Network system for transporting security-protected data
First Claim
1. A network system in which a sender transmits data to a recipient over a network after applying appropriate security processes to the data, the system comprising:
- a transmission unit comprising;
at least one table containing information about data confidentiality levels of different kinds of data and about security processes required in each data confidentiality level, the data confidentiality levels being determined from data attribute information and communication environment, security processing means for determining the data confidentiality level of given data to be transmitted to the recipient and identifying which security processes to apply thereto, with reference to said at least one table, and applying the identified security processes to the data, identification data attaching means for attaching identification data to the data to allow the recipient to identify the security processes that said security processing means has applied, and transmission means for transmitting the data over the network to the recipient, together with the identification data being attached thereto; and
a reception unit, coupled to said transmission unit via the network, comprising;
reception means for receiving the data that is sent over the network by said transmission unit, identification data extracting means for extracting the identification data that is attached to the data, and unprotecting means for unprotecting the data by using the identification data extracted by said identification data extracting means.
1 Assignment
0 Petitions
Accused Products
Abstract
A network system with integrated security protection facilities. The system involves a transmission unit and a reception unit, which are coupled to each other via a network. In the transmission unit, a data management unit performs centralized management of source data that is stored in a plurality of storage units in a distributed manner. In response to a data transmission request from a terminal local to the transmission unit, a data collection unit collects requested data items from the data management unit. A security processor applies appropriate security protection processes to the collected data, depending on its data confidentiality level. An identification data attaching unit attaches identification data to the transmission data. This identification data informs the recipient of what sequence of security process primitives has been applied to the source data. A transmitter sends out the security-protected data over the network. In the reception unit, a receiver accepts the data sent from the transmission unit, and an identification data extracting unit extracts the identification data attached to the received data. With this identification data, an unprotection unit unprotects the received data, thereby reconstructing the original data contents.
-
Citations
15 Claims
-
1. A network system in which a sender transmits data to a recipient over a network after applying appropriate security processes to the data, the system comprising:
-
a transmission unit comprising;
at least one table containing information about data confidentiality levels of different kinds of data and about security processes required in each data confidentiality level, the data confidentiality levels being determined from data attribute information and communication environment, security processing means for determining the data confidentiality level of given data to be transmitted to the recipient and identifying which security processes to apply thereto, with reference to said at least one table, and applying the identified security processes to the data, identification data attaching means for attaching identification data to the data to allow the recipient to identify the security processes that said security processing means has applied, and transmission means for transmitting the data over the network to the recipient, together with the identification data being attached thereto; and
a reception unit, coupled to said transmission unit via the network, comprising;
reception means for receiving the data that is sent over the network by said transmission unit, identification data extracting means for extracting the identification data that is attached to the data, and unprotecting means for unprotecting the data by using the identification data extracted by said identification data extracting means. - View Dependent Claims (2, 3, 4, 5)
data management means, disposed in said transmission unit, for performing centeralized management of the data being stored in a plurality of storage units in a distributed manner; and
data collection means, disposed in said transmission unit, for collecting the data to be transmitted, with reference to said data management means.
-
-
3. The network system according to claim 1, wherein said security processing means executes the security processes, taking into account an access privilege level of the recipient.
-
4. The network system according to claim 3, wherein said security processing means executes the security processes, taking into account a system security level that indicates a security level of a system constructed by said reception unit and the network.
-
5. The network system of claim 1, wherein if any security process primitives are outside of a predetermined range, the system denies requested transmission for lack of security.
-
6. A method of transporting data from a transmission unit to a reception unit over a network after applying appropriate security processes to the data, the method comprising:
-
at the transmission unit, determining the data confidentiality level of given data to be transmitted to the recipient and identifying which security processes to apply thereto, with reference to at least one table containing information about data confidentiality levels of different kinds of data and about security processes required in each data confidentiality level, the data confidentiality levels being determined from data attribute information and communication environment;
at the transmission unit, applying security processes to data that is to be transmitted to the reception unit, the security processes being relevant to a data confidentiality level that is determined from data attribute information and communication environment;
at the transmission unit, attaching identification data to the data to allow the recipient to identify what security processes have been applied to the data;
at the transmission unit, transmitting the data over the network to the reception unit, together with the identification data being attached thereto;
at the reception unit, receiving the data that is sent over the network by the transmission unit;
at the reception unit, extracting the identification data that is attached to the data; and
at the reception unit, unprotecting the data by using the identification data extracted.
