System and method for installing an auditable secure network
First Claim
1. A secure network of computer nodes, wherein substantially each node includes a separate encrypting means corresponding to each other node with which said node communicates, said secure network of computer nodes comprising:
- A. a first parent level monitor node;
B. a parent level hub node; and
C. a plurality of subnetworks, wherein each subnetwork includes;
i. a first child level hub node configured to selectively communicate with a second child level hub node via said parent level hub node; and
ii. a first child level monitor node, connected to said first parent level monitor node, and configured to selectively initiate termination of communications by said first child level hub node with said second child level hub node;
wherein said first parent level monitor node is configured to selectively initiate a coordinated strobing of the encrypting means of each of said first and second child level hub nodes.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for generating and remotely installing a private secure and auditable network is provided. Node identification, link, and application information is input into a template. A generator generates components using the information in the template and the components are remotely installed using an installation server. The components include agent modules which are each installed at predetermined target site and establish communication with the installation server to facilitate the download of other components, including application software and configuration files. Each node can only be installed once and is specific to a predetermined target site. For each link, a unique pair of keys is generated in a form which is not human readable, each key corresponds to a different direction of communication over the link. Data transmitted between nodes is encrypted using public-private key pairs. At least one monitor node manages the security of the network, strobes keys, and may take nodes out of the network in the event of a security violation. In such a case, one or more nodes, or the entire network, may be regenerated and installed anew. Throughout the generation and installation a plurality of verifications, authorizations, and password entries may be required by independent groups to arrive at the network. Preferably, the installation is audited by several groups, and the overall operation may be audited by a second monitor node to detect the presence of an interposed “pirate” node. In the case of a large network including a plurality of subnetworks having hub nodes, strobing between linked hub nodes may also be accomplished.
-
Citations
20 Claims
-
1. A secure network of computer nodes, wherein substantially each node includes a separate encrypting means corresponding to each other node with which said node communicates, said secure network of computer nodes comprising:
-
A. a first parent level monitor node;
B. a parent level hub node; and
C. a plurality of subnetworks, wherein each subnetwork includes;
i. a first child level hub node configured to selectively communicate with a second child level hub node via said parent level hub node; and
ii. a first child level monitor node, connected to said first parent level monitor node, and configured to selectively initiate termination of communications by said first child level hub node with said second child level hub node;
wherein said first parent level monitor node is configured to selectively initiate a coordinated strobing of the encrypting means of each of said first and second child level hub nodes. - View Dependent Claims (2, 3, 4, 5, 6, 7)
D. a second parent level monitor node; and
wherein each subnetwork further includes;
iii. a second child level monitor node, connected to said second parent level monitor node;
wherein said second parent level monitor node is configured to audit said strobing of the encrypting means of each of said first and second child level hub nodes.
-
-
3. A secure network of computer nodes according to claim 2 wherein said second parent level monitor node is further configured to declare a security violation as a function of a comparison of data indicative of said first child level hub node encryption means and said second child level hub node encryption means.
-
4. A secure network of computer nodes according to claim 1, wherein each of said subnetworks further includes:
iii. a set of applications nodes.
-
5. A secure network of computer nodes according to claim 4, wherein said secure network is a financial services network and a plurality of said application nodes manipulates, exchanges, or stores financial data.
-
6. A secure network of computer nodes according to claim 1, wherein at least two subnetworks communicate via the Internet.
-
7. A secure network of computer nodes according to claim 1, wherein at least two subnetworks communicate via a private network.
