Version management in languages and toolboxes of object-oriented programming

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to systems and methods for coordinating software components. Version management policy, which is included in the target component, shows how to access the target component, for instance either as a library component or as a platform component. A component can be designated a library component when it creates a version which is compatible at the binary code level. When other components request for such a component, they receive exactly the component version which they requested. On the other hand, a component can be designated a platform component when it creates a version which is compatible at the bit code level. When other components request for such a component, they receive the last updated version of the requested component instead. That way, access to the corresponding component version is provided (even a version which is different from the requested version). Other implementation versions include mechanisms for stratification of the component application field, based on different data processing levels.

EFFECT: improved version management.

23 cl, 8 dwg

 

The technical field to which the invention relates.

The present invention relates to systems, methods and computer program products for coordinating software components in a software environment.

Prior art

Computerized, electronic systems increasingly become popular, in part because such a computerized system to automate a large part of what people previously had to be performed manually. Therefore, the computerized system has added some efficiency value to people's ability to perform tasks.

This is partly affects the process of generating computer instructions (also referred to in this application as “software” or “program”) for the computerized system. Initially, the software developer must first consider the required functions or results that the program should run, and then enter the appropriate instructions in text format in the electronic text file, usually in the form of source code programming. In some cases, such as with an interpreted programming languages (such as JavaScript, Perl, and so on), a computerized system directly interprets the entered instruction in text form is the same and performs the desired function. In other cases, such as with compiled programming languages (such as C#, pronounced C sharp, C++ etc), instructions in text format first compiled into object or machine code that a computerized system can execute.

In the case of complex software developers sometimes provide the functionality of a program in a number of interactive “components”. Generally speaking, the components (or software components) are sets of executable computer instructions, much like a large application program, although tending to be smaller and less complex, as they are usually focused on providing one or more functions. Because this component can sometimes run as an independent program and may also communicate with other components, the more complex the program may also sometimes be referred to interchangeably with the term “component”. In addition, components may be referred to, generally, either the requesting component, or as a “target component”, but such designation may be arbitrary, depending on which component or a program accesses the other.

In any case, the software developer can develop a single component on a computerized system to request access to any kolichestvennyh components of the computerized system. The target components can include functions that provide basic information, such as name and age of the user, or which provide more advanced information, such as corresponding to the user-level use of or experience with regard to a given application program. Software components can also provide system functions, such as executing a command for opening the file, specifying communication protocols, so that one component or the program could interact with other components, etc. of Course, it is clear that much of the operating system may include many components that are configured to work with many different programs, and Vice versa.

Basically, the requesting component includes a reference to the target component. It may be that the requesting component refers to a specific version of the target component (strong reference). Link to a specific version of the target component may be, for example, when a developer is requesting component has a priori information about the target component and wants to make the requesting component is clearly dependent on a specific version of the target component. For example, the requesting component 1 may be configured to reference the target “version 1.1” “component 3”, causes the I clear dependence “component 1” from the “version 1.1” “component 3”. On the other hand, it may be that the requesting component refers to the target component, which may or may not even exist when the requesting component has been developed (free link). Thus, the developer refers to the target component without a priori information about the target component. Therefore, the requesting component may detect the existence of a version of the target component at runtime. For example, “component 1” runtime can find “version 2.1” “component 3”.

Unfortunately, there are a number of deficiencies in the implementation of software components in the overall process of software development, regardless of reference whether the requesting components on the target components strictly or loosely. For example, when the user updates the target program that is referenced by one or more of the requesting component, one or more of the requesting component may not succeed if the updated version of the target component to be compatible with said one or more requesting components. This problem can occur when a developer is requesting component may provide for the number and type of changes that the developer of the corresponding target component can realitv is to be in the future. Conversely, system policy prohibiting update of the target components, or which prevent overwriting the component update previous versions of the target components, can lead to systems that quickly become obsolete, or which may become inefficient and cumbersome.

Some attempts to overcome these problems included the aspiration system administrators to manage simple and free links to different versions of the target components in the same system. In this scenario, the computer system identifies the version number of the given target component when it is installed in the computer system or when the target component is started for the first time. Computerized system then stores information about the identified target component together with other information about any other versions of the target component is also installed in the system. When the requesting component in the computer system requests access to the target component, a computerized system then coordinates the requesting component with the requested version of the target component accordingly.

Unfortunately, the system of this type there are still a number of shortcomings. For example, the only information available for zelenog the component, when it is installed in the system, may be the version of the target component. However, the system cannot identify whether a specific version of the target component by upgrading from a previous version of the target component. The system is also not able to identify whether or not the developer to update a specific version of the target component at some later point in time, because this information is unknown. This information and other essential operating parameters should be supplied by your system administrator.

For example, the system administrator should try to configure the system based on what is available negligible information about the specified target component, or that the administrator expects, and then provide this information about the target component system when the specified target component is installed and launched for the first time. In particular, the system administrator must often provide access rules for different target components, which indicate whether requesting some components to access specific versions of other target components and whether other requesting components to access updated versions of other target components, etc. the System administrator also has the accommodat who manage any other information system, when specified conflicts between versions of the requesting and target components. Thus, when the requesting component queries the specified target component, the system typically allows access to the target component based on the version of the requested target component, any version of the target component, stored in the system, and any other information provided by your system administrator.

It is clear, however, that this type of system, which mixes the strict and loose links to the target components may be overly complex for system administrators. This is especially true because system administrators are not always aware that a third-party developer has in mind, when a developer writes the specified target component. In addition, system administrators may not always predict whether certain target components to be compatible with other versions or types of the requesting component. This is especially true for large systems, where a large number of the requesting component configured to access multiple target components of any given number of ways.

Therefore, the advantage in the art can be provided by systems, methods and computer programs who's products which enable present and future versions of the requesting and target components to interact in a computerized system configured the way. In particular, the advantage in the art can be achieved by using systems and methods that provide the ability to automatically perform such interaction components, so that programs and components can continue to work effectively with minor inputs to the system administrator, or without them.

Summary of the invention

The present invention solves one or more of the above problems in the prior art with systems, methods and computer program products that enable software developers to easily adapt to changes in components, modules and operating systems, without prejudice to the software's purpose. In particular, describes systems that allow programs and components that refer to each other using a static or dynamic link compatible way to co-exist in the operating system.

