Abstract: A computerized method of managing a computer remote session operation, comprising providing a server for hosting application execution; configuring a number of predefined user accounts with low security permissions on said server, where said user accounts are not tied to any specific real user; Whenever a remote user requests to start a remote session, finding an available user account not currently in use on said computer, allocating it for the remote session and marking it as unavailable for subsequent session requests; Generating a one-time password for said user account; Communicating the assigned user account identifier and temporary password to client component on the user's side, either directly or through an intermediate broker; causing the client component to connect to the server using said user account identifier and temporary password; and, upon termination of the remote session, deleting the assigned user account's data and marking it as available again.

Abstract: A computerized method of managing a computer remote session operation, comprising providing a server for hosting application execution; configuring a number of predefined user accounts with low security permissions on said server, where said user accounts are not tied to any specific real user; Whenever a remote user requests to start a remote session, finding an available user account not currently in use on said computer, allocating it for the remote session and marking it as unavailable for subsequent session requests; Generating a one-time password for said user account; Communicating the assigned user account identifier and temporary password to client component on the user's side, either directly or through an intermediate broker; causing the client component to connect to the server using said user account identifier and temporary password; and, upon termination of the remote session, deleting the assigned user account's data and marking it as available again.

Abstract: A computerized method of managing a computer remote session operation, comprising providing a server for hosting application execution; configuring a number of predefined user accounts with low security permissions on said server, where said user accounts are not tied to any specific real user; Whenever a remote user requests to start a remote session, finding an available user account not currently in use on said computer, allocating it for the remote session and marking it as unavailable for subsequent session requests; Generating a one-time password for said user account; Communicating the assigned user account identifier and temporary password to client component on the user's side, either directly or through an intermediate broker; causing the client component to connect to the server using said user account identifier and temporary password; and, upon termination of the remote session, deleting the assigned user account's data and marking it as available again.

Abstract: A computerized method of managing a computer remote session operation, comprising providing a server for hosting application execution; configuring a number of predefined user accounts with low security permissions on said server, where said user accounts are not tied to any specific real user; Whenever a remote user requests to start a remote session, finding an available user account not currently in use on said computer, allocating it for the remote session and marking it as unavailable for subsequent session requests; Generating a one-time password for said user account; Communicating the assigned user account identifier and temporary password to client component on the user's side, either directly or through an intermediate broker, causing the client component to connect to the server using said user account identifier and temporary password; and, upon termination of the remote session, deleting the assigned user account's data and marking it as available again.

Abstract: A computerized method of managing a computer remote session operation, comprising providing a server for hosting application execution; configuring a number of predefined user accounts with low security permissions on said server, where said user accounts are not tied to any specific real user; Whenever a remote user requests to start a remote session, finding an available user account not currently in use on said computer, allocating it for the remote session and marking it as unavailable for subsequent session requests; Generating a one-time password for said user account; Communicating the assigned user account identifier and temporary password to client component on the user's side, either directly or through an intermediate broker, causing the client component to connect to the server using said user account identifier and temporary password; and, upon termination of the remote session, deleting the assigned user account's data and marking it as available again.

Abstract: A computerized method of managing a computer remote session operation, comprising providing a server for hosting application execution; configuring a number of predefined user accounts with low security permissions on said server, where said user accounts are not tied to any specific real user; Whenever a remote user requests to start a remote session, finding an available user account not currently in use on said computer, allocating it for the remote session and marking it as unavailable for subsequent session requests; Generating a one-time password for said user account; Communicating the assigned user account identifier and temporary password to client component on the user's side, either directly or through an intermediate broker, causing the client component to connect to the server using said user account identifier and temporary password; and, upon termination of the remote session, deleting the assigned user account's data and marking it as available again.

Abstract: A secure computing environment that prevents malicious code from “illegitimately” interacting with programs and data residing on the computing platform. While the various embodiments restrict certain programs to operate in a virtualized environment, such operation is transparent to the user from the operational point of view. Moreover, any program operating in the virtualized environment is made to believe that it has full access to all of the computing resources. To prevent a user from unknowingly or inadvertently allowing the program to adversely affect the computer, the user is also presented with “feel” that the program is able to perform all operations in the computing environment.

Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. When an object is classified as untrusted, it can interact with other object within the system on a limited basis. A virtualized system is provided on the computer so that when the untrusted object attempts to perform an operation that is outside its scope of authorization, the virtualized system intercepts the operation but present the untrusted program with an indication that the requested operation has been performed. The method further includes processes to securely move a program from an untrusted group to a trusted group.

