System for secure computing using defense-in-depth architecture

US 7,428,754 B2
Filed: 08/17/2004
Issued: 09/23/2008
Est. Priority Date: 08/17/2004
Status: Active Grant

First Claim

Patent Images

1. A system for secure computing by a user at a client communication network communicating with at least one of a plurality of remote data centers respectively coupled to a corresponding one of a plurality of data center communication networks, the system comprising:

a defense-in-depth architecture, including;

at least one client computing device providing a local user interface on the client communication network to said at least one of the plurality of remote data centers;

said at least one client computing device being adapted for;

executing on a local processor and in a local memory thereof an embedded operating system and an embedded set of computer applications,prohibiting local execution of any computer applications other than said embedded operating system and said embedded set of computer applications,prohibiting persistent storage in said local memory of any user data and of any data produced by said embedded set of computer applications, andprohibiting alteration of any operating parameters of said embedded operating system;

public key infrastructure means for authenticating identities of the user and of said at least one client computing device to a remote data center to which access by the user is requested, said public key infrastructure means including;

a client domain services system coupled to said client communication network to receive the identity of said at least one client computing device inalterably stored thereon and to authenticate said at least one client computing device to said client communication network upon successful authentication of said identity of said at least one client computing device, said client domain services system being prevented from remote access by entities outside said client communication network, said access to said remote data center being granted only upon successful authentication of said both identities of the user and said at least one client computing device;

virtual private networking means for;

establishing a virtual private network between said at least one client computing device and one of the plurality of data center communication networks only upon said successful authentication to a corresponding one of the at least one of the plurality of remote data centers coupled thereto;

conducting network data packets respectively between said at least one client computing device and a corresponding one of the plurality of data center communication networks respectively over a corresponding one of a plurality of said virtual private networks; and

encrypting said network data packets via a predetermined encryption algorithm; and

server-based computing means for;

remotely executing computer applications at said at least one of the plurality of remote data centers; and

transmitting execution status of, and receiving user input to, said computer applications via said local user interface, said execution status being transmitted, and said user input being received, only over said corresponding one of said plurality of virtual private networks.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure computing system is provided which utilizes a unique combination of Public Key Infrastructure (PKI), Virtual Private Networking (VPN), and server-based computing on thin client devices. The combination of technology and components provide secure computing through Defense-in-Depth using commercial off-the-shelf components.

107 Citations

View as Search Results

50 Claims

1. A system for secure computing by a user at a client communication network communicating with at least one of a plurality of remote data centers respectively coupled to a corresponding one of a plurality of data center communication networks, the system comprising:
- a defense-in-depth architecture, including;
  
  at least one client computing device providing a local user interface on the client communication network to said at least one of the plurality of remote data centers;
  
  said at least one client computing device being adapted for;
  
  executing on a local processor and in a local memory thereof an embedded operating system and an embedded set of computer applications,prohibiting local execution of any computer applications other than said embedded operating system and said embedded set of computer applications,prohibiting persistent storage in said local memory of any user data and of any data produced by said embedded set of computer applications, andprohibiting alteration of any operating parameters of said embedded operating system;
  
  public key infrastructure means for authenticating identities of the user and of said at least one client computing device to a remote data center to which access by the user is requested, said public key infrastructure means including;
  
  a client domain services system coupled to said client communication network to receive the identity of said at least one client computing device inalterably stored thereon and to authenticate said at least one client computing device to said client communication network upon successful authentication of said identity of said at least one client computing device, said client domain services system being prevented from remote access by entities outside said client communication network, said access to said remote data center being granted only upon successful authentication of said both identities of the user and said at least one client computing device;
  
  virtual private networking means for;
  
  establishing a virtual private network between said at least one client computing device and one of the plurality of data center communication networks only upon said successful authentication to a corresponding one of the at least one of the plurality of remote data centers coupled thereto;
  
  conducting network data packets respectively between said at least one client computing device and a corresponding one of the plurality of data center communication networks respectively over a corresponding one of a plurality of said virtual private networks; and
  
  encrypting said network data packets via a predetermined encryption algorithm; and
  
