Mixed enclave operation in a computer network
First Claim
1. A method for transmitting communication from secure users over at least one network having a secure portion and an unsecure portion;
- the method comprising;
permitting transmission of communications from the secure user between a secure portion and an unsecure portion of the at least one network;
intercepting a communication transmitted between the secure and the unsecure portions of the at least one network;
determining whether a user initiating the intercepted communication is a secure user; and
controlling passage of information in the intercepted communication when said intercepted communication is from a secure user, so as to prevent transmission of information from the secure user into an unsecure portion of the at least one network when such transmission is not permissible.
3 Assignments
0 Petitions
Accused Products
Abstract
A method is disclosed for mixed enclave operation of a computer network with users employing a multi-level network security interface and users without any network security interface. Either the network security user selects or the network security interface automatically selects whether communications are permissible with other unsecured users. Where a mixed enclave operation is selected, the network security user identifies when communications are being undertaken with another secured user or a non-secured user. Communications with a non-secured user at a lower security level entail securing the data residing with the secured user from transmission back to the non-secured user.
45 Citations
28 Claims
-
1. A method for transmitting communication from secure users over at least one network having a secure portion and an unsecure portion;
- the method comprising;
permitting transmission of communications from the secure user between a secure portion and an unsecure portion of the at least one network;
intercepting a communication transmitted between the secure and the unsecure portions of the at least one network;
determining whether a user initiating the intercepted communication is a secure user; and
controlling passage of information in the intercepted communication when said intercepted communication is from a secure user, so as to prevent transmission of information from the secure user into an unsecure portion of the at least one network when such transmission is not permissible. - View Dependent Claims (2, 3)
- the method comprising;
-
4. The method of claim 4 wherein the multi-level network security interface is transparent to the users and to the at least one network.
-
5. A system for communicating on a network having a secured plurality of users utilizing multi-level network security devices, each multi-level network security device being operable in a first and second mode, respectively, and an unsecured plurality of users employing no network security devices, said system comprising:
-
means for sending a communication from any first user;
means for intercepting said communication by a first multi-level network security device;
means for discarding said communication if said communication violates security parameters associated with said first multi-level network security device; and
in said first mode, means for sending said communication from said first multi-level network security device to any second user; and
in said second mode, means for encrypting said communication using said first multi-level network security device, sending said encrypted communication to a second multi-level network security device, decrypting said communication using said second multi-level network security device, and sending said decrypted communication from said second multi-level network security device to a third user selected from said secured plurality of users. - View Dependent Claims (6, 7, 8)
-
-
9. A system for mixed enclave communications over a network including both secured and unsecured users, comprising:
-
means for permitting communications over the network between one of said secured users and one of said unsecured users;
means for discovering dynamically by said secured user whether a user initiating communications is one of said secured users or one of said unsecured users; and
means for controlling passage of information between said one of said secured users and said one of said unsecured users for securing given information residing with said one of said secured users against transference to said one of said unsecured users when not permissible. - View Dependent Claims (10, 11, 12, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 27, 28)
-
-
13. An apparatus for providing multi-level security on a computer network having a plurality of users and at least one relatively secure portion relative to at least one relatively unsecure portion of the network, the apparatus comprising:
-
means for intercepting a communication transmitted between said at least one secure and said at least one unsecure portions of said network;
means for determining whether network security parameters will be violated by said intercepted communication;
means for encrypting said intercepted communication if said intercepted communication;
will not violate said network security parameters;
originates from a secure portion of said network;
is destined for another secure portion of said network; and
will traverse an unsecure portion of said network; and
if said network security parameters will not be violated;
in a first mode, means for transmitting said intercepted communication; and
,in a second mode, means for transmitting said encrypted intercepted communication.
-
-
26. An apparatus for communicating on a network having a plurality of secured users utilizing multi-level network security devices, and unsecured users, wherein a first user selected from said plurality attempts to transmit a message to a second user selected from said plurality, when either said first user is a secured user, and said second user is an unsecured user, or when said first user is an unsecured user, and said second user is a secured user, the apparatus comprising:
-
means for intercepting said message with a multi-level network security device;
means for determining whether network security parameters will be breached by said message; and
,means for transmitting said message to said second user if network security parameters will not be breached by said message; and
when both said first and second users are secured users;
means for intercepting said message with a multi-level network security device utilized by said first user;
means for determining whether network security parameters will be breached by said message;
means for encrypting said message using said multi-level network security device utilized by said first user if network security parameters will not be breached by transmission of said message;
means for transmitting said encrypted message to a second multi-level network security device utilized by said second user if network security parameters will not be breached by transmission of said message;
means for decrypting said encrypted message using said multi-level network security device utilized by said second user if network security parameters will not be breached by transmission of said message; and
,means for transmitting said message to said second user.
-
Specification