Mechanism for embedding network based control systems in a local network interface device
First Claim
1. A network interface device providing a secure representation of network services between a network and a host computer said network interface device comprising:
- a host bus interface circuit coupled to said host computer;
a control logic circuit coupled to said host bus interface;
a network interface circuit coupled to said network; and
a secure interpreter coupled to said network interface circuit and said control logic, said secure interpreter allowing state information from said network to be stored in said secured interpreter, said secure interpreter denying access to said state information by said host computer.
2 Assignments
0 Petitions
Accused Products
Abstract
A secure, trusted network management function embedded within a network interface device is provided. The network interface device connects a host computer to a network and contains a host bus interface, a network interface, and control logic. The network interface device incorporates a secure language processor, non-volatile memory, and a carrier sense circuit. The secure language processor executes a secure language program, and the non-volatile memory stores identification keys for remote devices and objects of value for network applications. If an application program is to be executed or accessed by the host computer, the secure language processor verifies that the object of value allows such execution or access. If a remote network device attempts to control the functionality of the network interface device, the secure language processor verifies that the remote network device has the authority to issue such a command.
271 Citations
25 Claims
-
1. A network interface device providing a secure representation of network services between a network and a host computer said network interface device comprising:
-
a host bus interface circuit coupled to said host computer; a control logic circuit coupled to said host bus interface; a network interface circuit coupled to said network; and a secure interpreter coupled to said network interface circuit and said control logic, said secure interpreter allowing state information from said network to be stored in said secured interpreter, said secure interpreter denying access to said state information by said host computer. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus providing a proxy for network services to a first station connected to a network from a second station connected to a network, said apparatus comprising:
-
a bus interface circuit coupled between said first station and said network; a security circuit coupled to said bus interface circuit, said security circuit including a processor, said processor executing instructions defined by a secure programming language; a memory coupled to said processor, said memory containing parameter information utilized by said network services;
said security circuit allowing said parameter information from said network to be stored in said memory, said security circuit denying access to said parameter information by said first station; anda carrier sense circuit coupled to said bus interface circuit detecting a disconnection of said first station from said network. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. An apparatus providing remote network access to network interface functions of a first station connected to a network from a second station connected to said network, said apparatus comprising:
-
a bus interface circuit coupled between said first station and said network; a processor coupled to said first station, said processor executing instructions defined by a secure programming language; and a memory coupled to said processor, said memory containing parameter information utilized by said network interface functions said processor allowing said parameter information from said network to be stored in said memory, said processor denying access to said parameter information by said first station. - View Dependent Claims (16, 17, 18)
-
-
19. A method of providing secure network management functions within a network interface device, said network interface comprising a memory, a processor, and a bus interface circuit, said bus interface circuit coupling said first network station to a network, said network coupled to a second network station, said method comprising the steps of:
-
storing a first parameter in said memory; storing a security routine in said memory, said security routine comprising instructions and one or more data objects defined by a secure programming language, said security routine containing a second parameter; causing said processor to execute said security routine; transmitting a first set of commands to said first network station if said security routine returns a first value; and transmitting a second set of commands to said first network station if said security routine returns a second value said processor allowing said data objects from said network to be stored in said memory, said processor denying access to said data objects by said first network station. - View Dependent Claims (20, 21, 22, 23, 24, 25)
-
Specification