In at least one exemplary implementation of the present invention defines the module can receive a request for access to a specific version of the target component from requesting opponent. The request may include a policy to manage versions of a particular target component. Alternatively, the determining module may identify a policy to manage versions of a particular target component. For example, the policy version control can be included in a data field in the target component. Identification of policy versioning and version-specific can be executed in response to the request when the target component, or when the target component is deployed in a computerized system. Can also be identified in other policies, such as, for example, the scope of the component, and any policies set forth by the system administrator, where applicable. The requesting component, therefore, is granted access to the appropriate version of the target component, based largely on information contained in the request and contained in the target component.

In another exemplary implementation of the invention the determining module receives the update of the target component and can identify policy version control, which is associated with the target component and/or the requesting component. Based on the information provided in the policy version control determining module may replace the target component of the process is the principal component, or may simply add the update to the target component to the system, so original and updated version of the target component coexisted. Therefore, updates are processed for the target components as appropriate to the requesting component, so that any requesting component that performs access to the target component will continue to perform access to the original or previous version of the target component, if necessary.

Additional characteristics and advantages of the invention set forth in the description which follows, and in part obvious from the description or may be learned from the application of the invention in practice. The characteristics and advantages of the invention may be realized and obtained by means of tools and combinations detailed in the attached claims. These and other features of the present invention will become more apparent from the following description and appended claims, or may be learned from the application of the invention in practice, as set forth below.

List of figures

To describe how the above and other advantages and features of the invention can be obtained, a more detailed description of the invention briefly described above, is presented below by reference to its specific embodiments of the that are illustrated on the accompanying drawings. Under the I, these drawings describe only typical embodiments of the invention and, therefore, should not be considered limiting of its scope, the invention is described and explained with additional specificity and detail through use of the accompanying drawings, in which:

figure 1 is an exemplary computer architecture for providing the requesting component access to the target component in accordance with the principles of the present invention;

figa is an exemplary computer architecture that takes more than new versions of existing components in accordance with the principles of the present invention;

figv is an exemplary computer architecture for figa, after the determining module identified versions of the components that must be maintained in accordance with the principles of the present invention;

3 is an exemplary computer architecture for stratification application component at different levels of processing in accordance with the principles of the present invention;

4 is an exemplary logical flow diagram of a method of providing access to the components in accordance with the principles of the present invention;

figa is an exemplary logical flow diagram of the method of the update management component in accordance with the principles of the present invention;

F. GV - an exemplary logical flow diagram of a method of limiting the field of application of the component in accordance with the principles of the present invention; and

6 is a suitable environment for the practical application of aspects of the present invention.

A detailed description of the preferred embodiments

The present invention extends to systems, methods and computer program products that enable software developers to easily adapt to changes in components, modules and operating systems, without prejudice to the software's purpose. In particular, describes systems that allow programs and components that access to each other using a static or dynamic link compatible way to co-exist in the operating system. Embodiments of the present invention may include a computer, a special purpose or General purpose, including various computer hardware, as described in more detail below.

Options run in the scope of the present invention also include computer-readable media for transferring or storing it mashinostryenia instructions or data structures. Such machine-readable media can be any available media that can access the computer the R General purpose or special purpose. As an example, but not limitation, such computer-readable media may include random access memory (RAM, RAM), a persistent storage device (RAM, ROM), electrically erasable programmable ROM (EEPROM EEPROM), a ROM on the CD-ROM (CD-ROM) or other storage device on the optical disk, the storage device on magnetic disks or other magnetic storage devices, or any other medium that can be used to carry or store desired program code means in the form of mashinostryenia instructions or data structures and which can apply a General-purpose computer or special purpose.

When information is transferred or provided over a network or other communication connection (or wired, or wireless, or a combination of wired and wireless), computer, essentially considers the connection as a computer-readable medium. Thus, any such connection, essentially, is called machine-readable computer medium.

A combination of the above media should also be covered by the term “machine-readable medium”. Mashinostroenie instructions include, for example, instructions and data which cause the execution of the General-purpose computer, the computer is a special purpose or a processing unit of special purpose certain function or group of functions.

1 shows an exemplary computer architecture for use in practice, implementations of the present invention, in which the determining module 100 receives one or more requests from the requesting component 105 to access another component or program, such as components 120, 125 and 130. For the purposes of this description and claims “the determining module 100 can include a module of any type, executable instructions that are configured, for example, to identify links to the target component, which includes the name of the component and the originally proposed version, and select the appropriate target component that will be used for query execution. In some situations, this may include making decisions about the fact that this is available to the target component, so the determining module 100 is configured to return errors. As also described in detail below, the determining module 100 can also be configured to identify other information, for example, information on what other components are already available for access in the system, process or subprocess computer.

In addition, “component”, for the purposes of this description and claims, is meant to include with the BOJ any form of executable instructions, which can be executed in a computerized system, such as, for example, interpreted the file in the text format, the file that was compiled into machine-readable instructions. The term “component”can therefore include both large application programs and systems that provide numerous functions, as well as small software and/or system components that provide other components or programs specific functionality. In addition, although a distinction is sometimes observed in this description of the invention between “application”, “application programs”, “programs” and components, the differences are just differences for convenience, to clarify, is usually that one set of executable instructions is requesting, or receiving a request for access to another component, as each may be referred to, in essence, as a component. Therefore, the terms “requesting component and the target component” can include any of the above executable instructions, as described in detail below.

Embodiments of the present invention can provide access to the components that have been classified as components of “platform” or “library”. Components of the platform are the other components, to whom can access numerous other components or programs in a computerized system. The components of the platform usually access only the most recent form or the new form, so that the requesting component may simply request that mainly target component or the minimum version of the target component than to request a specific version of the target component. Thus, the determining module may, for example, be configured to provide versions of the platform, not the most recent version. Theoretically, platform components can be overwritten by the update component when receiving the update, although there are reasons why in practice this may not be done. Platform components are also sometimes referred to as “compatible binary components. In contrast to the components library provides access another component or program only if the link mentioned exactly the same version of the library.

As shown in figure 1, the determining module 100 can accept the request or announcement from the requesting component 105 to access the target component, such as component 120, 125 and 130. For the purposes of this description and claims, the term “target” component matched with the edge component, in respect of which the requesting component seeks to access. It is clear, however, that it is a component of the target component or the requesting component, essentially, is a matter of perspective, depending on which component requests access to another. Essentially, the statement applicable to the target components in this description and the claims, equally can be applied to the requesting component, and Vice versa.

