SECURE NETWORK SYSTEM AND ASSOCIATED METHOD OF USE

US 20050060579A1
Filed: 02/02/2004
Published: 03/17/2005
Est. Priority Date: 09/15/2003
Status: Active Grant

First Claim

Patent Images

1. A network computer system for providing security, wherein the network computer system comprises:

a monitoring function for the network computer system;

at least one outside server for an untrusted computer network, wherein the monitoring function can read and execute data from the at least one outside server for the untrusted computer network;

at least one proxy server, wherein the at least one outside server for the untrusted computer network is able to read and write data to the at least one proxy server, wherein the monitoring function can read and execute data from the at least one proxy server;

at least one inside server, wherein the at least one proxy server is able to read and write data to the at least one inside server, wherein the monitoring function can read and execute data from the at least one inside server; and

a core operating system that is a portion of an operating system, wherein the at least one outside server, the at least one proxy server and the at least one inside server can read and execute data from the core operating system.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A network computer system for providing security that includes a monitoring function for the network computer system utilizing compartments that can be logical or separate physical hardware, at least one outside server for an untrusted computer network, e.g., global computer system, at least one proxy server, at least one inside server, wherein the at least one outside server is able to read and write software code to the at least one proxy server and the at least one proxy server is able to read and write software code to the at least one inside server, wherein the monitoring function can read and execute software code from the at least one outside server, the at least one proxy server and the at least one inside server. There is a top/down security function to prevent access to higher compartments.

Citations

42 Claims

1. A network computer system for providing security, wherein the network computer system comprises:
- a monitoring function for the network computer system;
  
  at least one outside server for an untrusted computer network, wherein the monitoring function can read and execute data from the at least one outside server for the untrusted computer network;
  
  at least one proxy server, wherein the at least one outside server for the untrusted computer network is able to read and write data to the at least one proxy server, wherein the monitoring function can read and execute data from the at least one proxy server;
  
  at least one inside server, wherein the at least one proxy server is able to read and write data to the at least one inside server, wherein the monitoring function can read and execute data from the at least one inside server; and
  
