Security assurance method for computer and medium recording program thereof

US 20010054143A1
Filed: 12/05/2000
Published: 12/20/2001
Est. Priority Date: 12/07/1999
Status: Abandoned Application

First Claim

Patent Images

1. A method for assuring security between a server and a client, comprising:

a step of the client requesting a session to the server;

a step of the server authenticating said session request;

a step of the server transmitting a corresponding application to the requesting source client;

a step of the client authenticating said transmitted application;

a step of the client enabling the execution of said application and deciding whether the command which was input to said application is permitted;

a step of the client rejecting said command when the command is not permitted;

a step of the client executing said command and transmitting the message to the server when the command is permitted;

a step of the server deciding whether said transmitted message is valid;

a step of the server rejecting said message when the message is not valid;

a step of the server executing said message and transmitting a result message thereof to the client when the message is valid;

a step of the client authenticating said transmitted result message; and

a step of the client providing said result message to the user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present invention allows assuring security of processing by the application itself without depending on the operating system. When a plurality of clients perform joint operation via a common server, the processing permitted for each server to perform to the server is predetermined, and when a user requests a processing which is not permitted, the client rejects this request. By this, the security among a plurality of clients can be assured without depending on the server.

Citations

9 Claims

1. A method for assuring security between a server and a client, comprising:
- a step of the client requesting a session to the server;
  
  a step of the server authenticating said session request;
  
  a step of the server transmitting a corresponding application to the requesting source client;
  
  a step of the client authenticating said transmitted application;
  
  a step of the client enabling the execution of said application and deciding whether the command which was input to said application is permitted;
  
  a step of the client rejecting said command when the command is not permitted;
  
  a step of the client executing said command and transmitting the message to the server when the command is permitted;
  
  a step of the server deciding whether said transmitted message is valid;
  
  a step of the server rejecting said message when the message is not valid;
  
  a step of the server executing said message and transmitting a result message thereof to the client when the message is valid;
  
  a step of the client authenticating said transmitted result message; and
  
  a step of the client providing said result message to the user.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The security assurance method according to claim 1, wherein said step of the server authenticating said session request comprises:
    - a step of the server assigning a unique session number corresponding to said session request from the client;
      
      a step of registering a user ID and a public key of the client for this session number;
      
      a step of calculating a common key from the public key of the client and the secret key of the server;
      
      a step of decoding the message from the client based on this common key; and
      
      a step of authenticating the message from the client based on said public key of the client, and wherein security is improved by registering the user ID and the public key of the client for each session.
  - 3. The security assurance method according to claim 1, wherein said step of the client authenticating said transmitted application comprises:
    - a step of the client calculating a common key from a public key of the server and the secret key of the client;
      
      a step of decoding the message from the server based on this common key; and
      
      a step of authenticating the message from the server based on said public key of the server.
  - 4. The security assurance method according to claim 1, wherein said application transmitted to the client pre-defines processing which can be requested to the server for each client, so as to implement security among a plurality of clients.
  - 5. The security assurance method according to claim 1, wherein said step of the server deciding whether said transmitted message is valid decides whether said application transmitted from the server to the client has been altered.
  - 6. The security assurance method according to claim 5, further comprising:
    - a step of the client calculating a message hash value of said application;
      
      a step of the client sending said message hash value and/or electronic signature generated thereof to the server;
      
      a step of the server calculating a message hash value of said application; and
      
      a step of the server comparing said calculated message hash value with the message hash value attached to said message.

7. A method for assuring security between an operating system (OS) and an application, comprising:
- a step of the application requesting processing to the OS;
  
  a step of the OS authenticating said processing request;
  
  a step of the OS transmitting a program corresponding to the processing to the requesting source application;
  
  a step of the application enabling execution of said program and deciding whether the command which was input to said program is permitted;
  
  a step of the application rejecting said command when the command is not permitted;
  
  a step of the application executing said command and transmitting the message to the OS when the command is permitted;
  
  a step of the OS deciding whether said transmitted message is valid;
  
  a step of the OS rejecting said message when the message is not valid;
  
  a step of the OS executing said message and transmitting a result message thereof to the application when the message is valid; and
  
  a step of the application providing said result message to the user.

8. A medium recording a program for computer to execute a method for assuring security between a server and a client, said method comprising:
- a step of the client requesting a session to the server;
  
  a step of the server authenticating said session request;
  
  a step of the server transmitting a corresponding application to the requesting source client;
  
  a step of the client authenticating said transmitted application;
  
  a step of the client enabling execution of said application and deciding whether the command which was input to said application is permitted;
  
  a step of the client rejecting said command when the command is not permitted;
  
  a step of the client executing said command and transmitting the message to the server when the command is permitted;
  
  a step of the server deciding whether said transmitted message is valid;
  
  a step of the server rejecting said message when the message is not valid;
  
  a step of the server executing said message and transmitting a result message thereof to the client when the message is valid;
  
  a step of the client authenticating said transmitted result message; and
  
  a step of the client providing said result message to the user.

9. A medium recording a program for a computer to execute a method for assuring security between an OS and an application, said method comprising:
- a step of the application requesting processing to the OS;
  
  a step of the OS authenticating said processing request;
  
  a step of the OS transmitting a program corresponding to the processing to the requesting source application;
  
  a step of the application enabling execution of said program and deciding whether a command which was input to said program is permitted;
  
  a step of the application rejecting said command when the command is not permitted;
  
  a step of the application executing said command and transmitting the message to the OS when the command is permitted;
  
  a step of the OS deciding whether said transmitted message is valid;
  
  a step of the OS rejecting said message when the message is not valid;
  
  a step of the OS executing said message and transmitting the result message thereof to the application when the message is valid; and
  
  a step of the application providing said result message to the user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Kinza Corporation
Original Assignee
Kizna.com Incorporated
Inventors
Okada, Tetsuya, Miyazawa, Takeo

Application Number

US09/729,093
Publication Number

US 20010054143A1
Time in Patent Office

Days
Field of Search
US Class Current

713/155
CPC Class Codes

G06F 21/31   User authentication

G06F 21/629   to features or functions of...

G06F 2211/008   Public Key, Asymmetric Key,...

H04L 63/0428   wherein the data content is...

H04L 63/0442   wherein the sending and rec...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/126   the source of the received ...

Security assurance method for computer and medium recording program thereof

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

9 Claims

Specification

Solutions

Use Cases

Quick Links

Security assurance method for computer and medium recording program thereof

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

9 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links