RO RU SD SE SG SI SK SL TJ TM TN TR TT TZ UA UG US UZ VN YU ZA ZM ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

122 Ep: pct application non-entry in european phase
NENP Non-entry into the national phase

Ref country code: JP

WWW Wipo information: withdrawn in national office

Country of ref document: JP