METHOD OF MANAGEMENT IN SECURITY EQUIPMENT AND SECURITY ENTITY

US 20110202975A1
Filed: 02/12/2009
Published: 08/18/2011
Est. Priority Date: 02/26/2008
Status: Active Grant

First Claim

Patent Images

1. A method of managing a plurality of software or hardware security entities SE positioned to cut off an information stream within a network in which the plurality of security entities SE communicate with one another, the method comprising:

designating an entity to act as a sponsor for at least one of a new ward wishing to join the network,requesting to connect the ward with the sponsor by way of said ward contacting said sponsor and, on receipt of the request to connect said ward, said sponsor determining whether or not to accept the connection,if the sponsor accepts the connection of said ward, then connecting the sponsor to said ward and disconnecting from the plurality of entities SE forming the network,at least one of the entities or the sponsor checking security level of said ward, by performing the following steps;

if the sponsor or at least one of the plurality of entities decides to trust said ward, then the sponsor transmits to the ward configuration information designed to enable the ward to enter into communication with the plurality of entities of the network,if the sponsor or at least one of the plurality of entities decides not to trust the ward, then the ward cannot access the network and an alarm is generated to the plurality of entities of the network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method of managing security entities positioned to cut off an information stream within a network. The method includes designating an entity to act as a sponsor for a new ward wishing to join the network, requesting to connect the ward with the sponsor, said sponsor determining whether or not it accepts the connection. If the sponsor accepts the connection, then connecting the sponsor and disconnecting from the plurality of entities forming the network. At least one of the entities and the sponsor checking a security level of said ward. If at least one of the entities decides to trust said ward, then the sponsor transmits to the ward configuration information to enable the ward to enter into communication with the network. If at least one of the entities decides not to trust the ward, then the ward cannot access the network and an alarm is generated.

9 Citations

View as Search Results

10 Claims

1. A method of managing a plurality of software or hardware security entities SE positioned to cut off an information stream within a network in which the plurality of security entities SE communicate with one another, the method comprising:
- designating an entity to act as a sponsor for at least one of a new ward wishing to join the network,requesting to connect the ward with the sponsor by way of said ward contacting said sponsor and, on receipt of the request to connect said ward, said sponsor determining whether or not to accept the connection,if the sponsor accepts the connection of said ward, then connecting the sponsor to said ward and disconnecting from the plurality of entities SE forming the network,at least one of the entities or the sponsor checking security level of said ward, by performing the following steps;
  
  if the sponsor or at least one of the plurality of entities decides to trust said ward, then the sponsor transmits to the ward configuration information designed to enable the ward to enter into communication with the plurality of entities of the network,if the sponsor or at least one of the plurality of entities decides not to trust the ward, then the ward cannot access the network and an alarm is generated to the plurality of entities of the network.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method as claimed in claim 1, wherein the ward accesses the network after an initialization step, the access comprising the following steps:
    - if the ward is accepted by the plurality of entities that it has contacted, address books of the contacted entities are updated with data of the ward, and the ward then is free to communicate with the entities that it has contacted.
  - 3. The method as claimed in claim 1, wherein each entity monitors a behavior of the entities that are contained in its address book by using established communication rules.
  - 4. The method as claimed in claim 1, wherein an entity denounces an entity when it detects an operating anomaly or an abnormal behavior of another entity and then notifies all the entities of the network of this anomaly.
  - 5. The method as claimed in claim 4, wherein alerted entities are mutually informed of their respective recommendations concerning an exclusion decision and, depending on messages received and according to an algorithm, the entities decide at least one of the following:
    - to exclude the entity that has been denounced, said denounced entity being excluded from all the address books,to do nothing,to exclude the entity that has been denounced, the entity being excluded from all address books of the entities.

6. A software or hardware security entity positioned to cut off the information streams within a network, comprising a plurality of SE entities communicating with one another, the entity comprising:
- a connection module configured to connect an entity to an element to be protected, the connection module configured to perform an initialization phase including;
  
  designating an entity to act as a sponsor for at least one of a new entity or ward wishing to join the networkrequesting to connect the ward with the sponsor via said ward contacting said sponsor and, on receipt of the request to connect said ward, said sponsor determining whether or not it accepts the connection,if the sponsor accepts the connection of said ward, then connecting the sponsor to said ward and disconnecting from the plurality of entities SE forming the network,at least one of the entities and the sponsor checking a security level of said ward, as follows;
  
  if at least one of the sponsor or one of the plurality of entities decides to trust said ward, then the sponsor transmits to the ward configuration information designed to enable the ward to enter into communication with the plurality of entities of the network,if at least one of the sponsor or one of the plurality of entities decides not to trust the ward, then the ward cannot access the network and an alarm is generated to the plurality of entities of the network,the connection module being linked to a multiplexer, which receives commands from a control device making it possible to change an operating mode of the elements,the multiplexer having an input for protected data originating from the connection module, an input, for data from the connection module used for an initialization phase, a second input receiving the commands, an output, transmitting the data to a trusted platform,the trusted platform having an output which is connected to an output port toward an unprotected network.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The software or hardware security entity as claimed in claim 6, wherein the connection module comprises:
    - a standard input/output port connected to at least one of a network, a station, and software to be protected,a contact or input port, which enables the initialization phase.
  - 8. The security entity as claimed in claim 7, wherein the connection module includes two software modules, one of the two modules being designed to execute the initialization phase.
  - 9. The security entity as claimed in claim 6, wherein the trusted platform includes at least one of a random variable generation module and a storage module.
  - 10. The security entity as claimed in claim 6, wherein the connection module includes a software module designed to execute the initialization phase for the ward in the network and a software module designed to manage the inputs/outputs between an entity and a network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Thales SA
Original Assignee
Thales SA
Inventors
Ksinant, Vladimir, Maximilien, Benoît

Granted Patent

US 8,856,882 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/4
CPC Class Codes

H04L 63/0209 Architectural arrangements,...

H04L 63/1408 by monitoring network traff...

METHOD OF MANAGEMENT IN SECURITY EQUIPMENT AND SECURITY ENTITY

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

9 Citations

10 Claims

Specification

Use Cases

Quick Links

Others

METHOD OF MANAGEMENT IN SECURITY EQUIPMENT AND SECURITY ENTITY

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

9 Citations

10 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others