System, method and apparatus for securing network data

US 20040025008A1
Filed: 08/02/2002
Published: 02/05/2004
Est. Priority Date: 08/02/2002
Status: Active Grant

First Claim

Patent Images

1. A system for securing network data, comprising:

a network;

first and second storage elements;

a network server in communication with said network and said first storage element; and

a database server in communication with said first storage element and said second storage element, wherein the first storage element receives and stores data from said network server in a first predetermined location and from said database server in a second predetermined location, wherein said network server is capable of accessing the data stored by said first storage element in the second predetermined location, and wherein said database server is capable of accessing the data stored by said first storage element in the first predetermined location, such that said network server and said database server are capable of exchanging data via said first storage element without creating a concurrent operating session between said network server and said database server.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The system, method and apparatus for securing network data of the present invention provide security for internal networks by utilizing a common storage element for the exchange of data between the external and internal components, without creating a concurrent session between the external and internal components. In addition, when the protocol of the external network is Internet Protocol (IP), the protocol used for the internal network may be a non-IP messaging protocol that is a more secure protocol than IP, and insulates the internal network from the type of attacks that are common in IP networks. These security measures may be implemented without a significant change to the hardware or software elements of the internal or external networks, and, therefore, without adding significant cost to the network administration and without the network performance degradation that is characteristic of conventional security measures.

40 Citations

View as Search Results

29 Claims

1. A system for securing network data, comprising:
- a network;
  
  first and second storage elements;
  
  a network server in communication with said network and said first storage element; and
  
  a database server in communication with said first storage element and said second storage element, wherein the first storage element receives and stores data from said network server in a first predetermined location and from said database server in a second predetermined location, wherein said network server is capable of accessing the data stored by said first storage element in the second predetermined location, and wherein said database server is capable of accessing the data stored by said first storage element in the first predetermined location, such that said network server and said database server are capable of exchanging data via said first storage element without creating a concurrent operating session between said network server and said database server.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The system of claim 1, wherein said network server is in communication with at least one client element over said network via Internet Protocol (IP).
  - 3. The system of claim 2, wherein said network server and said database server transmit data to said first storage element and access data from said first storage element via a non-IP messaging protocol.
  - 4. The system of claim 3, wherein the non-IP messaging protocol is Fiberchannel protocol.
  - 5. The system of claim 2, further comprising a firewall security device within said network between the at least one client element and said network server.
  - 6. The system of claim 5, wherein the at least one client element is capable of transmitting data to and from said network server through said firewall security device.
  - 7. The system of claim 1, wherein said database server and said network server are capable of transmitting and receiving metadata that at least partially defines associated data.
  - 8. The system of claim 7, wherein said first storage element stores metadata received from said network server in a third predetermined location, wherein the metadata defines the first predetermined location at which data that is also received from said network server is stored, and wherein said database server accesses the metadata from the third predetermined location to obtain the first predetermined location of the data.
  - 9. The system of claim 7, wherein said first storage element stores metadata received from said database server in a fourth predetermined location, wherein the metadata defines the second predetermined location at which data that is also received from said database server is stored, and wherein said network server accesses the metadata from the fourth predetermined location to obtain the second predetermined location of the data.
  - 10. The system of claim 1, wherein said network server and said database server are capable of periodically polling said first storage element to determine if additional data has been stored.
  - 11. The system of claim 1, wherein said second storage element comprises a storage area network.
  - 12. The system of claim 1, wherein said first storage element comprises a storage area network.

13. A method for securing network data, comprising:
- receiving data from a network server in a first predetermined location of a first storage element;
  
  receiving data from a database server in a second predetermined location of the first storage element;
  
  accessing the data stored in the second predetermined location of the first storage element by the network server; and
  
  accessing the data stored in the first predetermined location of the first storage element by the database server;
  
  wherein the network server and the database server exchange data via the first storage element without creating a concurrent operating session between the network server and the database server.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 14. The method of claim 13, further comprising establishing communications between the network server and at least one client element over a network via IP.
  - 15. The method of claim 14, wherein receiving data and accessing data comprises receiving data and accessing data via a non-IP messaging protocol.
  - 16. The method of claim 15, wherein the non-IP messaging protocol is a Fiberchannel protocol.
  - 17. The method of claim 13, further comprising establishing communications between the database server and a second storage element via a non-IP messaging protocol.
  - 18. The method of claim 13, further comprising establishing communications between the database server and a storage area network.
  - 19. The method of claim 13, further comprising establishing communications between the network server and a storage area network and between the database server and the same storage area network.
  - 20. The method of claim 13, further comprising receiving metadata that at least partially defines associated data from the network server and the database server in the first storage element.
  - 21. The method of claim 20, further comprising storing metadata received from the network server in a third predetermined location, wherein the metadata defines the first predetermined location at which data that is also received from the network server is stored, and accessing the metadata by the database server from the third predetermined location to obtain the first predetermined location of the data.
  - 22. The method of claim 20, further comprising storing metadata received from the database server in a fourth predetermined location, wherein the metadata defines the second predetermined location at which data that is also received from the database server is stored, and accessing the metadata by the network server from the fourth predetermined location to obtain the second predetermined location of the data.
  - 23. The method of claim 13, further comprising polling the storage element by the network server and the database server to determine if additional data has been stored.

24. An apparatus for securing network data, comprising:
- a network supporting communication via Internet Protocol (IP);
  
  a storage area network comprising a plurality of storage devices, wherein said storage area network is capable of supporting communication via a non-IP messaging protocol;
  
  a storage element;
  
  a database server in communication with said storage area network and said storage element via the non-IP messaging protocol, and wherein said database server is capable of transmitting and receiving metadata that at least partially defines associated data; and
  
  a network server in communication with said network via IP and said storage element via the non-IP messaging protocol, and wherein said network server is capable of transmitting and receiving metadata that at least partially defines associated data;
  
  wherein said storage element receives and stores data from said network server in a first predetermined location and from said database server in a second predetermined location;
  
  wherein said storage element further receives and stores network metadata from said network server in a third predetermined location, wherein the network metadata defines the first predetermined location at which the data that is also received from said network server is stored, and wherein said database server accesses the network metadata from the third predetermined location to obtain the first predetermined location of the data; and
  
  wherein said storage element also receives and stores database metadata from said database server in a fourth predetermined location, wherein the database metadata defines the second predetermined location at which the data that is also received from said database server is stored, and wherein said network server accesses the database metadata from the fourth predetermined location to obtain the second predetermined location of the data, such that said network server and said database server are capable of exchanging data via said storage element without creating a concurrent operating session between said network server and said database server.
- View Dependent Claims (25, 26, 27, 28, 29)
- - 25. The apparatus of claim 24, wherein the non-IP messaging protocol is Fiberchannel protocol.
  - 26. The apparatus of claim 24, further comprising at least one client element in communication with said network server over said network via IP.
  - 27. The apparatus of claim 26, further comprising a firewall security device connected between said at least one client element and said network server and capable of analyzing data transmitted between said at least one client element and said network server.
  - 28. The apparatus of claim 24, wherein said network server and said database server are capable of periodically polling the storage element to determine if additional metadata has been stored.
  - 29. The apparatus of claim 24, wherein said storage element is a second storage area network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Mott, Michael Robert, Kuehn, Dennis Lee

Granted Patent

US 7,631,179 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/151
CPC Class Codes

H04L 63/02 for separating internal fro...

System, method and apparatus for securing network data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

40 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

System, method and apparatus for securing network data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

40 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links