Secure computer network using trusted path subsystem which encrypts/decrypts and communicates with user through local workstation user I/O devices without utilizing workstation processor

US 5,596,718 A
Filed: 07/10/1992
Issued: 01/21/1997
Est. Priority Date: 07/10/1992
Status: Expired due to Term

First Claim

Patent Images

1. A secure computing network, comprising:

a network computer, wherein the network computer comprises a trusted subsystem including a cryptographic entity;

communications means, connected to the network computer, for transferring data between the network computer and another computer;

an input/output device;

a workstation connected to the communications means, wherein the workstation comprises an input/output device port and an auxiliary data port; and

a trusted path subsystem, connected to the input/output device, the input/output device port and the auxiliary data port, wherein the trusted path subsystem comprises encryption means for encrypting and decrypting data transferred over said communications means.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for ensuring secure communication over an unsecured communications medium between a user working on an unsecured workstation or computer and a host computer. A secure user interface is created by inserting a trusted path subsystem between input/output devices to the workstation and the workstation itself. Data transferred from the input/output devices is intercepted, encrypted and transmitted in packets to the host computer. Packets of screen display data from the host computer are decrypted and presented within a user-defined screen overlay.

Citations

13 Claims

1. A secure computing network, comprising:
- a network computer, wherein the network computer comprises a trusted subsystem including a cryptographic entity;
  
  communications means, connected to the network computer, for transferring data between the network computer and another computer;
  
  an input/output device;
  
  a workstation connected to the communications means, wherein the workstation comprises an input/output device port and an auxiliary data port; and
  
  a trusted path subsystem, connected to the input/output device, the input/output device port and the auxiliary data port, wherein the trusted path subsystem comprises encryption means for encrypting and decrypting data transferred over said communications means.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The secure computing network of claim 1 wherein said network computer is a multilevel secure computer capable of recognizing data of varying sensitivity and users of varying authorizations.
  - 3. The secure computing network of claim 1 wherein said input/output device comprises a keyboard.
  - 4. The secure computing network of claim 1 wherein said input/output device comprises a display device.
  - 5. The secure computing network of claim 1 wherein said input/output device comprises a pointing device.

6. A secure computing network comprising:
- a network computer, wherein the network computer comprises a trusted subsystem including a cryptographic entity;
  
  communications means, connected to the network computer, for transferring data between the network computer and another computer;
  
  an input/output device;
  
  a workstation comprising;
  
  an input/output device port; and
  
  a workstation communications port; and
  
  a trusted path subsystem, connected to said input/output device said input/output device port, said workstation communications port and said communications means, wherein the trusted path subsystem comprises encryption means for encrypting and decrypting data transferred over said communications means and network interface means, connected to the communication means, for transferring the encrypted data between the trusted path subsystem and the trusted subsystem.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The secure computing network of claim 6 wherein said network computer is a multilevel secure computer capable of recognizing data of varying sensitivity and users of varying authorizations.
  - 8. The secure computing network of claim 6 wherein said input/output device comprises a keyboard.
  - 9. The secure computing network of claim 6 wherein said input/output device comprises a display device.
  - 10. The secure computing network of claim 6 wherein said input/output device comprises a pointing device.

11. A method of securely transferring data in a network comprising an unsecured workstation connected to a secure computer server, wherein the unsecured workstation includes a workstation processing unit and an input/output device and wherein the workstation processing unit includes an input/output device port and an auxiliary data port, the method comprising the steps of:
- providing a secure server having a trusted subsystem, wherein the trusted subsystem includes encryption means for encrypting and decrypting data transferred to and from the trusted subsystem;
  
  providing a trusted path subsystem, wherein the trusted path subsystem includes a trusted path subsystem processor and an input/output device manager; and
  
  inserting the trusted path subsystem between the input/output device and the workstation processing unit, wherein the step of inserting includes the steps of;
  
  connecting the input/output device port to the input/output device manager; and
  
  connecting the auxiliary data port to the trusted path subsystem processor.

12. A method for providing secure file transfer capability over a network from an unsecured workstation to a second computer, wherein the workstation comprises an input/output device and a workstation processing unit, wherein the workstation processing unit includes an auxiliary data port and an input/output device port and wherein the second computer comprises a trusted subsystem and encryption means for encrypting and decrypting data transferred between the unsecured workstation and the trusted subsystem, the method comprising the steps of:
- providing a trusted path subsystem, said trusted path subsystem including an input/output device manager and a trusted path subsystem processor capable of executing a secure electronic mail program;
  
  inserting the trusted path subsystem between the input/output device and the workstation processing unit, wherein the step of inserting includes the steps of;
  
  connecting the input/output device port to the input/output device manager; and
  
  connecting the auxiliary data port to the trusted path subsystem processor;
  
  downloading from the workstation processing unit to the trusted path subsystem processor a file to be transferred to the second computer;
  
  displaying, on the input/output device, a representation of the file to be transferred;
  
  if the file is as expected, transferring the file to the second computer; and
  
  if the file is not as expected, generating an error message.
- View Dependent Claims (13)
- - 13. The method according to claim 12 wherein the step of generating an error message includes the steps of displaying the error message on the input/output device and opening the file for secured processing.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Secure Computing Corporation (McAfee, LLC)
Inventors
Markham, Thomas R., Boebert, William E., Hanson, Mark H.
Primary Examiner(s)
Ellis, Richard L.

Application Number

US07/911,900
Time in Patent Office

1,656 Days
Field of Search

380/25, 380/48, 380/49, 380/50, 395/200, 395/650, 395/187.01, 395/186
US Class Current

726/16
CPC Class Codes

G06F 21/42   using separate channels for...

G06F 21/54   by adding security routines...

G06F 21/606   by securing the transmissio...

G06F 21/83   input devices, e.g. keyboar...

G06F 21/84   output devices, e.g. displa...

G06F 2211/007   Encryption, En-/decode, En-...

G06F 2211/009   Trust

G06F 2221/2149   Restricted operating enviro...

G06F 2221/2153   Using hardware token as a s...

G07F 7/0826   Embedded security module

Secure computer network using trusted path subsystem which encrypts/decrypts and communicates with user through local workstation user I/O devices without utilizing workstation processor

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Secure computer network using trusted path subsystem which encrypts/decrypts and communicates with user through local workstation user I/O devices without utilizing workstation processor

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links