Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Central trusted authority provides computer authentication
Reexamination Certificate
1999-07-15
2004-04-20
Barrón, Gilberto (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Central trusted authority provides computer authentication
C713S182000, C713S185000, C713S152000, C713S152000
Reexamination Certificate
active
06725370
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates to a server for performing a data supplying service safely in a network such as internet, which is used and accessed by a third party. Particularly, the server of the present invention shares a data in the network which must be protected from accessing by the third party.
2. Background Art
Recently, the internet is becoming even more widespread. Applications such as WWW (World Wide Web) and E-mail have become a standard practice in the internet. It is now possible for the third party to use the internet to refer to various information supplied by organizations or educational institutions, as well as to use the internet for communication purposes.
When one is connected to the internet, one can have a free access to any sites on the internet as long as they are also connected to the internet. However, such conveniences do have a pitfall as laying oneself to attack by a malicious third party.
Organizations in general protect their local network systems from attacks coming via the internet by using a mechanism called firewall. The internet access possible sites within an organization's local network system are limited, and from these limited sites the internet is accessed via the firewall which only allows a specific communication to pass through. A safety of the local network system owned by the organization is more important in general than the conveniences that may be brought up by the internet connection. Most of the organizations design their local network system to have configuration which only allows an extremely limited communication such as SMTP (simple mail transfer protocol) message, which is a communication protocol of the E-mail, to pass through the firewall.
In order to reconcile the safety factor and the convenience factor of the internet connection, Japanese unexamined patent publication HEI9-270788 disclose a technique that can respond to various service requests coming from the internet, without having to change a configuration of the firewall. In this document, the communication takes place by a communication packet passing through a specific authentication port. The communication packet is storing a program that can respond to an authentication challenge of the firewall. The technique disclosed in this document guarantees the safety of the organization's local network system, at the same time, supplies a better and flexible service provided from the organization's local network to a specific user who is permitted an access to the organization's local network system.
In cases of utilizing the internet as an inexpensive communication media, a transmission data is encrypted and an encrypted transmission data is transmitted to prevent a data leakage at a communication path. An encryption and decryption of the transmission data are taking place at various levels in a system, for instance, an encryption service is taking place at a communication socket level known as SSL (secure sockets layers). Japanese unexamined patent publication HEI 9-251426 discloses an example of data encryption and decryption at an application level called file system.
In cases of connecting the organization's local network systems and the internet as described previously, the technique to use the firewall is being adopted to protect the organizations local network system. However, a problem of difficulty in enforcing a data sharing safely by the organization's local network and the internet remains.
The present invention attempts to resolve disadvantages of the conventional techniques. The aim of the present invention is to supply a data sharing mechanism to safely enforce the data sharing by the organization's local network and the internet, as well as to supply an application management apparatus and method for the applications that uses a shared data. That is, the present invention aims to supply a configuration where one can access the shared data from a local network side or from an internet side. The present invention also aims to provide a configuration where the application of local network and the application of internet both refer and update the shared data by using the application management method, so that an equivalent service is provided at both sides.
SUMMARY OF THE INVENTION
According to another aspect of the present invention, a data sharing computer system comprises a first computer system; a second computer system; a shared data storing unit; and an access control information storing unit, including:
(A) the shared data storing unit includes a plurality of data storing areas, which divides a shared data accessed by the first computer system and the second computer system, and stores the divided shared data to the plurality of data storing areas;
(B) the access control information storing unit stores an access control information which indicates whether each data storing area of the shared data storing unit is accessible or not accessible;
(C) the first computer system includes a first service unit, a first data access unit connected to the shared data storing unit, and a first mutual exclusion unit connected to the access control information storing unit; wherein
(1) the first service unit instructs the first data access unit and the first mutual exclusion unit to access an arbitrary data storing area; and
(2) the first mutual exclusion unit obtains the access control information of the instructed data storing area, decides whether the instructed data storing area is accessible or not accessible, and changes the access control information of the instructed data storing area to not accessible if decided as accessible;
(3) the first data access unit accesses the instructed data storing area after the first mutual exclusion unit decides that the instructed data storing area is accessible and changes the access control information to not accessible; and
(4) the first mutual exclusion unit changes the access control information of the instructed data storing area to accessible after the first data access unit accesses the instructed data storing area.
(D) the second computer system includes a second service unit, a second data access unit connected to the shared data storing unit, and a second mutual exclusion unit connected to the access control information storing unit; wherein
(1) the second service unit instructs the second data access unit and the second mutual exclusion unit to access an arbitrary data storing area;
(2) the second mutual exclusion unit obtains the access control information of the instructed data storing area, decides whether the instructed data storing area is accessible or not accessible, and changes the access control information of the instructed data storing area to not accessible if decided as accessible;
(3) the second data access unit accesses the instructed data storing area after the second mutual exclusion unit decides that the instructed data storing area is accessible and changes the access control information to not accessible; and
(4) the second mutual exclusion unit changes the access control information of the instructed data storing area to accessible after the second data access unit accesses the instructed data storing area.
According to another aspect of the present invention, the data sharing computer system comprises the first computer system which is connected to a first network system having a third computer system. The first service unit supplies a first service to the third computer system via the first network system. The second computer system is connected to a second network system having a fourth computer system. The second service unit supplies a second service to the fourth computer system via the second network system.
According to another aspect of the present invention, the data sharing computer system comprises the second service unit which supplies the second service to the fourth computer system via the second network system which is equivalent to the first service supplied by the first service unit
Barrón Gilberto
Moorthy Aravind
LandOfFree
Sharing data safely using service replication does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Sharing data safely using service replication, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Sharing data safely using service replication will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3192735