Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols
First Claim
1. In a computer network having a multiplicity of computers coupled thereto, message transmission apparatus comprising:
- trust realm defining means for storing information denoting which ones of said computers are members of predefined trust realms;
wherein for each predefined trust realm there is a corresponding predefined security protocol, enforced by all of each said predefined trust realm'"'"'s members, for protecting confidentiality of data transmitted between said members of said each predefined trust realm; and
security apparatus in each of a plurality of said computers, comprising;
a trusted computing base which enforces a predefined security policy in said computer and which defines a security level for each set of data stored therein;
authentication means for authenticating and validating messages sent to another computer via said network;
each said message comprising data having an associated label denoting how said trusted computing base is to enforce security policy with respect to said message;
trust realm service means, coupled to said trusted computing base, authentication means and trust realm defining means, for preparing a specified message for transmission to a specified other computer system, including means forobtaining trust realm information stored by said trust realm defining means, verifying that both said computer system and said specified computer system are members of at least one common trust realm, and selecting a trust realm from among said at least one common trust realm,authenticating said message and said label associated with said message, andtransmitting to said specified other computer a protocol data unit including said authenticated message and label, and an identifier that identifies said selected trust realm;
said trust realm service means further including;
means for receiving protocol data units transmitted by other ones of said computers via said network,means for validating the message and label in each protocol data unit received by said computer, andmeans for processing said label and said message in said received protocol data unit in accordance with the predefined security protocol corresponding to the selected trust realm identified by said identifier in said received protocol data unit.
3 Assignments
0 Petitions
Accused Products
Abstract
A computer network has a number of computers coupled thereto at distinct nodes. A trust realm table defines which computers are members of predefined trust realms. All the members of each predefined trust realm enforce a common set of security protocols for protecting the confidentiality of data. Each computer that is a member of a trust realm enforces a predefined security policy, and also defines a security level for each set of data stored in the computer. Thus, each message has an associated label denoting how to enforce the computer'"'"'s security policy with respect to the message. A trust realm service program prepares a specified message for transmission to a specified other computer system. To do this it uses the trust realm table to verify that both the computer system and the specified computer system are members of at least one common trust realm, and then selects one of those common trust realms. The message is transmitted as a protocol data unit, which includes a sealed version of the message, authenticated identifiers for the sending system and user, the message'"'"'s label, and an identifier for the selected trust realm. Received protocol data units are processed by validating each of the components of the received protocol data unit before accepting the sealed message in the protocol data unit as authentic. Further, the label in the received protocol data unit is used by the receiving computer to determine what predefined security policy is to be enforced with respect to the message.
-
Citations
14 Claims
-
1. In a computer network having a multiplicity of computers coupled thereto, message transmission apparatus comprising:
-
trust realm defining means for storing information denoting which ones of said computers are members of predefined trust realms;
wherein for each predefined trust realm there is a corresponding predefined security protocol, enforced by all of each said predefined trust realm'"'"'s members, for protecting confidentiality of data transmitted between said members of said each predefined trust realm; andsecurity apparatus in each of a plurality of said computers, comprising; a trusted computing base which enforces a predefined security policy in said computer and which defines a security level for each set of data stored therein; authentication means for authenticating and validating messages sent to another computer via said network; each said message comprising data having an associated label denoting how said trusted computing base is to enforce security policy with respect to said message; trust realm service means, coupled to said trusted computing base, authentication means and trust realm defining means, for preparing a specified message for transmission to a specified other computer system, including means for obtaining trust realm information stored by said trust realm defining means, verifying that both said computer system and said specified computer system are members of at least one common trust realm, and selecting a trust realm from among said at least one common trust realm, authenticating said message and said label associated with said message, and transmitting to said specified other computer a protocol data unit including said authenticated message and label, and an identifier that identifies said selected trust realm; said trust realm service means further including; means for receiving protocol data units transmitted by other ones of said computers via said network, means for validating the message and label in each protocol data unit received by said computer, and means for processing said label and said message in said received protocol data unit in accordance with the predefined security protocol corresponding to the selected trust realm identified by said identifier in said received protocol data unit. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. In a computer network having a multiplicity of computers coupled thereto, a method of enforcing security protocols when transmitting messages between computers via said network, the steps of the method comprising:
-
storing information denoting computers which are members of predefined trust realms;
wherein all the members of each predefined trust realm enforce a common set of security protocols for protecting confidentiality of data;authenticating and validating a specified message that an application running in a computer is attempting to send to a specified other computer via said network, each said message comprising data having an associated label denoting how a predefined security policy is to be enforced with respect to said message; said authenticating and validating steps including the steps of; accessing said stored trust realm information, verifying that both said computer system and said specified computer system are members of at least one common trust realm, and selecting a trust realm from among said at least one common trust realm; authenticating said message and its associated label; transmitting to said specified other computer a protocol data unit including said authenticated message and label, and an identifier that identifies said selected trust realm; receiving said protocol data unit at said specified other computer; validating the message and label in said received protocol data unit before accepting said message and label in said protocol data unit as authentic; and processing said label and said message in said received protocol data unit in accordance with the predefined security protocol corresponding to the selected trust realm identified by said identifier in said received protocol data unit. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification