System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights

US 5,864,683 A
Filed: 10/12/1994
Issued: 01/26/1999
Est. Priority Date: 10/12/1994
Status: Expired due to Term

First Claim

Patent Images

1. A system for secure internetwork communication across an external network, the system comprising:

first and second internal networks;

first and second secure computers connected to the external network, wherein said first and second secure computers are type enforcing secure computers capable of recognizing data of varying sensitivity and of limiting access to data based on both user access rights and process access rights and wherein the first and second secure computers include;

an internal network interface; and

an external network interface for secure transfer of data from the first secure computer to the second secure computer over the external network, wherein the external network interface includes means for encrypting data to be transferred from the first secure computer to the second secure computer;

a first computing system, wherein the first computing system includes a first client subsystem connected over the first internal network to the internal network interface of the first secure computer, wherein the first client subsystem includes means for secure transfer of data between the first computing system and the first secure computer; and

a second computing system, wherein the second computing system includes a second client subsystem connected over the second internal network to the internal network interface of the second secure computer, wherein the second client subsystem includes means for secure transfer of data between the second computing system and the second secure computer.

View all claims

7 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method for the secure transfer of data between a workstation connected to a private network and a remote computer connected to an unsecured network. A secure computer is inserted into the private network to serve as the gateway to the unsecured network and a client subsystem is added to the workstation in order to control the transfer of data from the workstation to the secure computer. The secure computer includes a private network interface connected to the private network, an unsecured network interface connected to the unsecured network, wherein the unsecured network interface includes means for encrypting data to be transferred from the first workstation to the remote computer, a server function for transferring data between the private network interface and the unsecured network interface and a filter function for filtering data transferred between the remote computer and the workstation.

699 Citations

21 Claims

1. A system for secure internetwork communication across an external network, the system comprising:
- first and second internal networks;
  
  first and second secure computers connected to the external network, wherein said first and second secure computers are type enforcing secure computers capable of recognizing data of varying sensitivity and of limiting access to data based on both user access rights and process access rights and wherein the first and second secure computers include;
  
  an internal network interface; and
  
  an external network interface for secure transfer of data from the first secure computer to the second secure computer over the external network, wherein the external network interface includes means for encrypting data to be transferred from the first secure computer to the second secure computer;
  
  a first computing system, wherein the first computing system includes a first client subsystem connected over the first internal network to the internal network interface of the first secure computer, wherein the first client subsystem includes means for secure transfer of data between the first computing system and the first secure computer; and
  
  a second computing system, wherein the second computing system includes a second client subsystem connected over the second internal network to the internal network interface of the second secure computer, wherein the second client subsystem includes means for secure transfer of data between the second computing system and the second secure computer.
- View Dependent Claims (2)
- - 2. The system according to claim 1 wherein the first secure computer further comprises:
    - means for selectively filtering messages received from the second internal network according to a first predefined criteria; and
      
      means for selectively filtering data received from the external network according to a second predefined criteria.

3. A secure computing system, comprising:
- an internal network;
  
  an external network;
  
  first and second secure computers connected across the external network, wherein the first and second secure computers comprise encryption means for encrypting and decrypting data transferred between said first and second secure computers and wherein the first secure computer further comprises means for establishing an assured pipeline between processes operating on said internal network and processes operating on said external network; and
  
  a workstation connected across the internal network to said first secure computer, wherein the workstation includes means for encrypting and decrypting data transferred between said workstation and said first secure computer.
- View Dependent Claims (4, 5, 6)
- - 4. The system according to claim 3 wherein the first secure computer further comprises:
    - means for selectively filtering messages received from the internal network according to a first predefined criteria; and
      
      means for selectively filtering data received from the external network according to a second predefined criteria.
  - 5. The system according to claim 3 wherein the first secure computer is a multilevel secure computer capable of recognizing data of varying sensitivity and users of varying authorizations.
  - 6. The system according to claim 3 wherein the first secure computer is a type enforcing secure computer capable of recognizing data of varying sensitivity and of limiting access to data based on both user access rights and process access rights.

7. A method of transferring data between a first and a second network connected by an external network, wherein the first network comprises a first workstation connected to a first secure computer server and wherein the second network comprises a second workstation connected to a second secure computer server, wherein each secure computer server comprises a trusted subsystem, first encryption means for encrypting and decrypting data transferred between the secure computer server and its respective workstation and second encryption means for encrypting and decrypting data transferred between the secure computer server and the external network, the method comprising the steps of:
- establishing an authenticated and protected interaction between the first workstation and the first secure computer server;
  
  establishing an assured pipeline between processes operating on said first network and processes operating on said external network;
  
  sending data from the first workstation to the first secure computer server;
  
  passing the data received from the first workstation through the assured pipeline;
  
  selecting an authentication and protection mechanism for interaction on the external network;
  
  encrypting, via the second encryption means of the first secure computer server, the data received from the first workstation through the assured pipeline; and
  
  sending the encrypted data over the external network to the second secure computer server.