  server-based computing means for;
  
  remotely executing computer applications at said at least one of the plurality of remote data centers; and
  
  transmitting execution status of, and receiving user input to, said computer applications via said local user interface, said execution status being transmitted, and said user input being received, only over said corresponding one of said plurality of virtual private networks.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The system for secure computing as recited in claim 1, wherein said public key infrastructure means further includes another authentication system respectively coupled to each of the plurality of data center communication networks for respectively authenticating both said at least one client computing device and the user thereto.
  - 3. The system for secure computing as recited in claim 2, wherein said another authentication system is respectively adapted to prohibit said successful authentication to said corresponding data center communication network if said at least one client computing device is not authenticated by said client domain services system to said client communication network.
  - 4. The system for secure computing as recited in claim 2, wherein said another authentication system includes a certificate authority respectively associated with a corresponding one of the plurality of data center communication networks for respectively issuing a certificate on behalf thereof to corresponding one of the user and said at least one client computing device, said certificate providing proof of authenticity of said identities of the user and of said at least one client computing device, respectively, to said corresponding data center communication network.
  - 5. The system for secure computing as recited in claim 2, wherein said client domain services system includes a certificate authority associated with the client communication network for issuing a certificate on behalf thereof to said at least one client computing device, said certificate providing proof of authenticity of said identity of said at least one client computing device to said client communication network.
  - 6. The system for secure computing as recited in claim 1, wherein said embedded set of computer applications includes a virtual machine monitor application for establishing a virtual machine executed on said embedded operating system.
  - 7. The system for secure computing as recited in claim 6, wherein said embedded set of computer applications includes an application service client application for receiving said execution status from, and transmitting said user input to said server-based computing means.
  - 8. The system for secure computing as recited in claim 7, wherein said application service client application is executed on said virtual machine.
  - 9. The system for secure computing as recited in claim 1, wherein said data packets encrypted by said encryption means are further encapsulated in a data packet having an unencrypted packet header.
  - 10. The system for secure computing as recited in claim 9, wherein said virtual private networking means includes packet filter means for excluding from said private network traffic all of said data packets except said encapsulated data packets.
  - 11. The system for secure computing as recited in claim 10, wherein said virtual private networking means includes a gateway server means respectively coupled to each of said plurality of data center communication networks controlling access thereto via said virtual private network.
  - 12. The system for secure computing as recited in claim 11, wherein said packet filter means includes a filtering router coupled to said gateway server means of each of said plurality of data center communication networks.
  - 13. The system for secure computing as recited in claim 11, wherein said packet filter means includes a filtering router coupled to said client communication network.

14. A system for secure computing between a user and at least one remote communication network, comprising:
- a defense-in-depth architecture, including;
  
  a user identification carrier for inalterably storing a set of user credentials;
  
  a client domain network including;
  
  a client computing device for providing to the user an interface to the secure computing system, said client computing device including;
  
  a microprocessor, a network interface circuit and local internal memory;
  
  a set of machine credentials inalterably stored in said local internal memory;
  
  an identification reader for retrieving said set of user credentials from said user identification carrier;
  
  a client domain services system coupled to said client computing device to receive said set of machine credentials therefrom and to authenticate said at least one client computing device to said client domain network upon successful authentication of said set of machine credentials, said client domain services system being prevented from remote access by entities outside said client domain network,an embedded operating system inalterably stored in said local internal memory, said operating system including a set of operating parameters and prohibiting user access to said local internal memory by at least one of said operating parameters, wherein said client computing device is adapted to prohibit alteration of said set of operating parameters by the user;
  
  at least one virtual private network client executable on said embedded operating system, each of said at least one virtual private network client transmitting network traffic to, and receiving network traffic from, a corresponding one of the at least one remote communication network over a corresponding virtual private network; and
  
  at least one application service client executable on said embedded operating system, said application service client providing a user interface to a remotely executed computer application; and
  
  a perimeter network interposed between said client domain network and the at least one remote communication network, said perimeter network configured to allow transmission of only network traffic of a predetermined type and prohibiting transmission of any network traffic bound to one of the at least one remote communication network directly from any other one of the at least one remote communication network;
  
