System for secure computing using defense-in-depth architecture
First Claim
Patent Images
1. A system for secure computing by a user at a client communication network communicating with at least one of a plurality of remote data centers respectively coupled to a corresponding one of a plurality of data center communication networks, the system comprising:
- a defense-in-depth architecture, including;
at least one client computing device providing a local user interface on the client communication network to said at least one of the plurality of remote data centers;
said at least one client computing device being adapted for;
executing on a local processor and in a local memory thereof an embedded operating system and an embedded set of computer applications,prohibiting local execution of any computer applications other than said embedded operating system and said embedded set of computer applications,prohibiting persistent storage in said local memory of any user data and of any data produced by said embedded set of computer applications, andprohibiting alteration of any operating parameters of said embedded operating system;
public key infrastructure means for authenticating identities of the user and of said at least one client computing device to a remote data center to which access by the user is requested, said public key infrastructure means including;
a client domain services system coupled to said client communication network to receive the identity of said at least one client computing device inalterably stored thereon and to authenticate said at least one client computing device to said client communication network upon successful authentication of said identity of said at least one client computing device, said client domain services system being prevented from remote access by entities outside said client communication network, said access to said remote data center being granted only upon successful authentication of said both identities of the user and said at least one client computing device;
virtual private networking means for;
establishing a virtual private network between said at least one client computing device and one of the plurality of data center communication networks only upon said successful authentication to a corresponding one of the at least one of the plurality of remote data centers coupled thereto;
conducting network data packets respectively between said at least one client computing device and a corresponding one of the plurality of data center communication networks respectively over a corresponding one of a plurality of said virtual private networks; and
encrypting said network data packets via a predetermined encryption algorithm; and
server-based computing means for;
remotely executing computer applications at said at least one of the plurality of remote data centers; and
transmitting execution status of, and receiving user input to, said computer applications via said local user interface, said execution status being transmitted, and said user input being received, only over said corresponding one of said plurality of virtual private networks.
1 Assignment
0 Petitions
Accused Products
Abstract
A secure computing system is provided which utilizes a unique combination of Public Key Infrastructure (PKI), Virtual Private Networking (VPN), and server-based computing on thin client devices. The combination of technology and components provide secure computing through Defense-in-Depth using commercial off-the-shelf components.
-
Citations
50 Claims
-
1. A system for secure computing by a user at a client communication network communicating with at least one of a plurality of remote data centers respectively coupled to a corresponding one of a plurality of data center communication networks, the system comprising:
-
a defense-in-depth architecture, including; at least one client computing device providing a local user interface on the client communication network to said at least one of the plurality of remote data centers; said at least one client computing device being adapted for; executing on a local processor and in a local memory thereof an embedded operating system and an embedded set of computer applications, prohibiting local execution of any computer applications other than said embedded operating system and said embedded set of computer applications, prohibiting persistent storage in said local memory of any user data and of any data produced by said embedded set of computer applications, and prohibiting alteration of any operating parameters of said embedded operating system; public key infrastructure means for authenticating identities of the user and of said at least one client computing device to a remote data center to which access by the user is requested, said public key infrastructure means including; a client domain services system coupled to said client communication network to receive the identity of said at least one client computing device inalterably stored thereon and to authenticate said at least one client computing device to said client communication network upon successful authentication of said identity of said at least one client computing device, said client domain services system being prevented from remote access by entities outside said client communication network, said access to said remote data center being granted only upon successful authentication of said both identities of the user and said at least one client computing device; virtual private networking means for; establishing a virtual private network between said at least one client computing device and one of the plurality of data center communication networks only upon said successful authentication to a corresponding one of the at least one of the plurality of remote data centers coupled thereto; conducting network data packets respectively between said at least one client computing device and a corresponding one of the plurality of data center communication networks respectively over a corresponding one of a plurality of said virtual private networks; and encrypting said network data packets via a predetermined encryption algorithm; and server-based computing means for; remotely executing computer applications at said at least one of the plurality of remote data centers; and transmitting execution status of, and receiving user input to, said computer applications via said local user interface, said execution status being transmitted, and said user input being received, only over said corresponding one of said plurality of virtual private networks. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A system for secure computing between a user and at least one remote communication network, comprising:
-
a defense-in-depth architecture, including; a user identification carrier for inalterably storing a set of user credentials; a client domain network including; a client computing device for providing to the user an interface to the secure computing system, said client computing device including; a microprocessor, a network interface circuit and local internal memory; a set of machine credentials inalterably stored in said local internal memory; an identification reader for retrieving said set of user credentials from said user identification carrier; a client domain services system coupled to said client computing device to receive said set of machine credentials therefrom and to authenticate said at least one client computing device to said client domain network upon successful authentication of said set of machine credentials, said client domain services system being prevented from remote access by entities outside said client domain network, an embedded operating system inalterably stored in said local internal memory, said operating system including a set of operating parameters and prohibiting user access to said local internal memory by at least one of said operating parameters, wherein said client computing device is adapted to prohibit alteration of said set of operating parameters by the user; at least one virtual private network client executable on said embedded operating system, each of said at least one virtual private network client transmitting network traffic to, and receiving network traffic from, a