Data security method and system

US 5,940,516 A
Filed: 10/16/1996
Issued: 08/17/1999
Est. Priority Date: 02/14/1996
Status: Expired due to Fees

First Claim

Patent Images

1. A data security method for executing part of a server process, originated from a server machine, within a process execution space of a client machine, said method comprising the steps of:

(a) assigning a process execution space in the client machine,(b) calling the server machine from the client machine,(c) transferring a program that is part of the server process from the server machine to said process execution space in the client machine, and(d) executing the program from the server machine in said process execution space in the client machine, such that a part of the server process is executed in said process execution space reserved in the client machine, and such that the server machine and part of the client machine cooperatively execute a process of the program.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for confidential data communication over the Internet and other communications channels between the server machine and client machine is disclosed. The client machine has a main CPU and a main memory and additional CPU and additional memory. The additional CPU and memory in the client machine are linked to the CPU and memory of the server machine via an Internet connection or other communications channel connection. The client and server CPUs and memories thus linked then cooperatively and simultaneously execute a single process while dynamically modifying the encryption and decryption codes as necessary to make decryption by a third party impossible.

45 Citations

View as Search Results

27 Claims

1. A data security method for executing part of a server process, originated from a server machine, within a process execution space of a client machine, said method comprising the steps of:
- (a) assigning a process execution space in the client machine,(b) calling the server machine from the client machine,(c) transferring a program that is part of the server process from the server machine to said process execution space in the client machine, and(d) executing the program from the server machine in said process execution space in the client machine, such that a part of the server process is executed in said process execution space reserved in the client machine, and such that the server machine and part of the client machine cooperatively execute a process of the program.
- View Dependent Claims (2, 3, 4, 14, 15)
- - 2. A data security method according to claim 1, further comprising the steps of:
    - (e) interfacing the client process with the server process in the client machine, and(f) communicating between the client process and server process.
  - 3. A data security method according to claim 1, wherein said client machine encrypts and decrypts data using encryption and decryption information contained in the program transferred from the server machine.
  - 4. A data security method according to claim 2, wherein said client machine comprises an application-specific integrated circuit unit to execute at least a part of the encryption and decryption process under the control of the program transferred from the server.
  - 14. A data security method according to claim 1, further comprising the step of:
    - dynamically changing the process cooperatively executed by the server machine and part of the client machine.
  - 15. A data security method according to claim 14, wherein the process is a security procedure,said dynamically changing step repeatedly modifying the security procedure under control of the server machine.

5. A data security system for executing a process of a server machine within a process execution space of a client machine, said system comprising:
- (1) a server machine comprising;
  
  (a) a first CPU; and
  
  (b) a first memory;
  
  (2) a client machine comprising;
  
  (a) a second CPU;
  
  (b) a second memory;
  
  (c) a third CPU; and
  
  (d) a third memory;
  
  (3) first communication means provided between the server machine and the client machine for communicating between the first CPU associated with the first memory and the third CPU associated with the third memory, and for loading a program from the first memory to the third memory for execution by the third CPU;
  
  (4) second communication means provided in the client machine for communicating between said second CPU and third CPU; and
  
  (5) means for preventing interaction between the second and third memories except when controlled by the program being executed by the client system.
- View Dependent Claims (6, 7, 8, 9, 10, 11, 12, 13, 16, 17, 18)
- - 6. A data security system according to claim 5 wherein said client machine comprises a primary machine portion comprising said second CPU and said second memory, and a connectable machine portion comprising said third CPU and third memory.
  - 7. A data security system according to claim 6, wherein said connectable machine portion further comprises a communication circuit.
  - 8. A data security system according to claim 6, wherein said connectable machine portion is implemented in a card.
  - 9. A data security system according to claim 8, wherein said card comprises a printed circuit board.
  - 10. A data security system according to claim 7, wherein said connectable machine portion is implemented in a card.
  - 11. A data security system according to claim 10, wherein said card comprises a printed circuit board.
  - 12. A data security system according to claim 6, wherein said connectable machine portion further comprises an encryption/decryption circuit.
  - 13. A data security system according to claim 5, wherein said second CPU and third CPU are provided by a single CPU in a time sharing manner.
  - 16. A data security system according to claim 5,wherein said first CPU and said third CPU cooperatively execute a process within the program.
  - 17. A data security system according to claim 16, said server machine further comprising:
    - means for dynamically changing the process cooperatively executed by said first CPU and said third CPU.
  - 18. A data security system according to claim 17, wherein the process is a security procedure,said dynamically changing means repeatedly modifying the security procedure under control of the server machine.

19. A data security system for executing a process of a server machine within a process execution space of a client machine, said system comprising:
- a server machine includinga first CPU, anda first memory;
  
  a client machine includinga second CPU,a second memory,a third CPU, anda third memory;
  
  a first communication channel operatively connecting said client machine and said server machine;
  
  said server machine utilizing said first communication channel to load a portion of a security program from said first memory to said third memory;
  
  said server machine and said client machine cooperatively executing the security program with said first CPU and said third CPU such that the security program is managed by the client machine and executed under operative control of said server machine;
  
  a second communication channel in said client machine, said second communication channel operatively connecting said second CPU and said third CPU; and
  
  a security device operatively connected to said second and third memories, said security device preventing interaction between said second and third memories except when controlled by the security program being cooperatively executed by said server machine and said client machine.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
- - 20. A data security system according to claim 19,said server machine dynamically changing the security program cooperatively executed by said first CPU and said third CPU.
  - 21. A data security system according to claim 20,said server machine repeatedly modifying the security program cooperatively executed by said first CPU and said third CPU.
  - 22. A data security system according to claim 19,said client machine comprising a primary machine portion including said second CPU and said second memory and a connectable machine portion including said third CPU and said third memory.
  - 23. A data security system according to claim 22, wherein said connectable machine portion further includes a communication circuit.
  - 24. A data security system according to claim 22, wherein said connectable machine portion is implemented in a card.
  - 25. A data security system according to claim 24, wherein said card comprises a printed circuit board.
  - 26. A data security system according to claim 22, wherein said connectable machine portion further comprises an encryption/decryption circuit.
  - 27. A data security system according to claim 19, wherein said second CPU and said third CPU are provided by a single CPU in a time sharing manner.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mitsubishi Denki Kabushiki Kaisha (Mitsubishi Electric Corporation)
Original Assignee
Mitsubishi Denki Kabushiki Kaisha (Mitsubishi Electric Corporation)
Inventors
Maruno, Koichi, Mason, Colin
Primary Examiner(s)
CANGIALOSI, SALVATORE A

Application Number

US08/732,881
Time in Patent Office

1,035 Days
Field of Search

380/23, 380/49
US Class Current

713/159
CPC Class Codes

G06F 2211/008   Public Key, Asymmetric Key,...

H04L 63/045   wherein the sending and rec...

H04L 67/01   Protocols

H04L 67/02   based on web technology, e....

H04L 67/14   Session management for real...

H04L 67/34   involving the movement of s...

H04L 69/329   in the application layer [O...

H04L 9/40   Network security protocols

Data security method and system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

45 Citations

27 Claims

Specification

Use Cases

Quick Links

Others

Data security method and system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

45 Citations

27 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others