DISTRIBUTED SECURITY ARCHITECTURE

US 20090228951A1
Filed: 03/05/2008
Published: 09/10/2009
Est. Priority Date: 03/05/2008
Status: Active Grant

First Claim

Patent Images

1. A distributed security architecture comprising:

a mobile anti-tamper hardware policy enforcement point that is configured to control communication behaviors of a mobile client by enforcing communication policies within a policy decision point;

a mobile anti-tamper hardware policy decision point that is encapsulated within the mobile anti-tamper hardware policy enforcement point;

a policy exchange channel for policy distribution nodes which is configured to at least one of distribute and update communication and routing security policies to the mobile client;

a contextual manager that is configured to handle system-wide status change update signaling; and

a mobility authentication manager which is configured to provide mobile clients with registration and credential/role assignments based on mobile access policies;

wherein the distributed security architure is configured to provide discretionary open system inteconnection layer 3.5 policy-based secure routing, and discretionary open system inteconnection layer 2 policy-based mandatory access control address filtering to achieve secure communication and computing for layers 4, 5, 6, and 7.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A distributed security architecture may include: a mobile anti-tamper hardware policy enforcement point configured to control communication behaviors of a mobile client by enforcing communication policies within a policy decision point; a mobile anti-tamper hardware policy decision point encapsulated within the mobile anti-tamper hardware policy enforcement point; a policy exchange channel for policy distribution modes configured to distribute and/or update communication and routing security policies to the mobile client; a contextual manager configured to handle system-wide status change update signaling; and a mobility authentication manager configured to provide mobile clients with registration and credential/role assignments based on mobile access policies. The distributed security architure may be configured to provide open system inteconnection layer 3.5 policy-based secure routing, and open system inteconnection layer 2 policy-based mandatory access control address filtering to provide secure communication and computing for layers 4, 5, 6, and 7.

Citations

14 Claims

1. A distributed security architecture comprising:
- a mobile anti-tamper hardware policy enforcement point that is configured to control communication behaviors of a mobile client by enforcing communication policies within a policy decision point;
  
  a mobile anti-tamper hardware policy decision point that is encapsulated within the mobile anti-tamper hardware policy enforcement point;
  
  a policy exchange channel for policy distribution nodes which is configured to at least one of distribute and update communication and routing security policies to the mobile client;
  
  a contextual manager that is configured to handle system-wide status change update signaling; and
  
  a mobility authentication manager which is configured to provide mobile clients with registration and credential/role assignments based on mobile access policies;
  
  wherein the distributed security architure is configured to provide discretionary open system inteconnection layer 3.5 policy-based secure routing, and discretionary open system inteconnection layer 2 policy-based mandatory access control address filtering to achieve secure communication and computing for layers 4, 5, 6, and 7.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The distributed security architecture of claim 1 further comprising a policy exchange protocol which is configured to control policy distribution and updates between the policy decision point and the policy distribution nodes.
  - 3. The distributed security architecture of claim 1 further comprising policy decision point hardware implementations which are read-proof to prevent authorization logic disclosure.
  - 4. The distributed security architecture of claim 1 wherein the mobile client is configured to update contexual flags to create changes in the policy decision point when permission is granted by a mobile client policy decision point policy.
  - 5. The distributed security architecture of claim 1 wherein the policy distribution nodes are configured to distribute and update communication and routing security policies to the mobile client via a policy exchange protocol.
  - 6. The distributed security architecture of claim 1 further comprising a policy exchange protocol which is configured to allow distribution of the security policies from the policy distribution nodes to the policy decision point through the policy exchange protocol.
  - 7. The distributed security architecture of claim 1 wherein the contextual manager is configured to update contextual flags based on notices received from the policy distribution nodes which are monitored by the mobile clients.
  - 8. The distributed security architecture of claim 1 wherein the mobility authentication manager is configured to provide identify and role information of the mobile client to the policy distribution nodes for policy distribution, updates, and alerts of the contextual manager.
  - 9. The distributed security architecture of claim 1 wherein the contextual manager is configured to handle system-wide status change update signaling.
  - 10. The distributed security architecture of claim 9 wherein the system-wide status change update signaling comprises at least one of an alert level update, a policy update, and a client revocation.

11. A method of implementing policies to mobile clients comprising:
- providing a secure mobile routing policy;
  
  providing a packet discrimination policy; and
  
  distributing the secure mobile routing policy and the packet discrimination policy to the mobile clients.

12. A method for creating a hardware and software combined solution comprising:
- providing a hardware and software combined solution;
  
  providing open system interconnection layer processing; and
  
  implementing the open system interconnection layer processing into the hardware and software combined solution.
- View Dependent Claims (13)
- - 13. The method of claim 12 wherein the providing open system interconnection layer processing step comprises providing secure open system interconnection layer 3.5 processing, and the implementing step comprises implementing the open system interconnection layer 3.5 processing into the hardware and software combined solution.

14. A method of defining a packet discrimination policy comprising:
- providing specifications of packets that should be received by mobile clients; and
  
  using these packets received by the mobile clients to create a protocol session at an open system interconnection layer 4.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Amanatullah, Jason Edward, Meier, John L., Ramesh, Tirumale K., Huang, Ming-Yuh

Granted Patent

US 8,434,125 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/1
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 63/0263   Rule management

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/20   for managing network securi...

H04L 69/32   Architecture of open system...

H04L 69/321   Interlayer communication pr...

DISTRIBUTED SECURITY ARCHITECTURE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

DISTRIBUTED SECURITY ARCHITECTURE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links