8. A secure server, comprising:
- a processor;
  
  an internal network interface, connected to the processor for communicating on an internal network; and
  
  an external network interface, connected to the processor for communicating on an external network;
  
  wherein the processor includes server program code for transferring data between the internal and external network interfaces via an assured pipeline and security policy program code for enforcing a Type Enforcement security mechanism to restrict access of a process received from the external network to data stored on the internal network.
- View Dependent Claims (9, 10, 11)
- - 9. The server according to claim 8, wherein the processor further includes encryption means for encrypting data to be transferred from the internal network to the external network.
  - 10. The server according to claim 8, wherein the processor further includes filter program code for filtering data transferred between the internal and external network interfaces.
  - 11. The server according to claim 8, wherein the processor further includes formatting program code for changing the format of data transferred between the internal and external network interfaces.

12. A secure server for use in controlling access to data stored within an internal network, comprising:
- administrative and operational kernels, wherein the operational kernel includes security policy program code for enforcing a Type Enforcement security mechanism to restrict access of a process received from the external network to data stored on the internal network; and
  
  wherein the administrative kernel is restricted to execution only while isolated from the internal network.

13. A secure wide-area access system, comprising:
- a secure computer;
  
  an internal network; and
  
  a workstation connected across the internal network to the secure computer;
  
  wherein the secure computer comprises an internal network interface, a public network interface, public network program code used to communicate through the public network interface to a public network, private network program code used to communicate through the internal network interface to the workstation and security policy program code for enforcing a Type Enforcement security mechanism to restrict access of a process to data.
- View Dependent Claims (14, 15)
- - 14. The system according to claim 13 wherein the security policy program code comprises program code for hardening an operating system.
  - 15. The system according to claim 13 wherein the security policy program code comprises program code for hardening an operating system, wherein the program code for hardening an operating system comprises kernel code for enforcing Type Enforcement via an operational kernel.

16. A method of protecting a computer system connected to an unsecured external network, wherein the computer system includes a plurality of workstations connected to a private network, the method comprising the steps of:
- providing a secure computer, wherein the secure computer comprises security policy program code for enforcing a Type Enforcement security mechanism to restrict access of a process to data;
  
  connecting the Type Enforcement based secure computer to the private network; and
  
  establishing an assured pipeline for the transfer of data and programs between the private network and the external network through the secure computer, wherein the step of establishing an assured pipeline includes the steps of;
  
  i) placing processes within domains, wherein the step of placing processes within domains includes the step of assigning processes received from the external network to an external domain;
  
  ii) assigning types to files; and
  
  iii) restricting access by processes within the external domain to certain file types.
- View Dependent Claims (17)
- - 17. The method according to claim 16 wherein the step of placing processes within domains includes the steps of:
    - defining a domain definition table within the secure computer;
      
      assigning a domain name to each domain; and
      
      creating an entry for each process in the domain definition table, wherein the step of creating an entry includes the step of associating a domain name with each entry.

18. A system for transferring data between a workstation connected to an internal network and a remote computer connected to an external network, the system comprising:
- a secure computer, wherein the secure computer includes;
  
  an internal network interface connected to the internal network; and
  
  an external network interface connected to the external network, wherein the external network interface includes means for encrypting data to be transferred from the workstation to the remote computer;
  
  means for establishing an assured pipeline between said internal network interface and said external network interface;
  
  a server function for transferring data between the internal network interface and the external network interface, wherein the server function includes means for establishing an assured pipeline between said internal network interface and said external network interface; and
  
  filter means for filtering data transferred between the remote computer and the workstation.
- View Dependent Claims (19, 20, 21)
- - 19. The system according to claim 18, wherein the workstation includes a client subsystem for secure transfer of data from the workstation to the internal network interface of the secure computer.
  - 20. The system according to claim 19, wherein the client subsystem is a software program running on the workstation.
  - 21. The system according to claim 20, wherein the secure computer further comprises:
    - means for selectively filtering messages received from the internal network according to a first predefined criteria; and
      
      means for selectively filtering data received from the external network according to a second predefined criteria.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
McAfee, LLC
Original Assignee
Secure Computing Corporation (McAfee, LLC)
Inventors
Rogers, Clyde O., Hammond, Scott W., Gooderum, Mark P., Andreas, Glenn, Boebert, William E.
Primary Examiner(s)
Lee, Thomas C.
Assistant Examiner(s)
Ton, David

Application Number

US08/322,078
Time in Patent Office

1,567 Days
Field of Search

380/9, 380/25, 380/49, 380/23, 380/21, 380/24, 380/4, 395/187.01, 395/491, 395/600, 395/200.16, 395/608, 395/800, 395/200.79, 370/85.3
US Class Current

709/249
CPC Class Codes

G06F 21/53   by executing in a restricte...

G06F 21/57   Certifying or maintaining t...

G06F 21/606   by securing the transmissio...

H04L 63/02   for separating internal fro...

H04L 63/0227   Filtering policies mail mes...

H04L 63/04   for providing a confidentia...

H04L 63/0428   wherein the data content is...

H04L 63/06   for supporting key manageme...

H04L 63/08   for authentication of entit...

H04L 63/0823   using certificates cryptogr...

H04L 9/40   Network security protocols

System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights

First Claim

7 Assignments

0 Petitions

Accused Products

Abstract

699 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

System for providing secure internetwork by connecting type enforcing secure computers to external network for limiting access to data based on user and process access rights

First Claim

7 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

699 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links