High-assurance web-based configuration of secure network server

US 20070204151A1
Filed: 02/28/2006
Published: 08/30/2007
Est. Priority Date: 02/28/2006
Status: Active Grant

First Claim

Patent Images

1. A method of configuring a secure network server comprising the following steps:

(a) downloading modified configuration data to a web server that is within the non-trusted security functionality of a first secure network server having trusted security functionality and non-trusted security functionality;

(b) reviewing said modified configuration data using a command line interface that is within the trusted security functionality of said first secure network server; and

(c) configuring said first secure network server or a second secure network server connected to said first secure network server in accordance with said modified configuration data in response to the input, via said command line interface, of command data indicating acceptance of said modified configuration data by an administrative user.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure network server having an embedded Hyper-Text Transfer Protocol (HTTP) server that is not within its trusted security functionality and that is used to configure the SNS security and networking features.

35 Citations

View as Search Results

20 Claims

1. A method of configuring a secure network server comprising the following steps:
- (a) downloading modified configuration data to a web server that is within the non-trusted security functionality of a first secure network server having trusted security functionality and non-trusted security functionality;
  
  (b) reviewing said modified configuration data using a command line interface that is within the trusted security functionality of said first secure network server; and
  
  (c) configuring said first secure network server or a second secure network server connected to said first secure network server in accordance with said modified configuration data in response to the input, via said command line interface, of command data indicating acceptance of said modified configuration data by an administrative user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method as recited in claim 1, wherein after step (a) and before step (b), said HTTP web server uses a trusted process to place said modified configuration data into temporary storage in said first secure network server for review by an administrative user using said command line interface.
  - 3. The method as recited in claim 1, wherein said modified configuration data comprises filtering rules.
  - 4. The method as recited in claim 1, wherein said modified configuration data comprises specifications of device-to-secure network server connectivity.
  - 5. The method as recited in claim 1, wherein said modified configuration data is downloaded using a web browser on a computer connected to said first secure network server via a network.
  - 6. The method as recited in claim 5, wherein said HTTP web server uses a trusted process within the trusted security functionality of said first secure network server to read the configuration data of said first secure network server and present forms to the HTTP web browser on said computer.
  - 7. The method as recited in claim 6, further comprising the steps of using said HTTP web browser to enter said modified configuration data in the forms and submit said modified configuration data to said first secure network server.
  - 8. The method as recited in claim 1, further comprising the step, performed prior to step (a), of creating said HTTP web server in response to initiation of an HTTP session with the router address of said first secure network server as the target host.
  - 9. The method as recited in claim 8, further comprising the step of setting a configuration flag for an IP router interface of said first secure network server, wherein if said configuration flag is not set, said IP router interface will not allow said HTTP web server to be created.

10. A secure network server having trusted security functionality and non-trusted security functionality, comprising a web server that is within the non-trusted security functionality, an IP router interface that is within the trusted security functionality and a command line interface that is within the trusted security functionality, wherein said HTTP web server receives configuration data via said IP router interface and uses a trusted process to place that configuration data into temporary storage, the secure network server being programmed to configure itself or another secure network server connected thereto in accordance with said configuration data in response to the input, via said command line interface, of command data indicating acceptance of said configuration data by an administrative user.
- View Dependent Claims (11, 12, 13, 14)
- - 11. The server as recited in claim 10, wherein said modified configuration data comprises filtering rules.
  - 12. The server as recited in claim 10, wherein said modified configuration data comprises specifications of device-to-secure network server connectivity.
  - 13. The server as recited in claim 10, wherein said secure network server is further programmed to create said HTTP web server in response to initiation of an HTTP session with the router address of said secure network server as the target host.
  - 14. The server as recited in claim 13, wherein if a configuration flag of said IP router interface is not set, said IP router interface will not allow said HTTP web server to be created.

15. A method of configuring a secure network server comprising the following steps:
- (a) sending configuration data from a web browser that is within the non-trusted security functionality of a computer to a web server that is within the non-trusted security functionality of a first secure network server, the computer being connected to said first secure network server via a network;
  
  (b) reviewing said configuration data using a command line interface that is within the trusted security functionality of said first secure network server; and
  
  (c) configuring said first secure network server or a second secure network server connected to said first secure network server in accordance with said configuration data in response to the input, via said command line interface, of command data indicating acceptance of said configuration data by an administrative user.
- View Dependent Claims (16)
- - 16. The method as recited in claim 15, wherein after step (a) and before step (b), said HTTP web server uses a trusted process to place said modified configuration data into temporary storage in said first secure network server for review by an administrative user using said command line interface.

17. A system comprising first and second secure network servers connected by a trunk line, and first and second networks connected via said second secure network server, said first and second networks operating at different security levels, wherein each of said first and second secure network servers has trusted security functionality and non-trusted security functionality, said first secure network server comprising a web server that is within the non-trusted security functionality, an IP router interface that is within the trusted security functionality and a command line interface that is within the trusted security functionality, wherein said HTTP web server receives configuration data via said IP router interface and uses a trusted process to place that modified configuration data into temporary storage, said first secure network server being programmed to configure itself or said second secure network server in accordance with said configuration data in response to the input, via said command line interface, of command data indicating acceptance of said configuration data by an administrative user.
- View Dependent Claims (18, 19, 20)
- - 18. The system as recited in claim 17, further comprising a computer connected to said first secure network server via a third network, wherein said configuration data is downloaded to said first secure network server using a web browser on said computer.
  - 19. The system as recited in claim 17, wherein said first secure network server is further programmed to create said HTTP web server in response to initiation of an HTTP session with the router address of said first secure network server as the target host.
  - 20. The system as recited in claim 19, wherein if a configuration flag of said IP router interface is not set, said IP router interface will not allow said HTTP web server to be created.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Bunn, Kelly, Schnackenberg, Daniel, Schnackenberg, Jannell

Granted Patent

US 7,890,755 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/161
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/0227   Filtering policies mail mes...

H04L 63/105   Multiple levels of security

High-assurance web-based configuration of secure network server

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

35 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

High-assurance web-based configuration of secure network server

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

35 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links