System and method for secure data transmission

US 20020053032A1
Filed: 05/18/2001
Published: 05/02/2002
Est. Priority Date: 09/14/2000
Status: Abandoned Application

First Claim

Patent Images

1. A system for secure data transmission comprising:

a session layer that maps authentication of at least one request to session level authorization, the authorization defining permitted communications between at least one resource and the at least one request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for secure data transmission includes trusted session sub-layer for maintaining a virtual air gap between a plurality of resource requesters and a plurality of resource providers, and a session manager for a transfer of data between the plurality of resource requesters and the plurality of resource providers.

67 Citations

64 Claims

1. A system for secure data transmission comprising:
- a session layer that maps authentication of at least one request to session level authorization, the authorization defining permitted communications between at least one resource and the at least one request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
- - 2. The system of claim 1, wherein the session layer includes:
    - a trusted session sub-layer for session level authorization and maintenance; and
      
      a reverse proxy for transferring data between the at least one resource and the at least one request.
  - 3. The system of claim 2, wherein layers of the request below its trusted session sub-layer are unaware of existence of layers of the resource below its trusted session sub-layer.
  - 4. The system of claim 1, wherein the session layer forms a bundle of transport layer connections between the at least one resource and the at least one request.
  - 5. The system of claim 4, wherein a plurality of bundles of transport layer connections are joined to create a meta-session.
  - 6. The system of claim 1, wherein the session layer maps ports onto itself.
  - 7. The system of claim 6, wherein the session layer associates a transport connection for data to pass from the at least one resource to the at least one request.
  - 8. The system of claim 1, further including a trusted operating system.
  - 9. The system of claim 1, wherein the authorizations are dynamically updated.
  - 10. The system of claim 1, wherein no layer below the session layer communicates on a peer to peer level.
  - 11. The system of claim 1, wherein the session layer includes a sterile core.
  - 12. The system of claim 1, wherein the session layer maps the authentication of users using a Secure Core rulebase.
  - 13. The system of claim 1, wherein resource identities are masked.
  - 14. The system of claim 1, wherein the authorization is dependent on a network interface of the at least one request.
  - 15. The system of claim 1, wherein the session layer provides an audit trail.
  - 16. The system of claim 1, wherein the session layer can establish multiple sessions with multiple requests, each session operating in a half-duplex manner.
  - 17. The system of claim 1, wherein the session layer mediates resources between the at least one request and the at least one resource based on a credential set.
  - 18. The system of claim 1, wherein the session layer mediates resources between the at least one request and the at least one resource based on a credential set, and wherein the session layer bundles transport layer communications between the at least one resource and the at least one request by associating the bundles with the credential set.
  - 19. The system of claim 1, further including a multi-level operating system used as a proxy.
  - 20. The system of claim 1, further including a Session Manager to communicate through higher OSI layers.
  - 21. The system of claim 1, wherein no physical resource is time-division shared by the at least one resource requester and the at least one resource provider.

22. A system for secure data transmission comprising:
- a virtual air gap provided by;
  
  a trusted session sub-layer for session authorization and maintenance;
  
