Infrastructure method and system for authenticated dynamic security domain boundary extension
First Claim
1. A system for authenticated dynamic extension of security domain boundaries, comprising:
- a first computer executing dynamic high security domain extension instructions for dynamically forming an extended high security domain through a protected communication path from a the first computer associated with a high security domain into a second computer associated with low security domain;
the second computer executing establishing instructions within said extended high security domain within said second computer for establishing the protected communication path between said high security domain and said extended high security domain within low security domain, said protected communication path forming an isolation barrier separating said extended high security domain from said low security domain;
the first computer executing instructions for receiving an authenticated access request from a user within said low security domain for temporary authentication with said high security domain;
the first computer executing instructions for providing temporarily authenticated access to said high security domain in response to said high security domain receiving said authenticated access request; and
the second computer executing authentication instructions associated with said low security domain and said high security domain for temporarily authenticating at least one object associated with said low security domain.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and system for authenticated dynamic extension of security domain boundaries includes high security domain extension instructions for sequentially and dynamically forming an extended high security domain (133) through a protected communication path (128). The protected communication path (128) extends from a first computer (10) associated with a high security domain (80) into a second computer (10) associated with low security domain (120). The method and system establish the extended high security domain (133) within the second computer (10). A protected communication path (128) forms an isolation barrier (131) separating the extended high security domain (133) from other objects (126) within the low security domain (120). Authentication instructions (146) temporarily 20 authenticate at least one object (132) associated with the low security domain (120). Returning instructions (156) return the at least one object (132) processed within the extended high security domain (133) to said low security domain (120).
-
Citations
15 Claims
-
1. A system for authenticated dynamic extension of security domain boundaries, comprising:
-
a first computer executing dynamic high security domain extension instructions for dynamically forming an extended high security domain through a protected communication path from a the first computer associated with a high security domain into a second computer associated with low security domain; the second computer executing establishing instructions within said extended high security domain within said second computer for establishing the protected communication path between said high security domain and said extended high security domain within low security domain, said protected communication path forming an isolation barrier separating said extended high security domain from said low security domain; the first computer executing instructions for receiving an authenticated access request from a user within said low security domain for temporary authentication with said high security domain; the first computer executing instructions for providing temporarily authenticated access to said high security domain in response to said high security domain receiving said authenticated access request; and the second computer executing authentication instructions associated with said low security domain and said high security domain for temporarily authenticating at least one object associated with said low security domain. - View Dependent Claims (2, 3)
-
-
4. A system for authenticated dynamic extension of security domain boundaries, comprising:
-
a computer executing instructions for enabling the computer, which is normally a member of a low security domain, to be temporarily authenticated as a member of remote high security domain; and
the computer executing instructions for reverting the computer to the service provider'"'"'s low security domain at the cessation of the service provision;the computer executing instructions for authenticating an incoming request from a device associated with different security domain, and instructions for maintaining the confidentiality and integrity of a session associated with said device, wherein the strength of said authentication instructions relates to a difference in data sensitivity levels between said high security domain and said low security domain; the computer executing instructions for controlling communications across a domain boundary between said high security domain and said low security domain at a strength level commensurate with data sensitivity level appropriate to the respective domain; and the computer executing instructions for recognizing and permitting domain boundary extension requests and authenticating sessions. - View Dependent Claims (5, 6, 7)
-
-
8. A method for dynamically extending authenticated security domain boundaries, comprising the steps of:
-
dynamically forming an extended high security domain through a protected communication path from a first computer associated with a high security domain into a second computer associated with low security domain; establishing a protected communication path between said high security domain and said extended high security domain within low security domain, said protected communication path forming an isolation barrier separating said extended high security domain from said low security domain; receiving an authenticated access request from a user within said low security domain for temporary authentication with said high security domain; providing temporarily authenticated access to said high security domain in response to said high security domain receiving said authenticated access request; and temporarily authenticating at least one object associated with said low security domain. - View Dependent Claims (9, 10)
-
-
11. A method for dynamically extending an authenticated security domain boundary, comprising the steps of:
-
enabling a computer which is normally a member of a low security domain to be temporarily authenticated as a member of remote high security domain; reverting the computer to the service provider'"'"'s low security domain at the cessation of the service provision; authenticating an incoming request from a device associated with different security domain, and maintaining the confidentiality and integrity of a session associate with said device, wherein the strength of said authentication instructions relates to a difference in data sensitivity levels between said high security domain and said low security domain; and controlling communications across a domain boundary between said high security domain and said low security domain at a strength level commensurate with data sensitivity level appropriate to the respective domain; and
recognizing and permitting domain boundary extension requests and authenticates sessions. - View Dependent Claims (12, 13, 14)
-
-
15. A computer-readable storage medium encoded with computer-executable instructions for authenticated dynamic extension of security domain boundaries, comprising:
-
dynamic high security domain extension instructions for dynamically forming an extended high security domain through a protected communication path from a first computer associated with a high security domain into a second computer associated with low security domain; instructions for executing within said extended high security domain within said second computer for establishing the protected communication path between said high security domain and said extended high security domain within low security domain, said protected communication path forming an isolation barrier separating said extended high security domain from said low security domain; instructions for receiving an authenticated access request from a user within said low security domain for temporary authentication with said high security domain; instructions for providing temporarily authenticated access to said high security domain in response to said high security domain receiving said authenticated access request; and authentication instructions associated with said low security domain and said high security domain for temporarily authenticating at least one object associated with said low security domain.
-
Specification