Secure network architecture method and apparatus

US 6,189,101 B1
Filed: 10/24/1997
Issued: 02/13/2001
Est. Priority Date: 10/24/1997
Status: Expired due to Term

First Claim

Patent Images

1. A secure network comprising:

a network;

network resources connected to the network each having a communications profile comprising at least a receive profile, a transmit profile, and unique identifier and whereby each network resource can receive communications only if permitted by its receive profile and whereby each network resource can transmit communications only if permitted by its transmit profile; and

at least one arbitrator with its own communications profile included in said network resources, wherein the arbitrator receives communications from transmitting network resources which are destined for destination network resources and retransmits the communication to the destination network resources.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure network architecture method and apparatus that provides security at all levels of the network. The system and method of the present invention provides communications profiles for all network resources that uniquely identify the individual network resources and provide for absolute object identity. Communications over the network are managed at all levels by the network resources themselves by virtue of individual communications profiles that are policed by arbitrators and network resources alike.

101 Citations

View as Search Results

67 Claims

1. A secure network comprising:
- a network;
  
  network resources connected to the network each having a communications profile comprising at least a receive profile, a transmit profile, and unique identifier and whereby each network resource can receive communications only if permitted by its receive profile and whereby each network resource can transmit communications only if permitted by its transmit profile; and
  
  at least one arbitrator with its own communications profile included in said network resources, wherein the arbitrator receives communications from transmitting network resources which are destined for destination network resources and retransmits the communication to the destination network resources.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 2. The secure network of claim 1 further comprising a central directory and whereby the central directory creates the communications profile for the network resources.
  - 3. The secure network of claim 1, wherein the at least one arbitrator includes means to meter usage on the network and to provide information to a billing authority for billing users for usage.
  - 4. The secure network of claim 1, wherein the arbitrator includes means to check a communication that is received by the arbitrator against the arbitrator'"'"'s communications profile to determine if the communication is the type permitted to be received by the arbitrator.
  - 5. The secure network of claim 4 wherein the means to check communication that is received includes means to prevent retransmission of a communication by the arbitrator that is not permitted to be received by the arbitrator.
  - 6. The secure network of claim 5 wherein the arbitrator further comprises storage in which is stored communications profiles of the most commonly used destination network resources to which the arbitrator can transmit communications and in which is further stored communications profiles of the most commonly used transmitting network resources from which the arbitrator can receive communications.
  - 7. The secure network of claim 6 wherein the arbitrator includes means to monitor communication coming from a transmitting network resource, to check the type of communication against the communications profile of the transmitting network resource and to permit the communication to be further transmitted only if the communication is of the type permitted by the transmitting network resource'"'"'s communications profile.
  - 8. The secure network of claim 7 wherein the arbitrator further includes means to monitor communication destined for a destination network resource, to check the type of communication against the communications profile of the destination network resource and to permit the communication to be further transmitted only if the communication is of the type permitted by the destination network resource'"'"'s communications profile.
  - 9. The secure network of claim 2, wherein the arbitrator includes means to provide a cryptographic element to a transmitting network resource in advance of the transmitting network resource transmitting any sensitive communication.
  - 10. The secure network of claim 9 wherein the arbitrator includes means to receive cryptographic elements from the central directory in response to a request from the arbitrator.
  - 11. The secure network of claim 9 wherein the arbitrator includes means to receive cryptographic elements from another arbitrator for subsequent transmission to the transmitting network resource.
  - 12. The secure network of claim 2 wherein each workstation includes means to request cryptographic elements from the arbitrator when communications to be transmitted are to be encrypted.
  - 13. The secure network of claim 12 wherein the cryptographic element is a bit ring.
  - 14. The secure network of claim 2 wherein the central directory further comprises a database of cryptographic elements for distribution to network resources.
  - 15. The secure network of claim 14 wherein the central directory includes means to receive cryptographic elements from a unique random number generator.
  - 16. The secure network of claim 2, further including a unique random number generator for said central directory which creates batches of numbers in advance of any request for cryptographic elements from the central directory.
  - 17. The secure network of claim 16 wherein the unique random number generator includes means to check the number generated against a database of already generated unique numbers and if the number has not been generated, stores the number in a batch file for later transmission to the central directory.
  - 18. The secure network of claim 1 wherein the network resources further comprise a plurality of workstations each with its own communications profile.
  - 19. The secure network of claim 18 wherein each workstation includes means to transmit certain types of communication only if permitted by its communications profile.
  - 20. The secure network of claim 19 wherein each workstation includes means to receive certain types of communication only if permitted by its communications profile.
  - 21. The secure network of claim 19 wherein each workstation includes means to check communications to be transmitted from the workstation and to permit the transmission to occur only if it is of the type permitted by the workstation'"'"'s communications profile.
  - 22. The secure network of claim 20 wherein each workstation includes means to check communications to be received from an arbitrator and to permit the reception to occur only if it is of the type permitted by the workstation'"'"'s communications profile.
  - 23. The secure network of claim 1 wherein the network resources further comprise at least one container comprising information.
  - 24. The secure network of claim 23 wherein the information in the container comprises audio/visual data.
  - 25. The secure network of claim 23 wherein the information in the container comprises access privileges to other network resources.
  - 26. The secure network of claim 23 wherein the information in the container is binary data.
  - 27. The secure network of claim 23 wherein the information in the container is software.
  - 28. The secure network of claim 1, wherein the network resources further comprise at least one container comprising encrypted information.
  - 29. The secure network of claim 28, further including means to prevent decryption of information in the container upon any modification to the encrypted information.