  a core operating system that is a portion of an operating system, wherein the at least one outside server, the at least one proxy server and the at least one inside server can read and execute data from the core operating system.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 2. The network computer system as set forth in claim 1, wherein the monitoring function includes at least one system level auditing function.
  - 3. The network computer system as set forth in claim 1, wherein the at least one system level auditing function resides within a first compartment and the at least one system level auditing function transports system log protocol events, generated by the operating system, through the network computer system without providing access to the system log protocol events from the at least one outside server, the at least one proxy server and the at least one inside server.
  - 4. The network computer system as set forth in claim 1, wherein the monitoring function includes at least one intrusion detection system.
  - 5. The network computer system as set forth in claim 4, wherein the at least one intrusion detection system resides within a second compartment and a third compartment, wherein the second compartment monitors activity and makes comparisons to known patterns that may indicate an attack on the network computer system and the third compartment includes source code for the intrusion detection system, wherein the second compartment can read and execute data located in the third compartment without modification thereof.
  - 6. The network computer system as set forth in claim 1, wherein the monitoring function includes at least one system health monitoring tool.
  - 7. The network computer system as set forth in claim 6, wherein the at least one system health monitoring tool resides within a fourth compartment and a fifth compartment, wherein the fourth compartment monitors health and response time for the network computer system, and the fifth compartment includes source code for the system health monitoring tool, wherein the fourth compartment can read and execute data located in the fifth compartment without modification thereof.
  - 8. The network computer system as set forth in claim 1, wherein the monitoring function includes at least one integrity check system.
  - 9. The network computer system as set forth in claim 8, wherein the at least one integrity check system resides within a sixth compartment and a seventh compartment, wherein the sixth compartment will provide an integrity check function to monitor changes to a baseline configuration of the network computer system and the seventh compartment includes source code for the integrity detection system, wherein the sixth compartment can read and execute source code located in the seventh compartment without modification thereof.
  - 10. The network computer system as set forth in claim 1, wherein the monitoring function includes the at least one system level auditing function, wherein the at least one system level auditing function resides within a first compartment and the system level auditing function transports system log protocol events, generated by the operating system, through the network computer system without providing access to the system log protocol events from the at least one outside server, the at least one proxy server and the at least one inside server and the monitoring function includes at least one intrusion detection system, wherein the at least one intrusion detection system resides within a second compartment and a third compartment, wherein the second compartment monitors activity and makes comparisons to known patterns that may indicate an attack on the network computer system and the third compartment includes source code for the at least one intrusion detection system, wherein the second compartment can read and execute data located in the third compartment without modification thereof and wherein at least one system health monitoring tool resides within a fourth compartment and a fifth compartment, wherein the fourth compartment monitors health and response time for the at least one outside server, the at least one proxy server and the at least one inside server and the fifth compartment includes source code for the at least one system health monitoring tool, wherein the fourth compartment can read and execute data located in the fifth compartment without modification thereof and wherein at least one integrity check system resides within a sixth compartment and a seventh compartment, wherein the sixth compartment will provide an integrity check function to monitor changes to a baseline configuration of the network computer system and the seventh compartment includes the source code for the integrity detection system, wherein the sixth compartment can read and execute data located in the seventh compartment without modification thereof.
  - 11. The network computer system as set forth in claim 1, wherein the at least one outside server includes at least one eighth compartment where outside requests are received, processed, and then passed to the at least one proxy server for further processing and at least one ninth compartment where source code for the at least one outside server resides, wherein the at least one eighth compartment can read and execute data from the at least one ninth compartment and the at least one ninth compartment can read and execute data from the core operating system.
  - 12. The network computer system as set forth in claim 11, wherein the source code includes encryption binaries and configuration files.
  - 13. The network computer system as set forth in claim 10, wherein the outside server includes at least one eighth compartment where outside requests are received, processed, and then passed to the at least one proxy server for further processing and at least one ninth compartment where source code for the at least one outside server resides, wherein the at least one eighth compartment can read and execute data from the at least one ninth compartment and the at least one ninth compartment can read and execute data from the at least one core operating system that resides in a fourteenth compartment and the third compartment of the intrusion detection function, the fifth compartment of the at least one system health monitoring tool and the seventh compartment of the at least one integrity check function can read and execute data from the at least one eighth compartment for the at least one outside server.
  - 14. The network computer system as set forth in claim 1, wherein the at least one proxy server includes at least one tenth compartment where the at least one proxy server executes and filters requests from the at least one outside server, which are then passed to the at least one inside server for further processing and at least one eleventh compartment wherein source code for the at least one proxy server resides, where the at least one tenth compartment can read and execute data from the at least one eleventh compartment and the at least one eleventh compartment can read and execute data from the core operating system.
  - 15. The network computer system as set forth in claim 14, wherein the source code includes binaries and configuration files.
  - 16. The network computer system as set forth in claim 14, wherein the at least one proxy server makes buffer checks and file extension requests to ascertain whether a security threat is present.
  - 17. The network computer system as set forth in claim 10, wherein the at least one proxy server includes at least one tenth compartment where the at least one proxy server executes and filters requests from the at least one outside server which are then passed to the at least one inside server for further processing and at least one eleventh compartment where source code for the at least one proxy server resides, wherein the at least one tenth compartment can read and execute data from the at least one eleventh compartment and the at least one eleventh compartment can read and execute data from the core operating system, residing in a fourteenth compartment, and the third compartment of the at least one intrusion detection function, the fifth compartment of the at least one system health monitoring tool and the seventh compartment of the at least one integrity check function can read and execute data from the at least one tenth compartment for the at least one proxy server.
  - 18. The network computer system as set forth in claim 17, wherein the source code includes binaries and configuration files.
  - 19. The network computer system as set forth in claim 1, wherein the at least one inside server includes at least one twelfth compartment where the at least one inside server executes all requests received from the untrusted computer network that have been screened and deemed valid for further processing and at least one thirteenth compartment where source code for the at least one inside server resides, wherein the at least one twelfth compartment can read and execute data from the at least one thirteenth compartment and the at least one thirteenth compartment can read and execute data from the core operating system.
  - 20. The network computer system as set forth in claim 10, wherein the at least one inside server includes at least one twelfth compartment where the at least one inside server executes all requests received from the untrusted computer network have been screened and deemed valid for further processing and at least one thirteenth compartment where binaries and configuration files for the at least one inside server reside, wherein the at least one thirteenth compartment can read and execute data from the core operating system, residing in a fourteenth compartment, and the third compartment of the at least one intrusion detection function, the fifth compartment of the at least one system health monitoring tool and the seventh compartment of the at least one integrity check function can read and execute data from the at least one twelfth compartment for the at least one inside server.
  - 21. The network computer system as set forth in claim 1, wherein system log protocol events produced by external devices can be forwarded through the at least one outside server, the at least one proxy server, and the at least one inside server to at least one other software application that monitors security intrusions.
  - 22. The network computer system as set forth in claim 1, wherein external data received from the outside through an untrusted computer network can pass from the at least one outside server wherein data from the at least one outside server can be read and written to the at least one proxy server, wherein data from the at least one proxy server can be read and written to the at least one inside server, wherein data from can at least one inside server can be read and written to at least one software application for further processing.

