Trusted interface unit (TIU) and method of making and using the same
First Claim
1. A method of transmitting data over a network, the method comprising:
- receiving data from a partition within a node on the network, the node being configured to transmit data associated with a plurality of sensitivity levels;
determining an identity of the partition within the node;
adding a label to the data received from the partition;
encrypting the data with a cryptographic key that is uniquely associated with the label added to the data; and
transmitting the data over the network.
2 Assignments
0 Petitions
Accused Products
Abstract
The disclosure relates to a trusted interface unit and a method of making and using the same. According to one embodiment of the present invention, a method of transmitting data on a network may include receiving data from a partition within a node on the network. This node may be configured to transmit data associated with a number of sensitivity levels. According to one embodiment of the invention, these sensitivity levels may be classification levels. One method of transmission of data may include determining the identity of the partition that originated the data within the node. Furthermore, a label may be added to the data received from within the node and the data may be encrypted with a key that may be uniquely associated with the label on the data. After encryption, the data may be transmitted on the network. Additional methods including the reception of data are disclosed. Various node and network architectures are disclosed implementing the methods and apparatus of the present invention.
-
Citations
34 Claims
-
1. A method of transmitting data over a network, the method comprising:
-
receiving data from a partition within a node on the network, the node being configured to transmit data associated with a plurality of sensitivity levels;
determining an identity of the partition within the node;
adding a label to the data received from the partition;
encrypting the data with a cryptographic key that is uniquely associated with the label added to the data; and
transmitting the data over the network. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of transmitting data over a network, the method comprising:
-
receiving data to be transmitted over the network from a node, the node being configured to handle data having a sensitivity level;
adding a label to the data, the label being associated with a sensitivity level of the node;
encrypting the data using a cryptographic key associated with the sensitivity level of the node; and
transmitting the data on the network. - View Dependent Claims (7, 8, 9)
-
-
10. A method of receiving data over a network, the method comprising:
-
receiving data at a local node from a remote location, the data being encoded with a label and the local node being associated with a sensitivity level;
retrieving a cryptographic key associated with the sensitivity level of the local node;
checking the label against an anticipated value;
discarding the data when the cryptographic key does not decrypt the received data or the label does not match the anticipated value; and
passing the data to the local node when the label matches the anticipated value and the cryptographic key decrypts the received data. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A method of transmitting and receiving data over a network, the method comprising:
-
receiving data from a partition within a first node on the network, the first node being configured to handle data associated with a plurality of sensitivity levels;
determining an identity of the partition within the first node, the partition being associated with a sensitivity level of the plurality of sensitivity levels;
encoding a label to the data received from the partition;
encrypting the data with a cryptographic key that is uniquely associated with the label added to the data;
transmitting the data over the network;
receiving data from the first node, the data including the label added at the first node;
comparing a value associated with the label encoded on the data received from the first node to an anticipated value;
retrieving a cryptographic key based on the label;
decrypting the data using the retrieved cryptographic key;
discarding the data when the cryptographic key does not decrypt the received data or when the value associated with the label encoded on the data received from the first node is not the same as the anticipated value; and
passing the data received from the first node to a second node if the data is not discarded. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. A trusted interface unit comprising:
-
a data processing element, the data processing element being configured to run application software and to receive data from a data interface;
an encryption/decryption element, the encryption/decryption element being configured to receive a cryptographic key and being configured to encrypt data received from the data processing element and being configured to decrypt data received from a network interface; and
a network interface processing element, the network interface processing element being configured to add a label to data being output on to the network and being configured to identify a label added to data received from a remote location on the network. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34)
-
Specification