MILS network using COTS switches
First Claim
Patent Images
1. A multiple independent levels of security (MILS) network, comprising:
- a first host;
a second host;
a first MILS node coupled to said first host, said first MILS node includinga first keyed digest system;
a second MILS node coupled to said second host, said second MILS node including a second keyed digest system; and
a commercial-off-the-shelf switch coupled to said first and second MILS nodes, said commercial-off-the-shelf switch passing a transmitted message, said transmitted message being one of an unclassified classification domain, secret classification domain and top secret classification domain, wherein said first keyed digest system receives said transmitted message via said first MILS node and produces a keyed digest value embedded within said transmitted message, said first and second keyed digest system employing a key, said key being encrypted, said key being representative of a same classification domain as said a classification domain of the transmitted message, said keyed digest value being of a data size less than a data size of said transmitted message, said transmitted message being passed by said commercial-off-the-shelf switch to said second MILS node, said second MILS node allowing transfer of said transmitted message to said second MILS host if a recalculated keyed digest value matches said keyed digest value embedded within said transmitted message.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention is a MILS network system employing functional separation of messages without customized switches. The MILS network system may maintain separation of data while eliminating a requirement of full message encryption. In an embodiment of the invention, a function may be employed whereby a keyed digest of a message is created. The function may receive a message and a key, and may emit a keyed digest value. The key may be representative of a particular level of security, thus promoting the separation of data. Messages may include an embedded keyed digest when sent through a switch to a MILS node. At the MILS node, the keyed digest may be recalculated, if it matches, the message may be passed to a host.
14 Citations
4 Claims
-
1. A multiple independent levels of security (MILS) network, comprising:
-
a first host; a second host; a first MILS node coupled to said first host, said first MILS node including a first keyed digest system; a second MILS node coupled to said second host, said second MILS node including a second keyed digest system; and a commercial-off-the-shelf switch coupled to said first and second MILS nodes, said commercial-off-the-shelf switch passing a transmitted message, said transmitted message being one of an unclassified classification domain, secret classification domain and top secret classification domain, wherein said first keyed digest system receives said transmitted message via said first MILS node and produces a keyed digest value embedded within said transmitted message, said first and second keyed digest system employing a key, said key being encrypted, said key being representative of a same classification domain as said a classification domain of the transmitted message, said keyed digest value being of a data size less than a data size of said transmitted message, said transmitted message being passed by said commercial-off-the-shelf switch to said second MILS node, said second MILS node allowing transfer of said transmitted message to said second MILS host if a recalculated keyed digest value matches said keyed digest value embedded within said transmitted message. - View Dependent Claims (2, 3, 4)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeRockwell Collins, Inc. (Raytheon Technologies Corporation d/b/a RTX)
-
Original AssigneeRockwell Collins, Inc. (Raytheon Technologies Corporation d/b/a RTX)
-
InventorsMarek, James A., Kim, Sung J.
-
Primary Examiner(s)Zand; Kambiz
-
Assistant Examiner(s)Rahim; Monjour
-
Application NumberUS11/045,454Time in Patent Office1,796 DaysField of Search713/181, 713/170, 380/29, 707/534, 709/228, 709/201, 434/30, 726/30US Class Current713/181CPC Class CodesH04L 9/32 including means for verifyi...H04L 9/3242 involving keyed hash functi...