23. A network computer system for providing security, wherein the network computer system comprises:
- at least one system level auditing function, wherein the at least one system level auditing function resides within a first compartment and the at least one system level auditing function transports system log protocol events produced by an operating system through the network computer system;
  
  at least one intrusion detection system, wherein the at least one intrusion detection system resides within a second compartment and a third compartment, wherein the second compartment monitors activity and makes comparisons to known patterns that may indicate an attack on the network computer system and the third compartment is where source code for the intrusion detection system resides, wherein the second compartment can read and execute data located in the third compartment without modification thereof;
  
  at least one system health monitoring tool, wherein the at least one system health monitoring tool resides within a fourth compartment and a fifth compartment, wherein the fourth compartment monitors health and response time for the at least one outside server, the at least one proxy server and the at least one inside server and the fifth compartment is where source code for the system health monitoring tool resides, wherein the fourth compartment can read and execute data located in the fifth compartment without modification thereof;
  
  at least one integrity check system, wherein the at least one integrity check system resides within a sixth compartment and a seventh compartment, wherein the sixth compartment will provide an integrity check function to monitor changes to a baseline configuration of the network computer system and the seventh compartment is where source code for the integrity check system resides, wherein the sixth compartment can read and execute the source code located in the seventh compartment without modification thereof;
  
  at least one core operating system, residing within a fourteenth compartment;
  
  at least one outside server for an untrusted computer system, wherein the outside server includes at least one eighth compartment where outside requests are received and processed and at least one ninth compartment where source code for the at least one outside server resides, wherein the at least one eighth compartment can read and execute data from the at least one ninth compartment and the at least one ninth compartment can read and execute data from the at least one core operating system that resides in the fourteenth compartment and the third compartment of the at least one intrusion detection function, the fifth compartment of the at least one system health monitoring tool and the seventh compartment of the at least one integrity check function can read and execute data from the at least one outside server;
  
  at least one proxy server, wherein the at least one proxy server includes at least one tenth compartment where the at least one proxy server executes and filters requests from the at least one outside server and at least one eleventh compartment where source code for the at least one proxy server resides, wherein the at least one tenth compartment can read and execute data from the at least one eleventh compartment and the at least one eleventh compartment can read and execute data from the at least one core operating system, residing in the fourteenth compartment, and the third compartment of the at least one intrusion detection function, the fifth compartment of the at least one system health monitoring tool and the seventh compartment of the at least one integrity check function can read and execute data from the at least one proxy server; and
  
  wherein the at least one inside server includes at least one twelfth compartment where the at least one inside server executes all and requests received from the unsecured computer network have been screened and deemed valid for further processing by the at least one proxy server and at least one thirteenth compartment where source code for the at least one inside server resides, wherein the at least one twelfth compartment can read and execute data from the at least one thirteenth compartment and the at least one thirteenth compartment can read and execute data from the at least one core operating system, residing in the fourteenth compartment, and the third compartment of the at least one intrusion detection function, the fifth compartment of the at least one system health monitoring tool and the seventh compartment of the at least one integrity check function can read and execute data from the at least one inside server.
- View Dependent Claims (24, 25)
- - 24. The network computer system as set forth in claim 23, wherein system log protocol events produced by external devices can be forwarded through the at least one outside server, the at least one proxy server, and the at least one inside server to at least one other software application that monitors security intrusions.
  - 25. The network computer system as set forth in claim 23, wherein data from the untrusted computer network can pass from the at least one outside server wherein data from at least one outside server can be read and written to the at least one proxy server, where data from at least one proxy server can be read and written to the at least one inside server, wherein data from can at least one inside server can be read and written to at least one software application for further processing.

