Method and apparatus for secure, remote swapping of memory resident active entities
First Claim
1. A method for swapping memory resident entities in a virtual memory of a computing system wherein a virtual memory management system performs the steps of:
- detecting when a memory resident entity needs to be swapped out of the virtual memory of the computing system;
in response to the detecting, determining whether the memory resident entity requires secure swapping;
when it is determined that the memory resident entity requires secure swapping, encrypting the memory resident entity to form an encrypted entity;
requesting transfer of the encrypted entity to a remote node by way of a communication interface; and
,freeing memory locations previously occupied by the memory resident entity.
3 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus for providing a network computer with secure remote swapping to avoid transmitting active memory resident entities (such as data structures, pages, and segments) containing sensitive data in the clear. When a memory resident entity is created, it is entered in a Table of Secure Entities (TSE) if it requires security. The memory manager of the network computer checks the TSE for an entity before swapping it out to a network server. If the entity is in the TSE, the memory manager encrypts the contents of the entity using the public key from the network computer'"'"'s SmartCard device. When reloading the entity, the memory manager uses the private key from the SmartCard to decrypt the contents of the entity.
62 Citations
20 Claims
-
1. A method for swapping memory resident entities in a virtual memory of a computing system wherein a virtual memory management system performs the steps of:
-
detecting when a memory resident entity needs to be swapped out of the virtual memory of the computing system; in response to the detecting, determining whether the memory resident entity requires secure swapping; when it is determined that the memory resident entity requires secure swapping, encrypting the memory resident entity to form an encrypted entity; requesting transfer of the encrypted entity to a remote node by way of a communication interface; and
,freeing memory locations previously occupied by the memory resident entity. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for swapping memory resident entities in a virtual memory of a computing system wherein a virtual memory management system performs the steps of:
-
detecting when an entity needs to be swapped into the virtual memory of the computing system; in response to the detecting, requesting transfer of the entity from a remote system on which it is stored to the computing system by way of a communication interface; determining whether the entity is encrypted by reference to a data structure formed in the computing system, the data structure including an entry indicating whether the entity was encrypted when it was swapped out of the virtual memory of the computing system; when it is determined that the entity is encrypted, decrypting the entity to form a decrypted entity; storing the decrypted entity in the virtual memory of the computing system.
-
-
9. A method for swapping entities resident in a virtual memory of a computing system wherein a virtual memory management system performs the steps of:
-
in response to an indication from the computing system that a resident entity requires swapping out, examining a data structure formed in the memory to determine whether the entity requires secure swapping; when it is determined that the entity requires secure swapping, encrypting the entity to form an encrypted entity and storing a key required to decrypt the entity; requesting transfer of the encrypted entity to a remote node by way of a communication interface of the computing system. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An apparatus for memory management of a virtual memory in a computing system, comprising:
-
a virtual memory system including a random access memory; a table of secure entities formed in the memory system; a virtual memory management system coupled to the table of secure entities, the virtual memory management system being operative to determine when an entity resident in the random access memory requires secure swapping by, at least in part, examining the table of secure entities; an encryption/decryption engine coupled to the virtual memory management system, and, a network interface coupled to the memory system; wherein in response to a determination that the entity requires secure swapping, the virtual memory management system signals the encryption/decryption engine to encrypt the entity, stores an encryption key in the virtual memory system and signals the network interface to transfer an encrypted version of the entity to a remote node. - View Dependent Claims (19, 20)
-
Specification