In any case, the requesting component 105 may initiate a request 110 access to the component by using the defining module 100, where the request indicates that the requesting component 105 is configured to access this version of the target component 120, 125 and 130. In some implementations, the request 110 may be a link found in the source code of the requesting component 105, when the requesting component 105 is initially installed in a given computer system (not shown). Alternatively, the request 110 may be performed by the requesting component 105, when the requesting component 105 requests access to a specific version of the target component, such as components 120, 125 and 130, at runtime.

Policy version control”, for purposes of this description and claims, includes any the C given set of properties, which can be passed to the target component (e.g., 120, 125, 130) on the determining module 100. Policy 131, 132 or 133 version control determines whether to use the corresponding target component 120, 125, 130, instead of the version of the specified target component with a lower version number. Policy version control may include additional information, intended for use determining module 100 for a decision regarding whether to use the target component in a given configuration. Thus, the policy 132 versioning can specify that the target component 125 (version 1.2) can be used when requested version 1.1. In some embodiments, the execution policy versioning can be in a predefined location in the target component. In other implementations, policy versioning can be transmitted to the determining module 100 when the component is installed in the system, or when the first request for access to a given component, etc.

Therefore, the requesting component may request access to the target component by querying a specific version of the target component, for example, the query 110 “version 1.1” “component 1”. If the requesting component 105 requests or configured to work with a competitive price is to maintain the version of the target component, the determining module 100 can provide the requesting component 105 to access a specific version of the component, depending on the policy 131, 132, 133 version control, which is present in the target component. As shown in figure 1, for example, the requesting component 105 requests a “version 1” of “component 1” by sending a query 110. Therefore, the determining module 100 allows access requesting component 105 to the “version 1.1” “component 1”, even if there is a later version of “component 1”, for example “version 1.2” 125.

In contrast, in some embodiments, executing the query to one version of the component leads to access to another (e.g., updated or later) version of the component. For example, the request 100 may be a request to receive access to the “version 1.1” “component 1”. However, the policy 131 versioning can specify that version 1.1 is a component of the platform (and, thus, the most recent version of “component 1” should be provided in response to a request). In addition, in some implementations, however, can be multiple versions of a given platform component in the system.

Essentially, the requesting component may also include information in your request, which specifies the smallest possible version of zelenog the platform component, which the requesting component 105 can take. For example, it may be that the requesting component 105 requests “version 1.4” “component 1” and that the younger version of “component 1” should not be returned in response to the request. Therefore, the determining module 100 can provide the requesting component 105 access to “version 3” “component 1”, even if the available version 1.1 and version 1.2”.

When all available versions of the requested component have a version that is lower than the specific requested version, the determining module 100 can return an appropriate response (e.g., error message) to the requesting component. For example, when the determining module 100 does not have access to “version 3” “component 1”, the determining module 100 can send the error message to the requesting component 105 in response to query version 1.4 or higher” “component 1”.

It may be that the version number consists of two parts, version, and service. Components that have a version number that indicates the updated service is allowed to replace components that have version numbers, indicating an earlier service.

Using the values of service, contributing to the replacement of components is particularly advantageous for making minor changes that have reduced the probability is it will cause incompatibility with other components, to fix bugs or security issues if they are components of the library or platform. I.e. the values of the service can contribute to the adjustment (“patching”) version of the component. For example, if the target component 120 is identified as a component library (so version 1.1 of the target component must not be replaced), the developer can update the target component 120 by updating (for example adding increments) the value of service in the version of the component. Therefore, the updated target component 120 is essentially another service “version 1.1”.

On figa illustrates an exemplary computer architecture that takes more than new versions of existing components. I.e. the determining module 100 can receive updates for the target components that are already resident in the relevant computer system. For example, the determining module 100 can accept components 215 and 210 from the network service provider (not shown)connected to the network 240. The determining module 100 can accept components 215 and 210 as a result of running the setup program in the appropriate computer system (or network service provider).

As described, the components 210 and 215 include information about the policy control versions of the, such as, for example, information that the updated component 210 is an update to the “version 3” “component 2” and that component is a component of the platform. Also, the component 215 may include information in the form of policies version control that component 215 is a library component or that a component 215 is configured differently, so that the requesting component may be granted access to a specific version presented component 215.

In response to the receiving component 210 and 215 determining module 100 determines whether to save the previous version (which may be referred to as “parallel” update or replace the previous version (which may be referred to as an “update in place”) each received the updated component. For example, as shown in figa, components 220 and 235 are, respectively, components, libraries and frameworks. More specifically, in response to the reception component 215 determining module 100 can identify that as “component 1 is a component library that other programs or components can be configured to access specifically to “version 1” of “component 1”. Therefore, the determining module 100 can determine what should be saved as a component 215, and component 220.

More specifically, in response to the reception to mponent 210 determining module 100 can identify, because “component 2” is a component of the platform, requesting applications and components will be provided access to the most recent version of the component 2. Therefore, the determining module 100 can determine that the component 235 must be replaced component 210.

On FIGU illustrates an exemplary computer architecture for figa, after the determining module identified versions of the components that need to be saved. As shown in figv as “version 1” (part 220), and “version 2” (part 215) component 1 remains in the system (parallel update). Also, as shown in figv only “version 3” “component 2” (part 210) remains in the system (upgrade in place).

Figure 3 illustrates an exemplary computer architecture for stratification application component at different levels of processing data in accordance with the implementation of the present invention. Stratification is based on the application component, which is applied to the target components. As an explanation, but not limitation, figure 3 presents the three levels of scope, i.e. the level 330 “machine”level 340 “process” and 350 “subprocess”. It is clear, however, after reading this description and claims, which may be more or fewer levels, is to appropriate. In particular, aspects of the invention enable the target component to apply policy version control, which requires that only one version of the target component was made available at the specified level (i.e. only one version for the whole machine, or only one in a given process, or only one in a given subprocess).

For example, policy control, which is associated with the specified target component 300 may include a set of application components. Referring briefly again to figure 1, the scope of the component may indicate that the requesting component 105 has access to the target component 300 at a given level of the process. As shown in figure 3, for example, “version 1” 300 “component 1” is identified for access at the machine level. Any requesting component that is installed on the system, which requests access to the target component 300, must use the “version 1” of “component 1”, because the target component 300 is configured to access the machine. As with other policies version control, this restriction process level can be specified by the developer of the target component to install this component in a given system.

