Secure network architecture method and apparatus
First Claim
Patent Images
1. A secure network comprising:
- a network;
network resources connected to the network each having a communications profile comprising at least a receive profile, a transmit profile, and unique identifier and whereby each network resource can receive communications only if permitted by its receive profile and whereby each network resource can transmit communications only if permitted by its transmit profile; and
at least one arbitrator with its own communications profile included in said network resources, wherein the arbitrator receives communications from transmitting network resources which are destined for destination network resources and retransmits the communication to the destination network resources.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure network architecture method and apparatus that provides security at all levels of the network. The system and method of the present invention provides communications profiles for all network resources that uniquely identify the individual network resources and provide for absolute object identity. Communications over the network are managed at all levels by the network resources themselves by virtue of individual communications profiles that are policed by arbitrators and network resources alike.
101 Citations
67 Claims
-
1. A secure network comprising:
-
a network;
network resources connected to the network each having a communications profile comprising at least a receive profile, a transmit profile, and unique identifier and whereby each network resource can receive communications only if permitted by its receive profile and whereby each network resource can transmit communications only if permitted by its transmit profile; and
at least one arbitrator with its own communications profile included in said network resources, wherein the arbitrator receives communications from transmitting network resources which are destined for destination network resources and retransmits the communication to the destination network resources. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
-
-
30. A method for establishing a secure communications network comprising:
-
establishing a communications profile comprising at least a receive profile, a transmit profile, and unique identifier on each of a plurality of network resources including at least one arbitrator on a network;
transmitting communications from a transmitting network resource only if permitted by the transmitting network resource'"'"'s communications profile; and
receiving communications by a destination network resource only if permitted by the destination resource'"'"'s communications profile. - View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
receiving by the arbitrator a communication transmitted by a transmitting network resource destined for a destination network resource; and
re-transmitting the communication to the destination network resource.
-
-
33. The method of establishing a secure communication network of claim 32 further comprising:
-
checking the received communication against the communications profile of the arbitrator;
accepting the communication for re-transmission if it is the type of communication permitted to be received by the arbitrator; and
rejecting the communication for further re-transmission if it is the type of communication not permitted to be received by the arbitrator.
-
-
34. The method of establishing a secure communication network of claim 30 further comprising:
storing in the arbitrator the communications profiles of network resources with which communication is permitted.
-
35. The method of establishing a secure communication network of claim 34 further comprising:
-
checking the communications profile of the destination network resource stored in the arbitrator;
rejecting re-transmission of the communication to the destination network resource if the communication is not of the type permitted to be received by the destination network resource; and
allowing re-transmission of the communication to the destination network resource if the communication is of the type permitted to be received by the destination network resource.
-
-
36. The method of establishing a secure communication network of claim 35 further comprising:
the network resource requesting cryptographic elements from the arbitrator when communications are to be encrypted.
-
37. The method of establishing a secure communication network of claim 36 wherein requesting cryptographic elements includes requesting a bit ring.
-
38. The method of establishing a secure communication network of claim 30 wherein establishing a communications profile on each of a plurality of network resources further includes establishing a plurality of workstations each with its own communications profile.
-
39. The method of establishing a secure communication network of claim 38 further comprising transmitting from a workstation certain types of communications only if permitted by the workstation'"'"'s communications profile.
-
40. The method of establishing a secure communication network of claim 39 further comprising receiving certain types of communications only if permitted by the workstation'"'"'s communications profile.
-
41. The method of establishing a secure communication network of claim 39 further comprising the workstation checking the communication to be received and permitting the reception only if the communication is of the type permitted by the workstation'"'"'s communications profile.
-
42. The method of establishing a secure communication network of claim 38 further comprising the workstation checking the communication to be transmitted and permitting the transmission only if the communication is of the type permitted by the workstation'"'"'s communications profile.
-
43. The method of establishing a secure communication network of claim 38 further comprising the workstation requesting cryptographic elements from the arbitrator when communications are to be encrypted.
-
44. The method of establishing a secure communication network of claim 43 wherein the cryptographic element is a bit ring.
-
45. The method of establishing a secure communication network of claim 43 further comprising the arbitrator requesting a cryptographic element from a central directory in response to the request for a cryptographic element from a workstation.