30. A method for establishing a secure communications network comprising:
- establishing a communications profile comprising at least a receive profile, a transmit profile, and unique identifier on each of a plurality of network resources including at least one arbitrator on a network;
  
  transmitting communications from a transmitting network resource only if permitted by the transmitting network resource'"'"'s communications profile; and
  
  receiving communications by a destination network resource only if permitted by the destination resource'"'"'s communications profile.
- View Dependent Claims (31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62)
- - 31. The method of establishing a secure communication network of claim 30 wherein the network resources comprise a plurality of arbitrators.
  - 32. The method of establishing a secure communication network of claim 30 further comprising:
33. The method of establishing a secure communication network of claim 32 further comprising:
- checking the received communication against the communications profile of the arbitrator;
  
  accepting the communication for re-transmission if it is the type of communication permitted to be received by the arbitrator; and
  
  rejecting the communication for further re-transmission if it is the type of communication not permitted to be received by the arbitrator.
34. The method of establishing a secure communication network of claim 30 further comprising:
- storing in the arbitrator the communications profiles of network resources with which communication is permitted.
35. The method of establishing a secure communication network of claim 34 further comprising:
- checking the communications profile of the destination network resource stored in the arbitrator;
  
  rejecting re-transmission of the communication to the destination network resource if the communication is not of the type permitted to be received by the destination network resource; and
  
  allowing re-transmission of the communication to the destination network resource if the communication is of the type permitted to be received by the destination network resource.
36. The method of establishing a secure communication network of claim 35 further comprising:
- the network resource requesting cryptographic elements from the arbitrator when communications are to be encrypted.
37. The method of establishing a secure communication network of claim 36 wherein requesting cryptographic elements includes requesting a bit ring.
38. The method of establishing a secure communication network of claim 30 wherein establishing a communications profile on each of a plurality of network resources further includes establishing a plurality of workstations each with its own communications profile.
39. The method of establishing a secure communication network of claim 38 further comprising transmitting from a workstation certain types of communications only if permitted by the workstation'"'"'s communications profile.
40. The method of establishing a secure communication network of claim 39 further comprising receiving certain types of communications only if permitted by the workstation'"'"'s communications profile.
41. The method of establishing a secure communication network of claim 39 further comprising the workstation checking the communication to be received and permitting the reception only if the communication is of the type permitted by the workstation'"'"'s communications profile.
42. The method of establishing a secure communication network of claim 38 further comprising the workstation checking the communication to be transmitted and permitting the transmission only if the communication is of the type permitted by the workstation'"'"'s communications profile.
43. The method of establishing a secure communication network of claim 38 further comprising the workstation requesting cryptographic elements from the arbitrator when communications are to be encrypted.
44. The method of establishing a secure communication network of claim 43 wherein the cryptographic element is a bit ring.
45. The method of establishing a secure communication network of claim 43 further comprising the arbitrator requesting a cryptographic element from a central directory in response to the request for a cryptographic element from a workstation.
46. The method of establishing a secure communication network of claim 38 further comprising supplying cryptographic elements to the arbitrator from a central directory in response to a request from the arbitrator.
47. The method of establishing a secure communication network of claim 46 further comprising the central directory receiving batches of unique random numbers from a unique random number generator;
- andgenerating bit rings from the unique random numbers received by the central directory.
48. The method of establishing a secure communication network of claim 47 further comprising the unique random number generator checking a unique random number database to ensure that the number generated is in fact unique;
- storing unique random numbers generated in a batch file for transmitting to the central directory.
49. The method of establishing a secure communication network of claim 30, further including establishing at least one container comprising information for said network resources.
50. The method of establishing a secure communication network of claim 49 further comprising encrypting the information in the container.
51. The method of establishing a secure communication network of claim 50 wherein modifying the information in the container results in the container not being able to be decrypted.
52. The method of establishing a secure communication network of claim 49 including providing audio/visual data for said container.
53. The method of establishing a secure communication network of claim 49 including providing access privileges to other network resources for said container.
54. The method of establishing a secure communication network of claim 49 including providing binary data for said container.
55. The method of establishing a secure communication network of claim 49 including providing software for said container.
56. The method of establishing a secure communication network of claim 30 further comprising the arbitrator receiving a communication from a transmitting network resource;
- the arbitrator encrypting the communication and retransmitting the encrypted communication to a network distribution resource;
  