-
8. A secure financial services network configured for custody and exchange of financial data, said network including a plurality of nodes, wherein substantially each node includes a separate encrypting means corresponding to each other node with which said node communicates, said financial services secure network comprising:
-
A. a first parent level monitor node;
B. a parent level hub node; and
C. a plurality of subnetworks, wherein each subnetwork includes;
i. a first child level hub node configured to selectively communicate with a second child level hub node via said parent level hub node;
ii. a first child level monitor node, connected to said first parent level monitor node, and configured to selectively initiate termination of communications by said first child level hub node with said second child level hub node; and
iii. a set of financial application nodes, wherein each financial application node is configured to communicate with others of said plurality of nodes via said first child level hub node;
wherein said first parent level monitor node is configured to selectively initiate a coordinated strobing of the encrypting means of each of said first and second child level hub nodes. - View Dependent Claims (9, 10, 11)
D. a second parent level monitor node; and
wherein each subnetwork further includes;
iv. a second child level monitor node, connected to said second parent level monitor node;
wherein said second parent level monitor node is configured to audit the strobing of the encrypting means of each of said first and second child level hub nodes.
-
-
10. A secure financial services network according to claim 9 wherein said second parent level monitor node is further configured to declare a security violation as a function of a comparison of data indicative of said first child level hub node encryption means and said second child level hub node encryption means.
-
11. A secure financial services network according to claim 9 wherein said plurality of nodes communicate over the Internet or a private intranet or wide area network.
-
12. A method for securing a network of computer nodes, wherein said network of computer nodes includes a first parent level node, a parent level hub node, and a plurality of subnetworks, each subnetwork having a child level monitor node and a child level hub node configured to communicate with another child level hub node via said parent hub node, and wherein substantially each node includes a separate encrypting means corresponding to each other of said nodes with which it communicates, said method for securing a network of computer nodes comprising the steps of:
-
A. designating, by said first parent level monitor node, a first and a second child level hub node to strobe;
B. terminating strobing by a first child level monitor node, corresponding to said first child level monitor node;
C. terminating strobing by a second child level monitor node, corresponding to said second child level monitor node;
D. terminating data transmission by each of said first and second child level hub nodes;
E. strobing a first encrypting means of said first child level hub node and a second encrypting means of said second child level hub node, wherein said first and second encrypting means are used for securing data transmission between said first and second child level hub nodes;
F. resuming strobing by said first and second child level monitor nodes and data transmission by said first and second child level hub nodes. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20)
i. instructing said first child level monitor node to stop strobing;
ii. terminating strobing by said first child level monitor node; and
iii. informing said first parent level monitor node that strobing has stopped.
-
-
14. A method for securing a network of computer nodes according to claim 12 wherein step C includes the steps of:
-
i. instructing said second child level monitor node to stop strobing;
ii. terminating strobing by said second child level monitor node; and
iii. informing said first parent level monitor node that strobing has stopped.
-
-
15. A method for securing a network of computer nodes according to claim 12 wherein step D includes the steps of:
-
i. instructing each of said first and second child level hub nodes to stop transmitting data;
ii. terminating data transmission by each of said first and second child level hub nodes; and
iii. informing said first parent level monitor node that data transmission has stopped.
-
-
16. A method for securing a network of computer nodes according to claim 12 wherein step E includes the steps of:
-
i. instructing each of said child level hub nodes to strobe their encrypting means;
ii. strobing said encrypting means by each of first and second child level hub nodes; and
iii. informing said first parent level monitor node that strobing has completed.
-
-
17. A method for securing a network of computer nodes according to claim 12, wherein the secure network of computer nodes further includes a second parent level monitor node and each of a plurality of said subnetworks further includes a second child level monitor node, connected to said second parent level monitor node, said method further including the step of:
G. auditing said strobing of said encrypting means by each of said first and second child level hub nodes.
-
18. A method for securing a network of computer nodes according to claim 17, wherein step G includes the steps of:
-
i. sending a first data indicative of said first encrypting means to said second parent level monitor node;
ii. sending a second data indicative of said second encrypting means to said second parent level monitor node;
iii. comparing said first and second data; and
iv. declaring a security violation in response to an unfavorable comparison of said first and second data.
-
-
19. A method for securing a network of computer nodes according to claim 12, wherein said network is a financial services network and a plurality of said subnetworks include a set of applications nodes configured to manipulate, exchange, or store financial data.
-
20. A method for securing a network of computer nodes according to claim 12, wherein at least two subnetworks communicate via the Internet or a private intranet or wide area network.
Specification