[go: up one dir, main page]

WO1999036848A1 - Procede securise pour examens - Google Patents

Procede securise pour examens Download PDF

Info

Publication number
WO1999036848A1
WO1999036848A1 PCT/US1999/000481 US9900481W WO9936848A1 WO 1999036848 A1 WO1999036848 A1 WO 1999036848A1 US 9900481 W US9900481 W US 9900481W WO 9936848 A1 WO9936848 A1 WO 9936848A1
Authority
WO
WIPO (PCT)
Prior art keywords
user input
instructions
computer
application
unauthorized
Prior art date
Application number
PCT/US1999/000481
Other languages
English (en)
Inventor
William K. Storage
Adam M. Wasserman
Original Assignee
Examsoft Worldwide, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Examsoft Worldwide, Inc. filed Critical Examsoft Worldwide, Inc.
Priority to AU23140/99A priority Critical patent/AU2314099A/en
Publication of WO1999036848A1 publication Critical patent/WO1999036848A1/fr

Links

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/52Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
    • G06F21/53Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow by executing in a restricted environment, e.g. sandbox or secure virtual machine
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2101Auditing as a secondary aspect

Definitions

  • the present invention relates generally to the field of computer security .and more particularly to computer software for restricting access to a computer's stored data and applications for the purpose of giving secure exams.
  • Portable and desktop computers equipped with word processing software have become the primary tool for preparing written material.
  • concerns about security have severely curtailed their use.
  • computer use in test taking environments have typically required the use of dedicated computers to ensure that unauthorized data or programs are not present. Needless to say, supplying a dedicated computer to each student desiring one when taking a test represents a significant if not insurmountable expense. Accordingly, what has been needed is a method to allow the use of a personal computer to prepare answers to an exam while preventing access to unauthorized programs and data that might be stored in the computer. This invention satisfies these and other needs.
  • the present invention comprises a method and system for preventing access to data and programs stored by a computer while allowing the computer to execute a desired application, comprising the steps of, and executable instructions for, closing unauthorized programs, filtering user commands to prevent unauthorized access to files stored on the computer, and allowing filtered user input to the desired application.
  • the filtered user input is periodically saved and updated.
  • the application for the closing and filtering steps resides on a floppy disk to enhance the security of the system, although alternative embodiments allow for execution independent of floppy disks. Native features of the computer's operating system are accessed to filter, and if necessary, modify, commands entered by the user to create a secure computing environment.
  • the only file that is active and accessible is the one created by the user in response to the desired application.
  • a number of additional security measures may be implemented, including encrypting files, recording system events and securely deleting files.
  • the invention is used to administer an examination.
  • FIG. 1 is a schematic representation of a computer system useful in the practice of the present invention.
  • FIG. 2 is a flowchart showing the primary steps in the methods of the present invention.
  • a typical computer system useful in the practice of this invention generally comprises a central processing unit (CPU) 10, having volatile and nonvolatile memory 12 as well as recordable storage such as a hard drive 14 and a floppy disk drive 16.
  • the user input devices include a keyboard 18 and a pointing device, such as a mouse 20.
  • Other input devices may also be used including a graphics tablet or a microphone in conjunction with voice recognition software.
  • the computer system also comprises a display 22 and, optionally, other output devices such as speakers, printers and the like.
  • CPU 10 may also be connected to a network (not shown).
  • the invention has been designed to eliminate academic dishonesty by taking control of an operating system through execution of a software program that locks out access to applications, macros, files, programmed key commands and networked files stored in computer-readable media.
  • any file, application or data, that could be used to gain an unfair advantage in taking an exam should be considered unauthorized and access to that file should be restricted.
  • computer-readable media refers to any storage device for computer-readable data, including non-volatile memory such as hard disk drives, floppy disk drives, ROM, writable or read-only CD-ROMs, DVD drives, tape drives, PC cards and the like and volatile memory such as RAM.
  • the materials secured by this invention may also be stored in computer-readable media available over a LAN or WAN, accessible via a modem, an Ethernet link, or any other network connection. Access to all of these sources of data and applications is completely restricted.
  • the exam answer is preferably recorded to a specially created exam file using the exam application's own easy to use word processor.
  • the present invention capitalizes on the fact that most modern operating systems prevent programs from directly interacting with peripherals such as the display, keyboard and mouse by providing interfaces for such services. Programs therefore communicate indirectly with the screen, keyboard, and mouse through these defined interfaces using information packages known as messages.
  • the invention filters these messages to prevent the user from accessing unauthorized data or programs.
  • the invention employs a compiled 16 or 32-bit executable file designed for the Microsoft Windows 3.x, Windows 9x or Windows NT (all of which are federally registered and recognized trademarks of Microsoft, Inc.) operating system that uses a number of supporting executable files in dynamic link libraries.
  • the system may also be adapted for use with other operating systems as necessary, as understood by one skilled in the art to which the present invention pertains.
