WO1992022033A1 - Active messaging system - Google Patents

Active messaging system Download PDF

Info

Publication number
WO1992022033A1
WO1992022033A1 PCT/US1992/000935 US9200935W WO9222033A1 WO 1992022033 A1 WO1992022033 A1 WO 1992022033A1 US 9200935 W US9200935 W US 9200935W WO 9222033 A1 WO9222033 A1 WO 9222033A1
Authority
WO
WIPO (PCT)
Prior art keywords
instructions
active message
recipient
predetermined
active
Prior art date
Application number
PCT/US1992/000935
Other languages
French (fr)
Inventor
Nathaniel Solomon Borenstein
Original Assignee
Bell Communications Research, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Bell Communications Research, Inc. filed Critical Bell Communications Research, Inc.
Publication of WO1992022033A1 publication Critical patent/WO1992022033A1/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/07User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail characterised by the inclusion of specific contents
    • H04L51/18Commands or executable codes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • G06F21/562Static detection
    • G06F21/563Static detection by source code analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/10Office automation; Time management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Definitions

  • a passive message i.e., a piece of text conveying some information
  • a passive message can only convey information, it cannot collect information. The task of a passive message is complete when it is read by a recipient.
  • an active message In contrast to a passive message, an active message is a program that is run. It carries on a dialogue with a recipient, asking questions and collecting answers. The sender does not need to depend upon the recipient creating another passive message in response to some question, as this may be done by the active message itself. Conventional electronic mail messaging is static. The original sender specifies a list of recipients and the message is sent to exactly the destinations on that list.
  • an active message is a program, in the course of being run on behalf of one recipient, the active message may route itself to other recipients.
  • Active messaging can provide numerous benefits to users.
  • One important use of active messaging is to implement a communal memory in which a user sends messages to potential "experts" to elicit answers to questions. If one potential expert does not know the answer, the active message will try to elicit the identities of additional potential experts and cause itself to be transmitted to these additional potential experts. When an expert who knows the answer is found, the active message causes the answer to be transmitted back to the original sender of the question.
  • an active message can make the rounds of all the participants who are supposed to attend a meeting. From each one, the active message collects one or more plausible dates and times for the meeting. The active message then sends a copy of itself, augmented with the collected data, to the next participant. Eventually, possibly after several iterations, the active message will find a date and time when all the participants can meet. The active message will then inform all the participants of this date and time.
  • Active messaging may also be utilized for paperwork automation. Many organizations have large numbers of routine processes that are handled by massive amounts of paperwork. A significant portion of such paperwork has to be routed through several organizational centers in sequence for approvals or other kinds of intermediate actions. Using active messaging, much of this processing could be automated. An active message can be received at one organizational center for asking a few questions to collect certain information. The active message then sends itself off to the next link in the organizational chain. For example, expense vouchers, purchase orders, and insurance claims can be processed in this manner.
  • a still further application of active messaging is the collection of information for opinion surveys.
  • R2D2 One active messaging system known as “R2D2” has no provisions for security (see, e.g., John Vittal, "Active Message Processing: Messages As Messengers", in Computer Message Systems, R.P. Uhlig, editor, North-Holland Publishing Company, 1981) .
  • Another active messaging system is known as "imail” (see, e.g, John Hogg et al, "An Active Mail System", Proceedings of SIGMOD '84, Boston 1984).
  • the "imail” system gains security from a rather crucial restriction. Active messages can only be exchanged among users of a single machine using specialized software.
  • Specialized active messaging functionality i.e., a mail system that implements one or a few special cases of active messaging, such as return-receipt mail, requests for votes, and other specific types of active messages have also been developed.
  • active messaging system is the "Andrew” system (see e.g., Borenstein, et al, "Architectural Issues in the Andrew Message Systems”; E. Stefferud et al, “Message Handling Systems and Distributed Applications”; and Borenstein et al, "Power, Ease of Use and Cooperative Work in a Practical Multimedia Message System", Int. J. Man-Machine Studies (1991) 34, pp. 229-259) .
  • Ness programs have the capability of doing great harm such as by deleting the recipient files. Thus if a recipient wrongly indicates trust, great harm can occur.
  • Strudel see, e.g., Alan Shepherd et al, "Strudel - An Extensible Electronic Conversion Took Kit", Proceedings of CSCW '90, October 1990) .
  • the Strudel system allows arbitrary LISP expressions to be sent through the mail so that Strudel is very powerful. However, because of this, Strudel also has the power to cause great harm.
  • a computer system for receiving and processing electronic mail in the form of active messages comprises a central processing unit and one or more peripheral devices connected to the central processing unit.
  • the peripheral devices include for example a file memory system for storing a file system of a recipient of an active message.
  • the peripheral devices also include input/output devices for interfacing the computer system with the outside world such as printers, display terminals, and interfaces with external networks.
  • the computer system for processing active messages includes a mail reader for reading electronic mail received at the computer system via a communications channel. If the electronic mail contains only a passive message, the mail reader causes the passive message to be displayed for the recipient, for example, on the recipient's display terminal.
  • the mail reader may also indicate that the received electronic mail comprises an active message in the form of a program which is made up of one more instructions to be executed by the central processing unit.
  • an interpreter is utilized to interpret the instructions contained in the active message so that the instructions may be executed by the central processing unit.
  • the interpreter converts the instructions into machine language instructions for this purpose.
  • the instructions might be converted into machine language instructions by a compiler rather than an interpreter.
  • active messages pose a security threat to their recipients because they have the capability of depriving the recipient of computer resources. For example, an active message may access the file system of the recipient to delete or write over certain files, or simply write an extremely large amount of data into the file system. Similarly, an active message may cause the deprivation of CPU time by transmitting a program which takes a large amount of time to execute. Alternatively, the active message may deprive a recipient of an input/output resource such as a printer by causing a large amount of material to be printed. To eliminate such a deprivation of resources in accordance with the present invention, the interpreter can only interpret a limited set of instructions. If an active message may access the file system of the recipient to delete or write over certain files, or simply write an extremely large amount of data into the file system. Similarly, an active message may cause the deprivation of CPU time by transmitting a program which takes a large amount of time to execute. Alternatively, the active message may deprive a recipient of an input/output resource such as
  • the interpreter of the present invention can interpret the subset of a general purpose computer language such as LISP, which subset does not include instructions relating to the transmitting of data to or from the peripheral devices such as the file system memory and I/O devices.
  • the interpreter of the present invention can also interpret a set of instructions to access the peripheral devices in a manner which does not cause a deprivation of resources.
  • the interpreter can interpret instructions for accessing only a predetermined limited portion of the file system of the recipient of the active message.
  • files can be read, new files can be created (subject to limitations on their size and number), but no files can be deleted or overwritten.
  • the interpreter also places limitation on the number of bytes which can be transferred to a peripheral device by an instruction of an active message. In addition, there may also be a limit on the amount of execution time required for the instructions of an active message.
  • an active messaging system When constructed in the foregoing manner, an active messaging system provides a high level of generality for its users so that it may be utilized in a wide variety of applications, while protecting recipients against serious resource deprivation problems.
  • FIG 1 schematically illustrates a network in which active messages may be transmitted among users.
  • FIG 2 schematically illustrates the programs that are executed to transmit and receive active messages.
