US Patent No. 10,366,244

PERFORMING AN OPERATION ON SENSITIVE DATA


Patent No. 10,366,244
Issue Date July 30, 2019
Title Performing An Operation On Sensitive Data
Inventorship Holger Karn, Aidlingen (DE)
Assignee International Business Machines Corporation, Armonk, NY (US)

Claim of US Patent No. 10,366,244

1. A method for performing an operation on sensitive data, said method comprising: receiving, from a computing system by a remote processor of a data processing system during execution of an application in the computing system using a local processor in the computing system to implement the execution of the application in the computing system, information comprising: (i) a data stream that includes protected sensitive data, wherein the protected sensitive data is an encryption of unprotected sensitive data via use of a protection key (ii) an identification of an operation required by the application program to be performed on the unprotected sensitive data during the execution of the application program in the computing system, wherein the operation accesses and utilizes the unprotected sensitive data during performance of the operation, (iii) a request to perform the operation, and (iv) a processor status of the local processor in the computing system, wherein the computing system is external to the data processing system, wherein the local processor is a sensitive data processor (SDP), wherein the remote processor is a remote sensitive data processor (RSDP), and wherein said receiving the information comprises receiving, the information via a direct memory access (RDMA) from a memory of the computing system to a memory of the data processing system without involving the computing system's operating system and without involving the data processing system's operating system; said remote processor de-protecting the received protected sensitive data by decrypting the protected sensitive data, said de-protecting generating the unprotected sensitive data from the protected sensitive data; after said de-protecting, said remote processor performing the operation, said performing the operation comprising accessing and utilizing the unprotected sensitive data and generating a result; after said performing the operation, said remote processor re-protecting the unprotected sensitive data, said re-protecting restoring the protected sensitive data by encrypting the unprotected sensitive data via use of the protection key; and said remote processor sending the result to the computing system, wherein the said de-protecting, said performing the operation, and said re-protecting have characteristics of being transparent to the execution of the application program in the computing system and of not interrupting a flow of the execution of the application program in the computing system, and wherein said receiving the processor status of the local processor provides a complete computer context that enables the characteristics to exist.