System and method for providing multi-level security in computer devices utilized with non-secure networks
First Claim
1. A multi-level network security system for a computer host device coupled to at least one computer network, comprising:
- a secure network interface Unit (SNIU) contained within a communications stack of said computer device that operates at a user layer communications protocol, said SNIU communicates with other like SNIU devices on said network by establishing an association, thereby creating a global security perimeter for end-to-end communications and wherein said network may be individually secure or non-secure without compromising security of communications within said global security perimeter, comprising;
a host/network interface for receiving messages sent between said computer device and said network, said interface operative to convert said received messages to and from a format utilized by said network;
a message parser for determining whether said association already exists with another SNIU device;
a session manager coupled to said network interface for identifying and verifying said computer device requesting access to said network, said session manager also for transmitting said messages received from said computer device when said message parser determines said association already exists; and
an association manager coupled to said host/network interface for establishing an association with other like SNIU devices when said message parser determines said association does not exist.
4 Assignments
0 Petitions
Accused Products
Abstract
A multi-level network security system is disclosed for a computer host device coupled to at least one computer network. The system including a secure network interface Unit (SNIU) contained within a communications stack of the computer device that operates at a user layer communications protocol. The SNIU communicates with other like SNIU devices on the network by establishing an association, thereby creating a global security perimeter for end-to-end communications and wherein the network may be individually secure or non-secure without compromising security of communications within the global security perimeter. The SNIU includes a host/network interface for receiving messages sent between the computer device and network. The interface operative to convert the received messages to and from a format utilized by the network. A message parser for determining whether the association already exists with another SNIU device. A session manager coupled to said network interface for identifying and verifying the computer device requesting access to said network. The session manager also for transmitting messages received from the computer device when the message parser determines the association already exists. An association manager coupled to the host/network interface for establishing an association with other like SNIU devices when the message parser determines the association does not exist.
318 Citations
20 Claims
-
1. A multi-level network security system for a computer host device coupled to at least one computer network, comprising:
a secure network interface Unit (SNIU) contained within a communications stack of said computer device that operates at a user layer communications protocol, said SNIU communicates with other like SNIU devices on said network by establishing an association, thereby creating a global security perimeter for end-to-end communications and wherein said network may be individually secure or non-secure without compromising security of communications within said global security perimeter, comprising; a host/network interface for receiving messages sent between said computer device and said network, said interface operative to convert said received messages to and from a format utilized by said network; a message parser for determining whether said association already exists with another SNIU device; a session manager coupled to said network interface for identifying and verifying said computer device requesting access to said network, said session manager also for transmitting said messages received from said computer device when said message parser determines said association already exists; and an association manager coupled to said host/network interface for establishing an association with other like SNIU devices when said message parser determines said association does not exist. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 20)
-
11. A method of providing a multi-level network security system for a portable computer device coupled to at least one computer network, comprising:
placing a secure network interface Unit (SNIU) within a communications stack of said computer device that operates at a user layer communications protocol, said SNIU communicates with other like SNIU devices on said network by establishing an association, thereby creating a global security perimeter for end-to-end communications and wherein said network may be individually secure or non-secure without compromising security of communications within said global security perimeter, said SNIU performing a plurality of security functions including; receiving said messages sent between said computer device and said network; converting said received messages to and from a format utilized by said network; identifying and verifying said computer device requesting access to said network at the session level; determining whether said association already exists with another SNIU device; transmitting said messages received from said computer device when said association already exists; and establishing an association with other like SNIU devices when said association does not exist. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19)
Specification