  • FIG 3 schematically illustrates an interpreter that may be utilized to interpret the instructions comprising active messages, in accordance with an illustrative embodiment of the present invention.
  • FIG 1 illustrates a network 10 in which active messaging may be utilized by various users.
  • the network 10 comprises the main frame system 12 and the workstations 14 and 16.
  • the main frame system 12 comprises a CPU 21 and a main program and data memory 22.
  • the memory 22 stores programs being executed by the CPU 21 and is utilized in connection with the execution of these programs.
  • the mainframe computer system 12 includes a number of peripheral devices which are connected to the CPU 21 and main memory 22 via the local area network 23.
  • the peripheral devices include the memory systems 24 and 25.
  • the memory systems 24 and 25 are illustratively implemented by magnetic disks and their - 11 -
  • the memory systems 24 and 25 store the file systems of the various users of the mainframe computer system 12. Also connected to the local area network 23 are a plurality of I/O devices such as the printer 26 and the display terminals 27 and 28. Instead of the local area network 23, the elements comprising the main frame system 12 may be interconnected by a bus system or other interconnection medium.
  • the network 10 of FIG 1 includes the workstations 14 and 16.
  • Each workstation includes a CPU 31, a main memory 32, and a bus system 33. Connected to the bus system 33 are a disk memory 34, a printer 35, and a display terminal 36.
  • Users of the computer system 12 can send electronic mail to and receive electronic mail from the workstations 14 and 16 via the telecommunications network 40 which illustratively is the public switched telephone network.
  • the computer system 12 and the workstations 14 and 16 include the modems 41, 42, and 43, respectively, for interfacing with the telecommunications network 40.
  • mail may be transmitted between the systems 12, 14, and 16 via another network such as Ethernet or the Arpa network.
  • an active or passive message may be generated at the workstation 14 by the user by typing on the keyboard associated with display terminal 36.
  • an active message may be generated automatically at the workstation 14 by an active mail generator 50.
  • the message to be sent is transmitted to the electronic mailer 52.
  • the mailer 52 then transmits a piece of electronic mail containing the message via modem 42 and the telecommunications network 40 to the computer system 12.
  • active messages are tagged with an active message header field.
  • the message arrives at the computer system 12 via the modem 41 (see FIG 1) and main memory 22 and is stored under the control of the CPU 21 in a file system of the intended recipient, which file system is maintained in the memory 24 or 25.
  • the programs which are executed when the recipient at the computer system 12 receives his/her mail are illustrated in FIG 2.
  • the first program which is executed by the recipient who wishes to read his/her mail is the mail reader 60 which for example is a conventional UNIX mail reader.
  • the mail reader 60 (which in order to be executed is resident in the main memory 22 of FIG 1) , fetches the recipient's messages from the file system memory 24 or 25 (see FIG 1) and stores the messages in the main memory 22.
  • the message is transmitted by the mail reader 60 to a display program 62 so that the message is displayed, for example, on the recipient display terminal which may be the display terminal 27 or 28.
  • a message is an active message as indicated by an active message header
  • the active message is transmitted by the mail reader 60 to the active message interpreter 70.
  • the active message interpreter 70 interprets the instructions contained in the active message by converting the instructions into machine language instructions which are executed by the CPU 21.
  • the active message instructions may include instructions for processing data and instructions for performing input/output operations. To prevent the recipient from experiencing a deprivation of resources from the execution of an active message, the active message interpreter can only execute a certain limited set of instructions.
  • the active messaging system and method of the present invention work best when the transmitter of an active message composes the active message from the instruction set of the interpreter 70 of FIG 2. If an active message contains instructions outside the instruction set of the interpreter, such instructions will not be executed and execution of the active message will be halted.
  • the instruction set of the interpreter 70 includes the instructions of a general purpose computer language such as LISP except for instructions relating to the input/output of data to and from various peripheral devices such as the memories 24, 25, the printer 26, and the display terminals 27 and 28.
  • the instruction set of the interpreter 70 also includes a set of instructions for accessing the peripheral devices in a manner which does not lead the recipient to experience a deprivation of computer resources.
  • the interpreter 70 can only execute instructions for accessing a special limited subdirectory of a recipient's file system. Files elsewhere in a recipient's file system simply do not exist as far as the interpreter 70 is concerned.
  • any files can be read.
  • Files can also be created subject to limitations on size and number. However, files cannot be deleted or overwritten.
  • a further restriction on file names involves the use of symbolic links.
  • users can create symbolic links that make files outside the special subdirectory for active messaging accessible through the special subdirectory.
  • the interpreter restricts symbolic links so that file names which follow symbolic links beyond a single step are not interpreted. That is, a user can create symbolic links to specific files outside the special active message subdirectory but entire directory structures cannot be made so readable.
  • the instruction set of the interpreter 70 of FIG 2 is limited so that there is a limit on the total number of bytes that may be written into the active message directory area of a recipient and a limit on the number of bytes that may be sent to a printer or other peripheral device to produce output.
  • a complete instruction set for an active messaging interpreter is based on the general purpose and widely available language known as LISP.
  • LISP general purpose and widely available language
  • the instruction set of the interpreter is derived from the instruction set of a general purpose computer language such as LISP. This makes the active messaging system highly portable over a wide variety of user interface platforms, operating systems, hardware environments and file systems.
  • FIG 3 is a flowchart which schematically illustrates the operation of the interpreter 70 of FIG 2.
  • Each instruction of an active message to be executed is fetched from a main memory (e.g. 22) associated with the CPU (e.g. 21) which executes the instruction (step 100 of FIG 3) .
  • the instructions comprising an active message are transferred from a file system to the main memory to be executed) .
  • a test is then made to determine if the fetched instruction is safe (step 110 of FIG 3) . This test is implemented by determining if the fetched instruction is in the instruction set of the interpreter. If the instruction is not in the instruction set, execution is halted (step 120) . If the instruction is in the instruction set, the instruction is executed (step 130) .
  • the step 110 may be implemented by means of a table lookup, i.e., to carry out the step 110, for each instruction in an active message, a table lookup is performed to see if the instruction is in the interpreter's instruction set. Note that an instruction may be outside the instruction set because an operator is excluded or because an operand is excluded such as in the case of an instruction which tries to output more than a predetermined number of bytes to a printer.
  • the execution step 130 usually involves converting the active message instructions to machine language instructions which are then executed by the CPU (e.g. 21) .
  • the execution step 130 may be implemented through use of a LISP engine, for example, ELI (Embedded LISP Interpreter) which is available for example from IBM.
  • LISP engine for example, ELI (Embedded LISP Interpreter) which is available for example from IBM.
  • the portion of the flowchart relating to this feature is designated by 200 in FIG 3.
  • an instruction which is not indicated as safe by the step 110 is subjected to a test (step 210) to determine if the instruction is potentially safe.
  • This test may be implemented through use of a second table lookup which contains a list of the potentially safe instructions.
  • a potentially safe instruction is an instruction which may be safe or unsafe depending on the specific operators and operands and depending on the specific circumstances of the message recipient. If an instruction fails the test 110 and the test 210, execution is terminated (step 120) . If an instruction fails the test 110 but the test 210 indicates that the instruction is potentially safe, the recipient is asked if he/she wants the instruction executed (step 220) . If the recipient desires the instruction to be executed, then control passes to step 130. If the recipient does not want the instruction executed, control passes to the step 120.
  • An example of an instruction which is potentially safe is an instruction for sending mail. Therefore, in accordance with an illustrative embodiment of the present invention, whenever an active message running in a recipient's computer environment tries to send mail, the recipient is told of this attempt and given an opportunity to inspect the mail and decide whether the mail should be sent. Without this restriction, it would be easy to create viruses, chain letters and other undesirable phenomena using active messaging.

