TRUSTED HOST PLATFORM
First Claim
1. A method for providing access from a trusted host platform to a first secured network and from the trusted host platform to a second secured network, the first secured network operating in a first security domain, the second secured network operation in a second security domain, the first security domain separate and distinct from the second security domain, the trusted host platform unsecure from both the first secure network and the second secure network, the method comprising:
- instantiating, on the trusted host platform, a first virtual machine associated with the first secured network;
instantiating, on the trusted host platform, a second virtual machine associated with the second secured network;
establishing a first connection between the first virtual machine on the trusted host platform and the first secured network using at least a first virtual secure storage device;
establishing a second connection between the second virtual machine on the trusted host platform and the second secured network using at least a second virtual secure storage device; and
controlling movement of information from within the first security domain to the second security domain.
1 Assignment
0 Petitions
Accused Products
Abstract
The invention provides methods and apparatus, including computer program products, implementing and using techniques for providing access from a trusted host platform to a first secured network operating on a first security domain and a second secured network operating on a second security domain. In some embodiments, a first virtual machine associated with the first secured network is instantiated on the trusted host platform. A second virtual machine associated with the second secured network is also instantiated on the trusted host platform. A first connection is established between the first virtual machine on the trusted host platform and the first secured network using at least a first virtual secure storage device. A second connection also established between the second virtual machine on the trusted host platform and the second secured network using at least a second virtual secure storage device. Furthermore, movement of information from within the first security domain to the second security domain is controlled.
208 Citations
35 Claims
-
1. A method for providing access from a trusted host platform to a first secured network and from the trusted host platform to a second secured network, the first secured network operating in a first security domain, the second secured network operation in a second security domain, the first security domain separate and distinct from the second security domain, the trusted host platform unsecure from both the first secure network and the second secure network, the method comprising:
-
instantiating, on the trusted host platform, a first virtual machine associated with the first secured network;
instantiating, on the trusted host platform, a second virtual machine associated with the second secured network;
establishing a first connection between the first virtual machine on the trusted host platform and the first secured network using at least a first virtual secure storage device;
establishing a second connection between the second virtual machine on the trusted host platform and the second secured network using at least a second virtual secure storage device; and
controlling movement of information from within the first security domain to the second security domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A system for providing access from a trusted host platform to a first secured network and from the trusted host platform to a second secured network, the first secured network operating in a first security domain, the second secured network operation in a second security domain, the first security domain separate and distinct from the second security domain, the trusted host platform unsecure from both the first secure network and the second secure network, the system comprising:
-
a first virtual machine instantiated on the trusted host platform, that is associated with the first secured network;
a second virtual machine instantiated on the trusted host platform, that is associated with the second secured network;
a first virtual secure storage device that establishes a first connection between the first virtual machine on the trusted host platform and the first secured network;
a second virtual secure storage device that establishes a second connection between the second virtual machine on the trusted host platform and the second secured network; and
wherein movement of information from within the first security domain to the second security domain is controlled using the trusted host platform. - View Dependent Claims (28, 29, 30, 31, 32, 33, 34, 35)
-
Specification