SEPARATE SECURE NETWORKS OVER A NON-SECURE NETWORK

US 20090016357A1
Filed: 07/13/2007
Published: 01/15/2009
Est. Priority Date: 07/13/2007
Status: Active Grant

First Claim

Patent Images

1. A system, comprising:

a router comprising one or more ports and control logic coupled to the one or more ports, the control logic capable of establishing a plurality of secure data paths with at least one other router across a network; and

a plurality of external storage devices, each storage device separate from the router but capable of being detachably coupled to a port of the one or more ports, and each external storage device comprising configuration data defining one or more secure data paths of the plurality of secure data paths;

wherein configuration data stored in a first external storage device of the plurality of external storage devices is different from configuration data stored in a second external storage device of the plurality of external storage devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for creating and operating separate secure networks over a non-secure network are described herein. Some illustrative embodiments include a system that includes a router with one or more ports and control logic coupled to the one or more ports (the control logic capable of establishing a plurality of secure data paths with at least one other router across a network), and a plurality of external storage devices (each storage device separate from the router but capable of being detachably coupled to a port of the one or more ports, and each external storage device comprising configuration data defining one or more secure data paths of the plurality of secure data paths). Configuration data stored in a first external storage device of the plurality of external storage devices is different from configuration data stored in a second external storage device of the plurality of external storage devices.

29 Citations

View as Search Results

20 Claims

1. A system, comprising:
- a router comprising one or more ports and control logic coupled to the one or more ports, the control logic capable of establishing a plurality of secure data paths with at least one other router across a network; and
  
  a plurality of external storage devices, each storage device separate from the router but capable of being detachably coupled to a port of the one or more ports, and each external storage device comprising configuration data defining one or more secure data paths of the plurality of secure data paths;
  
  wherein configuration data stored in a first external storage device of the plurality of external storage devices is different from configuration data stored in a second external storage device of the plurality of external storage devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The system of claim 1, wherein data transmitted across a first secure data path defined by the configuration data stored in the first external storage device cannot be accessed via a second secure data path defined by the configuration data stored in the second external storage device.
  - 3. The system of claim 1, wherein configuration data defining two or more of the plurality of secure data paths are grouped and stored together in a single external storage device.
  - 4. The system of claim 3, wherein configuration data defining two or more of the plurality of secure data paths are grouped based upon a common characteristic, the common characteristic comprising at least one common characteristic selected from the group consisting of a common data type, a common authorized user, and a common network address.
  - 5. The system of claim 1, wherein the configuration data defining the one or more secure data paths comprises a list of rules associated with a secure data path of the plurality of data paths controlling the types of data transmitted across the secure data path
  - 6. The system of claim 1, wherein the configuration data defining the one or more secure data paths comprises a list of allowable destination addresses within a network address space, the list associated with a secure data path of the plurality of secure data paths.
  - 7. The system of claim 6, wherein the configuration data defining the one or more secure data paths further comprises a list of encryption keys, each encryption key corresponding to an allowable destination address from the list of allowable destination addresses, and each encryption key used to encrypt data transmitted to the allowable destination address.
  - 8. The system of claim 1, further comprising a non-volatile storage device comprising a decryption key, wherein the configuration data defining the one or more secure data paths is stored in encrypted form in each of the plurality of external storage devices, and wherein the decryption key is used by the control logic to decrypt the configuration data.
  - 9. The system of claim 1, wherein the router uses the configuration data defining the one or more secure data paths to configure the router after each user authorized to access an external storage device of the plurality of external storage devices provides user authorization data that is verified by the control logic.
  - 10. The system of claim 9, wherein the user authorization data comprises a user ID and a password.
  - 11. The system of claim 9, wherein the user authorization data comprises biometric data.
  - 12. The system of claim 9, wherein the user authorization data is verified by comparing the user authorization data to a reference copy of the user authorization data stored in encrypted form and decrypted using a decryption key stored in a non-volatile storage device within the router.
  - 13. The system of claim 12, wherein the reference copy of the user authorization data is stored in the non-volatile storage device within the router.
  - 14. The system of claim 12, wherein the reference copy of the user authorization data is stored in the external storage device.

15. A method, comprising:
- defining two or more sets of configuration data, each of the two or more sets of configuration data comprising one or more attributes that define at least one secure data path between two routers across a network;
  
  storing a first set of configuration data in a first storage device of a plurality of storage devices that are each external and capable of being detachably coupled to the routers; and
  
  storing a second set of configuration data in a second storage device of the plurality of storage devices, the first set of configuration data being different from the second set of configuration data.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The method of claim 15, further comprising transmitting data across a first secure data path defined by the first set of configuration data, wherein the data cannot be accessed via a second secure data path defined by the second set of configuration data.
  - 17. The method of claim 15, further comprising:
    - coupling the plurality of storage devices to a first router;
      
      decrypting and loading onto the first router the two or more sets of configuration data; and
      
      authenticating each of the plurality of storage devices and each of a plurality of users, each user associated with one of the plurality of storage devices.
  - 18. The method of claim 17, further comprising:
    - placing the first router into a lockdown mode if the authenticating of any of the plurality of storage devices or of any of the plurality of users fails; and
      
      establishing the at least one secure data path between the first router and a second router based upon at least one of the two or more sets of configuration data if the authenticating of each of the plurality of storage devices and of each of the plurality of users is successful.
  - 19. The method of claim 17, further comprising:
    - placing the first router into a lockdown mode if the decrypting of the configuration data fails; and
      
      establishing the at least one secure data path between the first router and a second router based upon at least one of the two or more sets of configuration data if the decrypting of the configuration data is successful.
  - 20. The method of claim 15, further comprising assigning physical control of each of the plurality of storage devices to different custodians.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
ERF Wireless, Inc.
Original Assignee
ERF Wireless, Inc.
Inventors
WHITE, Ricky C., WALKER, Dale S., BURNS, John Arley, BLEVINS, Edward J.

Granted Patent

US 7,926,090 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/395.530
CPC Class Codes

H04L 41/0856   by backing up or archiving ...

H04L 45/00   Routing or path finding of ...

H04L 45/243   using M+N parallel active p...

H04L 45/56   Routing software

H04L 63/0272   Virtual private networks

H04L 63/104   Grouping of entities

SEPARATE SECURE NETWORKS OVER A NON-SECURE NETWORK

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

29 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SEPARATE SECURE NETWORKS OVER A NON-SECURE NETWORK

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

29 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links