Abstract

A computer system (12) for receiving active messages comprises a central processing unit (21) and peripheral devices (24, 25, 26, 27, 28) connected to the central processing unit, such as a file memory system (24, 25) for storing a file system of a recipient of the active message. The computer system includes an interpreter (70) for interpreting instructions contained in an active message to convert the instructions into machine instructions to be executed by said central processing unit. To prevent an active message from causing a deprivation of resources, the instruction set which is interpreted by the interpreter is limited. The interpreter interprets a subset of instructions of a general purpose computer language which does not relate to the inputting and outputting of data to and from peripheral devices. The interpreter interprets a set of input/output instructions which can only achieve limited access to the file system and which controls the amount of data which is transmitted to and from peripheral devices.

Description

ACTIVE MESSAGING SYSTEM
Field of the Invention Conventional electronic mail is in the form of a passive textual message that is created by an originator, transmitted to a recipient and read by the recipient. Any further actions must be initiated by the recipient. In contrast, an active message is a program which is created by an originator, transmitted to a recipient, and executed in the recipient's computer environment. The present invention relates to an active messaging system and method which enables a recipient to enjoy the benefits of active messaging while reducing the security threats posed by active messaging.
Background of the Invention
In the growing field of office systems, no system is considered complete unless it has an electronic mail facility. Currently available electronic mail systems allow passive messages to be composed and sent to other
users on the system or network. A passive message, i.e., a piece of text conveying some information, is created by a sender and shipped by electronic mail to one or more recipients. A passive message can only convey information, it cannot collect information. The task of a passive message is complete when it is read by a recipient.
In contrast to a passive message, an active message is a program that is run. It carries on a dialogue with a recipient, asking questions and collecting answers. The sender does not need to depend upon the recipient creating another passive message in response to some question, as this may be done by the active message itself. Conventional electronic mail messaging is static. The original sender specifies a list of recipients and the message is sent to exactly the destinations on that list.
In contrast, because an active message is a program, in the course of being run on behalf of one recipient, the active message may route itself to other recipients.
Active messaging can provide numerous benefits to users. One important use of active messaging is to implement a communal memory in which a user sends messages to potential "experts" to elicit answers to questions. If one potential expert does not know the answer, the active message will try to elicit the identities of additional potential experts and cause itself to be transmitted to these additional potential experts. When an expert who knows the answer is found, the active message causes the answer to be transmitted back to the original sender of the question.
Another important application of active messaging is to automate the most routine and annoying aspects of scheduling meetings or other current events. Currently, meetings are scheduled as a result of an extensive exchange of passive messages, e.g., "Can you meet on Tuesday at 3:00 PM?" "Tuesdays are bad for me, how about Wednesday morning?" "Wednesday morning is no good, how about the afternoon?" Such exchanges can be automated using active messaging. For example, an active message can make the rounds of all the participants who are supposed to attend a meeting. From each one, the active message collects one or more plausible dates and times for the meeting. The active message then sends a copy of itself, augmented with the collected data, to the next participant. Eventually, possibly after several iterations, the active message will find a date and time when all the participants can meet. The active message will then inform all the participants of this date and time.
Active messaging may also be utilized for paperwork automation. Many organizations have large numbers of routine processes that are handled by massive amounts of paperwork. A significant portion of such paperwork has to be routed through several organizational centers in sequence for approvals or other kinds of intermediate actions. Using active messaging, much of this processing could be automated. An active message can be received at one organizational center for asking a few questions to collect certain information. The active message then sends itself off to the next link in the organizational chain. For example, expense vouchers, purchase orders, and insurance claims can be processed in this manner.
A still further application of active messaging is the collection of information for opinion surveys.
While active messaging has many potential benefits, it is also evident that if active message programs are written in a sufficiently powerful language, enormous harm can result. For example, someone could send a message which deletes all the files of the recipient. Even more insidiously, one could create a mail based virus that could bring any computer network to its knees, simply by mailing out two copies of itself every time it is received by a recipient. Other dangers posed by active messaging include the deprivation of file resources as by overwriting existing files or by filling up the file system of a recipient with data, the deprivation of CPU time by transmitting an active message which takes a long time to execute, and the deprivation of I/O resources such as a printer by transmitting an active message which causes a large amount of material to be printed. In many cases, such dangers overwhelm any possible benefit that might be found in utilizing active messages. Therefore, in order for active messaging to become a useful reality, a system must be devised wherein the utilization of active messages cannot result in unacceptable damage to the active message recipients.
A variety of active messaging systems have previously been proposed. However, none of the prior systems have satisfactorily resolved the security problems resulting from active messaging. One active messaging system known as "R2D2" has no provisions for security (see, e.g., John Vittal, "Active Message Processing: Messages As Messengers", in Computer Message Systems, R.P. Uhlig, editor, North-Holland Publishing Company, 1981) . Another active messaging system is known as "imail" (see, e.g, John Hogg et al, "An Active Mail System", Proceedings of SIGMOD '84, Boston 1984). The "imail" system gains security from a rather crucial restriction. Active messages can only be exchanged among users of a single machine using specialized software.
Specialized active messaging functionality, i.e., a mail system that implements one or a few special cases of active messaging, such as return-receipt mail, requests for votes, and other specific types of active messages have also been developed. One example of such a specialized active messaging system is the "Andrew" system (see e.g., Borenstein, et al, "Architectural Issues in the Andrew Message Systems"; E. Stefferud et al, "Message Handling Systems and Distributed Applications"; and Borenstein et al, "Power, Ease of Use and Cooperative Work in a Practical Multimedia Message System", Int. J. Man-Machine Studies (1991) 34, pp. 229-259) . This type of system avoids problems in security by defining a very specialized syntax for a single kind of non-extensible active message. Therefore the capability of doing great harm, such as by deleting all of the recipients' files or by creating a virus, is not present in such systems. A more general system based on the specialized Andrew system is known as "Ness" (see e.g., W. Fred Hansen, "Enhancing Documents With Embedded Programs: How Ness Extends Insets in the Andrew Took Kit", Proceedings of IEEE Computer Society, 1990, International Conference in Computer Language, New Orleans, 1990) . "Ness" is probably the most powerful of the prior art active messaging systems, but it offers only a token solution to the security problem. When a recipient reads a message with a Ness program inside, the recipient is asked if he/she trusts the author of the program and is given the opportunity to read the code before executing it. Ness programs have the capability of doing great harm such as by deleting the recipient files. Thus if a recipient wrongly indicates trust, great harm can occur.
Finally, there is the Strudel system (see, e.g., Alan Shepherd et al, "Strudel - An Extensible Electronic Conversion Took Kit", Proceedings of CSCW '90, October 1990) . The Strudel system allows arbitrary LISP expressions to be sent through the mail so that Strudel is very powerful. However, because of this, Strudel also has the power to cause great harm.
In view of the foregoing, it is an object of the present invention to provide a general active messaging system which provides active message recipients with an acceptable level of security.
Summary of the Invention
In accordance with an illustrative embodiment of the present invention, a computer system for receiving and processing electronic mail in the form of active messages comprises a central processing unit and one or more peripheral devices connected to the central processing unit. The peripheral devices include for example a file memory system for storing a file system of a recipient of an active message. The peripheral devices also include input/output devices for interfacing the computer system with the outside world such as printers, display terminals, and interfaces with external networks. The computer system for processing active messages includes a mail reader for reading electronic mail received at the computer system via a communications channel. If the electronic mail contains only a passive message, the mail reader causes the passive message to be displayed for the recipient, for example, on the recipient's display terminal. The mail reader may also indicate that the received electronic mail comprises an active message in the form of a program which is made up of one more instructions to be executed by the central processing unit. In this case an interpreter is utilized to interpret the instructions contained in the active message so that the instructions may be executed by the central processing unit. The interpreter converts the instructions into machine language instructions for this purpose. Depending on the language in which the instructions are written, the instructions might be converted into machine language instructions by a compiler rather than an interpreter.
As indicated above, active messages pose a security threat to their recipients because they have the capability of depriving the recipient of computer resources. For example, an active message may access the file system of the recipient to delete or write over certain files, or simply write an extremely large amount of data into the file system. Similarly, an active message may cause the deprivation of CPU time by transmitting a program which takes a large amount of time to execute. Alternatively, the active message may deprive a recipient of an input/output resource such as a printer by causing a large amount of material to be printed. To eliminate such a deprivation of resources in accordance with the present invention, the interpreter can only interpret a limited set of instructions. If an active
Figure imgf000011_0001
- 9 -
message contains an instruction which is not in the instruction set of the interpreter, the instruction will not be executed by the central processing unit. In particular, the interpreter of the present invention can interpret the subset of a general purpose computer language such as LISP, which subset does not include instructions relating to the transmitting of data to or from the peripheral devices such as the file system memory and I/O devices. The interpreter of the present invention can also interpret a set of instructions to access the peripheral devices in a manner which does not cause a deprivation of resources. Thus, the interpreter can interpret instructions for accessing only a predetermined limited portion of the file system of the recipient of the active message. Within this predetermined portion of the recipient's file system, files can be read, new files can be created (subject to limitations on their size and number), but no files can be deleted or overwritten. The interpreter also places limitation on the number of bytes which can be transferred to a peripheral device by an instruction of an active message. In addition, there may also be a limit on the amount of execution time required for the instructions of an active message.