  a virtual private network gateway server installed on each of the at least one remote communication network for providing a terminus to said virtual private network corresponding therewith;
  
  a server domain control server installed on each of the at least one remote communication network for controlling access thereto in accordance with a combination of both a first subset of said set of user credentials and a first subset of said set of machine credentials, said server domain control server being adapted to prohibit successful authentication of said client computing device to said at least one remote communication network if said client computing device is not authenticated by said client domain services system to said client domain network;
  
  a directory server installed on each of the at least one remote communication networks and accessible to the user only through said virtual private network gateway server for providing remote storage of user data; and
  
  an application server installed on each of the at least one remote communication network and accessible to the user only through said virtual private network gateway server for executing thereon user computer applications, for providing remote storage of said user computer applications and for transmitting user interface data to, and receiving user input from, a corresponding one of said at least one application service client.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36)
- - 15. The system for secure computing as recited in claim 14, wherein said client domain network includes a certificate authority for issuing a client domain machine certificate to said client computing device.
  - 16. The system for secure computing as recited in claim 15, further comprising a certificate authority respectively installed on each of the at least one remote communication network for respectively issuing a corresponding server domain user certificate to the user and a corresponding server domain machine certificate to said client computing device.
  - 17. The system for secure computing as recited in claim 16, wherein said first subset of said set of user credentials includes said server domain user certificate and said first subset of said set of machine credentials includes said server domain machine certificate.
  - 18. The system for secure computing as recited in claim 17, wherein said user identification carrier includes a plurality of memory devices, each of said plurality of memory devices inalterably storing thereon a second subset of said set of user credentials, each of said second subset of user credentials including a user identifier and said server domain user certificate.
  - 19. The system for secure computing as recited in claim 18, wherein said user identifier is a personal identification number.
  - 20. The system for secure computing as recited in claim 18, wherein said user identifier is user biometric data.
  - 21. The system for secure computing as recited in claim 20, wherein said user biometric data is user fingerprint data.
  - 22. The system for secure computing as recited in claim 20, wherein said user biometric data is user retinal scan data.
  - 23. The system for secure computing as recited in claim 18, wherein each of said plurality of memory devices is respectively installed in a separate memory housing.
  - 24. The system for secure computing as recited in claim 23, wherein said memory housing is a smart card.
  - 25. The system for secure computing as recited in claim 14, wherein said server domain control server includes a group policy regulator for restricting access by the user to a distributed user storage volume on the at least one remote communication network, said distributed user storage volume containing user data.
  - 26. The system for secure computing as recited in claim 25, wherein said group policy regulator further restricts storage of said user data to only said remote storage on said directory server.
  - 27. The system for secure computing as recited in claim 26, wherein said group policy regulator further prohibits logical mapping of any non-volatile memory into said user storage volume.
  - 28. The system for secure computing as recited in claim 14, wherein said client computing device further includes at least one virtual machine manager for creating at least one virtual machine executable on said embedded operating system, said at least one application service client being executed on a corresponding one of said at least one virtual machine.
  - 29. The system for secure computing as recited in claim 28, wherein each of said at least one virtual machine manager is adapted to allocate memory from said local internal memory through said embedded operating system for executing therein a corresponding one of said at least one virtual machine, said allocated memory being isolated from memory allocated to any other one of said at least one virtual machine.
  - 30. The system for secure computing as recited in claim 29, wherein each of said at least one virtual machine manager is adapted to prevent data transfer to said allocated memory from said memory allocated to any other one of said at least one virtual machine.
  - 31. The system for secure computing as recited in claim 29, wherein said at least one virtual machine manager is adapted to erase said allocated memory upon said user identification carrier being de-coupled from said identification reader.
  - 32. The system for secure computing as recited in claim 14, wherein said client domain network further includes a client domain filtering router for allowing transmission of:
    - i) only network traffic of said predetermined type; and
      
      ii) only network traffic either;
      
      a) originating from said client domain network and directed toward said perimeter network;
      
