Infrastructure method and system for authenticated dynamic security domain boundary extension
First Claim
1. A system for authenticated dynamic extension of security domain boundaries, comprising:
- dynamic high security domain extension instructions for dynamically forming an extended high security domain through a protected communication path from a first computer associated with a high security domain into a second computer associated with low security domain;
establishing instructions within said extended high security domain within said second computer for establishing a protected communication path between said high security domain and said extended high security domain within low security domain, said protected communication path forming an isolation barrier separating said extended high security domain from said low security domain;
authentication instructions associated with said low security domain and said high security domain for temporarily authenticating at least one object associated with said low security domain.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and system for authenticated dynamic extension of security domain boundaries includes high security domain extension instructions (144) for sequentially and dynamically forming an extended high security domain (133) through a protected communication path (128). The protected communication path (128) extends from a first computer (10) associated with a high security domain (80) into a second computer (10) associated with low security domain (120). The method and system establish the extended high security domain (133) within the second computer (10). A protected communication path (128) forms an isolation barrier (131) separating the extended high security domain (133) from other objects (126) within the low security domain (120). Authentication instructions (146) temporarily authenticate at least one object (132) associated with the low security domain (120). Returning instructions (156) return the at least one object (132) processed within the extended high security domain (133) to said low security domain (120).
-
Citations
21 Claims
-
1. A system for authenticated dynamic extension of security domain boundaries, comprising:
-
dynamic high security domain extension instructions for dynamically forming an extended high security domain through a protected communication path from a first computer associated with a high security domain into a second computer associated with low security domain;
establishing instructions within said extended high security domain within said second computer for establishing a protected communication path between said high security domain and said extended high security domain within low security domain, said protected communication path forming an isolation barrier separating said extended high security domain from said low security domain;
authentication instructions associated with said low security domain and said high security domain for temporarily authenticating at least one object associated with said low security domain. - View Dependent Claims (2, 3, 4)
-
-
5. A system for authenticated dynamic extension of security domain boundaries, comprising:
-
instructions for enabling a computer which is normally a member of a low security domain to be temporarily authenticated as a member of remote high security domain; and
instructions for reverting the computer to the service provider'"'"'s low security domain at the cessation of the service provision. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. A method for dynamically extending authenticated security domain boundaries, comprising the steps of:
-
dynamically forming an extended high security domain through a protected communication path from a first computer associated with a high security domain into a second computer associated with low security domain;
establishing a protected communication path between said high security domain and said extended high security domain within low security domain, said protected communication path forming an isolation barrier separating said extended high security domain from said low security domain; and
temporarily authenticating at least one object associated with said low security domain. - View Dependent Claims (12, 13, 14)
-
-
15. A method for dynamically extending an authenticated security domain boundary, comprising the steps of:
-
enabling a computer which is normally a member of a low security domain to be temporarily authenticated as a member of remote high security domain; and
reverting the computer to the service provider'"'"'s low security domain at the cessation of the service provision. - View Dependent Claims (16, 17, 18, 19, 20)
-
-
21. A storage medium comprising a system for authenticated dynamic extension of security domain boundaries, said system comprising:
-
dynamic high security domain extension instructions for dynamically forming an extended high security domain through a protected communication path from a first computer associated with a high security domain into a second computer associated with low security domain;
establishing instructions within said extended high security domain within said second computer for establishing a protected communication path between said high security domain and said extended high security domain within low security domain, said protected communication path forming an isolation barrier separating said extended high security domain from said low security domain; and
authentication instructions associated with said low security domain and said high security domain for temporarily authenticating at least one object associated with said low security domain.
-
Specification