When constructed in the foregoing manner, an active messaging system provides a high level of generality for its users so that it may be utilized in a wide variety of applications, while protecting recipients against serious resource deprivation problems.
Brief D scri tion ς>f the rawjnq FIG 1 schematically illustrates a network in which active messages may be transmitted among users.
FIG 2 schematically illustrates the programs that are executed to transmit and receive active messages.
FIG 3 schematically illustrates an interpreter that may be utilized to interpret the instructions comprising active messages, in accordance with an illustrative embodiment of the present invention.
Detailed Description of the Invention FIG 1 illustrates a network 10 in which active messaging may be utilized by various users. The network 10 comprises the main frame system 12 and the workstations 14 and 16.
The main frame system 12 comprises a CPU 21 and a main program and data memory 22. The memory 22 stores programs being executed by the CPU 21 and is utilized in connection with the execution of these programs. The mainframe computer system 12 includes a number of peripheral devices which are connected to the CPU 21 and main memory 22 via the local area network 23. The peripheral devices include the memory systems 24 and 25. The memory systems 24 and 25 are illustratively implemented by magnetic disks and their - 11 -
associated drives. The memory systems 24 and 25 store the file systems of the various users of the mainframe computer system 12. Also connected to the local area network 23 are a plurality of I/O devices such as the printer 26 and the display terminals 27 and 28. Instead of the local area network 23, the elements comprising the main frame system 12 may be interconnected by a bus system or other interconnection medium.
In addition to comprising the mainframe computer system 12, the network 10 of FIG 1 includes the workstations 14 and 16. Each workstation includes a CPU 31, a main memory 32, and a bus system 33. Connected to the bus system 33 are a disk memory 34, a printer 35, and a display terminal 36. Users of the computer system 12 can send electronic mail to and receive electronic mail from the workstations 14 and 16 via the telecommunications network 40 which illustratively is the public switched telephone network. For this purpose, the computer system 12 and the workstations 14 and 16 include the modems 41, 42, and 43, respectively, for interfacing with the telecommunications network 40. It is also possible for one user of the computer system 12 to send mail to another user of the computer system 12 via the local area network 23 or bus or other interconnection medium. In addition, instead of utilizing the public switched telephone network, mail may be transmitted between the systems 12, 14, and 16 via another network such as Ethernet or the Arpa network.
Consider the example where the user of the workstation 14 wishes to send an electronic mail message to a recipient who is a user of the computer system 12. As shown in
FIG 2, an active or passive message may be generated at the workstation 14 by the user by typing on the keyboard associated with display terminal 36. Alternatively, an active message may be generated automatically at the workstation 14 by an active mail generator 50. In any of these cases, the message to be sent is transmitted to the electronic mailer 52. The mailer 52 then transmits a piece of electronic mail containing the message via modem 42 and the telecommunications network 40 to the computer system 12. In the case of the Internet electronic mail system (see David H. Crocker "Standard for the Format of Arpa Internet Text Messages," Network Information Center RFC #822 1982; Marvin A. Sirbu "Content-Type Header Field for Internet Messages", Network Information Center RFC #1049, 1988) , active messages are tagged with an active message header field.
The message arrives at the computer system 12 via the modem 41 (see FIG 1) and main memory 22 and is stored under the control of the CPU 21 in a file system of the intended recipient, which file system is maintained in the memory 24 or 25. The programs which are executed when the recipient at the computer system 12 receives his/her mail are illustrated in FIG 2. The first program which is executed by the recipient who wishes to read his/her mail is the mail reader 60 which for example is a conventional UNIX mail reader. In the instance of a passive message, the mail reader 60 (which in order to be executed is resident in the main memory 22 of FIG 1) , fetches the recipient's messages from the file system memory 24 or 25 (see FIG 1) and stores the messages in the main memory 22. As shown in FIG 2, the message is transmitted by the mail reader 60 to a display program 62 so that the message is displayed, for example, on the recipient display terminal which may be the display terminal 27 or 28. If a message is an active message as indicated by an active message header, the active message is transmitted by the mail reader 60 to the active message interpreter 70. The active message interpreter 70 interprets the instructions contained in the active message by converting the instructions into machine language instructions which are executed by the CPU 21. The active message instructions may include instructions for processing data and instructions for performing input/output operations. To prevent the recipient from experiencing a deprivation of resources from the execution of an active message, the active message interpreter can only execute a certain limited set of instructions. Thus, the active messaging system and method of the present invention work best when the transmitter of an active message composes the active message from the instruction set of the interpreter 70 of FIG 2. If an active message contains instructions outside the instruction set of the interpreter, such instructions will not be executed and execution of the active message will be halted.
The set of instructions which can be executed by the interpreter 70 of FIG 2 may be described as follows. Illustratively, the instruction set of the interpreter 70 includes the instructions of a general purpose computer language such as LISP except for instructions relating to the input/output of data to and from various peripheral devices such as the memories 24, 25, the printer 26, and the display terminals 27 and 28. The instruction set of the interpreter 70 also includes a set of instructions for accessing the peripheral devices in a manner which does not lead the recipient to experience a deprivation of computer resources. Thus, the interpreter 70 can only execute instructions for accessing a special limited subdirectory of a recipient's file system. Files elsewhere in a recipient's file system simply do not exist as far as the interpreter 70 is concerned. Within the limited file system that is accessible to active messages, any files can be read. Files can also be created subject to limitations on size and number. However, files cannot be deleted or overwritten. A further restriction on file names involves the use of symbolic links. On certain systems such as UNIX, users can create symbolic links that make files outside the special subdirectory for active messaging accessible through the special subdirectory. In some embodiments of the invention, the interpreter restricts symbolic links so that file names which follow symbolic links beyond a single step are not interpreted. That is, a user can create symbolic links to specific files outside the special active message subdirectory but entire directory structures cannot be made so readable.
In addition, the instruction set of the interpreter 70 of FIG 2 is limited so that there is a limit on the total number of bytes that may be written into the active message directory area of a recipient and a limit on the number of bytes that may be sent to a printer or other peripheral device to produce output.
A complete instruction set for an active messaging interpreter is based on the general purpose and widely available language known as LISP. In particular, to arrive at the instruction set starting with the instruction set of LISP, the subset of instructions not related to data input/output are chosen and a set of instructions related to input/output of data which will not cause a deprivation of resources are also included. It is a significant advantage of the active messaging system and method of the present invention that the instruction set of the interpreter is derived from the instruction set of a general purpose computer language such as LISP. This makes the active messaging system highly portable over a wide variety of user interface platforms, operating systems, hardware environments and file systems.
FIG 3 is a flowchart which schematically illustrates the operation of the interpreter 70 of FIG 2. Each instruction of an active message to be executed is fetched from a main memory (e.g. 22) associated with the CPU (e.g. 21) which executes the instruction (step 100 of FIG 3) . (As indicated previously, the instructions comprising an active message are transferred from a file system to the main memory to be executed) . A test is then made to determine if the fetched instruction is safe (step 110 of FIG 3) . This test is implemented by determining if the fetched instruction is in the instruction set of the interpreter. If the instruction is not in the instruction set, execution is halted (step 120) . If the instruction is in the instruction set, the instruction is executed (step 130) .
The step 110 may be implemented by means of a table lookup, i.e., to carry out the step 110, for each instruction in an active message, a table lookup is performed to see if the instruction is in the interpreter's instruction set. Note that an instruction may be outside the instruction set because an operator is excluded or because an operand is excluded such as in the case of an instruction which tries to output more than a predetermined number of bytes to a printer. The execution step 130 usually involves converting the active message instructions to machine language instructions which are then executed by the CPU (e.g. 21) . In the case where the instruction set is derived from the LISP language, the execution step 130 may be implemented through use of a LISP engine, for example, ELI (Embedded LISP Interpreter) which is available for example from IBM. After an instruction is executed (step 130) , a test is performed to determine if there are any instructions remaining in the message (step 140) . If so, control is returned to the step 100 and the next instruction is fetched from the main memory.
In some embodiments of the invention, it may be desirable to give a recipient of a message more control over whether or not certain instructions are or are not executed, i.e., for some instructions the recipient may be asked to state whether or not the instruction should be executed. The portion of the flowchart relating to this feature is designated by 200 in FIG 3.
In this case, an instruction which is not indicated as safe by the step 110, is subjected to a test (step 210) to determine if the instruction is potentially safe. This test may be implemented through use of a second table lookup which contains a list of the potentially safe instructions. A potentially safe instruction is an instruction which may be safe or unsafe depending on the specific operators and operands and depending on the specific circumstances of the message recipient. If an instruction fails the test 110 and the test 210, execution is terminated (step 120) . If an instruction fails the test 110 but the test 210 indicates that the instruction is potentially safe, the recipient is asked if he/she wants the instruction executed (step 220) . If the recipient desires the instruction to be executed, then control passes to step 130. If the recipient does not want the instruction executed, control passes to the step 120.
An example of an instruction which is potentially safe is an instruction for sending mail. Therefore, in accordance with an illustrative embodiment of the present invention, whenever an active message running in a recipient's computer environment tries to send mail, the recipient is told of this attempt and given an opportunity to inspect the mail and decide whether the mail should be sent. Without this restriction, it would be easy to create viruses, chain letters and other undesirable phenomena using active messaging.
In addition to the foregoing restrictions implemented by means of an interpreter, a limitation may be placed on the amount of CPU time which can be taken by an active message. While in some embodiments of the invention this limitation can be incorporated in the interpreter, when the UNIX operating system is utilized, it may be easier to implement this limitation directly through use of operating system facilities. In short, a method and system for carrying out active messaging is disclosed. The system and method enable a recipient to enjoy the many benefits of active messaging while reducing the security risks of active messaging. Finally, the above-described embodiments of the inventions are intended to be illustrative only. Numerous alternative embodiments may be devised by those skilled in the art without departing from the spirit and scope of the following claims.