  • the invention uses native services of the operating systems to achieve a message interception scheme referred to herein as cross-processing subclassing.
  • Subclassing is the process of intercepting operating system messages that are normally processed behind the scenes.
  • the Windows environment sends messages indicating that system events have occurred, such as keyboard input or mouse selection.
  • Windows also sends housekeeping messages to control the display of each window.
  • Subclassing intercepts each of these messages, allowing them to be modified or deleted before passing them on to their intended destination.
  • Windows achieves subclassing through the use of hooks to be monitored, intercepted, and discarded by a program.
  • a hook is a mechanism by which a function can intercept events such as messages, mouse actions, and keystrokes before they reach an application or even the main body of the operating system, which otherwise would direct these to the application currently in use.
  • This mechanism is provided as a "service" by the operating system. Hooks are provided by calling the appropriate set of functions residing in the operating system and by supplying filter functions to the operating system. Specifically, the operating system will automatically call the programmer supplied filter function when the hooked event occurs.
  • the filter function can act on events and, in some cases, modify or discard them. For example, a filter function might want to receive all keyboard or mouse events.
  • a filter function might want to receive all keyboard or mouse events.
  • the filter function For Windows to call a filter function, the filter function must be installed — that is, attached — to a Windows hook (for example, to a keyboard hook). Attaching one or more filter functions to a hook is known as setting a hook. If a hook has more than one filter function attached, Windows maint ns a chain of filter functions. The most recently installed function is at the beginning of the chain, and the least recently installed function is at the end.
  • the invention enlists these services to monitor messages concerned with keystrokes, the Windows clipboard, the creation of windows, the creation of other programmatic processes, and the visibility of windows.
  • the invention intercepts, discards, and preferably makes a record of all messages that could allow the user to start another program or access an unauthorized file in any way. Although this monitoring activity requires a significant portion of the systems resources, the vast majority of portable computers with 80386 or better processors can quickly execute it.
  • One having ordinary skill in the art can modify the invention as necessary to adapt it to other operating systems.
  • users install most of the program's files through an installation kit. Users run an automated installer program to place required files on their hard drives. Normally, installation will be done before exam day, but since the procedure takes only a few minutes, it may be performed immediately prior to an exam, if necessary. Any installation disks preferably contain supporting files only, not the actual application, so no security issue is raised by an early installation.
  • a demonstration version of the program may be included in the installation kit to allow the user to become familiarized with the program, and in particular, with the word processing features of the application. In preferred embodiments, the security features of the invention are not included in the demonstration version.
  • a sealed single-use exam disk is distributed to each user much the way an exam bluebook would.
  • floppy disks are widely used as a removable computer-readable media but as the demand for increased storage grows, other types of removable media may predominate, such as ZIP and JAZ disks available from IOMEGA, Inc. , the LS-120 Supper Floppy Disk, writable CD-ROMs and DVDs and the like.
  • the invention can be adapted to work with any removable computer-readable media.
  • the exam disk contains the security features of the invention as well as password and creation date verification data. In preferred embodiments, as discussed below, the exam application is temporarily copied to the user's hard disk to improve performance.
  • the starting and ending sub-applications of the present invention perform the necessary copying, execution and deletion of the exam application. In other embodiments, it may be desirable to execute the exam application from the floppy disk directly. In such embodiments, the starting and ending sub-applications are unnecessary.
  • Fig. 2 shows a flowchart that represents major steps of the invention.
  • the user inserts the exam floppy disk and launches the startup application at step 30.
  • the startup application prompts the user for personal data, and then records it to the floppy disk at step 32.
  • the startup application also preferably temporarily copies the exam application from the floppy to the user's hard drive to improve performance.
  • the exam application can be run from the floppy disk, but generally it is preferable to use the hard disk drive to decrease seek times and improve data transfer rates. This preferable embodiment may also be adapted to use with computer networks in a manner independent of removable media.
  • the startup program then launches the exam application and terminates itself .
  • the exam application creates an auxiliary information file on the user's hard drive and on the floppy disk to record a log of the application's execution. Then, the exam application verifies that the floppy disk is valid by password and creation date at step 34. If the floppy disk is not valid, the application notifies the user and terminates if necessary at step 36.
  • the exam application After determining the floppy disk is valid, the exam application implements the security features of the invention.
  • the exam application records the contents of the clipboard to the auxiliary information file on the hard disk and then deletes the clipboard at step 38.
  • the exam application identifies already running processes by sequentially obtaining a thread for each process and then a process ID for each thread.