The scope of the component may also be larger or smaller is blasti application for the target component 300, 310, 315, 320 and 325. For example, “policy version control”, identified with the specified component 310 may indicate that the specified version of the target component 310 is only required in a process 342, 345 or subprocess 352, 355. As shown in figure 3, for example, any of the requesting component 105, which requests access to a given version of the component 310 may do so in the process 342 without the need for other requesting components (in the system) used the same target component in other processes 315. As such, the component 310 can be used in the process 342, whereas component 315 can be used in the process 345. In addition, when the process And 342 has not selected a specific version, the subprocess 350, which depends on the process 340 may use a different version of the component 310, such as components 320 and 325. This granular level of access to various components may, therefore, be specified when the specified component is developed, not by the system administrator when the specified component is installed in the system. The determining module 100 can combine any of the identified scope for each component of the target or the requesting component to provide the requesting component appropriate access to the target component.

Consequently, antifolate the appropriate version of the target component may be based on other policies, such as, for example, a component. A determining module, therefore, can identify the appropriate version of the target component based on any identified policy, such as policy versioning and application specific component of the target component, as well as any other provided by the system administrator policy, where appropriate.

The present invention also may be described in the language of the ways containing functional steps and/or non-functional acts. 4, 5A and 5B depict an exemplary logic flowchart for providing complete access to the components of other programs or components in a computerized system. The methods in figure 4, 5A and 5B are described in relation to program modules depicted in the previous figures.

4 shows an exemplary logical flow diagram of a method of providing access to the component in accordance with the implementation of the present invention. The method according to figure 4 includes the step 400 of receipt of the request the version of the target component. Action 400 may include receiving a request for access to a specific version of the target component, and this request is received from the requesting component. For example, the requesting component 105 may request access to the target component, such as to the ponent 120, 125 and 130, using the defining module 100. Could also be that the query includes policy version control version of the target component.

The method also includes a functional result-oriented step 440 of the relevant target component. Step 440 may include any number of appropriate actions to implement the present invention. However, as shown in figure 4, step 440 includes a step 410 of identifying policy version control. Action 410 may include identification policy version control specific version of the target component. If the policy version control was included in the request, then the determining module 400 can identify these included policy version control. Alternatively, the determining module 100 may refer to one or more versions of the target component and to identify policy versioning, stored in one or more versions of the target component. For example, the determining module 100 can identify that multiple versions of a component, such as a “version 1” 120 and “version 2” 125 the same “component 1”, exist in the system, and each has a corresponding policy 131, 132 and 133 version control. The software developer may the deleted policy version control to target components 120, 125 and 130, etc. so that the determining module 100 identifies policy versioning when compiling, installing, and/or performance of the developed program or component.

Stage 440 also includes the step 430 provide the appropriate version of the target component. Action 430 may include identification of the appropriate version of the target component based on the control policies specific versions of the target component. For example, the determining module 100 can provide the requesting component 105 a specific version of the requested target component (component library), such as component 120. Alternatively, the determining module 100 can provide the requesting component 105 the most recent version of the component (component platforms, such as component 130.

On figa depicts an exemplary logical block diagram of the method of the update management component in accordance with the implementation of the present invention. The method according to Figo can be implemented so that the requesting component that performs access to the target component continues to operate effectively after the update of the target component. As shown, the method depicted in FIGU includes the step 500 of receiving updates. Action 500 may also include identification t the th, what is the target component performs the access requesting component. For example, referring back to figure 1, the determining module 100 may be bound, or to contain, with the system registry or database, which after installation of the requesting component 105 identifies that the installed program or a component or component 105 is configured to access a specific version of the target component, such as “version 1” 120 “component 1”. This defines the module 100 may receive this information, based on any policy version control, contained in the prescribed program, as well as those contained in any component, to access the program is configured.

The method depicted in FIGU includes the step 510 identification version policy. The step 510 may include identification of the version policy in the previous version of the target component and the updated version of the target component. For example, the determining module 100 identifies policy version control in any target component 120, 125 and 130, which, as previously described, can specify the version of the target component 120, 125 and 130, and may indicate that the target component is assumed to be a component of the platform or library.

The method described in figa additionally who engages in action 520 add updates to the system on the basis of, at least partially, version policy. Action 520 may include removing a previous version of the target component and/or adding an updated version of the target component based on the identified policy version control. For example, if a specific previous version of the component 220 is required for access by another program or component, for example, if the component is a component library that defines the module 100 will not overwrite the previous version 220. The determining module 100 will simply add a new version of the component 215, so that the program or components that request a new version of the component 215 may perform the access. Similarly, programs or components that require a previous version of the component 220 may also perform access that preserves the integrity of the requesting program or component. In contrast, if it is not visible to the program or component that requires a specific version of a given component (component platform), the determining module 100 can simply overwrite the previous version of the component 235 latest version 210 of the component.

On FIGU depicts an exemplary logical flow diagram of a method of providing access to the component at one or more levels of the process in accordance with the implementation of the crust is asego invention. The method according to figv can be implemented for the organization of one or more target components, so that access to one or more target components was limited. The method depicted in FIGU includes the step 550 identify policy version control. Action 550 can include identification policy version control in the target component. For example, the determining module 100 may receive the access request to the component from the requesting component and can identify the versioning of the received update 215, 210 in the existing destination component 220, 225, etc. As previously described, the policy version control can help the system to identify the version number of the target component, and to determine whether the target component 220, 225 and 230 library component or platform.

The method depicted in FIGU includes the step 560 identify application component associated with the component. Action 560 may include the identification of areas of application component associated with the target component, and the scope of the component identifies the property that is associated with the requesting component that can be configured to access the target component. For example, either the target component, or supresivos what I program or component can be associated with a particular application component, which indicates that the version of the target component you can access with one of the following levels: level machine level subprocess, etc. it is Clear, however, as described in this application is that there can be numerous levels at which access may be restricted, depending on the preference of the designer.

The method depicted in FIGU includes the step 570, allowing access to the target component-based applications component and version policy. Action 570 may include a resolution of at least one of the one or more requesting access components to the target component based on the access properties associated with the requesting component, and identified policy version control. For example, if one or more programs or components 300 are for processes 330 scale machines, only this version of the component 300 will be available to any given requesting component at any given level of the process. In contrast, if the target component is identified by the access-level process, the determining module 100 may allow other requesting components access to different versions of the same target component for a given corresponding process or subprocess, as C is LeSabre.

