1. Field of the Invention
The present invention relates, generally, to security methods and systems for persistent storage and data communications on computer networks, and computer network systems employing the same.
2. Description of Related Art
Data security has become increasingly more important as modern society and industry becomes more reliant on computer-based transactions and communications. Such transactions and communications often involve the transfer of sensitive, confidential or proprietary data on a computer network system, between multiple user computer terminals or between user terminals and server computers.
Network security measures often involve the storage of such sensitive, confidential or proprietary data in highly secure network server computers, with tight control of access to the server computer database. However, even with such security measures, the inherent operating characteristics of typical network systems can render them susceptible to unauthorized access of data.
In typical network systems, multiple authorized users (or clients) communicate over, and have access to, a common communication network. In many computing applications, data that might be sensitive, confidential or proprietary, must be communicated over the common network, for example, between a server computer and an authorized user (client) computer terminal. As a result, there is a concern that data being communicated to or from a particular authorized network user (client) may be accessed, or even altered, by unauthorized users having access to the same network. Such susceptibility to unauthorized access of data transmissions has resulted in an increased need, in many industries, to maximize network transmission security.
Another potential network security issue involves unauthorized access of data stored in "persistent" storage means at a client terminal (the contents of which persists after the computer terminal is turned off). Some examples of such persistent storage include, but are not limited to, magnetic disk drives, including sealed drives, floppy drives, and removable (cartridge) drives; magneto-optical disk drives, optical disk drives; non-volatile, random access memory (NVRAM); and FLASH read-only memory (ROM). Of course, other means for providing persistent storage exist, and embodiments of the present invention apply to those as well.
In many computing applications, sensitive, confidential or proprietary data must be downloaded (or otherwise entered) in a client's terminal. Indeed, a client might intentionally, or even inadvertently, store such data in a persistent storage means associated with the client's terminal, for example, in the course of running a particular application. This raises a concern that unauthorized persons might gain access to that persistent storage means and the data stored therein, for example, after the client has turned off and left the terminal.
Thus, conventionally, data stored on network computers has often been vulnerable to compromise, as has data being downloaded from server computers to client computers on the network, or being uploaded from client computers to server computers. Moreover, these security concerns have been heightened in contexts in which, for example, networked client terminals were located in areas that were physically less secure than a secure server computer area, or data was transmitted over an unsecure network or a public network such as the Internet.
To minimize the concern about unauthorized access to data stored at network client terminals, some network systems are designed to minimize or eliminate the persistent storage capability at the client terminal. Thus, some network client terminals have been designed with only enough persistent storage capability to store, for example, an operating program for initiating communications with, and downloading further operating software, applications or data from a network server computer. In this regard, network client terminals may be designed to store minimal or no sensitive data, in a persistent storage means.
However, further security issues are raised by network systems in which network client computer terminals with little or no persistent storage means must run an initial control program sufficient to contact one or more servers and request that the servers download programs and/or data to the client computer. When turned on, such client computers load and start their initial control program, which is typically stored within read-only memory (ROM) means. The initial control program is generally capable of initializing and controlling the communication hardware of the client computer terminal, enabling the client terminal to download its regular control program from the server. Although the client computer may attempt to download its regular control program, further security issues arises from the concern that another computer connected to the network may intercept and alter the control program as it is being downloaded, thereby gaining control over the client computer terminal.
If security concerns regarding such persistent storage could be sufficiently minimized, it would be advantageous for network client terminals to be designed to include (or operate with) persistent storage means local to the client terminal. For example, persistent storage may be used to cache control programs for the client computer, thus relieving communication traffic and security risks associated with downloading such control programs from server computers. Persistent storage may be used to cache data downloaded from a server computer, thus relieving communication traffic and security risks associated with downloading of the same data a multiple number of times to the same client terminal. Portable persistent storage may be used to hold control programs and/or data associated with a particular client of a pool of client computers, such as configuration parameters and preferences, or user-private data, that could be carried by the client, from network terminal to network terminal.
Moreover, it would also be advantageous to minimize the above-noted security concerns relating to the transmission of data between client computers and server computers. For example, if such security concerns could be minimized, control programs for network client computers could be simplified, since they would be able to trust data downloaded from server computers. In addition, control programs executed on server computers could be simplified since they would be able to trust data uploaded from client computers. Furthermore, network client and server computers could trust data transmitted over public, unsecure networks such as the Internet.