-
-
7. A transmission unit which transmits data to a reception unit over a network after applying appropriate security processes to the data, the transmission unit comprising:
-
at least one table containing information about data confidentiality levels of different kinds of data and about security processes required in each data confidentiality level, the data confidentiality levels being determined from data attribute information and communication environment;
security processing means for determining the data confidentiality level of given data to be transmitted to the recipient and identifying which security processes to apply thereto, with reference to said at least one table, and applying the identified security processes to the data;
identification data attaching means for attaching identification data to the data to allow the recipient to identify what security processes said security processing means has applied; and
transmission means for transmitting the data over the network to the reception unit, together with the identification data being attached thereto.
-
-
8. A computer-readable storage medium for storing a computer program to be used to transport data over a network from a transmission unit to a reception unit after applying appropriate security processes to the data, the computer program being designed to run on a computer in order to cause the computer to function as:
-
at least one table containing information about data confidentiality levels of different kinds of data and about security processes required in each data confidentiality level, the data confidentiality levels being determined from data attribute information and communication environment;
security processing means for determining the data confidentiality level of given data to be transmitted to the recipient and identifying which security processes to apply thereto, with reference to said at least one table, and applying the identified security processes to the data;
identification data attaching means for attaching identification data to the data to allow the recipient to identify the security processes that said security processing means has applied; and
transmission means for transmitting the data over the network to the reception unit, together with the identification data being attached thereto.
-
-
9. A reception unit to receive data to which security processes are applied by a transmission unit, comprising:
-
reception means for receiving the data that is sent over a network by the transmission unit;
identification data extracting means for extracting identification data that is attached to the data; and
unprotecting means for unprotecting the data by using the identification data extracted by said identification data extracting means, wherein the data is not encrypted or transmitted if an intended recipient does not have adequate privileges.
-
-
10. A computer-readable storage medium for storing a computer program to be used to receive data to which security processes are applied by a transmission unit, the computer program being designed to run on a computer in order to cause the computer to function as:
-
reception means for receiving the data that is sent over a network by the transmission unit;
identification data extracting means for extracting identification data that is attached to the data; and
unprotecting means for unprotecting the data by using the identification data extracted by said identification data extracting means, wherein the data is not encrypted or transmitted if an intended recipient does not have adequate privileges.
-
-
11. A network system in which a sender transmits data to a recipient over a network after applying appropriate security processes to the data, the system comprising:
-
a transmission unit comprising;
security processing means for applying security processes to data that is to be transmitted to the recipient, the security processes being relevant to a data confidentiality level that is determined from data attribute information and communication environment, identification data attaching means for attaching identification data to the data to allow the recipient to identify the security processes that said security processing means has applied, and transmission means for transmitting the data over the network to the recipient, together with the identification data being attached thereto; and
a reception unit, coupled to said transmission unit via the network, comprising;
reception means for receiving the data that is sent over the network by said transmission unit, identification data extracting means for extracting the identification data that is attached to the data, and unprotecting means for unprotecting the data by using the identification data extracted by said identification data extracting means, wherein said security processing means executes the security processes, taking into account an access privilege level of the recipient, wherein said security processing means executes the security processes, taking into account a system security level that indicates a security level of a system constructed by said reception unit and the network, wherein said transmission unit further comprises;
a first table which defines the data confidentiality level of the data to be transmitted, and the access privilege level and system security level of the recipient; and
a second table which defines combinations of security process primitives and execution order thereof, in association with possible combinations of the data confidentiality level, the access privilege level, and system security level, wherein said security processing means applies the security processes to the data to be transmitted to the recipient, according to one of the combinations of security process primitives and execution order thereof that is determined from said second table, wherein said identification data attaching means attaches the identification data to the security-protected data to enable the reception unit to identify the combination of security process primitives and the execution order that have been applied to the data by said security processing means, wherein said identification data extracting means extracts the identification data that shows the combination of security process primitives and the execution order, and wherein said unprotecting means unprotects the data by using the extracted identification data that shows the combination of security process primitives and the execution order. - View Dependent Claims (12, 13)