Claims

1. A computer system for receiving and processing information containing an active message made up of instructions to be executed, said computer system comprising: a central processing unit and one or more peripheral devices connected to said central processing unit, means for receiving said information via a communications channel at said computer system, and converting means for determining if each instruction in said active message belongs to a predetermined set of instructions, for converting the instructions in said active message belonging to said set into a form suitable for execution by said central processing unit, and for inhibiting the execution of said instructions in said active message not belonging to said set, said predetermined set of instructions comprising an instruction set of a general purpose computer language but excluding instructions relating to the transfer of data to or from said one or more peripheral devices beyond predetermined limits.
2. The computer system of claim 1 wherein said converting means comprises an interpreter.
3. The computer system of claim 2 wherein said converting means comprises a compiler.
4. The system of claim 1 wherein one of said peripheral devices is a file system memory connected to said central processing unit for storing a file system of a recipient of said active message, and wherein said predetermined limits define a predetermined portion of said file system of said recipient, so that said predetermined instruction set includes instructions for accessing said predetermined file portion of said recipient and excludes instructions for accessing the remainder to the file system of said recipient.
5. The system of claim 4 wherein said predetermined set of instructions include instructions for reading any file in said predetermined portion of said file system of said recipient, instructions for creating new files of a predetermined size and number in said predetermined portion of said file system of said recipient, but excludes instructions for deleting files or overwriting existing files.
6. The system of claim 5 wherein said predetermined limits include a limit on the number of bytes which may be written into said predetermined portion of said file system of said recipient.
7. The system of claim 1 wherein said system includes means for limiting the execution of the instructions contained in said active message to a predetermined amount of central processing time.
8. The system of claim 1 wherein said predetermined set of instructions include an instruction for sending electronic mail.
9. The system of claim 8 wherein instructions for sending electronic mail is an instruction for sending electronic mail containing an active message.
10. The system of claim 4 wherein said predetermined set of instructions, include an instruction for accessing said file system of said recipient containing a one-step symbolic link.
11. A computer system for receiving and processing information containing an active message made up of instructions to be executed, said computer system comprising: a central processing unit and one or more peripheral devices connected to said central processing unit, means for receiving said information via a communications channel at said computer system, and an interpreter for determining if each instruction in said active message belongs to a predetermined set of instructions, for converting the instructions in said active message belonging to said set into a form suitable for execution by said central processing unit, and for inhibiting the execution of said instructions in said active message not belonging to said set. said predetermined set of instructions comprising an instruction set of general purpose computer language, but excluding instructions relating to the transfer of data to or from said peripheral devices beyond predetermined limits.
12. The system of claim 11 wherein said interpreter includes means for enabling a recipient of an active message to control whether selected instructions contained in the active message are executed.
13. A method for processing information containing an active message made up of instructions to be executed comprising the steps of receiving said active message at a computer system via a communications channel, translating said instructions in said active message which belong to a predetermined set of instructions into a form suitable for execution by a central processing unit forming part of said computer system, and inhibiting the execution of instructions contained in said active message not belonging to said set, said predetermined set of instructions comprising an instruction set of a general purpose computer language but excluding instructions relating to the transfer of data to or from one more peripheral devices connected to said central processing unit beyond predetermined limits. - Vt -
14. The method of claim 13 wherein said method includes the step of utilizing a table lookup to determine if an instruction in said active message belongs to said predetermined set of instructions.
PCT/US1992/000935 1991-05-24 1992-02-06 Active messaging system WO1992022033A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US70518891A 1991-05-24 1991-05-24
US705,188 1991-05-24

Publications (1)

Publication Number Publication Date
WO1992022033A1 true WO1992022033A1 (en) 1992-12-10

Family

ID=24832411

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1992/000935 WO1992022033A1 (en) 1991-05-24 1992-02-06 Active messaging system

Country Status (1)

Country Link
WO (1) WO1992022033A1 (en)

Cited By (23)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP0669733A2 (en) * 1994-02-28 1995-08-30 AT&T Corp. Network agents
WO1996018257A2 (en) * 1994-12-02 1996-06-13 Xcellenet, Inc. Systems and methods for work assignment and distribution from a server to remote/mobile nodes
WO1996019064A2 (en) * 1994-12-16 1996-06-20 Xcellenet, Inc. Systems and methods for automatically sharing information among remote/mobile nodes
EP0776112A2 (en) * 1995-10-26 1997-05-28 Sun Microsystems, Inc. Secure network protocol system and method
WO1998051051A1 (en) * 1997-05-02 1998-11-12 Telefonaktiebolaget Lm Ericsson (Publ) Communication system for electronic messages
EP0909068A1 (en) * 1997-10-13 1999-04-14 X-Way Rights B.V. Method and apparatus for structured communication
EP1003307A2 (en) * 1998-11-17 2000-05-24 Ricoh Company Method and system for communicating with a device attached to a computer using electronic mail messages
WO2001026004A2 (en) * 1999-10-04 2001-04-12 Kana Communications, Inc. Method and apparatus for interprocess messaging and its use for automatically generating transactional email
WO2001052161A2 (en) * 2000-01-07 2001-07-19 Multicity.Com, Inc. System and method for establishing an on-line discussion group
WO2001077873A2 (en) * 2000-04-11 2001-10-18 Symantec Corporation Methods and apparatuses for updating mobile computer location configuration settings
FR2809901A1 (en) * 2000-06-05 2001-12-07 Sekoya Method of transmitting message between computers connected via Internet of Intranet by inserting executable message processing instruction, for processing headline by processing package in second computer
EP1163568A2 (en) * 1998-11-30 2001-12-19 Microsoft Corporation System, method, and computer program product for workflow processing using internet interoperable electronic messaging with mime multipart content type
WO2002013074A1 (en) * 2000-08-03 2002-02-14 Freund Klaus Karl Josef Method for information transfer via active electronic mail
EP1182834A2 (en) * 2000-08-24 2002-02-27 Sony Corporation Method and device for electronic mail
EP1182819A1 (en) * 2000-08-23 2002-02-27 Sony International (Europe) GmbH Home network controlling via e-mails
US6473812B2 (en) 1995-06-05 2002-10-29 Ricoh Company, Ltd. System using internet email for communicating status information from business office printing device when it is in normal operating condition
EP1271377A2 (en) * 2001-06-22 2003-01-02 Xerox Corporation Method, system and article of manufacture for accessing computational resources through electronic messages
EP1294128A1 (en) * 2001-09-17 2003-03-19 Ricoh Company Remote monitoring of network devices by means of e-mail messages
US6631247B1 (en) 1999-09-29 2003-10-07 Ricoh Co., Ltd. Method and system for remote diagnostic, control and information collection based on various communication modes for sending messages to a resource manager
EP1303090A3 (en) * 2001-10-09 2006-01-18 Siemens Aktiengesellschaft Data transmission method
WO2008021735A1 (en) * 2006-08-07 2008-02-21 Qualcomm Incorporated Method and device for electronic mail
US7516193B2 (en) 1998-11-17 2009-04-07 Ricoh Company, Ltd. Method and system for diagnosing, collecting information and servicing a remote system
US7620717B2 (en) 2003-09-12 2009-11-17 Ricoh Co., Ltd. Method and system for remote diagnostic, control and information collection based on various communication modes for sending messages to a resource manager

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4503499A (en) * 1982-09-14 1985-03-05 Eaton Corporation Controlled work flow system
US4539638A (en) * 1979-01-04 1985-09-03 Evans & Sutherland Computer Corp. Command language system for interactive computer
US4825354A (en) * 1985-11-12 1989-04-25 American Telephone And Telegraph Company, At&T Bell Laboratories Method of file access in a distributed processing computer network
US4962532A (en) * 1988-12-22 1990-10-09 Ibm Corporation Method for providing notification of classified electronic message delivery restriction
US5093918A (en) * 1988-12-22 1992-03-03 International Business Machines Corporation System using independent attribute lists to show status of shared mail object among respective users
US5111390A (en) * 1988-08-22 1992-05-05 Unisys Corporation Software security system for maintaining integrity of compiled object code by restricting users ability to define compilers
US5125075A (en) * 1987-09-08 1992-06-23 Wang Laboratories, Inc. System for circulating serially an electronic, non-interchangeable unique, route package from sender to selected recipients

