SYSTEMS AND METHODS FOR DEPLOYMENT OF MISSION PLANS USING ACCESS CONTROL TECHNOLOGIES

US 20160204934A1
Filed: 11/21/2013
Published: 07/14/2016
Est. Priority Date: 11/21/2013
Status: Active Grant

First Claim

Patent Images

1. A method for configuring a computer network, the method comprising:

receiving first access control information input to a first network node of the computer network by a first user assigned to a first mission;

verifying that the first user has a right to have access to the computer network based on the first access control information;

granting the first user access to the computer network in response to the verifying;

obtaining first mission related information by the first network node, the first mission related information associated with the first user and at least identifying a first mission plan specifying a manner in which an assigned value for at least one first identity parameter is to be dynamically modified by at least one node of the computer network; and

configuring the first network node or a second network node of the computer network to operate in accordance with the first mission plan.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems (100) and methods (1900) for configuring a computer network (“CN”). The methods comprise: receiving Access Control Information (“ACI”) input to a first network node (101-103, 105-107) by a user assigned to a mission; verifying that the user has a right to have access to the CN (100) based on the ACI; granting the user access to CN in response to the verifying; and obtaining Mission Related Information (“MRI”) by the first network node. The MRI is associated with the user and at least identifies a first mission plan (120) specifying a manner in which an assigned value for at least one first identity parameter is to be dynamically modified by at least one node (105-107, 113, 114) of CN. Thereafter, the first network node or a second network node (105-107, 113, 114) of CN is configured to operate in accordance with the first mission plan.

26 Citations

View as Search Results

20 Claims

1. A method for configuring a computer network, the method comprising:
- receiving first access control information input to a first network node of the computer network by a first user assigned to a first mission;
  
  verifying that the first user has a right to have access to the computer network based on the first access control information;
  
  granting the first user access to the computer network in response to the verifying;
  
  obtaining first mission related information by the first network node, the first mission related information associated with the first user and at least identifying a first mission plan specifying a manner in which an assigned value for at least one first identity parameter is to be dynamically modified by at least one node of the computer network; and
  
  configuring the first network node or a second network node of the computer network to operate in accordance with the first mission plan.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
- - 2. The method according to claim 1, wherein the first network node is a client computer operable to configure the second network node to operate in accordance with the first mission plan.
  - 3. The method according to claim 1, wherein the first network node is a network device communicatively coupled to at least one client computer and configurable to operate in accordance with the first mission plan.
  - 4. The method according to claim 1, wherein the first access control information is input by the user via a user-software interaction or via a smart card reader.
  - 5. The method according to claim 1, wherein the first mission related information is obtained from a smart card.
  - 6. The method according to claim 5, wherein the first mission related information comprises at least one of an identifier of a mission for which the first mission plan was generated, an identifier of the first mission plan, an identifier of the first user, the first mission plan, and a cryptographic key for decrypting the first mission plan.
  - 7. The method according to claim 6, further comprising retrieving the first mission plan or at least configuration data of the first mission plan from a data store based on the first mission related information, where the data store is local to or remote from the first or second network node.
  - 8. The method according to claim 7, further comprising decrypting the first mission plan prior to configuring the computer network to operate in accordance therewith.
  - 9. The method according to claim 1, further comprising:
    - storing the first mission related information on a smart card when the first user is assigned to the first mission; and
      
      storing second mission related information on the smart card when the first user is assigned to a second different mission, the second mission related information at least identifying a second mission plan specifying a manner in which an assigned value for at least one second identity parameter is to be dynamically modified by at least one node of the computer network.
  - 10. The method according to claim 1, further comprising:
    - terminating the first user'"'"'s access to the computer network;
      
      receiving second access control information input to a first network node of the computer network by a second user assigned to a second mission;
      
      verifying that the second user has a right to have access to the computer network based on the second access control information;
      
      granting the second user access to the computer network in response to the verifying;
      
      obtaining second mission related information by the first network node, the second mission related information associated with the second user and at least identifying a second mission plan specifying a manner in which an assigned value for at least one second identity parameter is to be dynamically modified by at least one node of the computer network; and
      
      configuring the first network node or the second network node of the computer network to operate in accordance with the second mission plan.

11. A computer network, comprising:
- a first network node operative to;
  
  receive first access control information input by a first user assigned to a first mission;
  
  verify that the first user has a right to have access to the computer network based on the first access control information;
  
  grant the first user access to the computer network in response to the verifying;
  
  obtain first mission related information by the first network node, the first mission related information associated with the first user and at least identifying a first mission plan specifying a manner in which an assigned value for at least one first identity parameter is to be dynamically modified by at least one node of the computer network; and
  
  configure the first network node or a second network node of the computer network to operate in accordance with the first mission plan.
- View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 12. The computer network according to claim 11, wherein the first network node is a client computer operable to configure the second network node to operate in accordance with the first mission plan.
  - 13. The computer network according to claim 11, wherein the first network node is a network device communicatively coupled to at least one client computer and configurable to operate in accordance with the first mission plan.
  - 14. The computer network according to claim 11, wherein the first access control information is input by the user via a user-software interaction or via a smart card reader.
  - 15. The computer network according to claim 11, wherein the first mission related information is obtained from a smart card.
  - 16. The computer network according to claim 15, wherein the first mission related information comprises at least one of an identifier of a mission for which the first mission plan was generated, an identifier of the first mission plan, an identifier of the first user, the first mission plan, and a cryptographic key for decrypting the first mission plan.
  - 17. The computer network according to claim 16, wherein the first network node is further operative to retrieve the first mission plan or at least configuration data of the first mission plan from a data store based on the first mission related information, where the data store is local to or remote from the first or second network node.
  - 18. The computer network according to claim 17, wherein the first mission plan is decrypted by the first network node or the smart card prior to when the first or second network node is configured to operate in accordance with the first mission plan.
  - 19. The computer network according to claim 11, further comprising a third network node operative to:
    - store the first mission related information on a smart card when the first user is assigned to the first mission; and
      
      store second mission related information on the smart card when the first user is assigned to a second different mission, the second mission related information at least identifying a second mission plan specifying a manner in which an assigned value for at least one second identity parameter is to be dynamically modified by at least one node of the computer network.
  - 20. The computer network according to claim 11, wherein the first network node is further operative to:
    - terminate the first user'"'"'s access to the computer network;
      
      receive second access control information input by a second user assigned to a second mission;
      
      verify that the second user has a right to have access to the computer network based on the second access control information;
      
      grant the second user access to the computer network in response to the verifying;
      
      obtain second mission related information by the first network node, the second mission related information associated with the second user and at least identifying a second mission plan specifying a manner in which an assigned value for at least one second identity parameter is to be dynamically modified by at least one node of the computer network; and
      
      configure the first network node or the second network node to operate in accordance with the second mission plan.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Harris Corporation (L3Harris Technologies, Inc.)
Original Assignee
Harris Corporation (L3Harris Technologies, Inc.)
Inventors
SMITH, WAYNE B., Knepper, Margaret

Granted Patent

US 10,122,708 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 41/0893   Assignment of logical group...

H04L 41/0894   Policy-based network config...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 63/0853   using an additional device,...

H04L 63/10   for controlling access to d...

H04L 63/108   when the policy decisions a...

H04L 63/20   for managing network securi...

H04L 9/0877   using additional device, e....

SYSTEMS AND METHODS FOR DEPLOYMENT OF MISSION PLANS USING ACCESS CONTROL TECHNOLOGIES

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

26 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR DEPLOYMENT OF MISSION PLANS USING ACCESS CONTROL TECHNOLOGIES

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

26 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links