METHOD AND SYSTEM FOR TRANSMITTING DATA WITHIN A SECURE COMPUTER SYSTEM

US 20140068265A1
Filed: 08/30/2012
Published: 03/06/2014
Est. Priority Date: 08/30/2012
Status: Abandoned Application

First Claim

Patent Images

1. A computer system comprising:

a plurality of nodes;

a primary node configured to provide a coupling between said plurality of nodes;

wherein,the primary node is configured to securely attach metadata labels to data, wherein said metadata labels include security instructions;

wherein the primary node is configured to validate the metadata labels;

wherein the data is transmitted to one or more of the plurality of nodes in accordance with the metadata labels; and

wherein said primary node is configured to encrypt data based on the security instructions.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and systems related to the secure transmission of information within a vehicle'"'"'s computing systems are presented. Transmitting a message within the secure computer system includes receiving a message that includes a remote encryption key from a module, validating the module, loading security metadata, then validating the security metadata using the remote encryption key. Thereafter, the valid destination modules are determined and the message is sent to them. Metadata labels may be securely attached to data using a local encryption key, in order to maintain the integrity of the data.

Citations

22 Claims

1. A computer system comprising:
- a plurality of nodes;
  
  a primary node configured to provide a coupling between said plurality of nodes;
  
  wherein,the primary node is configured to securely attach metadata labels to data, wherein said metadata labels include security instructions;
  
  wherein the primary node is configured to validate the metadata labels;
  
  wherein the data is transmitted to one or more of the plurality of nodes in accordance with the metadata labels; and
  
  wherein said primary node is configured to encrypt data based on the security instructions.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The computer system of claim 1 wherein said primary node is configured to create a local encryption key to cryptographically bind metadata labels to data messages.
  - 3. The computer system of claim 1 wherein said computer architecture is used to control a vehicle.
  - 4. The computer system of claim 3 wherein said vehicle is an aircraft.
  - 5. The computer system of claim 1 further comprising:
    - a security metadata table;
      
      a module association table; and
      
      an external interface association table;
      
      whereinthe security metadata table comprises a list of each module in the system, and the security metadata associated with each module;
      
      the module association table comprises a connectivity map of each module within the computer system; and
      
      the external interface association table comprises information regarding external subsystems and the associated security metadata.

6. The computer system of 5 further comprising:
- a processor configured to create and store a label authorization table which determines routing of data between nodes based on the metadata labels.

7. A method of transmitting a message within a secure computer system comprising:
- receiving a message including a remote encryption key from a module;
  
  validating the module;
  
  loading a security metadata table for the computer system;
  
  validating the security metadata data using the remote encryption key;
  
  reading a module association table to determine one or more valid destination modules; and
  
  sending the message to the one or more valid destination modules.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The method of claim 7 further comprising:
    - cryptographically binding the security metadata to the message, using a local encryption key.
  - 9. The method of claim 8 wherein said security metadata comprises information regarding the security of said message, including the security level of the message.
  - 10. The method of claim 7 wherein said destination module comprises an interface that allows external connection to the computer system.
  - 11. The method of transmitting a message of claim 7 further comprising:
    - receiving a connection request from a destination node;
      
      comparing the connection request to said security metadata table; and
      
      transmitting said message if said security metadata table allows such a connection.
  - 12. The method of claim 11 further comprising:
    - comparing said remote encryption key to said security metadata table; and
      
      transmitting said message if said security metadata table authorizes said remote encryption key.

13. A secure computer system comprising:
- a processor configured to receive a message including a remote encryption key from a module;
  
  a first validator configured to validate the module;
  
  a loader configured to load a security metadata table for the computer system;
  
  a second validator configured to validate the security metadata data using the remote encryption key;
  
  a reader configured to read a module association table to determine one or more valid destination modules; and
  
  a transmitter configured to send the message to the one or more valid destination modules.
- View Dependent Claims (14, 15, 16, 17, 18)
- - 14. The computer system of claim 13 further comprising:
    - a binder configured to cryptographically bind the security metadata to the message, using a local encryption key.
  - 15. The computer system of claim 14 wherein said security metadata comprises information regarding the security of said message, including the security level of the message.
  - 16. The computer system of claim 13 wherein said destination module comprises an interface that allows connection to the computer system.
  - 17. The computer system of claim 13 further comprising:
    - a receiver configured to receive a connection request from a destination node;
      
      a first comparer configure to compare the connection request to said security metadata table; and
      
      wherein the transmitter is configured to transmit said message if said security metadata table allows such a connection.
  - 18. The method of claim 17 further comprising:
    - a second comparer configured to comparing said remote encryption key to said security metadata table; and
      
      wherein the transmitter is configured to transmit said message if said security metadata table authorizes said remote encryption key.

19. A method of transmitting a message within a secure computer system comprising:
- parsing a message for transmission to determine a destination for the message;
  
  validating that the destination is connected;
  
  loading a security metadata table for the computer system;
  
  cryptographically binding the security metadata to the message; and
  
  sending the message to the one or more valid destination modules.
- View Dependent Claims (20, 21, 22)
- - 20. The method of claim 19 wherein:
    - said cryptographically binding comprises using a local encryption key to bind the security metadata to the message; and
      
      further comprising,using the local encryption key to decode the message, at the valid destination.
  - 21. The method of claim 19 wherein:
    - the destination is a local module within the computer system.
  - 22. The method of claim 19 wherein:
    - the destination is an external interface.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Raytheon Company (Rtx Corporation)
Original Assignee
Raytheon Company (Rtx Corporation)
Inventors
Irwin, Jess M.

Application Number

US13/599,812
Publication Number

US 20140068265A1
Time in Patent Office

Days
Field of Search
US Class Current

713/170
CPC Class Codes

G06F 21/606   by securing the transmissio...

H04L 63/0428   wherein the data content is...

H04L 63/123   received data contents, e.g...

METHOD AND SYSTEM FOR TRANSMITTING DATA WITHIN A SECURE COMPUTER SYSTEM

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

22 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR TRANSMITTING DATA WITHIN A SECURE COMPUTER SYSTEM

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

22 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links