System, method and apparatus for securing network data
First Claim
1. A system for securing network data, comprising:
- a network;
first and second storage elements;
a network server in communication with said first storage element via said network, wherein the network server is configured provide both a request and associated metadata to the first storage element via different protocols with the network server configured to provide the request via a protocol that more greatly limits access for unauthorized users than the protocol via which the network server provides the associated metadata; and
a database server in communication with said first storage element and said second storage element, wherein the first storage element receives and stores the request from only said network server in a first predetermined location and data from only said database server in a second predetermined location, wherein only said network server is capable of accessing the data stored by said first storage element in the second predetermined location even though data is only stored in the second predetermined location by the database server, and wherein only said database server is capable of accessing the request stored by said first storage element in the first predetermined location even though data is only stored in the first predetermined location by the network server, such that said network server and said database server are capable of exchanging the request and responsive data via said first storage element without creating a concurrent operating session so as to avoid establishing any direct communication between said network server and said database server.
1 Assignment
0 Petitions
Accused Products
Abstract
The system, method and apparatus for securing network data of the present invention provide security for internal networks by utilizing a common storage element for the exchange of data between the external and internal components, without creating a concurrent session between the external and internal components. In addition, when the protocol of the external network is Internet Protocol (IP), the protocol used for the internal network may be a non-IP messaging protocol that is a more secure protocol than IP, and insulates the internal network from the type of attacks that are common in IP networks. These security measures may be implemented without a significant change to the hardware or software elements of the internal or external networks, and, therefore, without adding significant cost to the network administration and without the network performance degradation that is characteristic of conventional security measures.
-
Citations
28 Claims
-
1. A system for securing network data, comprising:
-
a network; first and second storage elements; a network server in communication with said first storage element via said network, wherein the network server is configured provide both a request and associated metadata to the first storage element via different protocols with the network server configured to provide the request via a protocol that more greatly limits access for unauthorized users than the protocol via which the network server provides the associated metadata; and a database server in communication with said first storage element and said second storage element, wherein the first storage element receives and stores the request from only said network server in a first predetermined location and data from only said database server in a second predetermined location, wherein only said network server is capable of accessing the data stored by said first storage element in the second predetermined location even though data is only stored in the second predetermined location by the database server, and wherein only said database server is capable of accessing the request stored by said first storage element in the first predetermined location even though data is only stored in the first predetermined location by the network server, such that said network server and said database server are capable of exchanging the request and responsive data via said first storage element without creating a concurrent operating session so as to avoid establishing any direct communication between said network server and said database server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 23, 25, 27)
-
-
13. A method for securing network data, comprising:
-
receiving a request and associated metadata from a network server via a network and in accordance with different protocols with the protocol via which the request is received more greatly limiting access for unauthorized users than the protocol via which the associated metadata is received, wherein receiving the request comprises receiving the request from the network server in a first predetermined location of a first storage element, wherein the first storage element only receives the request in the first predetermined location from the network server; receiving data from a database server in a second predetermined location of the first storage element, wherein the first storage element only receives data in the second predetermined location from the database server; providing access, only to the database server, to the request stored in the first predetermined location of the first storage element by the network server; and providing access, only to the network server, to the data stored in the second predetermined location of the first storage element by the database server; wherein the network server and the database server exchange the request and responsive data via the first storage element without creating a concurrent operating session so as to avoid establishing any direct communication between the network server and the database server. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 24, 26, 28)
-
Specification