6 and the following discussion are intended to provide a brief, General description of a suitable computing environment in which can be implemented in the invention. Though this is not required, the invention is described below in the General context mashinostryenia instructions, such as program modules, executed by computers in network environments. Generally, program modules include procedures, programs, objects, components, data structures, etc. that perform certain tasks or implement certain abstract data types. Mashinostroenie instructions, associated data structures, and program modules represent examples of program code means for executing steps of the methods described in this application. The particular sequence of such executable instructions or associated data structures represents examples of corresponding acts for implementing the functions described in such steps.

To a person skilled in the art will understand that the invention can be applied in network computing environments with many types of configurations of computer systems, including personal computers, handheld devices, multiprocessor systems, microprocessor-based or programmable consumer electronics, network personal omputer (PC), minicomputers, universal computers (mainframes), etc. of the Invention can also be implemented in distributed computing environments where tasks are performed local and remote data processing devices that are linked (or wired links or wireless links, or a combination of wired and wireless communication lines) through the communication network. In a distributed computing environment, program modules may be located on both local and remote storage devices.

With reference to Fig.6, an exemplary system for implementing the invention includes a computing device for General purposes in the form of a conventional computer 620, which includes block 621 data processing system memory 622 and the system bus 623, which connects various system components including the system memory 622, block 621 data. The system bus 623 may be any of several types of bus structures including a memory bus or memory controller, a peripheral bus and a local bus using any of the many bus architectures. The system memory includes a persistent storage device (ROM) 624 and random access memory (RAM) 625. Basic system 626 input / output system (BIOS), containing basic routines that help to transfer and the formation between elements within the computer 620, for example during start-up, may be stored in ROM 624.

The computer 620 may also include the drive 627 on magnetic hard disk drives for reading and writing to a magnetic hard disk 639, drive 628 for a magnetic disk for reading and writing to a removable magnetic disk 629 and drive 630 for an optical disk for reading and writing to removable optical disk 631 such as a CD-ROM or other optical media. Drive 627 on magnetic hard disks, floppy 628 for a magnetic disk and disk drive 630 for an optical drive connected to the system bus 623 using interface 632 of the hard drive, interface 633 drive for a magnetic disk and interface 634 optical disk, respectively. The drives and the drives associated computer-readable media provide nonvolatile storage mashinostryenia instructions, data structures, program modules and other data for the computer 620. Although the exemplary environment described in this application uses a magnetic hard disk 639, removable magnetic disk 629 and a removable optical disk 631 can be used in other types of computer-readable media for storing data, including magnetic cassettes, flash memory cards, digital multi disks, Bernoulli cartridges, RAM, ROM, etc.

The software tool is an ode, contains one or more software modules may be stored on the hard disk 639, magnetic disk 629, optical disk 631, in ROM 624 or RAM 625, including the operating system 635, one or more application programs, 636, other program modules 637 and data 638 programs. The user can enter commands and information into the computer 620 using the keyboard 640, pointing device 642 or other input devices (not shown), such as a microphone, joystick, game pad, satellite communications antenna, scanner, etc., These and other input devices are often connected to the unit 621 processing through the interface 646 serial port connected to the system bus 623. Alternatively, the input devices can be connected by other interfaces such as a parallel port, game port or a universal serial bus (USB). Monitor 647 or other display device is also connected to the system bus 623 via an interface, such as video 648. In addition to the monitor, personal computers typically include other peripheral output devices (not shown), such as speakers and printers.

The computer 620 may operate in a networked environment using logical connections to one or more remote computers, such as remote computers a and 649b. Each deleted the first computer a and 649b can represent another personal computer, the server, a router, a network PC, a peer device or other common network node, and typically includes many or all of the elements described above with respect to computer 620, although only devices a and 650b data storage and associated application program a and 636b depicted in Fig.6. The logical connections depicted in Fig.6, include a local area network (LAN LAN) 651 and a global network (g, WAN) 652, which are presented here as examples, but not limitations. Such networking environments are common in computer networks scale office or enterprise intranets and the Internet.

When using in a network environment LAN computer 620 is connected to the local network 651 via a network interface or adapter 653. When using in a network environment HS computer 620 may include a modem 654, a wireless communication line or other means for establishing communications over the WAN 652, such as the Internet. Modem 654, which may be internal or external, is connected to system bus 623 using interface 646 serial port. In a networked environment, program modules described in relation to computer 620 or parts thereof, may be stored in a remote storage device. It is clear that the illustrated network connections are exemplary, and may use other means of communication is of global communication network 652.

The present invention can be implemented in other specific forms without departure from its essence and essential characteristics. Described embodiments of the in all respects should be considered only as illustrative and not restrictive. Scope of the invention, therefore, is defined by the attached claims and not the foregoing description. All modifications encompassed by the meaning and range of equivalency of the claims should be included in its scope.

1. The method, implemented in a computerized system, which includes one or more mashinostryenia software components, including one or more mashinostryenia requesting component configured to perform one or more mashinostryenia target components in a computerized system, and the target component is either a write once a library component or rewritable platform component, the method is designed to automatically provide mashinostroenia requesting middleware to automatically determine the version mashinoispytatel target component on request and contains steps, according to which
receive from one or more requesting one or more components of the request is to access by the one or more requesting components to one or more target components each request includes an indication of the smallest possible version of the target component that is acceptable to the requesting component;
receiving mentioned one or more queries to identify policy version control for each of the requested target components;
automatically determine based on the identified policy version control that the requested target component is a platform component or library component; and
automatically share the one or more requesting components access to the appropriate version of the aforementioned one or more target components in different ways for each of the target components, while
if the requested target component is a platform component, the requesting component to automatically provide only the most new service that the target component, which at least is not less new than the smallest possible version of the target component, given that the requesting component,
if the requested target component is a component library, the requesting component provide only the version of the target component, which specified that the requesting component.

2. The method according to claim 1, which is when the target component is a platform component, further comprises a step according to which identify the later version of the target component in response to a request earlier version of the target component, even if mentioned later and an earlier version both are available for computerized system, identify the later version of the platform component, even if an earlier version of the platform component is left in the system when this later version was adopted in a computerized system.

3. The method according to claim 1, additionally containing an action, according to which the identified policy version control given the lowest possible version of the target component, when this set the lowest possible version of the target component is added to the computerised system.

4. The method according to claim 1, additionally containing an action, under which remain in the requesting component version information, which identifies the set of the smallest possible version of the target component in the requesting component when the requesting component is one or more of compilation, configuration, installation and performance in a computerized system.

