Method and system for establishing a security perimeter in computer networks
0 Assignments
0 Petitions
Accused Products
Abstract
A multi-level network security system is disclosed for a computer host device coupled to at least one computer network. The system including a secure network interface Unit (SNIU) contained within a communications stack of the computer device that operates at a user layer communications protocol. The SNIU communicates with other like SNIU devices on the network by establishing an association, thereby creating a global security perimeter for end-to-end communications and wherein the network may be individually secure or non-secure without compromising security of communications within the global security perimeter. The SNIU includes a host/network interface for receiving messages sent between the computer device and network. The interface operative to convert the received messages to and from a format utilized by the network. A message parser for determining whether the association already exists with another SNIU device. A session manager coupled to said network interface for identifying and verifying the computer device requesting access to said network. The session manager also for transmitting messages received from the computer device when the message parser determines the association already exists. An association manager coupled to the host/network interface for establishing an association with other like SNIU devices when the message parser determines the association does not exist.
-
Citations
53 Claims
-
1. Cancelled.
-
2. A multi-level network security system comprising:
-
a first secure network interface unit (SNIU) coupled to a first computer device and to a network, wherein components of the network may be individually secure or non-secure; and
a second SNIU coupled to a second computer device and to the network, said second SNIU further comprising;
a network interface configured to receive messages sent between the second computer device and the network;
a session manager coupled to the network interface and configured to transmit said messages to the network when an association exists between the first SNIU and the second SNIU; and
an association manager coupled to the network interface and configured to establish an association with the second SNIU when said association does not exist. - View Dependent Claims (3, 4, 5, 6, 7, 8, 9)
-
-
10. A multi-level network security system for a computer device coupled to a network, wherein components of the network may be individually secure or non-secure, the multi-level network security system comprising:
-
a first secure network interface unit (SNIU) coupled to a network; and
a second SNIU coupled to the network, the second SNIU comprising;
a message parser configured to determine whether an association exists between the second SNIU and the first SNIU; and
an association manager configured to establish an association with the first SNIU when the message parser determines said association does not exist. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A multi-level network security system for a computer device coupled to a network, wherein components of the network may be individually secure or non-secure, the multi-level network security system comprising:
-
first secure means for creating a security perimeter for end-to-end communications, wherein said first secure means is coupled to a first computer device and to a network; and
second secure means for creating said security perimeter, wherein the second secure means is coupled to a second computer device and to the network, the second secure means comprising;
means for determining whether an association exists between the second secure means and the first secure means; and
means for establishing an association with the first secure means when the means for determining determines said association does not exist. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
-
33. A secure network interface unit for use in a multi-level network security system, the secure network interface unit comprising:
-
interface means for receiving messages sent between a computer device and a network, wherein components of the network may be individually secure or non-secure;
means for determining whether an association exists between the secure network interface unit and a second secure network interface unit;
means for requesting access to and transmitting said messages to the network when the means for determining determines said association exists, wherein said means for requesting and transmitting is coupled to said interface means; and
means for establishing an association with the second secure network interface unit when the means for determining determines said association does not exist, wherein said means for establishing is coupled to said interface means. - View Dependent Claims (34, 35, 36, 37, 38, 39)
-
-
40. A method for creating a security perimeter for end-to-end communications on a network, the method comprising:
-
providing a first secure network interface unit (SNIU) between a first computer device and a network, wherein components of the network may be individually secure or non-secure; and
providing a second SNIU between a second computer device and the network, wherein said second SNIU is configured to perform a plurality of security functions including;
receiving messages sent between the second computer device and the network;
converting the received messages to and from a format utilized by the network;
identifying and verifying the second computer device requesting access to the network;
determining whether an association exists between the second SNIU and the first SNIU;
transmitting the received messages to the first SNIU when said association exists; and
establishing an association with the first SNIU when said association does not exist. - View Dependent Claims (41, 42, 43, 44, 45, 46, 47)
-
-
48. A method for providing a multi-level network security system for a computer device coupled to a computer network, wherein components of the network may be individually secure or non-secure, the method comprising:
placing a first secure network interface between a computer device and a network, wherein the first secure network interface performs a plurality of security functions including;
receiving messages sent between the computer device and the network;
determining whether an association exists between the first secure network interface and a second secure network interface coupled to the network; and
establishing an association with the second secure network interface when said association does not exist. - View Dependent Claims (49, 50, 51, 52, 53)
Specification