Secure data communication system

US 20050240991A1
Filed: 04/27/2004
Published: 10/27/2005
Est. Priority Date: 04/27/2004
Status: Abandoned Application

First Claim

Patent Images

1. Apparatus for providing a secure interface between an open network and a trusted network or device comprising:

a network security engine for providing an interface between said open network and said trusted network or device; and

a secure processing unit;

said secure processing unit for communicating with a supplier of software and data for said secure processing unit for controlling said secure processing unit;

said secure processing unit communicating with said security engine to control functions and data of said security engine to provide a highly reliable network security engine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

This invention relates to methods and apparatus for securing communications between an open multimedia network and a trusted multimedia network. A multimedia boundary controller controls the communications between the two networks in order to intercept corrupting data such as viruses. The boundary controller contains an open network security engine for providing normal security and a trusted network security engine for implementing special software to provide additional protection. The unit is controlled by a secure processing unit which can prevent unwanted information from getting into the trusted network security engine and the trusted multimedia network. The secure processing unit communicates with a manufacturer of security software over the open network using encrypted messages. The encryption key is shared between the multimedia boundary controller and the manufacturer of software and is stored in a durable memory which can only be used directly by the secure processor'"'"'s encryption software and hardware. Advantageously, this arrangement provides a high level of security for communications to and from a trusted multimedia network.

Citations

12 Claims

1. Apparatus for providing a secure interface between an open network and a trusted network or device comprising:
- a network security engine for providing an interface between said open network and said trusted network or device; and
  
  a secure processing unit;
  
  said secure processing unit for communicating with a supplier of software and data for said secure processing unit for controlling said secure processing unit;
  
  said secure processing unit communicating with said security engine to control functions and data of said security engine to provide a highly reliable network security engine.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The apparatus of claim 1 wherein communications between said supplier of software and data for said secure processing unit and said secure processing unit are transmitted over said open network;
    - wherein said communications are encrypted; and
      
      wherein one or more keys for encrypting and decrypting communications between said supplier of software and data and said secure processing unit are stored in durable memory that can be read or written only by said secure processing unit.
  - 3. The apparatus of claim 1 wherein said secure interface comprises:
    - a secure processing unit and an open processing unit;
      
      wherein said open processing unit performs non-secure functions for said secure interface.
  - 4. The apparatus of claim 3 further comprising:
    - an isolation unit used by said secure processing unit to block communications between said open network and said open processing unit.
  - 5. The apparatus of claim 1 wherein said secure interface comprises:
    - trusted memory and secure memory wherein said secure memory can only be written into by said secure processing unit.
  - 6. The apparatus of claim 1 wherein said secure interface comprises:
    - an open network security engine and a trusted network security engine;
      
      wherein said trusted network security engine implements functions for protecting said trusted security network.

7. A method of providing a secure interface between an open network and a trusted network or device comprising:
- routing data over a trusted network security engine between said open network and said trusted network or device; and
  
  controlling said trusted network security engine from a secure processing unit;
  
  communicating between said secure processing unit and a supplier of software and data for said secure interface for controlling said secure processing unit;
  
  communicating from said secure processing unit to said trusted network security engine to control functions and data of said trusted network security engine to provide a highly reliable trusted network security engine.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7 wherein communications between said supplier of software and data for said secure processing unit and said secure processing unit are transmitted over said open network;
    - further comprising the steps of encrypting said communications; and
      
      storing one or more keys for encrypting and decrypting communications between said supplier of software and data and said secure processing unit in durable memory that can be read or written only by said secure processing unit.
  - 9. The method of claim 7 further comprising the steps of:
    - performing security processing in a secure processing unit and an open processing unit;
      
      wherein said open processing unit performs non-secure functions for said secure interface.
  - 10. The method of claim 9 further comprising the step of:
    - transmitting communications between said open network and said open processing unit over an isolation unit controlled by said secure processing unit for blocking unwanted communications.
  - 11. The method of claim 9 further comprising the step of:
    - storing data in a trusted memory and a secure memory of said secure interface;
      
      wherein said secure memory can only be written into by said secure processing unit.
  - 12. The method of claim 7 wherein data routed over said secure interface is routed via an open network security engine and a trusted network security engine;
    - wherein said trusted network security engine implements functions for protecting said trusted network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Original Assignee
Lucent Technologies, Inc. (Nokia Corporation)
Inventors
Dombkowski, Kevin Eugene, Witschorik, Charles Arthur

Application Number

US10/832,526
Publication Number

US 20050240991A1
Time in Patent Office

Days
Field of Search
US Class Current

726/11
CPC Class Codes

H04L 63/02   for separating internal fro...

H04L 63/0428   wherein the data content is...

H04L 65/1101   Session protocols

Secure data communication system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Secure data communication system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links