5. The method according to claim 1, whereby additional
identify one or more requesting is komponentov, who can access the previous version of the target component;
identify that none of the aforementioned one or more of the requesting component is not configured to access the previous version of the target component; and
automatically removes mentioned previous version of the target component.

6. The method according to claim 1 in which the said request additionally includes a request for a specific version of the target component, and requested specific version differs from the lowest possible version of the target component.

7. The method according to claim 6, in which automatically determined the appropriate version of the target component is different from that required a specific version of the target component.

8. The method according to claim 1, whereby additionally take a lot of new versions of the target component, and each of these new versions of the target component associated with different from other policies version control.

9. The method of claim 8, whereby further define referred to the appropriate version of the target component from the set of the smallest possible version of the target component and each of these many of the new versions of the target component.

10. The method according to claim 1, in which policy versioning implemented in Mashinostroenie instructions in the target component is ente before performing one of the installation configuration and execution of the target component in a computerized system.

11. The method according to claim 1, in which policy versioning additionally identify in many versions of the target component in a computerized system.

12. The method according to claim 10, in which each policy version control in each version of the target component identifies a specific version of the requesting component configured to access the target component.

13. The method according to claim 1, whereby additionally identify the scope of the component, which is associated with the target component.

14. The method according to item 13, which referred to the appropriate version of the target component also be automatically determined based on the identified application component associated with the target component, in addition to identifying the smallest possible version, which is acceptable.

15. The method according to item 13, which identified the scope of the component determines that access to a specific version of the target component is different from the lowest possible version of the target component on one or more of the machine-level, process level and the level subprocess.

16. The method according to claim 1, whereby additionally identify the value with which rwise, associated with the requested target component.

17. The method according to clause 16, where when identifying the appropriate version of the target component identifies an updated target component.

18. The method, implemented in a computerized system, which includes one or more mashinostryenia software components, including one or more mashinostryenia requesting components that can request access to one or more machinesplay target components in a computerized system, and the target component is either a write once a library component or rewritable platform component, the method is designed to automatically control access to one or more versions mashinostryenia target components so that machinesplay requesting component that accesses mashinostroenia target component, continued to work effectively, after this the target component has been updated with newer versions, and contains action, according to which
identify that one or more of the requesting component configured for executing some version of one or more mashinostryenia target components;
automatically identify p is policy version control for each of the above-mentioned one or more target components;
automatically determine, for each of the above-mentioned one or more target components, whether this target platform component component or library component;
for each platform component is automatically determined on the basis of relevant policies version control for this platform component removing any of the available versions of the platform component, which is earlier than the version for which you configured any of the above-mentioned one or more of the requesting component;
for each library component is determined on the basis of relevant policies version control while maintaining in said system for all new versions of the target component, all existing versions of the target component and all of the previously installed versions of the target component.

19. The method according to p, in which each target component includes a version value and the value of the service, according to the way more
take an updated current version of one or more target components over the network from a network service provider and
automatically overwrite the target component when the current version of the target component reflects the version value and the new value of CE is moot.

20. Machine-readable medium in a computer system that includes one or more mashinostryenia requesting component configured to access one or more machinesplay target components in a computerized system, and the target component is either a write once a library component or rewritable platform component, while the machine-readable medium has stored therein Mashinostroenie instructions that, when performed prescribe one or more processors in the computerized system to perform a method of automatically providing mashinostroenia requesting middleware to automatically determine the version mashinoispytatel target component on request, containing the steps according to which
receive from one or more requesting component one or more requests for access by the one or more requesting components to one or more target components, where each request includes an indication of the smallest possible version of the target component that is acceptable to the requesting component;
receiving mentioned one or more queries to identify policy version control for each of the requested televi the components;
automatically determine based on the identified policy version control that the requested target component is a platform component or library component; and
automatically share the one or more requesting components access to the appropriate version of the aforementioned one or more target components in different ways for each of the target components, while
if the requested target component is a platform component, the requesting component to automatically provide only the most new service that the target component, which at least is not less new than the smallest possible version of the target component, given that the requesting component,
if the requested target component is a component library, the requesting component provide only the version of the target component, which specified that the requesting component.

21. Machine-readable medium in a computer system that includes one or more mashinostryenia requesting component configured to access one or more machinesplay target components in a computerized system, and the target component represents whether what about the write once a library component, or rewritable platform component, while the machine-readable medium has stored therein Mashinostroenie instructions that, when performed prescribe one or more processors in the computerized system to perform a method of automatic control access to one or more versions mashinostryenia target components so that machinesplay requesting component that accesses mashinostroenia target component, continued to work effectively, after this the target component has been updated with newer versions of the containing action, according to which
identify that one or more of the requesting component configured for executing some version of one or more mashinostryenia target components;
automatically identify policy version control for each of the above-mentioned one or more target components;
automatically determine, for each of the above-mentioned one or more target components, whether this target platform component component or library component;
for each platform component is automatically determined on the basis of relevant policies version control for this platform component removing any of the available in RSI this platform component, which is earlier than the version for which you configured any of the above-mentioned one or more of the requesting component;
for each library component is determined on the basis of relevant policies version control while maintaining in said system for all new versions of the target component, all existing versions of the target component and all of the previously installed versions of the target component.



 

Same patents:

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to computer security. In the system, according to the invention, a basic operating system is used together with a highly reliable operating system. The basic operating system is at least a certain part of infrastructure of the highly reliable system. Occlusion of elements of the graphical user interface, related to the highly reliable operating system, is prevented. Also part of the secret information, which upon command can be displayed by elements of the graphical user interface, related to the highly reliable system, is stored. Coordination of defined components of images of all elements of the graphical user interface, related to the highly reliable operating system, also enables identification of valid elements. In the system for managing windows of the basic operating system there is public heading information for window identification, belonging to the process operating under control of the highly reliable operating system. Information of the secret heading, related to same window, is used only in the highly reliable operating system.

EFFECT: invention increases security of computer systems from hacking.

30 cl, 9 dwg

FIELD: physics; computer engineering.

SUBSTANCE: invention relates to architecture and a method of permitting display of digital content with the corresponding digital license, associated with a specific computer device. Transmitting and receiving computer devices are connected to each other over a network. A transmitting device transmits protected digital content to a receiving device such that, the receiving device can access that content even if the content is directly licensed to the transmitting device and not to the receiving device.

EFFECT: coordinated access to content between computer devices on a network.

