System for secure communication between domains
First Claim
Patent Images
1. A method for secure communication between first and second domains comprising:
- identifying a sender of an encrypted data transmission received from a logical unit using a personal identifier associated with the data transmission;
determining whether the sender is authorized to perform the data transmission;
decrypting the data transmission if it is determined that the sender is authorized to perform the data transmission; and
transmitting the decrypted data to server
0 Assignments
0 Petitions
Accused Products
Abstract
A method of executing secure communications between first and second domains includes a translating data received from a node of the first domain to a target protocol and transmitting the translated data to a bastion host. The translated data may be filtered by the bastion host to block unauthorized transmissions. The data may then be authenticated and transmitted to a node of the second domain for use in an application. In one embodiment, the first domain is an untrusted domain and the second domain is a trusted domain.
44 Citations
12 Claims
-
1. A method for secure communication between first and second domains comprising:
-
identifying a sender of an encrypted data transmission received from a logical unit using a personal identifier associated with the data transmission;
determining whether the sender is authorized to perform the data transmission;
decrypting the data transmission if it is determined that the sender is authorized to perform the data transmission; and
transmitting the decrypted data to server - View Dependent Claims (2, 3, 4, 5)
-
-
6. An article of manufacture comprising:
-
a computer usable medium having computer readable program code embodied therein for securely transmitting data from a trusted domain to an untrusted domain comprising;
first computer readable program code for causing a first logical unit to identify a sender of an enhanced data transmission received from a second logical unit;
computer readable program code for determining whether the sender is authorized to perform the data transmission; and
computer readable program code for causing the first logical unit to de-enhance the data; and
computer readable program code for causing the first logical unit to send the data to a third logical unit. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A logical unit programmed to facilitate secure communication between first and second domains comprising:
-
a processor programmed to receive enhanced data transmitted from a first logical unit and to identify the sender of the enhanced data;
an access control list stored in a memory location including including access rights for the sender;
said processor further being programmed to query said access control list to determine whether the sender has sufficient rights to perform the data transmission, said processor being further programmed to de-enhance the data and to transmit the data to the second domain when it is determined that the sender has sufficient rights to perform data transmission.
-
-
12. A logical system for secure communication between first and second domains:
a first logical unit configured to enhance data and to transmit the enhanced data through an outbound proxy across the first secure domain;
a second logical unit configured to receive data from said first logical unit, said second logical unit defining a boundary between the first domain and the second domain, said second logical unit being further configured to identify a sender of the enhanced data, to determine whether the sender has sufficient rights to perform the data transmission, said processor being further configured to de-enhance the data and to transmit the data to a logical unit in the second domain when it is determined that the sender has sufficient rights to perform data transmission.
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneePaul C. Clark
-
Original AssigneePaul C. Clark
-
InventorsClark, Paul C.
-
Application NumberUS10/060,310Publication NumberTime in Patent OfficeDaysField of SearchUS Class Current713/153CPC Class CodesH04L 63/02 for separating internal fro...H04L 63/0428 wherein the data content is...H04L 63/0823 using certificates cryptogr...H04L 63/0861 using biometrical features,...H04L 63/10 for controlling access to d...
