Method and computer system for securing communication in networks

US 20040260943A1
Filed: 06/28/2004
Published: 12/23/2004
Est. Priority Date: 08/07/2001
Status: Active Grant

First Claim

Patent Images

1. Method for safeguarding the communication in networks with the intermediate arrangement of a safety computer system between a protection-requiring data processing facility and the network, wherein the data exchange between the protection-requiring data processing facility and the network is monitored and/or controlled by at least one computer program implemented as embedded software on the safety computer system in accordance with a pre-specifiable set of rules.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The invention relates to a method and a computer system for securing communication in networks of data processing units which can be used especially for individually created security units for portable computer systems. In order to secure the communication, the data exchange between a data processing unit to be protected and the network is monitored and/or controlled by means of a computer program which is implemented in a security computer system as embedded software, the security computer system being inserted between the data processing device to be protected and the network. A computer system providing such protection is embodied as a single board computer or as a chip solution and comprises means for exchanging data with the data processing unit to be protected, means for exchanging data with the network, and means for monitoring and/or controlling the communication between the data processing unit to be protected and the network. To this end, a means for exchanging data with the data processing unit to be protected can be connected to the bus system of the data processing unit to be protected, and/or a means for exchanging data with the network is embodied as a network interface.

46 Citations

View as Search Results

29 Claims

1. Method for safeguarding the communication in networks with the intermediate arrangement of a safety computer system between a protection-requiring data processing facility and the network, wherein the data exchange between the protection-requiring data processing facility and the network is monitored and/or controlled by at least one computer program implemented as embedded software on the safety computer system in accordance with a pre-specifiable set of rules.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. Method according to claim 1, wherein the safety computer system is connected with the bus system of the protection-requiring data processing facility, and a connection between the protection-requiring data processing facility and the network is established by way of an interface of the safety computer system.
  - 3. Method according to one of the claims 1 or 2, wherein the pre-specified set of rules for the monitoring and/or control of the data to be exchanged between the protection-requiring data processing facility and the network is person-related and/or covers the individually pre-specified rules on the protection-requiring data processing facility.
  - 4. Method according to claim 3, wherein the individually pre-specified set of rules examines the authorisation for access from source systems to the protection-requiring data processing facility and/or examines the authorisation for access to target systems from the direction of the protection-requiring data processing facility and/or realises the encryption and/or the decryption of the data to be exchanged and/or performs the set-up of a virtual private network (VPN) and transmits the data to be exchanged transparently through the VPN-channel and/or analyses the contents of the data to be exchanged.
  - 5. Method according to claim 4, wherein the set-up of a VPN is effected after successful authentification.
  - 6. Method according to claim 4wherein the analysis of the contents of the data to be exchanged serves the detection of viruses and/or Trojan Horses.
  - 7. Method according to one of the previous claims, wherein the configuration of the safety computer system and/or the embedded software is effected by way of an interface to the network.
  - 8. Method according to one of the previous claims, wherein the maintenance and/or care administration of the safety computer system is effected from the direction of the protection-requiring data processing facility or as a remote maintenance via the network.
  - 9. Method according to one of the previous claims, wherein the maintenance and/or care administration of the embedded software includes the extension of the functionality of the computer program implemented as embedded software.
  - 10. Method according to one of the previous claims, wherein the computer program monitoring and/or controlling the data to be exchanged between the protection-requiring data processing facility and the network is not changeable or is only changeable after authentification from the side of the protection-requiring data processing facility.
  - 11. Method according to one of the previous claims, wherein the safety computer system for the protection-requiring data processing facility and/or for the network appears transparent.
  - 12. Method according to one of the previous claims, wherein the safety computer system is integrated as an embedded system in the communication interface of the protection-requiring data processing facility.
  - 13. Method according to one of the previous claims, wherein the safety computer system is integrated as an insertion card or as a PCMCIA-card in the protection-requiring data processing facility.
  - 14. Method according to one of the previous claims, wherein the safety computer system is connected up to the protection-requiring data processing facility as in the case of conventional network connection hardware.
  - 15. Method according to one of the previous claims, wherein the power supply of the safety computer system is effected by way of the protection-requiring data processing facility.
  - 16. Method according to one of the previous claims, wherein data to be kept secret, such as electronic keys or electronic signatures, are only one the safety computer system.
  - 17. Method according to one of the previous claims, wherein secret data on the safety computer system, from the side of the protection-requiring data processing facility, cannot be changed or called up or can only be changed or called up after entry of a password.
  - 18. Method according to one of the previous claims, wherein all data to be exchanged between the protection-requiring data processing facility and the network run through the safety computer system.

19. Computer system for safeguarding the communication in networks, wherein the computer system is executed as a single board computer or as a chip solution and encompasses at least one means for data exchange with a data processing facility to be protected, at least one means for data exchange with the network and at least one means for monitoring and/or control of the communication between the data processing facility to be protected and the network.
- View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 20. Computer system according to claim 19, wherein a means for data exchange is connectable with a protection-requiring data processing facility to the bus-system of the protection-requiring data processing facility and/or a means is formed for data exchange with the network as a network interface.
  - 21. Computer system according to one of the claims 19 or 20, wherein a means for data exchange with a protection-requiring data processing facility is formed as a PCMCIA-bus or as a PCI-bus or as a USB-bus or as a IEEE 1394-bus (Firewire).
  - 22. Computer system according to claim 19, wherein a means for data exchange with a protection-requiring data processing facility is formed as an RS-232 interface or as an Ethernet interface or as an USB-interface.
  - 23. Computer system according to one of the claims 19 to 22, wherein at least one means for data exchange with the network includes a modem and/or a mobile telephone processor.
  - 24. Computer system according to one of the claims 19 to 23, wherein at least one means for monitoring and/or control of the communication includes a transparent router/VPN (IPSEC) (20) and/or a DHCP (23) and or a Key management (25) a Firewall (26) and/or a remote control (27).
  - 25. Computer system according to one of the claims 19 to 24, wherein at least one means for monitoring and/or control of the communication includes as a module a system monitoring (21) and/or an IDS (22) and/or an automatic update (24) and/or a virus scanner and/or an intrusion detection system and/or a Public Key Management.
  - 26. Computer system according to one of the claims 19 to 25, wherein the computer system is executed as a system on chip.
  - 27. Computer system according to one of the claims 19 to 26, wherein the computer system is integrated in a cable or a card or a chip for the network access.
  - 28. Computer system according to one of the claims 19 to 27, wherein the computer system is executed as an insertion card or as a PCMCIA-card.
  - 29. Computer system according to one of the claims 19 to 28, wherein the protection-requiring data processing facility is executed as a personal computer or as a laptop or as a network-compatible palmtop or as a network-compatible telephone.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Innominate Security Technologies AG (Phoenix Contact GmbH & Company KG)
Original Assignee
Innominate Security Technologies AG (Phoenix Contact GmbH & Company KG)
Inventors
Piepiorra, Frank, Machtel, Michael, Jaenicke, Lutz

Granted Patent

US 7,430,759 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/0209   Architectural arrangements,...

H04L 63/0263   Rule management

H04L 63/0272   Virtual private networks

Method and computer system for securing communication in networks

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

46 Citations

29 Claims

Specification

Use Cases

Quick Links

Others

Method and computer system for securing communication in networks

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

46 Citations

29 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others