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4539638A (en) * 1979-01-04 1985-09-03 Evans & Sutherland Computer Corp. Command language system for interactive computer
US4503499A (en) * 1982-09-14 1985-03-05 Eaton Corporation Controlled work flow system
US4825354A (en) * 1985-11-12 1989-04-25 American Telephone And Telegraph Company, At&T Bell Laboratories Method of file access in a distributed processing computer network
US5125075A (en) * 1987-09-08 1992-06-23 Wang Laboratories, Inc. System for circulating serially an electronic, non-interchangeable unique, route package from sender to selected recipients
US5111390A (en) * 1988-08-22 1992-05-05 Unisys Corporation Software security system for maintaining integrity of compiled object code by restricting users ability to define compilers
US4962532A (en) * 1988-12-22 1990-10-09 Ibm Corporation Method for providing notification of classified electronic message delivery restriction
US5093918A (en) * 1988-12-22 1992-03-03 International Business Machines Corporation System using independent attribute lists to show status of shared mail object among respective users

Non-Patent Citations (3)

* Cited by examiner, † Cited by third party
Title
PROC. OF IEEE COMPUTER SOCIETY, 04 January 1990, HANSEN, "Enhancing Documents with Embedded Programs: How Ness Extends Insets in the Andrew Tool Kit", pages 1-20. *
PROCEEDINGS OF CSCW, July 1990, SHEPHERD et al., "Strudelan Extensible Electronic Conversion Tool Kit", pages 1-15. *
PROCEEDINGS OF SIGMOD, 1984, JOHN HOGG et al., "An Active Mail System", pages 215-222. *

Cited By (73)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9106522B2 (en) 1987-05-07 2015-08-11 Ricoh Company, Ltd. Method and system for remote diagnostic, control, and information collection based upon a connection or connectionless communication method for sending messages to the resource manager
US8949417B2 (en) 1987-05-07 2015-02-03 Ricoh Co., Ltd. Method and system for remote diagnostic, control, and information collection based upon a connection or connectionless communication method for sending messages to the resource manager
EP0669733A2 (en) * 1994-02-28 1995-08-30 AT&T Corp. Network agents
EP0669733A3 (en) * 1994-02-28 1996-02-07 At & T Corp Network agents.
US5680548A (en) * 1994-12-02 1997-10-21 Xcellenet, Inc. Systems and methods for work assignment and distribution from a server to remote/mobile nodes
WO1996018257A3 (en) * 1994-12-02 1996-08-22 Xcellenet Inc Systems and methods for work assignment and distribution from a server to remote/mobile nodes
US5887141A (en) * 1994-12-02 1999-03-23 Xcellenet, Inc. Systems for work assignment and distribution from a server to remote/mobile nodes by a hierarchy of session work objects into which events can be assigned
WO1996018257A2 (en) * 1994-12-02 1996-06-13 Xcellenet, Inc. Systems and methods for work assignment and distribution from a server to remote/mobile nodes
WO1996019064A3 (en) * 1994-12-16 1996-09-06 Xcellenet Inc Systems and methods for automatically sharing information among remote/mobile nodes
US5664207A (en) * 1994-12-16 1997-09-02 Xcellenet, Inc. Systems and methods for automatically sharing information among remote/mobile nodes
GB2310982A (en) * 1994-12-16 1997-09-10 Xcellenet Inc Systems and methods for automatically sharing information among remote/mobile nodes
GB2310982B (en) * 1994-12-16 1999-11-10 Xcellenet Inc Systems and methods for automatically sharing information among remote/mobile nodes
US5819274A (en) * 1994-12-16 1998-10-06 Xcellenet, Inc. Methods, systems and computer program products for transferring files from a data processing server to a remote/mobile data processing node
WO1996019064A2 (en) * 1994-12-16 1996-06-20 Xcellenet, Inc. Systems and methods for automatically sharing information among remote/mobile nodes
US7451247B2 (en) 1995-06-05 2008-11-11 Ricoh Company, Ltd. System using internet application for monitoring image-forming device and sharing device information among departments
US7480249B2 (en) 1995-06-05 2009-01-20 Ricoh Americas Corporation System uses Internet electronic mail for requesting status of a monitored device from a monitoring device
US6889263B2 (en) 1995-06-05 2005-05-03 Ricoh Company, Ltd. System uses internet electronic mail for requesting status of a monitored device from a monitoring device
US6928493B2 (en) 1995-06-05 2005-08-09 Ricoh Company, Ltd. System using internet electronic mail for communicating status of a monitored device to a monitoring device
US6970952B2 (en) 1995-06-05 2005-11-29 Ricoh Company, Ltd. System uses internet electronic mail for communicating status of a monitored device to a monitoring device
US7120707B2 (en) 1995-06-05 2006-10-10 Ricoh Company, Ltd. System using Internet electronic mail for communicating status of a monitored device to a monitoring device
US6473812B2 (en) 1995-06-05 2002-10-29 Ricoh Company, Ltd. System using internet email for communicating status information from business office printing device when it is in normal operating condition
US7194560B2 (en) 1995-06-05 2007-03-20 Ricoh Company, Ltd. System uses internet electronic mail for communicating status of a printing device to a remote computer
US7447809B2 (en) 1995-06-05 2008-11-04 Ricoh Company, Ltd. System using internet application for monitoring metering device and sharing metering information among departments
US7457889B2 (en) 1995-06-05 2008-11-25 Ricoh Company, Ltd. System using an internet application for monitoring an image-forming device
EP0776112A3 (en) * 1995-10-26 2001-06-20 Sun Microsystems, Inc. Secure network protocol system and method
EP0776112A2 (en) * 1995-10-26 1997-05-28 Sun Microsystems, Inc. Secure network protocol system and method
US6275849B1 (en) 1997-05-02 2001-08-14 Telefonaktiebolaget Lm Ericsson (Publ) Communication system for electronic messages
WO1998051051A1 (en) * 1997-05-02 1998-11-12 Telefonaktiebolaget Lm Ericsson (Publ) Communication system for electronic messages
EP0909068A1 (en) * 1997-10-13 1999-04-14 X-Way Rights B.V. Method and apparatus for structured communication
US6880016B1 (en) 1997-10-13 2005-04-12 X-Way Rights B.V. Method and apparatus for structured communication
WO1999020025A2 (en) * 1997-10-13 1999-04-22 X-Way Rights B.V. Method and apparatus for structured communication
AU729456B2 (en) * 1997-10-13 2001-02-01 X-Way Rights B.V. Method of object oriented point-to-point communication and communication apparatus for carrying out such a method
WO1999020025A3 (en) * 1997-10-13 1999-09-30 X Way Rights B V Method and apparatus for structured communication