26. A process for providing security to a network computer system comprising:
- reading and executing data from at least one outside server for an untrusted computer network with a monitoring function;
  
  reading and executing data from at least one proxy server for an untrusted computer network with the monitoring function;
  
  reading and executing data from at least one inside server for an untrusted computer network with the monitoring function;
  
  reading and writing data from the at least one outside server to the at least one proxy server;
  
  reading and writing data from the at least one proxy server to the at least one inside server; and
  
  reading and executing data from a core operating system, which is at least a portion of an operating system, with the at least one outside server, the at least one proxy server and the at least one inside server.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39)
- - 27. The process for providing security to a network computer system as set forth in claim 26, wherein the monitoring function includes auditing of the network computer system.
  - 28. The process for providing security to a network computer system as set forth in claim 27, wherein the auditing of the network computer system, within a first compartment, includes transporting system log protocol events, generated by the operating system, through the network computer system without providing access to the system log protocol events from the at least one outside server, the at least one proxy server and the at least one inside server.
  - 29. The process for providing security to a network computer system as set forth in claim 26, wherein the monitoring function includes detecting of intrusions in the network computer system.
  - 30. The process for providing security to a network computer system as set forth in claim 29, wherein the detecting of intrusions includes monitoring activity and making comparisons to known patterns that may indicate an attack on the network computer system within at least one second compartment and providing source code for the monitoring activity and making comparisons to known patterns that may indicate an attack on the network computer system within at least one third compartment and reading and executing data located in the at least one third compartment from the at least one second compartment.
  - 31. The process for providing security to a network computer system as set forth in claim 26, wherein the monitoring function includes monitoring health of the network computer system.
  - 32. The process for providing security to a network computer system as set forth in claim 31, wherein the monitoring health of the network computer system includes monitoring health and response time for the network computer system, within at least one fourth compartment, and providing source code for monitoring health and response time for the network computer system, within at least one fifth compartment, wherein the at least one fourth compartment can read and execute data located in the at least one fifth compartment.
  - 33. The process for providing security to a network computer system as set forth in claim 26, wherein the monitoring function includes checking of integrity of the network computer system.
  - 34. The process for providing security to a network computer system as set forth in claim 33, wherein the checking of integrity of the network computer system includes monitoring changes to a baseline configuration of the network computer system, within the at least one sixth compartment, and providing source code for monitoring changes to a baseline configuration of the network computer system, within the at least one seventh compartment, wherein the at least one sixth compartment can read and execute data located in the at least one seventh compartment.
  - 35. The process for providing security to a network computer system as set forth in claim 26, wherein the receiving of outside requests from the at least one outside server for an untrusted computer network is with the at least one eighth compartment and providing source code for receiving of outside requests from the at least one outside server for the untrusted computer network is with the at least one ninth compartment, wherein the at least one eighth compartment can read and execute data located in the at least one ninth compartment.
  - 36. The process for providing security to a network computer system as set forth in claim 26, wherein the reading and writing of data to the at least one proxy server is where the at least one proxy server executes and filters requests from the at least one outside server with the at least one tenth compartment and the source code for the reading and writing of data to the at least one proxy server is where the at least one proxy server executes and filters requests from the at least one outside server is with the at least one eleventh compartment, wherein the at least one tenth compartment can read and execute data from the at least one eleventh compartment.
  - 37. The process for providing security to a network computer system as set forth in claim 26, wherein the reading and writing of data to the at least one inside server from the at least one proxy server is with the at least one twelfth compartment where the at least one inside server executes all requests received from the untrusted computer network have been screened and deemed valid for further processing and the at least one thirteenth compartment where source code for the at least one inside server resides, wherein the at least one twelfth compartment can read and execute data from the at least one thirteenth compartment.
  - 38. The process for providing security to a network computer system as set forth in claim 26, further comprising forwarding system log protocol events produced by external devices through the at least one outside server, the at least one proxy server, and the at least one inside server to the at least one other software application that monitors security intrusions.
  - 39. The process for providing security to a network computer system as set forth in claim 26, further comprising:
    - passing data from the outside through an untrusted computer network to the at least one outside server;
      
      reading and writing data from the at least one outside server to the at least one proxy server;
      
      reading and writing data from the at least one proxy server to the at least one inside server; and
      
      reading and writing data from the at least one inside server to at least one software application for further processing.