      orb) originating from said perimeter network and directed toward said client domain network.
  - 33. The system for secure computing as recited in claim 14, wherein communication between said client computing device and said client domain control server is conducted in accordance with a secure network protocol.
  - 34. The system for secure computing as recited in claim 33, where said secure network protocol is Internet Protocol Security (IPSec).
  - 35. The system for secure computing as recited in claim 14, wherein said virtual private network is operated under Layer Two Tunneling Protocol.
  - 36. The system for secure computing as recited in claim 35, wherein network traffic over said virtual private network is encrypted in accordance with Advanced Encryption System (AES).

37. A system for secure computing between a user and a plurality of remote server networks, each of the plurality of remote server networks respectively assigned a corresponding security access level and the user assigned a set of access permissions corresponding to each of the plurality of remote server networks, the system comprising:
- a defense-in-depth architecture, including;
  
  a plurality of user identification cards, each of said plurality of user identification cards having respectively stored thereon an inalterable set of user credentials, each of said set of user credentials including a server domain user certificate issued from a corresponding one of the plurality of remote server networks and a user identifier;
  
  a client domain network including;
  
  a plurality of client computing devices for respectively providing to the user a corresponding interface to the secure computing system, each of said client computing devices including;
  
  a microprocessor, a network interface circuit and local internal memory;
  
  a set of machine credentials inalterably stored in said local internal memory, said set of machine credentials including a client domain machine certificate from said client domain network and a corresponding server domain machine certificate from each of the plurality of remote server networks to which said client computing device is allowed access;
  
  a plurality of identification readers for respectively retrieving said set of user credentials from a corresponding one of said plurality of user identification cards;
  
  a client domain services system coupled to said client computing device to receive said set of machine credentials therefrom and to authenticate said at least one client computing device to said client domain network upon successful authentication of said set of machine credentials, said client domain services system being prevented from remote access by entities outside said client domain network, wherein an access to said each remote server network is granted only upon successful authentication of both said set of machine credentials and set of user credentials;
  
  an embedded operating system inalterably stored in said local internal memory, said operating system including a set of operating parameters and prohibiting user access to said local internal memory by at least one of said operating parameters, wherein each of said plurality of client computing devices is adapted to prohibit alteration of said set of operating parameters by the user;
  
  a plurality of virtual private network clients executable on said embedded operating system, each of said virtual private network clients transmitting network traffic to, and receiving network traffic from, a corresponding one of the plurality of remote server networks over a corresponding virtual private network;
  
  a virtual machine monitor for creating a plurality of virtual machines executable on said embedded operating system, each of said plurality of virtual machines executing an application service session with a corresponding one of the plurality of remote server networks over said corresponding virtual private network, said application service session providing a user interface to a set of remotely executed computer applications located on said corresponding one of the plurality of remote server networks, access to said set of remotely executed computer applications being controlled in accordance with the set of access permissions assigned to the user for the corresponding one of the plurality of remote server networks, said virtual machine monitor adapted to allocate memory from said local internal memory through said embedded operating system for executing therein a corresponding one of said plurality of virtual machines, said allocated memory being isolated from memory allocated to any other one of said plurality of virtual machines; and
  
  a plurality of application service clients respectively executable on one of said plurality of virtual machines, each of said application service clients executing said corresponding application service session; and
  
  a perimeter network interposed between said client domain network and the plurality of remote server networks, said perimeter network configured to allow transmission of only network traffic of a predetermined type and prohibiting transmission of any network traffic bound to one of the plurality of remote server networks directly from any other one of the plurality of remote server networks;
  
  a virtual private network gateway server respectively installed on each of the plurality of remote server networks for providing a terminus to said virtual private network corresponding therewith;
  
  a server domain control server respectively installed on each of the plurality of remote communication networks for controlling access thereto in accordance with a combination of a corresponding server domain user certificate and a corresponding server domain machine certificate, said server domain control server being adapted to prohibit successful authentication of said client computing device to said at least one remote communication network if said client computing device is not authenticated by said client domain services system to said client domain network;
  