EP1003307A3 (en) * 1998-11-17 2001-04-04 Ricoh Company Method and system for communicating with a device attached to a computer using electronic mail messages
US7516193B2 (en) 1998-11-17 2009-04-07 Ricoh Company, Ltd. Method and system for diagnosing, collecting information and servicing a remote system
US7428575B1 (en) 1998-11-17 2008-09-23 Ricoh Company, Ltd. Method and system for communicating with a device attached to a computer using electronic mail messages
EP1003307A2 (en) * 1998-11-17 2000-05-24 Ricoh Company Method and system for communicating with a device attached to a computer using electronic mail messages
EP1163568A4 (en) * 1998-11-30 2005-08-17 Microsoft Corp System, method, and computer program product for workflow processing using internet interoperable electronic messaging with mime multipart content type
EP1163568A2 (en) * 1998-11-30 2001-12-19 Microsoft Corporation System, method, and computer program product for workflow processing using internet interoperable electronic messaging with mime multipart content type
US7293081B2 (en) 1999-09-29 2007-11-06 Ricoh Co., Ltd. Method and system for remote diagnostic, control and information collection based on various communication modes for sending messages to a resource manager
US8676957B2 (en) 1999-09-29 2014-03-18 Ricoh Co., Ltd. Method and system for remote diagnostic, control, and information collection based upon a connection or connectionless communication method for sending messages to the resource manager
US6631247B1 (en) 1999-09-29 2003-10-07 Ricoh Co., Ltd. Method and system for remote diagnostic, control and information collection based on various communication modes for sending messages to a resource manager
US7383359B2 (en) 1999-09-29 2008-06-03 Ricoh Co., Ltd. Method and system for remote diagnostic, control and information collection based on various communication modes for sending messages to a resource manager
US7945700B2 (en) 1999-09-29 2011-05-17 Ricoh Co., Ltd. Method and system for remote diagnostic, control and information collection based on various communication modes for sending messages to a resource manager
US7801977B2 (en) 1999-09-29 2010-09-21 Ricoh Co., Ltd. Method and system for remote diagnostic, control and information collection based on various communication modes for sending messages to a resource manager
WO2001026004A3 (en) * 1999-10-04 2001-11-29 Kana Communications Inc Method and apparatus for interprocess messaging and its use for automatically generating transactional email
WO2001026004A2 (en) * 1999-10-04 2001-04-12 Kana Communications, Inc. Method and apparatus for interprocess messaging and its use for automatically generating transactional email
WO2001052161A2 (en) * 2000-01-07 2001-07-19 Multicity.Com, Inc. System and method for establishing an on-line discussion group
WO2001052161A3 (en) * 2000-01-07 2003-01-16 Multicity Com Inc System and method for establishing an on-line discussion group
WO2001077873A2 (en) * 2000-04-11 2001-10-18 Symantec Corporation Methods and apparatuses for updating mobile computer location configuration settings
US6922723B1 (en) 2000-04-11 2005-07-26 Symantec Corporation Methods and apparatuses for updating mobile computer location configuration settings
WO2001077873A3 (en) * 2000-04-11 2002-07-25 Symantec Corp Methods and apparatuses for updating mobile computer location configuration settings
US7103632B2 (en) 2000-06-05 2006-09-05 Kanari World Method of transmitting messages between two computers connected to a network and corresponding messaging system
FR2809901A1 (en) * 2000-06-05 2001-12-07 Sekoya Method of transmitting message between computers connected via Internet of Intranet by inserting executable message processing instruction, for processing headline by processing package in second computer
WO2001095577A1 (en) * 2000-06-05 2001-12-13 Kanari World Method for transmitting messages between two computers connected to a network and corresponding messaging system
WO2002013074A1 (en) * 2000-08-03 2002-02-14 Freund Klaus Karl Josef Method for information transfer via active electronic mail
USRE44561E1 (en) 2000-08-23 2013-10-22 Sony Deutschland Gmbh System using home gateway to analyze information received in an email message for controlling devices connected in a home network
EP1729445A1 (en) * 2000-08-23 2006-12-06 Sony Deutschland GmbH Method for remotely controlling a device
EP1182819A1 (en) * 2000-08-23 2002-02-27 Sony International (Europe) GmbH Home network controlling via e-mails
USRE42104E1 (en) 2000-08-23 2011-02-01 Sony Deutschland Gmbh System using home gateway to analyze information received in an email message for controlling devices connected in a home network
US6738820B2 (en) 2000-08-23 2004-05-18 Sony International (Europe) Gmbh System using home gateway to analyze information received in an email message for controlling devices connected in a home network
US7016940B2 (en) 2000-08-24 2006-03-21 Sony Corporation Receiving apparatus and method, sending apparatus and method, recording medium, and communication system
EP1182834A3 (en) * 2000-08-24 2003-08-06 Sony Corporation Method and device for electronic mail
EP1182834A2 (en) * 2000-08-24 2002-02-27 Sony Corporation Method and device for electronic mail
EP1271377A2 (en) * 2001-06-22 2003-01-02 Xerox Corporation Method, system and article of manufacture for accessing computational resources through electronic messages
US7165093B2 (en) 2001-06-22 2007-01-16 Xerox Corporation Active electronic messaging system
EP1271377A3 (en) * 2001-06-22 2004-05-06 Xerox Corporation Method, system and article of manufacture for accessing computational resources through electronic messages
US7302469B2 (en) 2001-09-17 2007-11-27 Ricoh Company, Ltd. System, method, and computer program product for transferring remote device support data to a monitor using e-mail
EP1294128A1 (en) * 2001-09-17 2003-03-19 Ricoh Company Remote monitoring of network devices by means of e-mail messages
EP1303090A3 (en) * 2001-10-09 2006-01-18 Siemens Aktiengesellschaft Data transmission method
US7620717B2 (en) 2003-09-12 2009-11-17 Ricoh Co., Ltd. Method and system for remote diagnostic, control and information collection based on various communication modes for sending messages to a resource manager
US8243731B2 (en) 2006-08-07 2012-08-14 Qualcomm Incorporated Apparatus and methods for code-enhanced messaging
WO2008021735A1 (en) * 2006-08-07 2008-02-21 Qualcomm Incorporated Method and device for electronic mail

