Secure flow control for a data flow in a computer and data flow in a computer network

US 20070006294A1
Filed: 06/30/2005
Published: 01/04/2007
Est. Priority Date: 06/30/2005
Status: Abandoned Application

First Claim

Patent Images

1. A method of managing data flow on a computer, comprising the steps of:

establishing a secure domain on the computer;

assigning a security label to data within the secure domain;

establishing a set of schema based on the security labels associated with the data; and

regulating data flow within the secure domain based on the set of schema.

View all claims

0 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods of the present invention manage data flow of a computer and computer network in a secure domain. The system includes an administration module and a management module. The administration module assigns a security label to data within the secure domain, and establishes a set of schema based on the security labels associated with the data. The management module regulates data flow within the secure domain based on the set of schema.

137 Citations

View as Search Results

30 Claims

1. A method of managing data flow on a computer, comprising the steps of:
- establishing a secure domain on the computer;
  
  assigning a security label to data within the secure domain;
  
  establishing a set of schema based on the security labels associated with the data; and
  
  regulating data flow within the secure domain based on the set of schema.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method of claim 1, wherein regulating data flow comprises the steps of:
    - determining whether a data flow conforms to the schema; and
      
      processing the data flow when the data flow conforms to the schema.
  - 3. The method of claim 1, wherein regulating the data flow comprises the steps of:
    - determining whether a data flow conforms to the schema; and
      
      returning a known published message when the data flow fails to conform to the schema.
  - 4. The method of claim 1, further comprising the step of:
    - managing the set of schema through a graphical user interface.
  - 5. The method of claim 1, wherein assigning the security label establishes an information boundary, the method further comprising the step of:
    - dividing the information boundary into at least two division boundaries based on the security label of the data.
  - 6. The method of claim 5, further comprising the step of:
    - dividing at least one of the division boundaries into at least two sub-division boundaries based on the security label of the data.
  - 7. The method of claim 5, further comprising the step of:
    - setting a restriction boundary to the data within at least one of the division boundaries based on the security label of the data.
  - 8. The method of claim 6, further comprising the step of:
    - setting a restriction boundary to the data within at least one of the sub-division boundaries.
  - 9. The method of claim 1, wherein assigning the security label establishes an information boundary, the method further comprising the step of:
    - dividing the information boundary into at least two division-type boundaries based on the security label of the data.
  - 10. The method of claim 1, further comprising the step of:
    - creating new data; and
      
      setting parameters of a security label associated with the new data.

11. A method of managing data flow between a plurality of communication devices on a network, the method comprising the steps of:
- in a first device of the plurality of communication devices;
  
  establishing a secure domain on the network;
  
  assigning a security label to data within the secure domain;
  
  establishing a set of schema based on the security label of the data; and
  
  regulating data flow within the secure domain based on the schema.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, further comprising the steps of:
    - in the first device;
      
      updating the set of schema through a graphical user interface; and
      
      sending the updated schema to at least a second device of the plurality of communication devices in the secure domain of the network.
  - 13. The method of claim 11, further comprising the steps of:
    - in the first device;
      
      receiving a message from at least the second device; and
      
      sending a response to the second device based on the received message.
  - 14. The method of claim 11, further comprising the step of:
    - in the first device;
      
      sending a message to a foreign communication device, wherein the foreign communication device is located outside the secure domain of the network.
  - 15. The method of claim 11, further comprising the steps of:
    - in the first device;
      
      creating new data; and
      
      setting parameters of a security label associated with the new data.
  - 16. The method of claim 15, further comprising the steps of:
    - in the first device;
      
      updating the set of schema based on the security label of the new data; and
      
      sending the updated schema to at least a second device of the plurality of communication devices in the secure domain of the network.

17. A method of managing data flow between a plurality of communication devices in a network having a secure domain, the method comprising:
- in a first device of the plurality of communication devices;
  
  receiving a data flow from a second device of the plurality of communication devices on the network;
  
  determining whether the received data conforms to a set of schema associated with the secure domain; and
  
  processing the received data flow when the data conforms to the set of schema.
- View Dependent Claims (18, 19, 20, 21, 22)
- - 18. The method of claim 17, further comprising the step of:
    - in the first communication device;
      
      receiving the set of schema from a third device of the plurality of communication devices on the network.
  - 19. The method of claim 18, further comprising the step of:
    - in the first communication device;
      
      sending a message to the third device.
  - 20. The method of claim 17, further comprising the steps of:
    - in the first communication device;
      
      creating new data; and
      
      setting parameters of a security label associated with the new data.
  - 21. The method of claim 20, further comprising the steps of:
    - in the first communication device;
      
      sending a message to the second device based on the new data and the security label.
  - 22. The method of claim 21, further comprising the steps of:
    - in the first communication device;
      
      receiving an updated set of schema based on the new data and security label.

23. A method of managing data flow between a plurality of communication devices in a network having a secure domain, the method comprising:
- in a first device of the plurality of communication devices;
  
  receiving a data flow from a second device of the plurality of communication devices on the network;
  
  determining whether the received data flow conforms to a set of schema associated with the secure domain; and
  
  displaying a known published message when the received data flow fails to conform to the set of schema.

24. A communication device that controls data flows on a network having a secure domain, the communication device comprising:
- an administration module that provides a graphical user interface to designate a set of schema to correspond to data flow within the secure domain; and
  
  a management module that determines whether data flows conform to the set of schema.
- View Dependent Claims (25, 26, 27)
- - 25. The communication device of claim 24, further comprising:
    - a service module that stores the set of schema and manages messages associated with the set of schema.
  - 26. The communication device of claim 24, further comprising:
    - an interface module that synthesizes the set of schema with software installed on the communication device and displays classification information associated data included in the flow of data.
  - 27. The communication device of claim 24, wherein the administration module and the management module are included in a secure layer located between an operating system layer and a hardware layer of a logical infrastructure of the communication device.

28. A method of establishing a data flow of data on a communication device in a secure domain, the method comprising the steps of:
- comparing a context of the data to a source of the data;
  
  determining whether a direction of the data flow, when the data context does not match the data source;
  
  determining whether a transitive flow is authorized with the data, when the direction of the data flow is within a first information boundary;
  
  determining whether a user is authorized to execute the data flow; and
  
  establishing the data flow when the user is authorized to execute the data flow.
- View Dependent Claims (29, 30)
- - 29. The method of claim 28, wherein the step of determining whether a user is authorized to execute the data flow is performed when the transitive flow is authorized.
  - 30. The method of claim 28, wherein the step of determining whether a user is authorized to execute the data flow is performed when the data flow is from a first information boundary to a second information boundary.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
G Hunter
Original Assignee
G Hunter
Inventors
Hunter, G.

Application Number

US11/169,644
Publication Number

US 20070006294A1
Time in Patent Office

Days
Field of Search
US Class Current

726/14
CPC Class Codes

G06F 21/606   by securing the transmissio...

G06F 2221/2141   Access rights, e.g. capabil...

G06F 2221/2149   Restricted operating enviro...

H04L 63/10   for controlling access to d...

H04L 63/1441   Countermeasures against mal...

Secure flow control for a data flow in a computer and data flow in a computer network

First Claim

0 Assignments

0 Petitions

Accused Products

Abstract

137 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Secure flow control for a data flow in a computer and data flow in a computer network

First Claim

0 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

137 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links