20 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: inventions are related to computer systems and methods for provision of protected access to database. System comprises memory device for protection descriptors, which store information about protection, related to at least one line of database, besides database contains at least one table that includes at least one line and two columns, in one of columns there is a protection descriptor stored, being related to line, information stored in protection descriptor comprises data about which type of access and to which principal is permitted or prohibited; database processor that issues response to query of database, based at least partially on information about protection stored in protection descriptor, which is assessed on the basis of information stored in database, and context of user that makes query; query component that contains optimiser of queries, which defines optimal route for response provision to query.

EFFECT: improved protection of access to database.

20 cl, 9 dwg, 2 tbl

FIELD: information technologies.

SUBSTANCE: there chosen is domain identifier and connection of at least one user (P1, P2, …, PN1), at least one device (D1, D2, …, DM) and at least one information element (C1, C2, …, CN2) to Authorised Domain (AD) specified with domain identifier (Domain_ID). By means of that there have been obtained many checked devices (D1, D2, …, DM) and many checked personalities (P1, P2, …, PN1), which is authorised for access to information element of the above Authorised Domain (100). Thus, access of user who controls the device to information element of authorised domain is obtained either by checking the fact that information element and user are connected to one and the same domain or by checking the fact that device and information element are connected to one and the same domain.

EFFECT: ensuring method and system for providing Authorised Domain structure based both on personalities and on devices.

12 cl, 6 dwg

FIELD: information technologies.

SUBSTANCE: checking method of certificate validity, which includes the key connected to network devices, involves the step of receiving the encoded content and validity index connected to that content in the network. Certificate validity is evaluated from the time index included in the certificate where the time index has the value corresponding to the certificate issuing date, and from validity index connected to the above encoded content.

EFFECT: simplifying the checking process of certificate validity, which provides access to data without reducing data access security.

20 cl, 12 dwg

FIELD: information technologies.

SUBSTANCE: method and device for determining authenticity of the system user is based on comparing coordinates of peculiar features of papillary patterns of fingers at double finger touch of the receiving scanner surface. During the first registration there obtained are pictures of at least two fingerprints, and during the second registration there obtained is the picture of at least one fingerprint, at that, the second registration is performed upon "request-answer" protocol command. Authenticity is considered confirmed in case of non-linear dependence of coordinate offsets of peculiar features of the first and the second pictures. Device for implementing the method consists of a scanner, picture processing unit, database, comparing unit, protocol forming unit connected to the scanner, and comparing unit. Protocol forming unit display panel is located on the scanner front surface.

EFFECT: ensuring high accuracy of authenticity and excluding the access of occasional persons to the protected system.

3 cl, 3 dwg

FIELD: information technologies.

SUBSTANCE: first initial value is known both to the keyboard and the component. Keyboard and component exchange time values. Both the keyboard and the component compute the second initial value and the third initial value on the basis of time values and the first initial value. Both the keyboard and the component make one and the same computation so that both the keyboard and the component have one and the same second and third initial values. The keyboard encodes keystrokes meant for the component by using CBC-3DES method on the basis of the key and the second initial component, as well as creates message authentication code for each keystroke by using CBC-3DESMAC on the basis of the key and the third initial value. The component encodes and verifies keystrokes by using the key and the second and the third initial values.

EFFECT: providing safety connection between two components, such as a keyboard or a related device, and software component via an unsafe communication channel.

26 cl, 6 dwg

FIELD: instrument making.

SUBSTANCE: invention is related to the field of machine access, in particular to identification and authentication of object, user or principal with authenticator for logical entry into local and/or remote machine with operating system. Authenticators are transformed by means of one of multiple different modules of authenticator provides, every of which transforms according different type of authenticators into common protocol. Transformed authenticators are sent through application programming interface (API) to user interface module (UI) of logical entry to operating system (OS) of local machine, which is called by UI module of logical entry for authentication of transformed authenticators according to database of authenticators. User identified with transformed authenticator realises a logical entry for access to local machine in case of successful authentication.

EFFECT: possibility of safe joint application of multiple interacting modules that are fully compatible with operating system of local machine.

18 cl, 22 dwg

FIELD: physics, computer engineering.

SUBSTANCE: invention is related to computer engineering, in particular to system for control of access to resources of Internet network depending on category of requested resources and accepted safety policy. System comprises module of selection of site reference addresses in server database, module of electronic document addresses identification in access list, module of identification of time cycles of addresses selection from access list, module for generation of signals of server database entries selection control, module of selection of access to electronic documents.

EFFECT: improved efficiency of system by localisation of addresses of server database access list records searching by identifiers of electronic documents.

8 dwg, 6 tbl

FIELD: physics; computer engineering.

SUBSTANCE: method of transferring accumulated measured data from a client to a measurement service, where each set of measured data is indexed in the measured data base of the client in accordance with a measurement identifier (MID) and further indexed in the measurement data base in accordance with an identifier, associated with content (KID). To increase effectiveness of protecting the data base from unauthorised access, the client chooses a specific MID, chooses at least part of measured data in the measurement data base, containing the chosen MID, where the chosen measured data are arranged in accordance with KID. The client generates a request based on the chosen measured data and sends the request to the measurement service. The measurement service receives measured data from the request, stores them and generates a response, which should be returned to the client based on the request. The client receives the response from the measurement service, which includes a list of KID of chosen measured data in the request, confirms that the response corresponds to the request, and generates a list of KID in response, for each KID, by deleting measured data from the measurement data base, containing the chosen MID and KID.

EFFECT: more effective protection of data base from unauthorised access.

20 cl, 4 dwg

FIELD: engineering of devices and methods for using server for access to processing server, which performs given processing.

SUBSTANCE: for this in accordance to method reservation is requested, reservation is confirmed, authentication information included in reservation information is stored, service is requested on basis of authentication information, server utilization is authenticated and server is utilized on basis of authentication result, while on stage of reservation confirmation device for controlling reservation transfers reservation setting information, and on stage of authentication server utilization is only confirmed when authentication information matches authentication information transferred from user terminal. Device contains receiving means, information generation device and transmitting means.

EFFECT: creation of method for using server, device for controlling server reservation and means for storing a program, capable of providing multiple users with efficient utilization of functions of processing server with simultaneous decrease of interference from unauthorized users without complicated processing or authentication operations.

6 cl, 51 dwg

FIELD: distribution devices, terminal devices.

