Methods, software, and apparatus for secure communication over a computer network
First Claim
1. A method of performing secure communication between a first computer under a user'"'"'s control and a second remote computer over a computer network to maintain the integrity of data stored on said first computer, said method comprising the steps of:
- a. partitioning the data space of said first computer into a first secure portion and a second network interface portion;
b. establishing communication between said first and said second computers over said computer network;
c. initializing a redirection mechanism and a filter mechanism on said first computer;
d. receiving an instruction or data on said first computer;
e. if an instruction is received on said first computer, then analyzing said instruction or data with said redirection mechanism and passing said instruction to said filter mechanism if said instruction is a protected instruction;
f. verifying said protected instruction using said filter mechanism; and
g. processing said protected instruction using said second network interface portion if said protected instruction is verified successfully by said filter mechanism.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for performing secure communication between a first user'"'"'s computer and second remote computer over a computer network is described. According to one embodiment of this aspect, the data space of the first computer is partition into a first secure portion and a second network interface portion. Communication is established between the first and a second computer, and redirection and filter mechanisms are initialized. An instruction is received by the first computer, analyzed by the redirection mechanism, and passed to the filter if the instruction is a protected instruction. The protected instruction is verified by the filter and processed if the verification is successful.
86 Citations
33 Claims
-
1. A method of performing secure communication between a first computer under a user'"'"'s control and a second remote computer over a computer network to maintain the integrity of data stored on said first computer, said method comprising the steps of:
-
a. partitioning the data space of said first computer into a first secure portion and a second network interface portion;
b. establishing communication between said first and said second computers over said computer network;
c. initializing a redirection mechanism and a filter mechanism on said first computer;
d. receiving an instruction or data on said first computer;
e. if an instruction is received on said first computer, then analyzing said instruction or data with said redirection mechanism and passing said instruction to said filter mechanism if said instruction is a protected instruction;
f. verifying said protected instruction using said filter mechanism; and
g. processing said protected instruction using said second network interface portion if said protected instruction is verified successfully by said filter mechanism. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for performing secure communication between a first computer containing secure data in a data space associated with said first computer and a second remote computer over a computer network, said system comprising:
-
a. a first data space partition configured to store data such that said data cannot be modified during said communication between said first and second computers;
b. a second data space partition configured to store data to enable communication between said first and second computers over said network;
c. a redirection mechanism configured to receive data and instructions from said second computer over said computer network, said redirection mechanism being configured to determine whether said received data and instructions include instructions to perform protected operations;
said redirection mechanism being coupled withd. a filter mechanism configured to receive said instructions to perform protected operation from said redirection mechanism and verify said instructions. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A computer-readable medium having computer-readable program code devices embodied thereon, said computer-readable program code devices being configured to cause a computer to perform the steps of:
-
a. partitioning the data space of said first computer into a first secure portion and a second network interface portion;
b. establishing communication between said first and said second computers over said computer network;
c. initializing a redirection mechanism and a filter mechanism on said first computer;
d. receiving an instruction or data on said first computer;
e. if an instruction is received on said first computer, then analyzing said instruction with said redirection mechanism and passing said instruction to said filter mechanism if said instruction is a protected instruction;
f. verifying said protected instruction using said filter mechanism; and
g. processing said protected instruction using said second network interface portion if said protected instruction is verified successfully by said filter mechanism. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33)
-
Specification