Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols

US 5,204,961 A
Filed: 06/25/1990
Issued: 04/20/1993
Est. Priority Date: 06/25/1990
Status: Expired due to Term

First Claim

Patent Images

1. In a computer network having a multiplicity of computers coupled thereto, message transmission apparatus comprising:

trust realm defining means for storing information denoting which ones of said computers are members of predefined trust realms;

wherein for each predefined trust realm there is a corresponding predefined security protocol, enforced by all of each said predefined trust realm'"'"'s members, for protecting confidentiality of data transmitted between said members of said each predefined trust realm; and

security apparatus in each of a plurality of said computers, comprising;

a trusted computing base which enforces a predefined security policy in said computer and which defines a security level for each set of data stored therein;

authentication means for authenticating and validating messages sent to another computer via said network;

each said message comprising data having an associated label denoting how said trusted computing base is to enforce security policy with respect to said message;

trust realm service means, coupled to said trusted computing base, authentication means and trust realm defining means, for preparing a specified message for transmission to a specified other computer system, including means forobtaining trust realm information stored by said trust realm defining means, verifying that both said computer system and said specified computer system are members of at least one common trust realm, and selecting a trust realm from among said at least one common trust realm,authenticating said message and said label associated with said message, andtransmitting to said specified other computer a protocol data unit including said authenticated message and label, and an identifier that identifies said selected trust realm;

said trust realm service means further including;

means for receiving protocol data units transmitted by other ones of said computers via said network,means for validating the message and label in each protocol data unit received by said computer, andmeans for processing said label and said message in said received protocol data unit in accordance with the predefined security protocol corresponding to the selected trust realm identified by said identifier in said received protocol data unit.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer network has a number of computers coupled thereto at distinct nodes. A trust realm table defines which computers are members of predefined trust realms. All the members of each predefined trust realm enforce a common set of security protocols for protecting the confidentiality of data. Each computer that is a member of a trust realm enforces a predefined security policy, and also defines a security level for each set of data stored in the computer. Thus, each message has an associated label denoting how to enforce the computer'"'"'s security policy with respect to the message. A trust realm service program prepares a specified message for transmission to a specified other computer system. To do this it uses the trust realm table to verify that both the computer system and the specified computer system are members of at least one common trust realm, and then selects one of those common trust realms. The message is transmitted as a protocol data unit, which includes a sealed version of the message, authenticated identifiers for the sending system and user, the message'"'"'s label, and an identifier for the selected trust realm. Received protocol data units are processed by validating each of the components of the received protocol data unit before accepting the sealed message in the protocol data unit as authentic. Further, the label in the received protocol data unit is used by the receiving computer to determine what predefined security policy is to be enforced with respect to the message.

Citations

14 Claims

1. In a computer network having a multiplicity of computers coupled thereto, message transmission apparatus comprising:
- trust realm defining means for storing information denoting which ones of said computers are members of predefined trust realms;
  
  wherein for each predefined trust realm there is a corresponding predefined security protocol, enforced by all of each said predefined trust realm'"'"'s members, for protecting confidentiality of data transmitted between said members of said each predefined trust realm; and
  
  security apparatus in each of a plurality of said computers, comprising;
  
  a trusted computing base which enforces a predefined security policy in said computer and which defines a security level for each set of data stored therein;
  
  authentication means for authenticating and validating messages sent to another computer via said network;
  
  each said message comprising data having an associated label denoting how said trusted computing base is to enforce security policy with respect to said message;
  
  trust realm service means, coupled to said trusted computing base, authentication means and trust realm defining means, for preparing a specified message for transmission to a specified other computer system, including means forobtaining trust realm information stored by said trust realm defining means, verifying that both said computer system and said specified computer system are members of at least one common trust realm, and selecting a trust realm from among said at least one common trust realm,authenticating said message and said label associated with said message, andtransmitting to said specified other computer a protocol data unit including said authenticated message and label, and an identifier that identifies said selected trust realm;
  
  said trust realm service means further including;
  
  means for receiving protocol data units transmitted by other ones of said computers via said network,means for validating the message and label in each protocol data unit received by said computer, andmeans for processing said label and said message in said received protocol data unit in accordance with the predefined security protocol corresponding to the selected trust realm identified by said identifier in said received protocol data unit.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The message transmission apparatus set forth in claim 1, said trust realm service means including means for aborting transmission of a message when, according to said information stored in said trust realm defining means, said computer and said specified other computer are not members of a common trust realm.
  - 3. The message transmission apparatus set forth in claim 1, said trust realm service means including means for conveying said label in said received protocol data unit to said trusted computing base;
    - said trusted computing base including means for enforcing a predefined security policy with respect to said message in said received protocol data unit in accordance with said label.
  - 4. The message transmission apparatus set forth in claim 1, said trusted computing base in at least a plurality of said computers including means for enforcing a plurality of predefined security protocols with respect to received protocol data units, each predefined security protocol corresponding to one of said predefined trust realms;
    - wherein one of said plurality of predefined security protocols is applied by said trusted computing base to each received protocol data unit in accordance with the selected trust realm identified by said identifier in said each received protocol data unit.
  - 5. The message transmission apparatus set forth in claim 1, said trust realm service means including means for including with each transmitted protocol data unit a source identifier that identifies the computer sending said transmitted protocol data unit;
    - said trust realm service including means for authenticating said source identifier and said selected trust realm identifier;
      