  • a process is a logical grouping of a memory address space (memory area allocated by the operating system), a computer program, and its data. Normally, there is no interaction between programs in different processes, and they cannot read or write to memory space outside their process, without prior agreement by both programs, such as object linking and embedding (OLE).
  • Each process consists of one or more threads of execution. These threads are simply atomic units of code execution that can run simultaneously within a single process.
  • the exam application After controlling the running processes, the exam application then configures Windows for optimum security. Specifically, the exam application terminates or hides the Explorer windows in Win9x and NT systems, depending on type. The application also turns off screen savers, power management, the desktop wall paper, sets the desktop icons invisible and then updates the .INI files to reflect the changes. Next, the exam application disables the task bar in Win9x and NT versions. Finally, the exam application identifies itself to the operating system as an active screen saver to prevent the Ctl- Alt-Del keystroke combination in Win9x. After terminating non essential processes and securing the operating system configuration, the exam application sets the appropriate hooks and begins cross-process subclassing at step 44. Specific steps taken depend on the variety of Windows, but generally include: • Setting a hook for Ctl-Esc keys in Win 9x
  • the exam application can begin the examination by showing a word processor window at step 46.
  • the program can easily be adapted to other types of examination such as multiple choice or short answer by substituting the appropriate form for the word processing window.
  • the exam application monitors all the keystrokes and other user input as the examination proceeds at step 48.
  • the exam application records the details of all intercepted hooked messages, such as attempts to call unauthorized applications at step 50 or access unauthorized data. While a few attempts to call unauthorized applications or data may occur inadvertently, more frequent occurrences may indicate an attempt to subvert the security features of the exam application and will be reviewable by the exam grader.
  • Keystrokes and other user input that pass the filter function are passed on to the word processor at step 52.
  • the exam application periodically performs several monitoring functions. First, the examination application checks the visible windows to confirm that the only active windows are related to the examination. This offers a level of redundant protection over the filtering of the WM CREATE message.
  • the exam application also periodically saves the status of the exam and performs several updates at step 54, preferably once a minute.
  • the exam data and a backup are saved to disk, as well as test taking statistics such as the number of keystrokes and total number of characters added to the data file per monitoring interval at step 56. These statistics are added to the auxiliary information file and can be used to resolve questions about exam security. For example, delays between the periodic saves indicates that the exam application was not active.
  • the delay is longer than that required to restart the exam application with a proctor disk (discussed below), it may be an indication that the user was attempting to subvert the program. Also, the number of keystrokes can be compared to the total number of characters added. Large discrepancies may indicate that text was copied from another source. Yet other features such as a clock display and word count can also be periodically updated. Towards the end of the allotted time, a reminder, audible or visible, can alert the user.
  • the program saves a Rich Text Format (RTF), or otherwise suitably formatted document to the floppy disk in the computer's floppy disk drive and saves encrypted copies to both the floppy disk and the hard disk at step 58.
  • RTF Rich Text Format
  • a copy of the auxiliary information file is also saved to the floppy disk.
  • the user may be given the option to save an additional encrypted copy of the exam data for backup purposes.
  • the encrypted copy or copies on the hard drive provide a secure record of the exam.
  • each unencrypted file on the hard drive is securely deleted by overwriting several times the hard drive sectors where the data was stored at step 60.
  • the exam application launches the ending application, restores the computer's settings and then terminates itself at step 62.
  • the ending application securely deletes the temporary copy of the exam application from the hard disk and terminates itself. In some embodiments, it may be desirable to have the ending application shut down the computer.
  • the starting application prompts the user for personal information as in the normal sequence.
  • the floppy disk does not pass the password and creation date verification as it is allowed only one execution. Accordingly, the exam application terminates, requiring and preferably visually requesting a valid proctor disk. If the proctor determines that a restart is warranted, the proctor will supply a proctor floppy disk.
  • any computer-readable removable media may be used as a proctor disk. Verification of a valid proctor disk allows the exam application to restart and the user can replace the floppy disk and commence work from the last saved version.
  • the exam application may be desirable to replace the proctor disk with a hardware component that could plug into a parallel port, a serial port, a PC Card slot or the like.
  • the exam application identifies the appropriate hardware, it restarts the exam from the last saved version.
  • the exam application is tailored to the type of examination being given. In most applications, it will be desirable to provide word processing functions to facilitate responses to essay questions.
  • the word processing program is configured to operate similarly to popular commercial word processing programs.
  • the exam application can automatically add headers and footers having the users name or ID number, course instructor and other course information to aid identification.
  • the exam application can easily be modified to allow its use for multiple choice or short answer questions.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Storage Device Security (AREA)

Abstract

L'invention concerne un procédé et un logiciel permettant de créer un environnent informatique sécurisé en empêchant l'accès à des fichiers non autorisés lors de l'exécution d'une application voulue. Les commandes utilisateur sont filtrées à la recherche d'instructions qui pourraient aboutir à des accès non autorisés à des applications. Cela restreint l'accès à tous les fichiers sauf l'accès au fichier créé par l'application voulue. Ce procédé convient aux ordinateurs portables, aux ordinateurs de bureau et aux ordinateurs en réseau. De préférence, les fonctions de sécurité de l'invention au moins sont distribuées aux utilisateurs via une disquette à usage unique, bien que tout autre support d'enregistrement approprié puisse être utilisé. Parmi les autres fonctions de sécurité, on compte notamment l'utilisation de fichiers cryptés, un fichier journal des événements système et la suppression sécurisée des fichiers associés.
PCT/US1999/000481 1998-01-20 1999-01-08 Procede securise pour examens WO1999036848A1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
AU23140/99A AU2314099A (en) 1998-01-20 1999-01-08 Secure exam method

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US7192698P 1998-01-20 1998-01-20
US60/071,926 1998-01-20

Publications (1)

Publication Number Publication Date
WO1999036848A1 true WO1999036848A1 (fr) 1999-07-22

Family

ID=22104484

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/000481 WO1999036848A1 (fr) 1998-01-20 1999-01-08 Procede securise pour examens

Country Status (2)

Country Link
AU (1) AU2314099A (fr)
WO (1) WO1999036848A1 (fr)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2001077794A3 (fr) * 2000-04-06 2002-10-17 Granite Technologies Inc Systeme et methode de surveillance et de commande en temps reel d'un environnement informatique et de profile de configuration
US7069586B1 (en) * 2000-04-03 2006-06-27 Software Secure, Inc. Securely executing an application on a computer system
US7721341B2 (en) * 2000-11-22 2010-05-18 Microsoft Corporation Method and system for allowing code to be securely initialized in a computer
EP2483781A4 (fr) * 2009-10-01 2017-09-27 Kryterion, Inc. Préservation de la sécurité d'un dispositif informatique dans un environnement d'examens
US9953175B2 (en) 2010-08-16 2018-04-24 Extegrity, Inc. Systems and methods for detecting substitution of high-value electronic documents
US9984582B2 (en) 2010-08-04 2018-05-29 Kryterion, Inc. Peered proctoring
US10225336B2 (en) 2010-08-04 2019-03-05 Kryterion, Inc. Optimized data stream upload
US10672286B2 (en) 2010-03-14 2020-06-02 Kryterion, Inc. Cloud based test environment

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5293422A (en) * 1992-09-23 1994-03-08 Dynatek, Inc. Usage control system for computer software
WO1995010095A2 (fr) * 1993-09-30 1995-04-13 Educational Testing Service Systeme et procedes centralises permettant d'organiser des examens informatises