-
-
14. A network system in which a sender transmits data to a recipient over a network after applying appropriate security processes to the data, the system comprising:
-
a transmission unit comprising;
security processing means for applying security processes to data that is to be transmitted to the recipient, the security processes being relevant to a data confidentiality level that is determined from data attribute information and communication environment, identification data attaching means for attaching identification data to the data to allow the recipient to identify the security processes that said security processing means has applied, and transmission means for transmitting the data over the network to the recipient, together with the identification data being attached thereto; and
a reception unit, coupled to said transmission unit via the network, comprising;
reception means for receiving the data that is sent over the network by said transmission unit, identification data extracting means for extracting the identification data that is attached to the data, and unprotecting means for unprotecting the data by using the identification data extracted by said identification data extracting means, wherein said security processing means executes the security processes, taking into account an access privilege level of the recipient, wherein said security processing means executes the security processes, taking into account a system security level that indicates a security level of a system constructed by said reception unit and the network, both of said transmission unit and said reception unit further comprise;
a first table which defines the data confidentiality level of the data to be transmitted, and the access privilege level and system security level of the recipient, and a second table which defines combinations of security process primitives and execution order thereof, in association with possible combinations of the data confidentiality level, the access privilege level, and system security level;
wherein said security processing means applies the security processes to the data to be transmitted to the recipient, according to one of the combinations of security process primitives and execution order thereof that is obtained from said second table, wherein said identification data attaching means attaches the identification data to the security-protected data to inform the reception unit of a sender name and a data name, wherein said identification data extracting means extracts the sender name and the data name from the received data, and wherein said unprotecting means obtains a combination of security process primitives and execution order of the security process primitives from said first and second table by using the extracted sender name and data name as keywords, and unprotects the data according to the obtained information.
-
-
15. A network system in which a sender transmits data to a recipient over a network after applying appropriate security processes to the data, the system comprising:
-
a transmission unit comprising;
security processing means for applying security processes to data that is to be transmitted to the recipient, the security processes being relevant to a data confidentiality level that is determined from data attribute information and communication environment, identification data attaching means for attaching identification data to the data to allow the recipient to identify the security processes that said security processing means has applied, and transmission means for transmitting the data over the network to the recipient, together with the identification data being attached thereto; and
a reception unit, coupled to said transmission unit via the network, comprising;
reception means for receiving the data that is sent over the network by said transmission unit, identification data extracting means for extracting the identification data that is attached to the data, and unprotecting means for unprotecting the data by using the identification data extracted by said identification data extracting means, wherein said security processing means executes the security processes, taking into account an access privilege level of the recipient, wherein said security processing means executes the security processes, taking into account a system security level that indicates a security level of a system constructed by said reception unit and the network, wherein said transmission unit and said reception unit share a first and second tables which are placed at a predetermined location on the network, wherein said first table defines the data confidentiality level of the data to be transmitted, and the access privilege level and system security level of the recipient, wherein said second table defines combinations of security process primitives and execution order thereof, in association with possible combinations of the data confidentiality level, the access privilege level, and system security level, wherein said security processing means applies the security processes to the data to be transmitted to the recipient, according to one of the combinations of security process primitives and execution order thereof that is obtained from said second table, wherein said identification data attaching means attaches the identification data to the security-protected data to inform the reception unit of a sender name and a data name, wherein said identification data extracting means extracts the sender name and the data name from the received data, and wherein said unprotecting means obtains a combination of security process primitives and execution order of the security process primitives from said first and second table by using the extracted sender name and data name as keywords, and unprotects the data according to the obtained information.
-
Specification