SECURED COMMUNICATIONS ARRANGEMENT APPLYING INTERNET PROTOCOL SECURITY

US 20140317405A1
Filed: 09/30/2013
Published: 10/23/2014
Est. Priority Date: 04/22/2013
Status: Active Grant

First Claim

Patent Images

1. An endpoint comprising a computing system, the computing system including:

a user level services component;

a kernel level callout driver interfaced to the user level services component and configured to establish an IPsec tunnel with a remote endpoint;

a filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel; and

a second kernel level driver configured to establish a secure tunnel using a second security protocol different from IPsec.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure communications arrangement including an endpoint is disclosed. The endpoint includes a computing system. The computing system includes a user level services component and a kernel level callout driver interfaced to the user level services component and configured to establish an IPsec tunnel with a remote endpoint. The computing system also includes a filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel. The computing system also includes a second kernel level driver configured to establish a secure tunnel using a second security protocol different from IPsec.

Citations

20 Claims

1. An endpoint comprising a computing system, the computing system including:
- a user level services component;
  
  a kernel level callout driver interfaced to the user level services component and configured to establish an IPsec tunnel with a remote endpoint;
  
  a filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel; and
  
  a second kernel level driver configured to establish a secure tunnel using a second security protocol different from IPsec.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The endpoint of claim 1, wherein the computing system includes an operating system that includes a native IPsec security protocol implementation.
  - 3. The endpoint of claim 2, wherein the kernel level callout driver utilizes the native IPsec security protocol implementation.
  - 4. The endpoint of claim 1, wherein the kernel level callout driver utilizes the native IPsec security protocol implementation.
  - 5. The endpoint of claim 1, wherein the second kernel level driver passes through IPsec-secured communications received at the endpoint from the remote endpoint to the kernel level callout driver.
  - 6. The endpoint of claim 1, wherein the one or more filters block requests received at the endpoint from endpoints not allowed by the one or more filters.
  - 7. The endpoint of claim 6, wherein the one or more filters define computing systems within an intranet.
  - 8. The endpoint of claim 1, further comprising a user logon component configured to associate a user with the endpoint.
  - 9. The endpoint of claim 1, wherein the user is associated with a community of interest, and wherein the user-level services component manages storage of one or more community of interest keys including a key assigned to the community of interest associated with the user.
  - 10. The endpoint of claim 9, wherein the filter engine applies a filter based on the key assigned to the community of interest associated with the user.
  - 11. The endpoint of claim 1, further comprising a plurality of user level services including a prelogon service, a logon service, and a protocol service.
  - 12. The endpoint of claim 11, further comprising an applet interface to the logon service.

13. A secure communications arrangement comprising:
- an endpoint comprising a computing system, the computing system including;
  
  a user level services component;
  
  a kernel level callout driver interfaced to the user level services component and configured to establish an IPsec tunnel with a remote endpoint;
  
  a filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel; and
  
  a second kernel level driver configured to establish a secure tunnel using a second security protocol different from IPsec.
- View Dependent Claims (14, 15, 16, 17, 18, 19)
- - 14. The secure communications arrangement of claim 13, further comprising the remote endpoint.
  - 15. The secure communications arrangement of claim 13, further comprising an administration server configured to securely communicate with the endpoint via the secure tunnel established via the second kernel level driver.
  - 16. The secure communications arrangement of claim 15, wherein the administration server is configured to provide one or more community of interest keys to the endpoint via the secure tunnel.
  - 17. The secure communications arrangement of claim 15, wherein the administration server is configured to provide secure remote access to the endpoint via the secure tunnel.
  - 18. The secure communications arrangement of claim 13, further comprising a security appliance configured to securely communicate with the endpoint via the secure tunnel established via the second kernel level driver.
  - 19. The secure communications arrangement of claim 18, wherein the security appliance is configured to receive log events from the endpoint, wherein at least one of the log events is associated with the IPsec tunnel established with the remote endpoint.

20. A secure communications arrangement comprising:
- a first endpoint comprising a computing system, the computing system including;
  
  a user level services component;
  
  a kernel level callout driver interfaced to the user level services component and configured to establish an IPsec tunnel with a second endpoint;
  
  a filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel;
  
  a second kernel level driver configured to establish a secure tunnel using a second security protocol different from IPsec;
  
  a second endpoint comprising a second computing system, the second computing system including;
  
  a second user level services component;
  
  a second kernel level callout driver interfaced to the second user level services component and configured to establish an IPsec tunnel with the first endpoint;
  
  a second filter engine storing one or more filters defining endpoints authorized to communicate with the endpoint via the IPsec tunnel;
  
  a second kernel level driver configured to establish a second secure tunnel using a second security protocol different from IPsec;
  
  a security appliance communicatively connected to the first endpoint via the secure tunnel and to the second endpoint via the second secure tunnel; and
  
  an administration server communicatively connected to the first and second endpoints and configured to provide community of interest keys to the first and second endpoints.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Unisys Corporation
Original Assignee
Unisys Corporation
Inventors
Hinaman, Ted, Johnson, Robert A., Wild, Kathleen, Inforzato, Sarah K.

Granted Patent

US 9,716,589 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/164
CPC Class Codes

G06F 21/00   Security arrangements for p...

G06F 21/53   by executing in a restricte...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0236   Filtering by address, proto...

H04L 63/0485   Networking architectures fo...

H04L 63/061   for key exchange, e.g. in p...

H04L 63/164   at the network layer

H04L 63/166   at the transport layer

H04L 63/205   involving negotiation or de...

H04L 69/18   Multiprotocol handlers, e.g...

H04L 9/0838   Key agreement, i.e. key est...

H04L 9/0841   involving Diffie-Hellman or...

SECURED COMMUNICATIONS ARRANGEMENT APPLYING INTERNET PROTOCOL SECURITY

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SECURED COMMUNICATIONS ARRANGEMENT APPLYING INTERNET PROTOCOL SECURITY

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links