Scaleable muti-level security method in object oriented open network systems

US 7,047,425 B2
Filed: 07/19/2002
Issued: 05/16/2006
Est. Priority Date: 07/19/2002
Status: Active Grant

First Claim

Patent Images

1. A method for securely transferring data between applications over a network comprising:

selecting a receive site address on a server from a site receive list;

defining a data payload for transmittal including data for transfer;

encrypting the data payload; and

transmitting the encrypted data payload from a send site address selected from a send site list over a network to the receive site address; and

receiving the data payload at the receive site address based upon its transmission from the send site.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided for securely transferring data between applications over a network. According to one embodiment, a receive site address on a server is selected based on a first IP address/object filter table and a desired security level. A data payload for transmittal is defined the data payload is encrypted for transfer and the encrypted data payload is transmitted from a send site address over a network to the receive site address. The transmitted encrypted data is only received at the receive site address by decrypting the data payload and accepting the data based upon a second IP filter table and the address of the send site.

11 Citations

View as Search Results

23 Claims

1. A method for securely transferring data between applications over a network comprising:
- selecting a receive site address on a server from a site receive list;
  
  defining a data payload for transmittal including data for transfer;
  
  encrypting the data payload; and
  
  transmitting the encrypted data payload from a send site address selected from a send site list over a network to the receive site address; and
  
  receiving the data payload at the receive site address based upon its transmission from the send site.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein each of the send site list and the receive site lists are based upon a first IP address/object filter table and a desired security level that is selected from the first IP address/object filter table.
  - 3. The method of claim 2, further comprising:
    - receiving the transmitted encrypted data payload over the network at the receive site address;
      
      decrypting the data payload; and
      
      accepting the data based upon a second IP address/object filter table and the send site address.
  - 4. The method of claim 1, wherein the data payload includes a data payload header comprising:
    - the system receive site address;
      
      a send object name;
      
      a receive object name; and
      
      receive object parameters.
  - 5. The method of claim 4, wherein the receiving includes separately decrypting the data payload header.
  - 6. The method of claim 5, wherein decrypting the data payload header includes accepting the data payload for decryption based upon anticipated values contained in the data payload header.
  - 7. The method of claim 1, wherein either the first or second IP address/object filter tables are changed periodically.
  - 8. The method of claim 1, wherein data is selected for secure transfer according to the predetermined security level.

9. A software product in an object-oriented networked system for secure transfer of data, the software product comprising:
- a first executable wrapper to wrap a first software application including;
  
  a first program code for accepting data at a send site from the first software application;
  
  a second program code for selecting a receive site on a network from a first filter table based upon a predetermined level security selected from the first filter table;
  
  a third program code for encrypting the accepted data from the first software application; and
  
  a fourth program code for transmitting data from the send site to the selected receive sight; and
  
  a second executable wrapper to wrap a second software application, the second executable wrapper including;
  
  a fifth program code for accepting transmitted data from the network at a selected receive site;
  
  a sixth program code for decrypting accepted data from the network;
  
  a seventh program code for accepting the decrypted data based upon the send site and a second filter table; and
  
  an eighth program code for providing decrypted data to the second software application.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The software product of claim 9, wherein the second program code assembles the accepted data into a data payload including a data payload header.
  - 11. The software product of claim 10, wherein the data payload header includes:
    - the receive site address;
      
      a send object name;
      
      a receive object name; and
      
      receive object parameters.
  - 12. The software product of claim 11, wherein the seventh program code includes the data payload header.
  - 13. The software product of claim 12, wherein the sixth program code decrypts the data payload header by accepting data based upon anticipated values contained within the data payload header.
  - 14. The software product of claim 9, wherein the first and second filter tables are changed periodically.
  - 15. The software product of claim 9, wherein data is selected for secure transfer according to the desired security level.

16. A system for transmitting data objects across a network of computers comprising:
- a network of computers, including at least one server and at least one of client computers;
  
  a send addressable memory site within the network;
  
  a receive addressable memory site within the network;
  
  a first set of executable data located at a first addressable memory site within the network including;
  
  a first program code for selecting the receive memory site from a first filter table based upon a desired level of security selected from the first filter table;
  
  a second program code for encrypting a data payload including data for transmittal; and
  
  a third program code for transmitting the data payload from the send memory site to the receive memory site;
  
  a second set of executable data located at the receive memory site, the second set of executable data including;
  
  a fourth program code for accepting the transmitted data payload;
  
  a fifth program code for decrypting the accepted data payload; and
  
  a sixth program code for accepting the decrypted data payload based upon the send memory site and a second filter table.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The system of claim 16, wherein the data payload further includes a data payload header.
  - 18. The system of claim 16, wherein the data payload header includes:
    - the receive site address;
      
      a send object name;
      
      a receive object name; and
      
      receive object parameters.
  - 19. The system of claim 16, wherein the fifth program code further decrypts the data payload header.
  - 20. The system of claim 16, wherein decrypting the data payload header includes accepting data based upon the anticipated value of the data payload header.
  - 21. The system of claim 16, wherein the first and second filter tables are changed periodically.
  - 22. The system of claim 16, wherein the client is an unmanned combat air vehicle.
  - 23. The system of claim 16, wherein the client is a personal digital assistant.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Dubuque, Mark W.
Primary Examiner(s)
Smithers, Matthew
Assistant Examiner(s)
Fields, Courtney D.

Application Number

US10/198,862
Publication Number

US 20040015720A1
Time in Patent Office

1,397 Days
Field of Search

713200-202, 713/168, 713/155, 713/160, 713/161, 709/225, 709/227, 709/229
US Class Current

713/161
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/104 Grouping of entities

Scaleable muti-level security method in object oriented open network systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Scaleable muti-level security method in object oriented open network systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others