Active intrusion resistant environment of layered object and compartment key (airelock)
0 Assignments
0 Petitions
Accused Products
Abstract
A secure infrastructure system and method with user transparent signaling for communicating detection of signals at a network node having characteristics of a potential attack and for controlling communications at a node from another node in response to the user transparent signals. A processor is connected to routers and the network through an encryption engine and includes a manager object to issue control commands to nodes of a locally lower hierarchical tier and managed objects to detect potential attacks and exercise control over the routers responsive to signals from a node of a locally higher hierarchical tier. Faults or potential attacks are compartmentalized to a node or sector of the network and isolated while normal communications are continued over redundant network links.
-
Citations
34 Claims
-
1-10. -10. (canceled)
-
11. A digital network comprising:
-
a plurality of nodes connected to said digital network; at least two locking devices associated with each of said plurality of nodes; a security policy manager device associated with respective pairs of said at least two locking devices, said security policy manager device configured to detect network activity having characteristics different from characteristics of normal usage and providing a user transparent signal to at least one other node of said plurality of nodes; and means responsive to a user transparent signal received from at least one other of said plurality of nodes for controlling said at least two locking devices to isolate said at least one other of said plurality of nodes by selecting redundant communication paths in said digital network to maintain network communications between other, non-isolated nodes in said digital network. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 25, 26, 27, 28, 29)
-
-
20. A method of operating a digital network including the steps of:
-
detecting communications having characteristics differing from characteristics of normal usage at a node of said digital network; communicating a user transparent signal to another node also configured to detect communications having characteristics differing from characteristics of normal usage, in response to said detecting step; controlling communications at said node from said another node in response to said user transparent signal. - View Dependent Claims (21, 22, 23, 24)
-
-
30. A heterogeneous digital network comprising:
-
a router interface comprising a plurality of router network interface controllers; and one or more trusted nodes, each said trusted node operably coupled to one of said router network interface controllers via a security policy manager device; wherein at least one other router network interface controller is configured to communicate with a corresponding at least one untrusted node; wherein the security policy manager device is associated with respective pairs of at least two locking devices associated with each said trusted node; wherein said security policy manager device is configured to detect communications activity having characteristics different from characteristics of normal usage and, upon detection of communications activity having characteristics different from characteristics of normal usage occurring at a first trusted node, to output a first user transparent signal to at least a second trusted node; and wherein the security policy manager device associated with said first trusted node is configured to control, in response to a second user transparent signal received from said second trusted node, said at least two locking devices to isolate said first trusted node by selecting redundant communication paths in said heterogeneous digital network to maintain network communications between other, non-isolated trusted nodes in said heterogeneous digital network, such that substantially full functionality is maintained for said heterogeneous digital network while the proliferation of an attack or of damage resulting therefrom is prevented within said trusted nodes. - View Dependent Claims (31, 32, 33, 34)
-
Specification