  a trusted operating system for session separation; and
  
  a reverse proxy for data transfer between a user and a resource provider.
- View Dependent Claims (23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 37, 38, 39, 40, 41, 42, 43, 44, 45, 47, 48, 49, 50, 51, 52)
- - 23. The system of claim 22, wherein layers of the user below its trusted session sub-layer are unaware of existence of layers of the resource provider below its trusted session sub-layer.
  - 24. The system of claim 22, wherein the trusted session sub-layer forms a bundle of transport layer connections between the user and the resource provider.
  - 25. The system of claim 24, wherein a plurality of bundles of transport layer connections are joined to create a meta-session.
  - 26. The system of claim 22, wherein a session layer, which includes the trusted session sub-layer, maps ports onto itself.
  - 27. The system of claim 22, wherein the session authorization is dynamically updated.
  - 28. The system of claim 22, wherein no layer below a session layer, which includes the trusted session sub-layer, communicates on a peer to peer level.
  - 29. The system of claim 22, wherein the trusted session sub-layer maps user authentication using a Secure Core rulebase.
  - 30. The system of claim 22, wherein the session authorization is dependent on network interface of the user.
  - 31. The system of claim 22, wherein the trusted session sub-layer mediates resources between the user and the resource provider based on a credential set.
  - 32. The system of claim 22, wherein the trusted session sub-layer mediates resources between the user and the resource provider based on a credential set, and wherein the trusted session sub-layer bundles transport layer communications between the user and the resource provider by associating the bundles with the credential set.
  - 33. The system of claim 22, further including a multi-level operating system used as a proxy.
  - 34. The system of claim 22, further including a Session Manager to communicate through higher OSI layers.
  - 35. The system of claim 22, wherein no physical resource is time-division shared by the user and the resource provider.
  - 37. The system of claim 36, wherein the trusted session sub-layer includes a reverse proxy for transferring data between the plurality of resource requesters and the plurality of resource providers.
  - 38. The system of claim 36, wherein the trusted session sub-layer forms a bundle of transport layer connections between the plurality of resource requesters and the plurality of resource providers.
  - 39. The system of claim 38, wherein a plurality of bundles of transport layer connections are joined to create a meta-session.
  - 40. The system of claim 36, wherein the trusted session sub-layer maps ports onto itself.
  - 41. The system of claim 40, wherein the trusted session sub-layer associates transport connections for data to pass from the plurality of resource requesters to the plurality of resource providers.
  - 42. The system of claim 36, wherein authorizations for the plurality of resourece requesters are dynamically updated.
  - 43. The system of claim 36, wherein no layer below a session layer, which includes the trusted session sub-layer, communicates on a peer to peer level.
  - 44. The system of claim 36, wherein the session layer mediates resources between the plurality of resource requesters and the plurality of resource providers based on each resource requester'"'"'s credential set, and wherein the session layer bundles transport layer communications between the plurality of resource requesters and the plurality of resource providers by associating the bundles with the each resource requester'"'"'s credential set.
  - 45. The system of claim 36, wherein no physical resource is time-division shared by the plurality of resource requesters and the plurality of resource providers.
  - 47. The system of claim 46, wherein the trusted session sub-layer includes a reverse proxy for transferring data between the plurality of resource requesters and the plurality of resource providers.
  - 48. The system of claim 46, wherein layers of each resource requester below its trusted session sub-layer are unaware of existence of layers of each resource provider below its trusted session sub-layer.
  - 49. The system of claim 46, wherein the trusted session sub-layer maps ports onto itself.
  - 50. The system of claim 46, wherein the authorizations for each resource requester are dynamically updated.
  - 51. The system of claim 46, wherein no layer below the session layer communicates on a peer to peer level.
  - 52. The system of claim 46, wherein the session layer mediates resources between the plurality of resource requesters and the plurality of resource providers based on each user'"'"'s credential set, and wherein the session layer bundles transport layer communications between the plurality of resource requesters and the plurality of resource providers by associating the bundles with the each user'"'"'s credential set.

36. A system for secure data transmission comprising:
- a trusted session sub-layer maintaining a virtual air gap between a plurality of resource requesters and a plurality of resource providers;
  
  a session manager for a transfer of data between the plurality of resource requesters and the plurality of resource providers.

46. A system for secure data transmission comprising:
- a trusted session sub-layer for peer-to-peer communication between a plurality of resource requesters and a plurality of resource providers;
  
  a rulebase for authenticating authorization of the plurality of resource requesters on a dynamic basis, wherein the trusted session sub-layer forms a bundle of transport layer connections between the plurality of resource providers and the plurality of resource requesters.

53. A system for secure data transmission comprising:
- a session layer for a transfer of data between a plurality of resource requesters and a plurality of resource providers, wherein no peer-to-peer connections exist below the session layer; and
  
  a trusted session sub-layer maintaining a virtual air gap, wherein no physical resources are time-division shared between any resource provider and any resource requester.

54. A system for secure data transmission comprising:
- session layer means for mapping authentication of at least one request to session level authorization, the authorization defining permitted communications between at least one resource and the at least one request.