SUBSTANCE: in distribution device groups of two or more informational products which represent digital informational content are stored with information about policy administration which indicates user's rights to this group by interrelated method. Distribution device transfers the user requested informational content from group to the terminal device with license certificate (LC), refreshes information about policy administration decreasing policy validity. On return of the renewed LC distribution device increases the decreased policy validity taking into account the part of policy validity which is indicated in the renewed LC. On user's demand distribution device again transfers LC or other digital informational content.

EFFECT: distribution of digital content for a more complete satisfaction of user's demand.

22 cl, 58 dwg

FIELD: access to protected system restriction technics; avoidance of accidental persons access to system.

SUBSTANCE: fingerprint image is registered with following user personality identification. Some peculiarities of papillary pattern coordinates are determined and using difference of coordinates of peculiarities of received fingerprint image and stored in database positive or negative decision to grant access to system is made.

EFFECT: increased level of protection against access of accidental persons.

3 cl, 2 dwg

FIELD: access to protected system restriction technics; avoidance of accidental persons access to system.

SUBSTANCE: fingerprint image is registered with following user personality identification. Some peculiarities of papillary pattern coordinates are determined and using difference of coordinates of peculiarities of received fingerprint image and stored in database positive or negative decision to grant access to system is made.

EFFECT: increased level of protection against access of accidental persons.

3 cl, 2 dwg

FIELD: engineering of technical means for complex protection of information during its storage and transfer.

SUBSTANCE: method for complex information protection is realized in following order: prior to transfer into communication channel or prior to recording into memory, state of used communication channel or information storage environment is analyzed, from M possible codes parameters of optimal (n,k) code for current status of channel or information storage end are determined, information subject to protection is split on q-nary symbols l bits long (q=2l) for each q-nary system gamma combinations l bits long are formed independently from information source, for each set of k informational q-nary symbols (n-k) excessive q-nary symbols are formed in accordance to rules of source binary (n,k) code, each q-nary symbol is subjected to encrypting stochastic transformation with participation of gamma, after receipt from communication channel or after reading from memory for each q-nary symbol combination of gamma with length l is generated, synchronously with transferring side, reverse stochastic decrypting transformation is performed for each q-nary symbol with participation of gamma, by means of checking expressions of source binary code localized are correctly read from memory or received q-nary symbols, untrustworthily localized symbols are deleted, integrity of message is restored by correcting non-localized and erased q-nary symbols of each block, expressing their values through values of trustworthily localized or already corrected q-nary symbols, if trustworthy restoration of integrity of code block is impossible it is deleted, number of deleted blocks is counted, optimality is determined within observation interval of used code with correction of errors for current state of channel, if code optimum criterion exceeds given minimal and maximal limits, code is replaced with optimal code synchronously at transferring and receiving parts of channel in accordance to maximum transfer speed criterion.

EFFECT: efficiency of each protection type and increased quality of maintenance of guaranteed characteristics of informational system.

18 cl

FIELD: technology for improving lines for transferring audio/video signals and data in dynamic networks and computer environments and, in particular, setting up communication lines with encryption and protection means and controlling thereof in such environment.

SUBSTANCE: invention discloses method for setting up protected communication lines for transferring data and controlling them by means of exchanging keys for protection, authentication and authorization. Method includes setup of protected communication line with limited privileges with usage of identifier of mobile computing block. This is especially profitable is user of mobile block does not have information identifying the user and fit for authentication. Also, advantage of provision by user of information taken by default, identifying the user, is that it initiates intervention of system administrator instead of refusal based on empty string. This decentralized procedure allows new users to access the network without required physical presence in central office for demonstration of their tickets.

EFFECT: simplified setup of dynamic protected lines of communication between client computer and server device.

6 cl, 10 dwg

FIELD: automatics and computer science, in particular, identification means for controlling access to autonomous resources.

SUBSTANCE: method includes changing identification information during each new query of autonomous resource, which information is used for identification of carrier during following queries to autonomous resources, by including it in algorithmically converted form on information carrier and in database of central device and checking of its correspondence in a row of previous queries to autonomous resources. Each autonomous resource has memory block for storing conversion algorithms and signs of these algorithms and block for reading/recording carrier information. Central device contains at appropriate data bank addresses the virtual memory blocks for storing information for identification of carriers and memory block for storing a set of algorithms for converting code from one type to another and signs of these algorithms, and for each carrier - information storage address which was used during previous accesses. Carrier contains energy-independent additional memory block for recording, storing and reading additional information code after identification of carrier, available both during manufacture of carrier and its submission to autonomous resource.

EFFECT: increased level of protection from unsanctioned access.

3 cl, 1 dwg

FIELD: digital data processing, namely, remote user authentication.

SUBSTANCE: in accordance to method, electronic user identification data is formed and saved in authentication server database, which data is compared to identification data of user during realization of procedure of user access to computer network of protected system and on basis of that comparison, decision is taken about degree of user authority.

EFFECT: possible passive user authentication mode without usage of hardware.

2 cl, 2 dwg

FIELD: information dissemination systems.

SUBSTANCE: in accordance to the invention, encoded event, containing information which is not meant to be published before time of publishing, is dispatched to clients before the time of publishing. In the moment of the time of publishing, small decryption key is dispatched to each client. In another variant, highly reliable boundary servers, which can be trusted not to publish the information before appropriate time, dispatch non-encrypted event or decode an encrypted event and dispatch decrypted event in certain time or before it, but after the time of publishing, so that decrypted or non-encrypted event reached clients, which can not store and decrypt an encrypted event, approximately at the same time when the key reaches other clients. Therefore, every client may receive information at approximately one and the same time, independently from client throughput or client capacity for storage and decryption of information.

EFFECT: ensured valid dissemination between various clients.

10 cl, 7 dwg

FIELD: information safety of digital communication systems, possible use in distributed computing networks, combined through the Internet network.

SUBSTANCE: in the method, initial data is set, initial data packet is generated at sender side. Then received data packet is encoded and transformed to TCP/IP format. After that current addresses of sender and receiver are included in it and formed packet is transferred. Sender address is replaced. At receiver side, sender and receiver addresses are selected and compared to predetermined addresses. In case of mismatch received packets are not analyzed, and in case of match encoded data is extracted from received packet and decoded. Receiver address is replaced. Then initial data packet is repeatedly formed at sender side. Protection device consists of 2 identical local protection segments 31 and 3k, one of which is connected to local computing network li, and k one is connected to local computing network lk. Local computing networks are interconnected through corresponding routers 41,4k and the Internet.

EFFECT: increased safety and concealment of communication channel operation.

6 cl, 27 dwg

Up!