Method and system for establishing a security perimeter in computer networks
First Claim
1. A multi-level network security system for a computer device coupled to at least one computer network, comprising:
- a first secure network interface unit (SNIU), said first SNIU communicating with other like SNIU devices on a network, wherein components of said network may be individually secure or non-secure, the first SNIU comprising;
a first network interface for receiving first messages sent between a first computer device and said network, said first network interface configured to convert said received first messages to and from a format utilized by said network;
a first message parser configured to determine whether a first association exists between the first SNIU and another SNIU device;
a first session manager coupled to said first network interface and configured to request access to and transmit said first messages to said network, when said first message parser determines said first association exists; and
a first association manager coupled to said first network interface for establishing an association with other like SNIU devices when said first message parser determines said first association does not exist; and
a second SNIU comprising;
a second network interface for receiving second messages sent between a second computer device and said network, said second network interface configured to convert said received second messages to and from a format utilized by said network;
a second message parser configured to determine whether a second association exists between the second SNIU and another SNIU device;
a second session manager coupled to said second network interface and configured to request access to and transmit said second messages to said network, when said second message parser determines said second association exists; and
a second association manager coupled to said second network interface for establishing an association with other like SNIU devices when said second message parser determines said second association does not exist.
2 Assignments
0 Petitions
Accused Products
Abstract
A multi-level network security system is disclosed for a computer host device coupled to at least one computer network. The system including a secure network interface Unit (SNIU) contained within a communications stack of the computer device that operates at a user layer communications protocol. The SNIU communicates with other like SNIU devices on the network by establishing an association, thereby creating a global security perimeter for end-to-end communications and wherein the network may be individually secure or non-secure without compromising security of communications within the global security perimeter. The SNIU includes a host/network interface for receiving messages sent between the computer device and network. The interface operative to convert the received messages to and from a format utilized by the network. A message parser for determining whether the association already exists with another SNIU device. A session manager coupled to said network interface for identifying and verifying the computer device requesting access to said network. The session manager also for transmitting messages received from the computer device when the message parser determines the association already exists. An association manager coupled to the host/network interface for establishing an association with other like SNIU devices when the message parser determines the association does not exist.
171 Citations
26 Claims
-
1. A multi-level network security system for a computer device coupled to at least one computer network, comprising:
-
a first secure network interface unit (SNIU), said first SNIU communicating with other like SNIU devices on a network, wherein components of said network may be individually secure or non-secure, the first SNIU comprising;
a first network interface for receiving first messages sent between a first computer device and said network, said first network interface configured to convert said received first messages to and from a format utilized by said network;
a first message parser configured to determine whether a first association exists between the first SNIU and another SNIU device;
a first session manager coupled to said first network interface and configured to request access to and transmit said first messages to said network, when said first message parser determines said first association exists; and
a first association manager coupled to said first network interface for establishing an association with other like SNIU devices when said first message parser determines said first association does not exist; and
a second SNIU comprising;
a second network interface for receiving second messages sent between a second computer device and said network, said second network interface configured to convert said received second messages to and from a format utilized by said network;
a second message parser configured to determine whether a second association exists between the second SNIU and another SNIU device;
a second session manager coupled to said second network interface and configured to request access to and transmit said second messages to said network, when said second message parser determines said second association exists; and
a second association manager coupled to said second network interface for establishing an association with other like SNIU devices when said second message parser determines said second association does not exist. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method of providing a multi-level network security system for a computer device coupled to at least one computer network, comprising:
-
placing a first secure network interface Unit (SNIU) within a communications stack of said computer device, said first SNIU communicating with other like SNIU devices on said network by establishing an association, wherein components of said network may be individually secure or non-secure, and whenever said first SNIU is configured to perform a plurality of security functions including;
receiving said messages sent between said computer device and said network;
converting said received messages to and from a format utilized by said network;
identifying and verifying said computer device requesting access to said network;
determining whether said association exists with another SNIU device;
transmitting said messages received from said computer device when said association exists; and
establishing an association with other like SNIU devices when said association does not exist. - View Dependent Claims (12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A multi-level network security system for a computer device coupled to at least one computer network, comprising:
-
means for placing a first secure network interface Unit (SNIU) within a communications stack of said computer device, said first SNIU communicating with other like SNIU devices on said network by establishing an association, wherein components of said network may be individually secure or non-secure, said first SNIU configured to perform a plurality of security functions and comprising;
means for receiving said messages sent between said computer device and said network;
means for converting said received messages to and from a format utilized by said network;
means for identifying and verifying said computer device requesting access to said network;
means for determining whether said association exists with another SNIU device;
means for transmitting said messages received from said computer device when said association exists; and
means for establishing an association with other like SNIU devices when said association does not exist. - View Dependent Claims (22, 23, 24, 25)
-
-
26. A multi-level network security system for a computer device coupled to at least one computer network, comprising:
-
a first secure network interface unit (SNIU) contained within a communications stack between a Network layer and a Data Link layer, said first SNIU communicating with other like SNIU devices on a network, wherein components of said network may be individually secure or non-secure, comprising;
a network interface for receiving messages sent between a computer device and said network, said network interface configured to convert said received messages to and from a format utilized by said network;
a message parser configured to determine whether an association exists between the first SNIU and another SNIU device;
a session manager coupled to said network interface and configured to request access to and transmit said messages to said network, when said message parser determines said association exists; and
an association manager coupled to said network interface for establishing an association with other like SNIU devices when said message parser determines said association does not exist.
-
Specification