Secure flow control for a data flow in a computer and data flow in a computer network
First Claim
Patent Images
1. A method of managing data flow on a computer, comprising the steps of:
- establishing a secure domain on the computer;
assigning a security label to data within the secure domain;
establishing a set of schema based on the security labels associated with the data; and
regulating data flow within the secure domain based on the set of schema.
0 Assignments
0 Petitions
Accused Products
Abstract
Systems and methods of the present invention manage data flow of a computer and computer network in a secure domain. The system includes an administration module and a management module. The administration module assigns a security label to data within the secure domain, and establishes a set of schema based on the security labels associated with the data. The management module regulates data flow within the secure domain based on the set of schema.
137 Citations
30 Claims
-
1. A method of managing data flow on a computer, comprising the steps of:
-
establishing a secure domain on the computer;
assigning a security label to data within the secure domain;
establishing a set of schema based on the security labels associated with the data; and
regulating data flow within the secure domain based on the set of schema. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of managing data flow between a plurality of communication devices on a network, the method comprising the steps of:
in a first device of the plurality of communication devices;
establishing a secure domain on the network;
assigning a security label to data within the secure domain;
establishing a set of schema based on the security label of the data; and
regulating data flow within the secure domain based on the schema. - View Dependent Claims (12, 13, 14, 15, 16)
-
17. A method of managing data flow between a plurality of communication devices in a network having a secure domain, the method comprising:
in a first device of the plurality of communication devices;
receiving a data flow from a second device of the plurality of communication devices on the network;
determining whether the received data conforms to a set of schema associated with the secure domain; and
processing the received data flow when the data conforms to the set of schema. - View Dependent Claims (18, 19, 20, 21, 22)
-
23. A method of managing data flow between a plurality of communication devices in a network having a secure domain, the method comprising:
in a first device of the plurality of communication devices;
receiving a data flow from a second device of the plurality of communication devices on the network;
determining whether the received data flow conforms to a set of schema associated with the secure domain; and
displaying a known published message when the received data flow fails to conform to the set of schema.
-
24. A communication device that controls data flows on a network having a secure domain, the communication device comprising:
-
an administration module that provides a graphical user interface to designate a set of schema to correspond to data flow within the secure domain; and
a management module that determines whether data flows conform to the set of schema. - View Dependent Claims (25, 26, 27)
-
-
28. A method of establishing a data flow of data on a communication device in a secure domain, the method comprising the steps of:
-
comparing a context of the data to a source of the data;
determining whether a direction of the data flow, when the data context does not match the data source;
determining whether a transitive flow is authorized with the data, when the direction of the data flow is within a first information boundary;
determining whether a user is authorized to execute the data flow; and
establishing the data flow when the user is authorized to execute the data flow. - View Dependent Claims (29, 30)
-
Specification