Abstract: A secure computing environment that prevents malicious code from “illegitimately” interacting with programs and data residing on the computing platform. While the various embodiments restrict certain programs to operate in a virtualized environment, such operation is transparent to the user from the operational point of view. Moreover, any program operating in the virtualized environment is made to believe that it has full access to all of the computing resources. To prevent a user from unknowingly or inadvertently allowing the program to adversely affect the computer, the user is also presented with “feel” that the program is able to perform all operations in the computing environment.

Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. When an object is classified as untrusted, it can interact with other object within the system on a limited basis. A virtualized system is provided on the computer so that when the untrusted object attempts to perform an operation that is outside its scope of authorization, the virtualized system intercepts the operation but present the untrusted program with an indication that the requested operation has been performed. The method further includes processes to securely move a program from an untrusted group to a trusted group.

Abstract: A secure computing environment that prevents malicious code from “illegitimately” interacting with programs and data residing on the computing platform. While the various embodiments restrict certain programs to operate in a virtualized environment, such operation is transparent to the user from the operational point of view. Moreover, any program operating in the virtualized environment is made to believe that it has full access to all of the computing resources. To prevent a user from unknowingly or inadvertently allowing the program to adversely affect the computer, the user is also presented with “feel” that the program is able to perform all operations in the computing environment.

Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. When an object is classified as untrusted, it can interact with other object within the system on a limited basis. A virtualized system is provided on the computer so that when the untrusted object attempts to perform an operation that is outside its scope of authorization, the virtualized system intercepts the operation but present the untrusted program with an indication that the requested operation has been performed. The method further includes processes to securely move a program from an untrusted group to a trusted group.

Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. When an object is classified as untrusted, it can interact with other object within the system on a limited basis. A virtualized system is provided on the computer so that when the untrusted object attempts to perform an operation that is outside its scope of authorization, the virtualized system intercepts the operation but present the untrusted program with an indication that the requested operation has been performed. The method further includes processes to securely move a program from an untrusted group to a trusted group.

Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. When an object is classified as untrusted, it can interact with other object within the system on a limited basis. A virtualized system is provided on the computer so that when the untrusted object attempts to perform an operation that is outside its scope of authorization, the virtualized system intercepts the operation but present the untrusted program with an indication that the requested operation has been performed. The method further includes processes to securely move a program from an untrusted group to a trusted group.

Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. When an object is classified as untrusted, it can interact with other object within the system on a limited basis. A virtualized system is provided on the computer so that when the untrusted object attempts to perform an operation that is outside its scope of authorization, the virtualized system intercepts the operation but present the untrusted program with an indication that the requested operation has been performed. The method further includes processes to securely move a program from an untrusted group to a trusted group.

Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. When an object is classified as untrusted, it can interact with other object within the system on a limited basis. A virtualized system is provided on the computer so that when the untrusted object attempts to perform an operation that is outside its scope of authorization, the virtualized system intercepts the operation but present the untrusted program with an indication that the requested operation has been performed. The method further includes processes to securely move a program from an untrusted group to a trusted group.

Abstract: A secure computing environment that prevents malicious code from “illegitimately” interacting with programs and data residing on the computing platform. While the various embodiments restrict certain programs to operate in a virtualized environment, such operation is transparent to the user from the operational point of view. Moreover, any program operating in the virtualized environment is made to believe that it has full access to all of the computing resources. To prevent a user from unknowingly or inadvertently allowing the program to adversely affect the computer, the user is also presented with “feel” that the program is able to perform all operations in the computing environment.

Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. When an object is classified as untrusted, it can interact with other object within the system on a limited basis. A virtualized system is provided on the computer so that when the untrusted object attempts to perform an operation that is outside its scope of authorization, the virtualized system intercepts the operation but present the untrusted program with an indication that the requested operation has been performed. The method further includes processes to securely move a program from an untrusted group to a trusted group.

Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. When an object is classified as untrusted, it can interact with other object within the system on a limited basis. A virtualized system is provided on the computer so that when the untrusted object attempts to perform an operation that is outside its scope of authorization, the virtualized system intercepts the operation but present the untrusted program with an indication that the requested operation has been performed. The method further includes processes to securely move a program from an untrusted group to a trusted group.

Abstract: A method that protects computer data from untrusted programs. Each computer's object and process is assigned with trust attributes, which define the way it can interact with other objects within the system. The trust attributes are defined hierarchically so that processes cannot access objects with higher trust levels than themselves. When accessing objects with lower trust levels, processes can see their trust levels lowered to that of the object accessed. The interaction between processes and objects of different levels is entirely programmable.