-
46. The method of establishing a secure communication network of claim 38 further comprising supplying cryptographic elements to the arbitrator from a central directory in response to a request from the arbitrator.
-
47. The method of establishing a secure communication network of claim 46 further comprising the central directory receiving batches of unique random numbers from a unique random number generator;
- and
generating bit rings from the unique random numbers received by the central directory.
- and
-
48. The method of establishing a secure communication network of claim 47 further comprising the unique random number generator checking a unique random number database to ensure that the number generated is in fact unique;
storing unique random numbers generated in a batch file for transmitting to the central directory.
-
49. The method of establishing a secure communication network of claim 30, further including establishing at least one container comprising information for said network resources.
-
50. The method of establishing a secure communication network of claim 49 further comprising encrypting the information in the container.
-
51. The method of establishing a secure communication network of claim 50 wherein modifying the information in the container results in the container not being able to be decrypted.
-
52. The method of establishing a secure communication network of claim 49 including providing audio/visual data for said container.
-
53. The method of establishing a secure communication network of claim 49 including providing access privileges to other network resources for said container.
-
54. The method of establishing a secure communication network of claim 49 including providing binary data for said container.
-
55. The method of establishing a secure communication network of claim 49 including providing software for said container.
-
56. The method of establishing a secure communication network of claim 30 further comprising the arbitrator receiving a communication from a transmitting network resource;
-
the arbitrator encrypting the communication and retransmitting the encrypted communication to a network distribution resource;
the network distribution resource broadcasting the encrypted communication;
the arbitrator providing to a destination network resource a means to decrypt the encrypted communication broadcast from the network distribution resource.
-
-
57. The method of establishing a secure communication network of claim 56 wherein re-transmitting to a network distribution resource includes re-transmitting the communication to a satellite.
-
58. The method of establishing a secure communication network of claim 56 wherein encrypting the communication includes producing an encrypted bit stream.
-
59. The method of establishing a secure communication network of claim 56 including providing audio/visual data to said transmitting network resource for communication to the arbitrator, said encrypted communication comprising encrypted audio/visual data.
-
60. The method of establishing a secure communication network of claim 56 including providing binary data to said transmitting network resource for communication to the arbitrator, said encrypted communication comprising encrypted binary data.
-
61. The method of establishing a secure communication network of claim 56 including providing software to said transmitting network resource for communication to the arbitrator, said encrypted communication comprising encrypted software.
-
62. The method of establishing a secure communication network of claim 56 including providing financial data to said transmitting network resource for communication to the arbitrator, said encrypted communication comprising financial data.
-
63. A method for creating absolute object identity for objects on a network, comprising:
-
providing a plurality of network resources on the network;
providing a plurality of arbitrators for receiving and retransmitting communications between network resources;
creating random numbers in a random number generator;
conveying the created random numbers to a central directory;
verifying the uniqueness of each random number in the central directory; and
creating for each of said network resources a communications profile based in part on a verified random number, each created communications profile comprising at least a receive profile, a transmit profile and a unique identifier, whereby a transmitting network resource transmits communications only if permitted by its communications profile and a destination network resource receives communications only if permitted by its communications profile. - View Dependent Claims (64, 65, 66, 67)
receiving, by an arbitrator, communications transmitted by a transmitting network resource destined for a destination network resource; and
re-transmitting the communication from the arbitrator to the destination network resource.
-
-
65. The method for creating absolute object identity for objects on a network of claim 64 further comprising:
-
checking a communication received by the arbitrator against the communications profile of the arbitrator;
accepting the communication for retransmission if it is the type of communication permitted to be received by the arbitrator; and
rejecting the communication for further re-transmission if it is the type of communication not permitted to be received by the arbitrator.
-
-
66. The method for creating absolute object identity for objects on a network of claim 65 further comprising:
storing in the arbitrator the communications profiles of network resources with which communication is permitted.
-
67. The method for creating absolute object identity for objects on a network of claims 66 further comprising:
-
checking the communications profile of a destination network resource stored in the arbitrator;
rejecting re-transmission of the communication to the destination network resource if the communication is not of the type permitted to be received by the destination network resource; and
allowing re-transmission of the communication to the destination network resource if the communication is of the type permitted to be received by the destination network resource.
-
Specification