  the network distribution resource broadcasting the encrypted communication;
  
  the arbitrator providing to a destination network resource a means to decrypt the encrypted communication broadcast from the network distribution resource.
57. The method of establishing a secure communication network of claim 56 wherein re-transmitting to a network distribution resource includes re-transmitting the communication to a satellite.
58. The method of establishing a secure communication network of claim 56 wherein encrypting the communication includes producing an encrypted bit stream.
59. The method of establishing a secure communication network of claim 56 including providing audio/visual data to said transmitting network resource for communication to the arbitrator, said encrypted communication comprising encrypted audio/visual data.
60. The method of establishing a secure communication network of claim 56 including providing binary data to said transmitting network resource for communication to the arbitrator, said encrypted communication comprising encrypted binary data.
61. The method of establishing a secure communication network of claim 56 including providing software to said transmitting network resource for communication to the arbitrator, said encrypted communication comprising encrypted software.
62. The method of establishing a secure communication network of claim 56 including providing financial data to said transmitting network resource for communication to the arbitrator, said encrypted communication comprising financial data.

63. A method for creating absolute object identity for objects on a network, comprising:
- providing a plurality of network resources on the network;
  
  providing a plurality of arbitrators for receiving and retransmitting communications between network resources;
  
  creating random numbers in a random number generator;
  
  conveying the created random numbers to a central directory;
  
  verifying the uniqueness of each random number in the central directory; and
  
  creating for each of said network resources a communications profile based in part on a verified random number, each created communications profile comprising at least a receive profile, a transmit profile and a unique identifier, whereby a transmitting network resource transmits communications only if permitted by its communications profile and a destination network resource receives communications only if permitted by its communications profile.
- View Dependent Claims (64, 65, 66, 67)
- - 64. The method for creating absolute object identify for objects on a network of claim 63 further comprising:
65. The method for creating absolute object identity for objects on a network of claim 64 further comprising:
- checking a communication received by the arbitrator against the communications profile of the arbitrator;
  
  accepting the communication for retransmission if it is the type of communication permitted to be received by the arbitrator; and
  
  rejecting the communication for further re-transmission if it is the type of communication not permitted to be received by the arbitrator.
66. The method for creating absolute object identity for objects on a network of claim 65 further comprising:
- storing in the arbitrator the communications profiles of network resources with which communication is permitted.
67. The method for creating absolute object identity for objects on a network of claims 66 further comprising:
- checking the communications profile of a destination network resource stored in the arbitrator;
  
  rejecting re-transmission of the communication to the destination network resource if the communication is not of the type permitted to be received by the destination network resource; and
  
  allowing re-transmission of the communication to the destination network resource if the communication is of the type permitted to be received by the destination network resource.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
III Holdings 1, LLC
Original Assignee
Richard G Dusenbury Jr.
Inventors
Dusenbury, Jr., Richard G.
Primary Examiner(s)
Beausoliel, Robert W.
Assistant Examiner(s)
Elisca, Pierre E.

Application Number

US08/957,731
Time in Patent Office

1,208 Days
Field of Search

713/200, 713/167, 713/201, 713/166, 713/202, 713/162, 380/3, 380/4, 380/24, 380/25, 380/30, 380/201, 380/202
US Class Current

726/2
CPC Class Codes

H04L 61/00   Network arrangements, proto...

H04L 61/45   Network directories; Name-t...

H04L 63/102   Entity profiles

Secure network architecture method and apparatus

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

101 Citations

67 Claims

Specification

Solutions

Use Cases

Quick Links

Secure network architecture method and apparatus

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

101 Citations

67 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links