40. A process for providing security for a network computer system comprising:
- utilizing a system level auditing function, wherein the system level auditing function resides within a first compartment;
  
  transporting system log protocol events produced by an operating system through the network computer system with the system level auditing function;
  
  utilizing an intrusion detection system, wherein the intrusion detection system resides within a second compartment and a third compartment, wherein the third compartment includes source code for the intrusion detection system;
  
  inspecting network activity and making comparisons to known patterns that may indicate an attack on the network computer system with the second compartment of the intrusion detection system;
  
  reading and executing data located in the third compartment with the second compartment of the intrusion detection system;
  
  utilizing a system health monitoring tool, wherein the system health monitoring tool resides within a fourth compartment and a fifth compartment, wherein the fifth compartment includes source code for the system health monitoring tool;
  
  monitoring health and response time for the network computer system with the fourth compartment of the system health monitoring tool;
  
  reading and executing data located in the fifth compartment with the fourth compartment of the system health monitoring tool;
  
  utilizing an integrity check system, wherein the integrity check system resides within a sixth compartment and a seventh compartment;
  
  monitoring changes to a baseline configuration of the network computer system with the sixth compartment;
  
  reading and executing source code located in the seventh compartment with the sixth compartment;
  
  providing a core operating system residing within a fourteenth compartment;
  
  receiving a processing outside requests with at least one outside server for an untrusted computer network, wherein the at least one outside server includes at least one eighth compartment where outside requests are received and processed and at least one ninth compartment includes source code for the at least one outside server;
  
  reading and executing data from the at least one ninth compartment with at least one eighth compartment;
  
  reading and executing data from the fourteenth compartment with at least one ninth compartment;
  
  reading and executing data from the at least one eighth compartment for the at least one outside server with the third compartment of the intrusion detection system, the fifth compartment of the system health monitoring tool and the seventh compartment of the check system;
  
  executing and filtering requests from the at least one outside server to the at least one proxy server, wherein the at least one proxy server includes at least one tenth compartment where the at least one proxy server executes and filters requests from the at least one outside server and at least one eleventh compartment includes source code for the at least one proxy server;
  
  reading and executing data from the fourteenth compartment with at least one eleventh compartment;
  
  reading and executing data from the at least one tenth compartment for the at least one proxy server with the third compartment of the intrusion detection system, the fifth compartment of the system health monitoring tool and the seventh compartment of the check system;
  
  executing requests received from the untrusted computer network have been screened and deemed valid for further processing by the at least one proxy server with at least one twelfth compartment for the at least one inside server and at least one thirteenth compartment includes source code for the at least one inside server;
  
  reading and executing data from the fourteenth compartment with the at least one thirteenth compartment; and
  
  reading and executing data from the at least one twelfth compartment for the at least one inside server with the third compartment of the intrusion detection system, fifth compartment of the system health monitoring tool and the seventh compartment of the check system.
- View Dependent Claims (41, 42)
- - 41. The network computer system as set forth in claim 40, further comprising forwarding system log protocol events produced by external devices through the at least one outside server, the at least one proxy server, and the at least one inside server to the at least one other software application that monitors security intrusions.
  - 42. The network computer system as set forth in claim 40, further comprising reading and writing data from the at least one inside server can be read and write to at least one software application for further processing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
JP Morgan Chase Bank, N.A. (JP Morgan Chase & Co), US Bancorp Licensing Incorporated (US Bancorp)
Original Assignee
Anexsys LLC
Inventors
Ramsamooj, Prakash, Dickelman, Mark J.

Granted Patent

US 7,669,239 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/123 received data contents, e.g...

H04L 63/1408 by monitoring network traff...

SECURE NETWORK SYSTEM AND ASSOCIATED METHOD OF USE

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

42 Claims

Specification

Solutions

Use Cases

Quick Links

SECURE NETWORK SYSTEM AND ASSOCIATED METHOD OF USE

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

42 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links