Similar Documents

Publication Publication Date Title
WO1992022033A1 (en) Active messaging system
US6880016B1 (en) Method and apparatus for structured communication
US7130885B2 (en) Methods and apparatus providing electronic messages that are linked and aggregated
EP0565314B1 (en) Method for signing travelling programs
CA1318040C (en) Electronic mail follow-up system
Lamming et al. Satchel: providing access to any document, any time, anywhere
JP5003271B2 (en) Method and program for showing an electronic communication document in which a copy of the electronic communication document is stored to a related person, and a method and system for showing to at least one of a related person and a contributor that the electronic communication document is stored And equipment
US7047248B1 (en) Data processing system and method for archiving and accessing electronic messages
US6275848B1 (en) Method and apparatus for automated referencing of electronic information
US20230259247A1 (en) Data entry for an application
US20020107930A1 (en) Method of setting destinations of electronic mail
US20030105816A1 (en) System and method for real-time multi-directional file-based data streaming editor
US20040085355A1 (en) Collaborative contract management system, apparatus and method
US20040119740A1 (en) Methods and apparatus for displaying and replying to electronic messages
US20080255918A1 (en) Ontological representation of knowledge
WO2001077816A2 (en) System and method for real-time multi-directional file-based data streaming editor
CN102842094A (en) Server, inter-business enterprise information control method and computer program
Davis et al. Communications technologies for the extended enterprise
CN111641548B (en) Method, device and system for processing enterprise collaborative office mails
US10951568B2 (en) Methods and systems for processing electronic messages
JP2511104B2 (en) Access right control method for electronic mail
Kwok et al. An automatic electronic contract document signing system in a secure environment
Schnalke This thesis was handed in on February 9, 2009
Jirón Distributed services on a LocalNet 20 network
Dailey IT-an active message extension to the UNIX mailx command

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): CA JP

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): AT BE CH DE DK ES FR GB GR IT LU MC NL SE

NENP Non-entry into the national phase

Ref country code: CA