System and method for providing secure internetwork services via an assured pipeline
First Claim
1. A system comprising:
- a processor;
a memory;
a first network interface;
a second network interface; and
software in the memory that is operable on the processor for causing the system to;
establish an assured pipeline between the first network interface and the second network interface;
encrypt outbound network traffic received on the first network interface;
send the encrypted outbound network traffic via the assured pipeline to the second network interface;
decrypt inbound network traffic received on the second network interface; and
send the inbound decrypted network traffic via the assured pipeline to the first network interface.
6 Assignments
0 Petitions
Accused Products
Abstract
A system and method for the secure transfer of data between a workstation connected to a private network and a remote computer connected to an unsecured network. A secure computer is inserted into the private network to serve as the gateway to the unsecured network and a client subsystem is added to the workstation in order to control the transfer of data from the workstation to the secure computer. The secure computer includes a private network interface connected to the private network, an unsecured network interface connected to the unsecured network, wherein the unsecured network interface includes means for encrypting data to be transferred from the first workstation to the remote computer and a server function for transferring data between the private network interface and the unsecured network interface.
-
Citations
44 Claims
-
1. A system comprising:
-
a processor;
a memory;
a first network interface;
a second network interface; and
software in the memory that is operable on the processor for causing the system to;
establish an assured pipeline between the first network interface and the second network interface;
encrypt outbound network traffic received on the first network interface;
send the encrypted outbound network traffic via the assured pipeline to the second network interface;
decrypt inbound network traffic received on the second network interface; and
send the inbound decrypted network traffic via the assured pipeline to the first network interface. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A router comprising:
-
a processor;
a memory;
a first network interface;
a second network interface; and
a firewall program stored in the memory and operable on the processor for causing the router to;
implement a security policy program enforcing a Type Enforcement security mechanism to restrict access to network resources, wherein the Type Enforcement security mechanism establishes an assured pipeline for transfer of data and programs between the first and second network interfaces. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. The router of 15, wherein the first network interface is a wireless network interface for wireless network communication.
-
22. A firewall device comprising:
-
a processor;
a memory; and
a secure operating system having an operational kernel and an administrative kernel, wherein the operational kernel includes a Type Enforcement security mechanism for restricting execution of files stored in the memory by the processor, further wherein execution restrictions placed on files in the memory can only be modified from within the administrative kernel. - View Dependent Claims (23, 24, 25)
-
-
26. A method for network protection, comprising:
-
establishing an assured pipeline between a first network interface and a second network interface;
encrypting outbound network traffic received on the first network interface;
sending the encrypted outbound network traffic via the assured pipeline to the second network interface;
decrypting inbound network traffic received on the second network interface; and
sending the inbound decrypted network traffic via the assured pipeline to the first network interface. - View Dependent Claims (27, 28, 29, 30, 31, 32, 33)
-
-
34. A server comprising:
-
a processor;
a secure operating system having a security mechanism for restricting access by processes to server resources; and
a firewall operating on the processor, wherein the firewall includes processes which access server resources and processes which limit access by others to server resources. - View Dependent Claims (35, 36, 37, 38, 39, 40, 41)
-
- 42. A machine readable medium, with instructions thereon, for causing a device to implement a security mechanism preventing execution of executable objects that have not been recognized as trusted executable objects and for implementing an assured pipeline based on the security mechanism, for transfer of data and programs between a first network interface and a second network interface.
Specification