55. A system for secure data transmission comprising:
- virtual air gap means provided by;
  
  trusted session sub-layer means for session authorization and maintenance;
  
  a trusted operating system for session separation; and
  
  reverse proxy means for data transfer between a user and a resource provider.

56. A system for secure data transmission comprising:
- trusted session sub-layer means maintaining a virtual air gap between a plurality of resource requesters and a plurality of resource providers;
  
  session manager means for transferring data between the plurality of resource requesters and the plurality of resource providers.

57. A system for secure data transmission comprising:
- trusted session sub-layer means for peer-to-peer communication between a plurality of resource requesters and a plurality of resource providers;
  
  a rulebase for authenticating authorization of the plurality of resource requesters on a dynamic basis, wherein the trusted session sub-layer means forms a bundle of transport layer connections between the plurality of resource providers and the plurality of resource requesters.

58. A system for secure data transmission comprising:
- session layer means for a transfer of data between a plurality of resource requesters and a plurality of resource providers, wherein no peer-to-peer connections exist below the session layer means; and
  
  trusted session sub-layer means maintaining a virtual air gap, wherein no physical resources are time-division shared between any resource provider and any resource requester.

59. A computer program product for secure data transmission comprising:
- a computer usable medium having computer readable program code means embodied in the computer usable medium for causing an application program to execute on a computer system, the computer readable program code means comprising;
  
  computer readable program session layer code means for mapping authentication of at least one request to session level authorization, the authorization defining permitted communications between at least one resource and the at least one request.

60. A computer program product for secure data transmission comprising:
- a computer usable medium having computer readable program code means embodied in the computer usable medium for causing an application program to execute on a computer system, the computer readable program code means comprising;
  
  computer readable program code means for a virtual air gap provided by;
  
  computer readable program code trusted session sub-layer means for session authorization and maintenance;
  
  a trusted operating system for session separation; and
  
  computer readable program code reverse proxy means for data transfer between a user and a resource provider.

61. A computer program product for secure data transmission comprising:
- a computer usable medium having computer readable program code means embodied in the computer usable medium for causing an application program to execute on a computer system, the computer readable program code means comprising;
  
  computer readable program code trusted session sub-layer means for maintaining a virtual air gap between a plurality of resource requesters and a plurality of resource providers;
  
  computer readable program code session manager means for transferring data between the plurality of resource requesters and the plurality of resource providers.

62. A computer program product for secure data transmission comprising:
- a computer usable medium having computer readable program code means embodied in the computer usable medium for causing an application program to execute on a computer system, the computer readable program code means comprising;
  
  computer readable program code trusted session sub-layer means for peer-to-peer communication between a plurality of resource requesters and a plurality of resource providers;
  
  a rulebase for authenticating authorization of the plurality of resource requesters on a dynamic basis, wherein the trusted session sub-layer means forms a bundle of transport layer connections between the plurality of resource providers and the plurality of resource requesters.

63. A computer program product for secure data transmission comprising:
- a computer usable medium having computer readable program code means embodied in the computer usable medium for causing an application program to execute on a computer system, the computer readable program code means comprising;
  
  computer readable program code session layer means for transferring data between a plurality of resource requesters and a plurality of resource providers, wherein no peer-to-peer connections exist below the computer readable program code session layer means; and
  
  computer readable program code trusted session sub-layer means for maintaining a virtual air gap, wherein no physical resources are time-division shared between any resource provider and any resource requester.

64. A method for secure data transmission comprising:
- mapping authentication of at least one request to session level authorization in a session layer, the authorization defining permitted communications between at least one resource and the at least one request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Apollo Management LP (Apollo Global Management, Inc.)
Original Assignee
Apollo Management LP (Apollo Global Management, Inc.)
Inventors
Dowling, William Race, Houtte, Ray Van

Application Number

US09/859,667
Publication Number

US 20020053032A1
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

H04L 63/168   above the transport layer

H04L 65/1101   Session protocols

H04L 67/00   Network arrangements or pro...

H04L 67/104   Peer-to-peer [P2P] networks

System and method for secure data transmission

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

67 Citations

64 Claims

Specification

Solutions

Use Cases

Quick Links

System and method for secure data transmission

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

67 Citations

64 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links