  a directory server respectively installed on each of the plurality of remote server networks for providing remote storage user data, said user data accessible to the user in accordance with the set of access permissions assigned to the user for the corresponding one of the plurality of remote server networks, said directory server accessible to the user only through said virtual private network gateway server; and
  
  an application server installed on each of the plurality of remote communication networks for executing thereon user computer applications and for transmitting user interface data to, and receiving user input from, a corresponding one of said at least one application service client, said application server accessible to the user only through said virtual private network gateway server.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50)
- - 38. The system for secure computing as recited in claim 37, wherein said client domain network includes a certificate authority for issuing a client domain machine certificate to each of said plurality of client computing devices.
  - 39. The system for secure computing as recited in claim 37, further comprising a certificate authority respectively installed on each of the plurality of remote server networks for respectively issuing said corresponding server domain user certificate to the user and said corresponding server domain machine certificate to each of said plurality of client computing devices allowed access to the corresponding one of the plurality of remote server networks.
  - 40. The system for secure computing as recited in claim 37, wherein said server domain control server includes a group policy regulator for restricting access by the user to a distributed user storage volume on the corresponding one of the plurality of remote communication networks, said distribute user storage volume containing only said user computer applications and said user data.
  - 41. The system for secure computing as recited in claim 40, wherein said group policy regulator further restricts storage of said user data to only said remote storage on said directory server of said corresponding one of the plurality of remote server networks.
  - 42. The system for secure computing as recited in claim 41, wherein said group policy regulator further prohibits logical mapping of any non-volatile memory into said user storage volume.
  - 43. The system for secure computing as recited in claim 37, wherein said virtual machine manager is adapted to prevent data transfer to memory allocated to one of said plurality of virtual machines from memory allocated to any other one of said plurality of virtual machines.
  - 44. The system for secure computing as recited in claim 37, wherein said virtual machine manager is adapted to prevent data transfer to memory allocated to one of said plurality of virtual machines from memory allocated to any one of said plurality of virtual machines corresponding to one of the plurality of remote server networks having a security access level corresponding to stricter security requirements.
  - 45. The system for secure computing as recited in claim 37, wherein said virtual machine monitor is adapted to erase said allocated memory for said corresponding virtual machine upon a corresponding one of said plurality of user identification cards being decoupled from said identification reader.
  - 46. The system for secure computing as recited in claim 37, wherein said client domain network further includes a client domain filtering router for allowing transmission of:
    - i) only network traffic of said predetermined type; and
      
      ii) only network traffic either;
      
      a) originating from said client domain network and directed toward said perimeter network;
      
      orb) originating from said perimeter network and directed toward said client domain network.
  - 47. The system for secure computing as recited in claim 37, wherein communication between each of said plurality of client computing devices and said client domain control server is conducted in accordance with a secure network protocol.
  - 48. The system for secure computing as recited in claim 47, where in said secure network protocol is Internet Protocol Security (IPSec).
  - 49. The system for secure computing as recited in claim 37, wherein said virtual private network corresponding to said application session is operated under Layer Two Tunneling Protocol.
  - 50. The system for secure computing as recited in claim 49, wherein network traffic over said virtual private network corresponding to said application session is encrypted in accordance with Advanced Encryption Standard (AES).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Mitre Corporation
Original Assignee
Mitre Corporation
Inventors
Neumann, William C., Corby, Thomas E., Epps, Gerald Allen
Primary Examiner(s)
Zand, Kambiz
Assistant Examiner(s)
Shaifer Harriman, Dant B

Application Number

US10/919,361
Publication Number

US 20060041761A1
Time in Patent Office

1,498 Days
Field of Search

726/15
US Class Current

726/15
CPC Class Codes

G06F 21/32   using biometric data, e.g. ...

G06F 21/33   using certificates

G06F 21/34   involving the use of extern...

H04L 63/0272   Virtual private networks

H04L 63/083   using passwords cryptograph...

H04L 63/164   at the network layer

System for secure computing using defense-in-depth architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

107 Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

System for secure computing using defense-in-depth architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

107 Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links