Management of trusted flow system
DCFirst Claim
1. A system for validating proper execution of software modules on a computing subsystem at a remote location, the system comprising:
- means for validating proper execution of respective software modules via messages that flow from a respective remote location via a flow of communication of security tags, the means for validating further comprising at least one a trusted flow generator (TFG) subsystem, each comprising trusted software for executing on a first computing subsystem at a remote network location;
at least one validating location comprising a second computing subsystem executing trusted tag checker software to provide a trusted tag checker (TTC) subsystems;
wherein each of the respective TFG subsystems locally generates a sequence of security tags, responsive to compliance logic that generates a valid sequence of security taps responsive only to proper execution of each said respective software module;
a communications network for coupling the locally generated security tags, between the TFG subsystems, and the respective TTC subsystems;
wherein the TFG subsystems is comprised of logic providing for execution of the respective software modules responsive to rules of transmission and for generating the sequence of the security tags;
wherein the TTC subsystem provides logic operating on the second computing subsystem providing for locally providing its own sequence of security tags on the TTC subsystem; and
wherein the TTC subsystem thereafter provides for validating proper execution of the respective software modules responsive to comparing the sequence of locally provided security tags as against the sequence of security tags generated by the respective TFG subsystem at the respective remote node location, wherein the TTC subsystem validates proper execution, without variation, of the respective software modules at the respective remote node location, responsive to the comparing.
3 Assignments
Litigations
0 Petitions
Accused Products
Abstract
This invention discloses a method and system for detecting and reacting to unexpected communications patterns. The system consists of a plurality of end stations and a plurality of network interfaces, such that, the network interface is capable of determining the authenticity of the program used by the end station to generate and send data packets. The system further consists of a plurality of secure management servers, which continuously exchange management messages with the network interfaces. Consequently, the secure management servers have the information for detecting unexpected communications patterns. The method allows the control of end stations, and when an unexpected communication pattern is detected, selectively only packets from authenticated programs can be allowed to be transmitted.
29 Citations
85 Claims
-
1. A system for validating proper execution of software modules on a computing subsystem at a remote location, the system comprising:
-
means for validating proper execution of respective software modules via messages that flow from a respective remote location via a flow of communication of security tags, the means for validating further comprising at least one a trusted flow generator (TFG) subsystem, each comprising trusted software for executing on a first computing subsystem at a remote network location; at least one validating location comprising a second computing subsystem executing trusted tag checker software to provide a trusted tag checker (TTC) subsystems; wherein each of the respective TFG subsystems locally generates a sequence of security tags, responsive to compliance logic that generates a valid sequence of security taps responsive only to proper execution of each said respective software module; a communications network for coupling the locally generated security tags, between the TFG subsystems, and the respective TTC subsystems; wherein the TFG subsystems is comprised of logic providing for execution of the respective software modules responsive to rules of transmission and for generating the sequence of the security tags; wherein the TTC subsystem provides logic operating on the second computing subsystem providing for locally providing its own sequence of security tags on the TTC subsystem; and wherein the TTC subsystem thereafter provides for validating proper execution of the respective software modules responsive to comparing the sequence of locally provided security tags as against the sequence of security tags generated by the respective TFG subsystem at the respective remote node location, wherein the TTC subsystem validates proper execution, without variation, of the respective software modules at the respective remote node location, responsive to the comparing. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
-
44. A method for validating proper execution of software modules at a remote location, the method comprising:
-
executing trusted software on a first computing subsystem providing a TFG subsystem, at a remote node location; generating a sequence of security tags, responsive to compliance logic that generates a valid sequence of security tags responsive only to proper execution of each said respective software module; validating the execution of respective software modules, from said remote node location, at said at least one validating location, each said validating location comprised of trusted tag checker software executing on a second computing subsystem to provide a trusted tag checker (TTC) subsystem; providing for execution of the respective software modules on the TFG subsystem, responsive to rules of transmission for generating a respective sequence of security tags; and coupling the respective sequence of security tags generated by the TFG subsystem to the trusted tag checker (TTC) subsystem; locally providing from each said respective TTC subsystem, a TTC sequence of security tags associated with proper execution of the respective software modules responsive to rules of transmission for generating the sequence of security tags; and validating at the TTC subsystem, proper execution without variation of the respective software modules at the respective remote node location, responsive to validating the TTC sequence of security tags provided by the TTC subsystem relative to the sequence of security tags generated by the TFG subsystem. - View Dependent Claims (45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85)
-
Specification