MILS network using COTS switches
First Claim
1. A multiple independent levels of security (MILS) network, comprising:
- a first host;
a second host;
a first MILS node coupled to said first host, said first MILS node includinga first keyed digest system;
a second MILS node coupled to said second host, said second MILS node including a second keyed digest system; and
a commercial-off-the-shelf switch coupled to said first and second MILS nodes, said commercial-off-the-shelf switch passing a transmitted message, said transmitted message being one of an unclassified classification domain, secret classification domain and top secret classification domain, wherein said first keyed digest system receives said transmitted message via said first MILS node and produces a keyed digest value embedded within said transmitted message, said first and second keyed digest system employing a key, said key being encrypted, said key being representative of a same classification domain as said a classification domain of the transmitted message, said keyed digest value being of a data size less than a data size of said transmitted message, said transmitted message being passed by said commercial-off-the-shelf switch to said second MILS node, said second MILS node allowing transfer of said transmitted message to said second MILS host if a recalculated keyed digest value matches said keyed digest value embedded within said transmitted message.
1 Assignment
0 Petitions
Accused Products
Abstract
The present invention is a MILS network system employing functional separation of messages without customized switches. The MILS network system may maintain separation of data while eliminating a requirement of full message encryption. In an embodiment of the invention, a function may be employed whereby a keyed digest of a message is created. The function may receive a message and a key, and may emit a keyed digest value. The key may be representative of a particular level of security, thus promoting the separation of data. Messages may include an embedded keyed digest when sent through a switch to a MILS node. At the MILS node, the keyed digest may be recalculated, if it matches, the message may be passed to a host.
14 Citations
4 Claims
-
1. A multiple independent levels of security (MILS) network, comprising:
-
a first host; a second host; a first MILS node coupled to said first host, said first MILS node including a first keyed digest system; a second MILS node coupled to said second host, said second MILS node including a second keyed digest system; and a commercial-off-the-shelf switch coupled to said first and second MILS nodes, said commercial-off-the-shelf switch passing a transmitted message, said transmitted message being one of an unclassified classification domain, secret classification domain and top secret classification domain, wherein said first keyed digest system receives said transmitted message via said first MILS node and produces a keyed digest value embedded within said transmitted message, said first and second keyed digest system employing a key, said key being encrypted, said key being representative of a same classification domain as said a classification domain of the transmitted message, said keyed digest value being of a data size less than a data size of said transmitted message, said transmitted message being passed by said commercial-off-the-shelf switch to said second MILS node, said second MILS node allowing transfer of said transmitted message to said second MILS host if a recalculated keyed digest value matches said keyed digest value embedded within said transmitted message. - View Dependent Claims (2, 3, 4)
-
Specification