System and method for providing secure internetwork services via an assured pipeline
First Claim
1. A system for transferring data between a workstation connected to an internal network and a remote computer connected to an external network, the system comprising:
- an internal network interface connected to the internal network;
an external network interface connected to the external network, wherein the external network interface includes means for encrypting data to be transferred from the workstation to the remote computer; and
means for establishing an assured pipeline between said internal network interface and said external network interface.
6 Assignments
0 Petitions
Accused Products
Abstract
A system and method for the secure transfer of data between a workstation connected to a private network and a remote computer connected to an unsecured network. A secure computer is inserted into the private network to serve as the gateway to the unsecured network and a client subsystem is added to the workstation in order to control the transfer of data from the workstation to the secure computer. The secure computer includes a private network interface connected to the private network, an unsecured network interface connected to the unsecured network, wherein the unsecured network interface includes means for encrypting data to be transferred from the first workstation to the remote computer and a server function for transferring data between the private network interface and the unsecured network interface.
-
Citations
6 Claims
-
1. A system for transferring data between a workstation connected to an internal network and a remote computer connected to an external network, the system comprising:
-
an internal network interface connected to the internal network;
an external network interface connected to the external network, wherein the external network interface includes means for encrypting data to be transferred from the workstation to the remote computer; and
means for establishing an assured pipeline between said internal network interface and said external network interface.
-
-
2. A data transfer system, comprising:
-
a workstation connected to an internal network;
an external network; and
a gateway, including;
an internal network interface connected to the internal network;
an external network interface connected to the external network, wherein the external network interface includes means for encrypting data to be transferred from the workstation to the remote computer; and
means for establishing an assured pipeline between said internal network interface and said external network interface. - View Dependent Claims (3, 4, 5)
means for selectively filtering messages received from the internal network according to a first predefined criteria; and
means for selectively filtering data received from the external network according to a second predefined criteria.
-
-
6. A method of transferring data between a first and a second network connected by an external network, wherein the first network comprises a first workstation connected to a first server and wherein the second network comprises a second workstation connected to a second server, wherein the first server comprises a trusted subsystem, the method comprising the steps of:
-
establishing an authenticated and protected interaction between the first workstation and the first server;
establishing, via the trusted subsystem, an assured pipeline between processes operating on said first network and processes operating on said external network;
sending data from the first workstation to the first secure computer server;
passing the data received from the first workstation through the assured pipeline to the external network; and
sending the data over the external network to the second secure computer server.
-
Specification
-
- Resources
-
Current AssigneeMcAfee, LLC
-
Original AssigneeSecure Computing Corporation (McAfee, LLC)
-
InventorsRogers, Clyde O., Hammond, Scott W., Gooderum, Mark P., Andreas, Glenn, Boebert, William E.
-
Primary Examiner(s)Luu, Le Hien
-
Application NumberUS09/221,665Time in Patent Office2,050 DaysField of Search713/153, 713/201, 713/161, 713/162, 713/15, 713/152, 713/164, 380/44, 709/229US Class Current713/153CPC Class CodesG06F 21/53 by executing in a restricte...G06F 21/57 Certifying or maintaining t...G06F 21/606 by securing the transmissio...H04L 63/02 for separating internal fro...H04L 63/0227 Filtering policies mail mes...H04L 63/04 for providing a confidentia...H04L 63/0428 wherein the data content is...H04L 63/06 for supporting key manageme...H04L 63/08 for authentication of entit...H04L 63/0823 using certificates cryptogr...H04L 9/40 Network security protocols
