SCALABLE SECURITY ARCHITECTURE SYSTEMS AND METHODS

US 20160337407A1
Filed: 03/17/2015
Published: 11/17/2016
Est. Priority Date: 03/17/2015
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

detecting a system resource request transmitted over a system fabric;

determining a security status of the system resource request with respect to a security rule set, wherein the security rule set comprises at least one of communication, input/output (I/O), or execution partitions associated with one or more user modules; and

allocating system resources based, at least in part, on the determined security status of the system resource request.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Techniques are disclosed for systems and methods to provide a secure federated computing system for mobile structures. A secure federated computing system includes a secure system controller and one or more user modules each implemented with a secure system processor and configured to communicate over one or more system fabrics. The secure system controller and the user modules are configured to form secure communication channels to each other over the one or more system fabrics to facilitate a secure initialization procedure. Once the secure initialization procedure is complete, the secure system controller and the user modules can be used to dynamically allocate secure and non-secure system resources as needed or as indicated by a security rule set programmed into the secure system processor.

5 Citations

View as Search Results

20 Claims

1. A method, comprising:
- detecting a system resource request transmitted over a system fabric;
  
  determining a security status of the system resource request with respect to a security rule set, wherein the security rule set comprises at least one of communication, input/output (I/O), or execution partitions associated with one or more user modules; and
  
  allocating system resources based, at least in part, on the determined security status of the system resource request.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising:
    - forming secure communications channels between the user modules and a security system controller over the system fabric; and
      
      authenticating the user modules using the secure communications channel prior to detecting the system resource request.
  - 3. The method of claim 2, further comprising:
    - loading security functions to the user modules over the secure communications channels; and
      
      validating the loaded security functions with respect to the secure communications channels and/or the security rule set prior to detecting the system resource request.
  - 4. The method of claim 1, wherein one of the one or more user modules comprises a commercial-off-the-shelf (COTS) user module coupled to a mezzanine, the method further comprising:
    - forming a secure communications channel between the mezzanine and the security system controller over the system fabric; and
      
      authenticating the mezzanine using the secure communications channel prior to detecting the system resource request.
  - 5. The method of claim 4, further comprising:
    - loading security functions to the mezzanine over the secure communications channel; and
      
      validating the loaded security function with respect to the secure communications channel and/or the security rule set prior to detecting the system resource request.
  - 6. The method of claim 1, further comprising:
    - determining the system resource request was transmitted over a secure communications channel; and
      
      validating the system resource request with respect to the secure communications channel and the security rule set prior to determining the security status of the system resource request.
  - 7. The method of claim 1, further comprising:
    - determining the system resource request was transmitted over a non-secure communications channel; and
      
      validating the system resource request with respect to the security rule set prior to determining the security status of the system resource request.
  - 8. The method of claim 1, wherein:
    - the one or more user modules are configured to be coupled within a system enclosure;
      
      the system enclosure is configured to be mounted to or within a mobile structure; and
      
      the mobile structure comprises a commercial aircraft, a private aircraft, a ground vehicle, a military aircraft, a rotorcraft, and/or an unmanned vehicle.
  - 9. The method of claim 1, wherein:
    - the system fabric is implemented according to PCI Express, Infiniband, Serial Rapid I/O, Ethernet, 10 Gb Ethernet, Fibre Channel, 1553, CANBus, WiFi, Bluetooth, Zigbee, Xbee, and/or Micronet.

10. A system, comprising:
- one or more user modules configured to communicate with each other over a system fabric; and
  
  a secure system controller adapted to couple to the system fabric, wherein the secure system controller is configured to;
  
  detect a system resource request transmitted over the system fabric;
  
  determine a security status of the system resource request with respect to a security rule set, wherein the security rule set comprises at least one of communication, input/output (I/O), or execution partitions associated with the one or more user modules; and
  
  allocate system resources based, at least in part, on the determined security status of the system resource request.
- View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
- - 11. The system of claim 10, wherein the secure system controller is configured to:
    - form secure communications channels between the user modules and the security system controller over the system fabric; and
      
      authenticate the user modules using the secure communications channel prior to detecting the system resource request.
  - 12. The system of claim 11, wherein the secure system controller is configured to:
    - load security functions to the user modules over the secure communications channels; and
      
      validate the loaded security functions with respect to the secure communications channels and/or the security rule set prior to detecting the system resource request.
  - 13. The system of claim 10, wherein one of the one or more user modules comprises a commercial-off-the-shelf (COTS) user module coupled to a mezzanine, and wherein the secure system controller is configured to:
    - form a secure communications channel between the mezzanine and the security system controller over the system fabric; and
      
      authenticate the mezzanine using the secure communications channel prior to detecting the system resource request.
  - 14. The system of claim 13, wherein the secure system controller is configured to:
    - load security functions to the mezzanine over the secure communications channel; and
      
      validate the loaded security function with respect to the secure communications channel and/or the security rule set prior to detecting the system resource request.
  - 15. The system of claim 10, wherein the secure system controller is configured to:
    - determine the system resource request was transmitted over a secure communications channel; and
      
      validate the system resource request with respect to the secure communications channel and the security rule set prior to determining the security status of the system resource request.
  - 16. The system of claim 10, wherein the secure system controller is configured to:
    - determine the system resource request was transmitted over a non-secure communications channel; and
      
      validate the system resource request with respect to the security rule set prior to determining the security status of the system resource request.
  - 17. The system of claim 10, wherein:
    - the secure system controller and the one or more user modules are configured to be coupled within a system enclosure;
      
      the system enclosure is configured to be mounted to or within a mobile structure; and
      
      the mobile structure comprises a commercial aircraft, a private aircraft, a ground vehicle, a military aircraft, a rotorcraft, and/or an unmanned vehicle.
  - 18. The system of claim 10, wherein:
    - the secure system controller and the one or more user modules each comprise a secure system processor; and
      
      each secure system processor comprises a security key integrated with the secure system processor.

19. A method, comprising:
- coupling a secure system controller and one or more user modules to a system fabric for a federated computing system;
  
  coupling a secure programming station to the secure system controller; and
  
  programming the secure system controller according to a security rule set, wherein the security rule set comprises at least one of communication, input/output (I/O), or execution partitions associated with the one or more user modules.
- View Dependent Claims (20)
- - 20. The method of claim 19, further comprising:
    - disengaging a commercial-off-the-shelf (COTS) user module from the system fabric;
      
      coupling a mezzanine to a fabric interface of the COTS user module; and
      
      engaging the COTS user module with the system fabric using the mezzanine, prior to coupling the secure system controller and the one or more user modules to the system fabric.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
King, Jeffrey G.

Granted Patent

US 10,491,639 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 21/554   involving event detection a...

H04L 63/0209   Architectural arrangements,...

H04L 63/08   for authentication of entit...

H04L 63/102   Entity profiles

H04L 63/18   using different networks or...

H04L 63/205   involving negotiation or de...

H04L 67/141   Setup of application sessio...

H04W 12/088   using filters or firewalls

SCALABLE SECURITY ARCHITECTURE SYSTEMS AND METHODS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

5 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SCALABLE SECURITY ARCHITECTURE SYSTEMS AND METHODS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links