Mixed enclave operation in a computer network
First Claim
1. A system for communicating over a network having a plurality of secured users utilizing at least two multi-level network security devices and a plurality of unsecured users employing no network security devices, the system comprising:
- a first multi-level network security device associated with a first secure network configured to;
intercept a message sent from a first user to a second user;
discard the message if the message violates security parameters; and
if the message is not discarded for violation of security parameters, the first multi-level security device is configured to dynamically determine whether the second user is secured or unsecured by contacting a second multi-level security device associated with a second secured network to determine whether the second user is associated with the second secure network;
wherein in a first mode, the first multi-level network security device is configured to send the message to the second user over an unsecured network in an unsecured manner when the first multi-level security device does not receive a response from the second multi-level network security device, andwherein in a second mode, the first multi-level network security device comprises an encryptor configured to encrypt the message and send the encrypted message securely over the unsecured network when the first security device receives a response from second multi-level network security device that the second user is associated with the second secure network.
3 Assignments
0 Petitions
Accused Products
Abstract
A method is disclosed for mixed enclave operation of a computer network with users employing a multi-level network security interface and users without any network security interface. Either the network security user selects or the network security interface automatically selects whether communications are permissible with other unsecured users. Where a mixed enclave operation is selected, the network security user identifies when communications are being undertaken with another secured user or a non-secured user. Communications with a non-secured user at a lower security level entail securing the data residing with the secured user from transmission back to the non-secured user.
-
Citations
20 Claims
-
1. A system for communicating over a network having a plurality of secured users utilizing at least two multi-level network security devices and a plurality of unsecured users employing no network security devices, the system comprising:
-
a first multi-level network security device associated with a first secure network configured to; intercept a message sent from a first user to a second user; discard the message if the message violates security parameters; and if the message is not discarded for violation of security parameters, the first multi-level security device is configured to dynamically determine whether the second user is secured or unsecured by contacting a second multi-level security device associated with a second secured network to determine whether the second user is associated with the second secure network; wherein in a first mode, the first multi-level network security device is configured to send the message to the second user over an unsecured network in an unsecured manner when the first multi-level security device does not receive a response from the second multi-level network security device, and wherein in a second mode, the first multi-level network security device comprises an encryptor configured to encrypt the message and send the encrypted message securely over the unsecured network when the first security device receives a response from second multi-level network security device that the second user is associated with the second secure network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for mixed enclave communications over a network having both secured and unsecured users, the system comprising:
-
a first network security device associated with a first secured network, the first network security device configured to permit communication over the network among secured users and unsecured users, and further configured to dynamically determine whether a user is one of the secured users or one of the unsecured users; wherein the first network security device is configured to use association establishment messages to communicate over an unsecured network with a second network device associated with a second secured network, the first network security device configured to confirm the authenticity of one of the secured users based on a response from the second network security device; and wherein the first network security device is further configured to identify the unsecured users based on a lack of response to the association establishment messages and to send messages over the unsecured network from the secured users to the unsecured users. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A method for establishing association over a network between a plurality of secured users utilizing at least two security devices and a plurality of unsecured users, the method comprising:
-
receiving and storing at a first security device associated with a first secure network a first message from a source user to an unsecured destination user; transmitting from the first security device an association request message to the unsecured destination user upon receipt of the first message, wherein the association request message is sent over an unsecured network; sending the first message over the unsecured network when the first security device does not receive a response to the association request message; receiving and storing at the first security device a second message from the source user to a secured destination user associated with a second secure network; receiving an association grant message in response to the association request message from a second security device associated with a second secure network to the first secure network, wherein the second security device sends the association grant message after the second security device has determined that an association between the source user and the secured destination user is permitted, wherein no other security devices exist between the destination user and the second security device; encrypting and sending over the unsecured network, the second message from the first security device associated with the first secure network to the second security device associated with the second secured network. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
-
Specification