Stand alone device for providing security within computer networks
First Claim
1. A multi-level security device for providing security between a user and at least one computer network, wherein the user is selected from the group consisting of a host computer and at least a second network, comprising:
- a secure network interface Unit (SNIU) that operates at a user layer communications protocol, said SNIU communicates with other like SNIU devices by establishing an association at a session layer of a communication stack in order to provide secure end-to-end communications, comprising;
a host/network interface for receiving messages sent between said user and said at least one network, said interface operative to convert said received messages to and from a format utilized by said at least one network;
a message parser for receiving said messages from said host/network interface, determining whether said association already exists with another SNIU device and providing a signal indicative of said determination;
a session manager coupled to said interface for identifying and verifying said user requesting access to said network, said session manager also responsive to said signal from said message parser for transmitting said messages received from said user when said message parser determines said association already exists; and
an association manager coupled to said interface and responsive to said signal from said message parser for establishing an association with other like SNIU devices when said message parser determines said association does not exist, wherein said message parser stores said messages in a wait queue until said association is established.
4 Assignments
0 Petitions
Accused Products
Abstract
A multi-level security device is disclosed for providing security between a user and at least one computer network, wherein the user is selected from the group consisting of a host computer and at least a second network. A secure network interface Unit (SNIU) that operates at a user layer communications protocol, which communicates with other like SNIU devices by establishing an association at a session layer of a communication stack in order to create a global security perimeter for end-to-end communications. The SNIU includes a host/network interface for receiving messages sent between the user and the at least one network, which is operative to convert the received messages to and from a format utilized by the at least one network. A message parser for determining whether the association already exists with another SNIU device. A session manager coupled to the interface for identifying and verifying the user requesting access to the network. The session manager also for transmitting the messages received from the user when the message parser determines the association already exists. An association manager coupled to the interface for establishing an association with other like SNIU devices when the message parser determines the association does not exist.
-
Citations
19 Claims
-
1. A multi-level security device for providing security between a user and at least one computer network, wherein the user is selected from the group consisting of a host computer and at least a second network, comprising:
-
a secure network interface Unit (SNIU) that operates at a user layer communications protocol, said SNIU communicates with other like SNIU devices by establishing an association at a session layer of a communication stack in order to provide secure end-to-end communications, comprising; a host/network interface for receiving messages sent between said user and said at least one network, said interface operative to convert said received messages to and from a format utilized by said at least one network; a message parser for receiving said messages from said host/network interface, determining whether said association already exists with another SNIU device and providing a signal indicative of said determination; a session manager coupled to said interface for identifying and verifying said user requesting access to said network, said session manager also responsive to said signal from said message parser for transmitting said messages received from said user when said message parser determines said association already exists; and an association manager coupled to said interface and responsive to said signal from said message parser for establishing an association with other like SNIU devices when said message parser determines said association does not exist, wherein said message parser stores said messages in a wait queue until said association is established. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. A method of providing a multi-level network security system for a user and at least one computer network, wherein said user is selected from the group consisting of a host computer and at least a second network, comprising:
-
placing a secure network interface Unit (SNIU) that operates at a user layer communications protocol, said SNIU communicates with other like SNIU devices by establishing an association at a session layer of a communication stack in order to provide secure end-to-end communications, said SNIU performing a plurality of security functions including; receiving messages sent between said user and said at least one network; converting said received messages to and from a format utilized by said at least one network; identifying and verifying said user requesting access to said network; determining whether said association already exists with another SNIU device; transmitting said messages received from said user when said association already exists; temporarily storing said received messages from said computer device when said association does not exist; and establishing an association with other like SNIU devices when said association does not exist. - View Dependent Claims (13, 14, 15, 16, 17, 19)
-
-
18. The method of claim 18, wherein said ICMP Echo request includes the user'"'"'s security level.
Specification