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5293422A (en) * 1992-09-23 1994-03-08 Dynatek, Inc. Usage control system for computer software
WO1995010095A2 (fr) * 1993-09-30 1995-04-13 Educational Testing Service Systeme et procedes centralises permettant d'organiser des examens informatises

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7069586B1 (en) * 2000-04-03 2006-06-27 Software Secure, Inc. Securely executing an application on a computer system
US7165269B2 (en) * 2000-04-03 2007-01-16 Software Secure, Inc. Securely executing an application on a computer system
US8321928B2 (en) * 2000-04-03 2012-11-27 Software Secure, Inc. Securely executing an application on a computer system
US8595823B2 (en) 2000-04-03 2013-11-26 Software Secure, Inc. Securely executing an application on a computer system
WO2001077794A3 (fr) * 2000-04-06 2002-10-17 Granite Technologies Inc Systeme et methode de surveillance et de commande en temps reel d'un environnement informatique et de profile de configuration
US7721341B2 (en) * 2000-11-22 2010-05-18 Microsoft Corporation Method and system for allowing code to be securely initialized in a computer
EP2483781A4 (fr) * 2009-10-01 2017-09-27 Kryterion, Inc. Préservation de la sécurité d'un dispositif informatique dans un environnement d'examens
US10672286B2 (en) 2010-03-14 2020-06-02 Kryterion, Inc. Cloud based test environment
US12315393B2 (en) 2010-03-14 2025-05-27 Kryterion, Inc. Cloud based test environment
US9984582B2 (en) 2010-08-04 2018-05-29 Kryterion, Inc. Peered proctoring
US10225336B2 (en) 2010-08-04 2019-03-05 Kryterion, Inc. Optimized data stream upload
US9953175B2 (en) 2010-08-16 2018-04-24 Extegrity, Inc. Systems and methods for detecting substitution of high-value electronic documents

Also Published As

Publication number Publication date
AU2314099A (en) 1999-08-02

Similar Documents

Publication Publication Date Title
CN1795439B (zh) 计算机操作系统的安全系统与方法
EP1022655B1 (fr) Ordinateur avec logiciel amorçable sûr
EP1434135B1 (fr) Procede de sauvegarde et de recuperation de donnees sur le disque dur d'un ordinateur
JP4865177B2 (ja) コンピューティング・プラットフォームにおける信用状態の動作
US5809230A (en) System and method for controlling access to personal computer system resources
JP3204725B2 (ja) コンピュータ
EP0432333B1 (fr) Dispositif de sécurité pour système informatique
US20030159056A1 (en) Method and system for securing enablement access to a data security device
US6823463B1 (en) Method for providing security to a computer on a computer network
US20070028292A1 (en) Bus bridge security system and method for computers
CA2444685A1 (fr) Systeme et methode ameliorant l'efficacite, la commodite et/ou la fiabilite des systemes d'exploitation, comme « windows »
CA2490695A1 (fr) Procede et systeme de securite pour ordinateurs
US6907524B1 (en) Extensible firmware interface virus scan
JPH07191776A (ja) 機密保護を実現するパーソナル・コンピュータ・システム
US20030182527A1 (en) Write Protection State Change Initiation Sequence
WO1999036848A1 (fr) Procede securise pour examens
CN100383761C (zh) 一种建立硬盘物理分区的方法
JPWO2020144961A1 (ja) 電子データ管理装置、電子データ管理システム、そのためのプログラム及び記録媒体
JPH10143443A (ja) コンピュータシステムおよび同システムにおけるハードディスクパスワード制御方法
CN112506424A (zh) 视窗操作系统下基于内核的防止硬盘分区被删除的方法
US20060069907A1 (en) Method for installing and reinstalling an operating system
JP3766429B2 (ja) 着脱式デバイス
KR100928338B1 (ko) 네트워크 전환 기반 컴퓨터 시스템 및 상기 컴퓨터 시스템의 네트워크 전환 방법
JPH11272452A (ja) Cd−rom起動システム
KR20090075450A (ko) 메모리 제어 장치 및 방법

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GE GH GM HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

NENP Non-entry into the national phase

Ref country code: KR

122 Ep: pct application non-entry in european phase