×

Computer network operating with multilevel hierarchical security with selectable common trust realms and corresponding security protocols

  • US 5,204,961 A
  • Filed: 06/25/1990
  • Issued: 04/20/1993
  • Est. Priority Date: 06/25/1990
  • Status: Expired due to Term
First Claim
Patent Images

1. In a computer network having a multiplicity of computers coupled thereto, message transmission apparatus comprising:

  • trust realm defining means for storing information denoting which ones of said computers are members of predefined trust realms;

    wherein for each predefined trust realm there is a corresponding predefined security protocol, enforced by all of each said predefined trust realm'"'"'s members, for protecting confidentiality of data transmitted between said members of said each predefined trust realm; and

    security apparatus in each of a plurality of said computers, comprising;

    a trusted computing base which enforces a predefined security policy in said computer and which defines a security level for each set of data stored therein;

    authentication means for authenticating and validating messages sent to another computer via said network;

    each said message comprising data having an associated label denoting how said trusted computing base is to enforce security policy with respect to said message;

    trust realm service means, coupled to said trusted computing base, authentication means and trust realm defining means, for preparing a specified message for transmission to a specified other computer system, including means forobtaining trust realm information stored by said trust realm defining means, verifying that both said computer system and said specified computer system are members of at least one common trust realm, and selecting a trust realm from among said at least one common trust realm,authenticating said message and said label associated with said message, andtransmitting to said specified other computer a protocol data unit including said authenticated message and label, and an identifier that identifies said selected trust realm;

    said trust realm service means further including;

    means for receiving protocol data units transmitted by other ones of said computers via said network,means for validating the message and label in each protocol data unit received by said computer, andmeans for processing said label and said message in said received protocol data unit in accordance with the predefined security protocol corresponding to the selected trust realm identified by said identifier in said received protocol data unit.

View all claims
  • 3 Assignments
Timeline View
Assignment View
    ×
    ×