Trusted interface unit (TIU) and method of making and using the same
First Claim
1. A method of transmitting data over a network, the method comprising:
- receiving data from a partition within a node on the network, the node being configured to transmit data associated with a plurality of sensitivity levels, the partition characterized by a sensitivity level;
determining an identity of the partition within the node;
adding a label to the data received from the partition, the label identifying the partition, and the sensitivity level of the partition, from which the data was received;
obtaining a cryptographic key based on at least an identity of the partition and the sensitivity level of the partition, the cryptographic key being uniquely associated with the label added to the data;
encrypting the data with the cryptographic key; and
transmitting the data over the network.
2 Assignments
0 Petitions
Accused Products
Abstract
The disclosure relates to a trusted interface unit and a method of making and using the same. According to one embodiment of the present invention, a method of transmitting data on a network may include receiving data from a partition within a node on the network. This node may be configured to transmit data associated with a number of sensitivity levels. According to one embodiment of the invention, these sensitivity levels may be classification levels. One method of transmission of data may include determining the identity of the partition that originated the data within the node. Furthermore, a label may be added to the data received from within the node and the data may be encrypted with a key that may be uniquely associated with the label on the data. After encryption, the data may be transmitted on the network. Additional methods including the reception of data are disclosed. Various node and network architectures are disclosed implementing the methods and apparatus of the present invention.
37 Citations
29 Claims
-
1. A method of transmitting data over a network, the method comprising:
-
receiving data from a partition within a node on the network, the node being configured to transmit data associated with a plurality of sensitivity levels, the partition characterized by a sensitivity level; determining an identity of the partition within the node; adding a label to the data received from the partition, the label identifying the partition, and the sensitivity level of the partition, from which the data was received; obtaining a cryptographic key based on at least an identity of the partition and the sensitivity level of the partition, the cryptographic key being uniquely associated with the label added to the data; encrypting the data with the cryptographic key; and transmitting the data over the network. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of receiving data over a network, the method comprising:
-
receiving data at a local node from a remote location, the data being encoded with a label and the local node having multiple partitions, each of the multiple partitions being associated with a particular sensitivity level; retrieving a cryptographic key based upon the sensitivity level of at least one of the multiple partitions; checking the label against an anticipated value; discarding the data when the cryptographic key does not decrypt the received data or the label does not match the anticipated value; and passing the data to the local node when the label matches the anticipated value and the cryptographic key decrypts the received data. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13)
-
-
14. A method of transmitting and receiving data over a network, the method comprising:
-
receiving data from at least one of multiple partitions within a first node on the network, the first node being configured to handle data associated with a plurality of sensitivity levels; determining an identity of the at least one of multiple partitions within the first node, the at least one of multiple partitions being associated with a sensitivity level of the plurality of sensitivity levels; encoding a label to the data received from the at least one of multiple partitions; obtaining a cryptographic key based on the identity of the at least one of multiple partitions and the corresponding sensitivity level of the at least one of multiple partitions, the cryptographic key being uniquely associated with the label added to the data; encrypting the data with a the cryptographic key; transmitting the data over the network; receiving the data from the first node, the data including the label added at the first node; comparing a value associated with the label encoded in the data received from the first node to an anticipated value; retrieving a cryptographic key based on the label; decrypting the data using the retrieved cryptographic key; discarding the data when the retrieved cryptographic key does not decrypt the received data or when the value associated with the label encoded in the data received from the first node is not the same as the anticipated value; and passing the data received from the first node to a second node if the data is not discarded. - View Dependent Claims (15, 16, 17, 18, 19, 20)
-
-
21. A trusted interface unit comprising:
-
a data processing element, the data processing element being configured to run application software and to receive data from a data interface; an encryption/decryption element, the encryption/decryption element being configured to receive a cryptographic key and being configured to encrypt data received from the data processing element and being configured to decrypt data received from a network interface; and a network interface processing element, the network interface processing element being configured to add a label to data being output onto a network and being configured to identify a label added to data received from a remote location on the network; wherein the network interface processing element is configured to add a label associated with a sensitivity level of data received from one of a plurality of partitions within a node, each of the plurality of partitions being associated with a particular sensitivity level; and wherein the encryption/decryption element is configured to obtain a cryptographic key based on at least the sensitivity level of the data received, the cryptographic key being uniquely associated with the label added to the data, and to encrypt the data with the cryptographic key. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29)
-
Specification