corresponding one of the at least one remote communication network over a corresponding virtual private network; and at least one application service client executable on said embedded operating system, said application service client providing a user interface to a remotely executed computer application; and a perimeter network interposed between said client domain network and the at least one remote communication network, said perimeter network configured to allow transmission of only network traffic of a predetermined type and prohibiting transmission of any network traffic bound to one of the at least one remote communication network directly from any other one of the at least one remote communication network; a virtual private network gateway server installed on each of the at least one remote communication network for providing a terminus to said virtual private network corresponding therewith; a server domain control server installed on each of the at least one remote communication network for controlling access thereto in accordance with a combination of both a first subset of said set of user credentials and a first subset of said set of machine credentials, said server domain control server being adapted to prohibit successful authentication of said client computing device to said at least one remote communication network if said client computing device is not authenticated by said client domain services system to said client domain network; a directory server installed on each of the at least one remote communication networks and accessible to the user only through said virtual private network gateway server for providing remote storage of user data; and an application server installed on each of the at least one remote communication network and accessible to the user only through said virtual private network gateway server for executing thereon user computer applications, for providing remote storage of said user computer applications and for transmitting user interface data to, and receiving user input from, a corresponding one of said at least one application service client. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A system for secure computing between a user and a plurality of remote server networks, each of the plurality of remote server networks respectively assigned a corresponding security access level and the user assigned a set of access permissions corresponding to each of the plurality of remote server networks, the system comprising:
-
a defense-in-depth architecture, including; a plurality of user identification cards, each of said plurality of user identification cards having respectively stored thereon an inalterable set of user credentials, each of said set of user credentials including a server domain user certificate issued from a corresponding one of the plurality of remote server networks and a user identifier; a client domain network including; a plurality of client computing devices for respectively providing to the user a corresponding interface to the secure computing system, each of said client computing devices including; a microprocessor, a network interface circuit and local internal memory; a set of machine credentials inalterably stored in said local internal memory, said set of machine credentials including a client domain machine certificate from said client domain network and a corresponding server domain machine certificate from each of the plurality of remote server networks to which said client computing device is allowed access; a plurality of identification readers for respectively retrieving said set of user credentials from a corresponding one of said plurality of user identification cards; a client domain services system coupled to said client computing device to receive said set of machine credentials therefrom and to authenticate said at least one client computing device to said client domain network upon successful authentication of said set of machine credentials, said client domain services system being prevented from remote access by entities outside said client domain network, wherein an access to said each remote server network is granted only upon successful authentication of both said set of machine credentials and set of user credentials; an embedded operating system inalterably stored in said local internal memory, said operating system including a set of operating parameters and prohibiting user access to said local internal memory by at least one of said operating parameters, wherein each of said plurality of client computing devices is adapted to prohibit alteration of said set of operating parameters by the user; a plurality of virtual private network clients executable on said embedded operating system, each of said virtual private network clients transmitting network traffic to, and receiving network traffic from, a corresponding one of the plurality of remote server networks over a corresponding virtual private network; a virtual machine monitor for creating a plurality of virtual machines executable on said embedded operating system, each of said plurality of virtual machines executing an application service session with a corresponding one of the plurality of remote server networks over said corresponding virtual private network, said application service session providing a user interface to a set of remotely executed computer applications located on said corresponding one of the plurality of remote server networks, access to said set of remotely executed computer applications being controlled in accordance with the set of access permissions assigned to the user for the corresponding one of the plurality of remote server networks, said virtual machine monitor adapted to allocate memory from said local internal memory through said embedded operating system for executing therein a corresponding one of said plurality of virtual machines, said allocated memory being isolated from memory allocated to any other one of said plurality of virtual machines; and a plurality of application service clients respectively executable on one of said plurality of virtual machines, each of said application service clients executing said corresponding application service session; and a perimeter network interposed between said client domain network and the plurality of remote server networks, said perimeter network configured to allow transmission of only network traffic of a predetermined type and prohibiting transmission of any network traffic bound to one of the plurality of remote server networks directly from any other one of the plurality of remote server networks; a virtual private network gateway server respectively installed on each of the plurality of remote server networks for providing a terminus to said virtual private network corresponding therewith; a server domain control server respectively installed on each of the plurality of remote communication networks for controlling access thereto in accordance with a combination of a corresponding server domain user certificate and a corresponding server domain machine certificate, said server domain control server being adapted to prohibit successful authentication of said client computing device to said at least one remote communication network if said client computing device is not authenticated by said client domain services system to said client domain network; a directory server respectively installed on each of the plurality of remote server networks for providing remote storage user data, said user data accessible to the user in accordance with the set of access permissions assigned to the user for the corresponding one of the plurality of remote server networks, said directory server accessible to the user only through said virtual private network gateway server; and an application server installed on each of the plurality of remote communication networks for executing thereon user computer applications and for transmitting user interface data to, and receiving user input from, a corresponding one of said at least one application service client, said application server accessible to the user only through said virtual private network gateway server. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
-
Specification