      said protocol data unit including said authenticated source identifier and authenticated selected trust realm identifier; and
      
      said means for validating messages received by said computer including means for validating each of said components of a received protocol data unit before accepting said sealed message in said protocol data unit as authentic.
  - 6. The message transmission apparatus set forth in claim 1, said trust realm service means including means for including with each transmitted protocol data unit a source identifier that identifies the computer sending said transmitted protocol data unit;
    - said trust realm service including means for authenticating said source identifier and said selected trust realm identifier, and for sealing said message and its label;
      
      said protocol data unit including said authenticated source identifier, said authenticated selected trust realm identifier, and said sealed message and label; and
      
      said means for validating messages received by said computer including means for validating each of said components of a received protocol data unit before accepting said sealed message in said protocol data unit as authentic.
  - 7. The message transmission apparatus set forth in claim 6, said trust realm service means including means for sealing said selected trust realm identifier that is including with each transmitted protocol data unit.

8. In a computer network having a multiplicity of computers coupled thereto, a method of enforcing security protocols when transmitting messages between computers via said network, the steps of the method comprising:
- storing information denoting computers which are members of predefined trust realms;
  
  wherein all the members of each predefined trust realm enforce a common set of security protocols for protecting confidentiality of data;
  
  authenticating and validating a specified message that an application running in a computer is attempting to send to a specified other computer via said network, each said message comprising data having an associated label denoting how a predefined security policy is to be enforced with respect to said message;
  
  said authenticating and validating steps including the steps of;
  
  accessing said stored trust realm information, verifying that both said computer system and said specified computer system are members of at least one common trust realm, and selecting a trust realm from among said at least one common trust realm;
  
  authenticating said message and its associated label;
  
  transmitting to said specified other computer a protocol data unit including said authenticated message and label, and an identifier that identifies said selected trust realm;
  
  receiving said protocol data unit at said specified other computer;
  
  validating the message and label in said received protocol data unit before accepting said message and label in said protocol data unit as authentic; and
  
  processing said label and said message in said received protocol data unit in accordance with the predefined security protocol corresponding to the selected trust realm identified by said identifier in said received protocol data unit.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. The method of enforcing security protocols when transmitting messages between computers as set forth in claim 8, including the step of aborting transmission of a message when, according to said stored trust realm information, said computer and said specified other computer are not members of a common trust realm.
  - 10. The method of enforcing security protocols when transmitting messages between computers set forth in claim 8, including the step of enforcing a predefined security policy with respect to said message in said received protocol data unit in accordance with said label in said received protocol data unit.
  - 11. The method of enforcing security protocols when transmitting messages between computers set forth in claim 8,in at least a plurality of said computers, enforcing a plurality of predefined security protocols with respect to received protocol data units, each predefined security policy corresponding to one of said predefined trust realms;
    - wherein the predefined security policy enforced with respect to each received protocol data unit corresponds to the selected trust realm identified by said identifier in said each received protocol data unit.
  - 12. The method of enforcing security protocols when transmitting messages between computers set forth in claim 8,said authenticating step including authenticating a source identifier that identifies the computer sending said transmitted protocol data unit, and authenticating said selected trust realm identifier for said protocol data unit;
    - said transmitting step including transmitting as part of each transmitted protocol data unit said authenticated source identifier and said authenticated selected trust realm identifier; and
      
      said validating step including validating all authenticated components of a received protocol data unit before accepting said message in said protocol data unit as authentic.
  - 13. The method of enforcing security protocols when transmitting messages between computers set forth in claim 8,said authenticating step including authenticating a source identifier that identifies the computer sending said transmitted protocol data unit, said authenticating said selected trust realm identifier for said protocol data unit;
    - said method further including the step of sealing said message and its label;
      
      said transmitting step including transmitting as part of each transmitted protocol data unit said sealed message and label, said authenticated source identifier and said authenticated selected trust realm identifier; and
      
      said validating step including validating all authenticated components of a received protocol data unit before accepting said messages in said protocol data unit as authentic.
  - 14. The method of enforcing security protocols when transmitting messages between computers set forth in claim 13, further including:
    - sealing said selected trust realm identifier that is including with each transmitted protocol data unit.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Hewlett-Packard Development Company, L.P. (HP Inc.)
Original Assignee
Digital Equipment Corporation (HP Inc.)
Inventors
Barlow, Douglas C.
Primary Examiner(s)
Lee, Thomas C.
Assistant Examiner(s)
DONAGHUE, LARRY D

Application Number

US07/543,164
Time in Patent Office

1,030 Days
Field of Search

395/600, 395/725, 395/800, 395/775, 395/500, 380/4, 380/25
US Class Current

726/1
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 21/606   by securing the transmissio...

G06F 21/62   Protecting access to data v...

G06F 2211/009   Trust

H04L 63/105   Multiple levels of security

H04L 63/126   the source of the received ...

Y10S 707/99945   Object-oriented database st...

Y10S 707/99948   Application of database or ...

Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

Citations

14 Claims

Specification

Solutions

Use Cases

Quick Links

Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

14 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links