Portable computerized device with network security
First Claim
1. A portable computing device adapted to provide network security functions, comprising:
- a host computer;
a software stack operative to run on said host computer; and
network security apparatus for use with said stack, said security apparatus adapted to communicate data with other network security apparatus over a data network by establishing an association, said establishing of said association between said network security apparatus and said other network security apparatus resulting in the execution of a key exchange algorithm adapted to cause said network security apparatus and said other network security apparatus to exchange cryptographic keys;
where said first network security apparatus is configured to;
receive a message sent from a higher layer process in said host computer for transmission over said network;
determine whether an association between said network security apparatus and said other network security apparatus in communication with said network exists;
convert at least a portion of said received message to a format utilized by said network; and
transmit said message received from said higher layer process to said other network security apparatus when said association does exist.
2 Assignments
0 Petitions
Accused Products
Abstract
A portable computerized device useful within a network and adapted to provide communication security. In one embodiment, the network comprises an untrusted network, and the portable device comprises network security apparatus adapted to create associations with other network security devices on the network. Traffic between the associated devices may be encrypted for e.g., data confidentiality and integrity protection. In one variant, the network security apparatus comprises a software entity disposed at least partly within the software stack of a host computer. A card-like hardware structure may also be used as part of the security apparatus. The host computer may be untrusted (e.g., have an untrusted operating system).
-
Citations
81 Claims
-
1. A portable computing device adapted to provide network security functions, comprising:
-
a host computer; a software stack operative to run on said host computer; and network security apparatus for use with said stack, said security apparatus adapted to communicate data with other network security apparatus over a data network by establishing an association, said establishing of said association between said network security apparatus and said other network security apparatus resulting in the execution of a key exchange algorithm adapted to cause said network security apparatus and said other network security apparatus to exchange cryptographic keys; where said first network security apparatus is configured to; receive a message sent from a higher layer process in said host computer for transmission over said network; determine whether an association between said network security apparatus and said other network security apparatus in communication with said network exists; convert at least a portion of said received message to a format utilized by said network; and transmit said message received from said higher layer process to said other network security apparatus when said association does exist. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49)
-
-
50. A portable computing device comprising a network security system, said computing device being adapted for data communication with a network via a network communications interface, the device comprising:
-
a host computer; and a network security module, at least a portion of said module operating within a software stack of said host computer and adapted for communication with other modules on said network, said security module comprising; an interface for receiving a message sent from a higher layer process, wherein said message is intended for transmission over said network; an association determination process configured to determine whether an association exists between the module and another network security module communicating with said network; a session management process in communication with said interface and configured to transmit said message to said network if said association determination process determines that said association exists; and an association manager in communication with said interface for establishing an association with one or more other network security modules if said association does not exist, said act of establishing an association resulting in the authentication of said one or more other network security modules as well as authenticating said portable computing device to said one or more other network security modules. - View Dependent Claims (51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65)
-
-
66. A portable computing device, comprising:
-
a host computer; and a network communications interface adapted to communicate with a data network and said host computer, said communications interface comprising; a first portion comprising a card-like structure adapted to fit at least partly within a receptacle of said host computer, and generate cryptographic elements; a second portion operating within a software stack of said host computer and adapted for communication with other like interfaces on said network, said second portion in data communication with said first portion, said second portion comprising; a software interface for receiving a message sent from a higher layer process of said stack, wherein said message is intended for transmission over said network; an association determination process configured to determine whether an association exists between the network communications interface and another network communications interface communicating with said network; a session management process in communication with said software interface and configured to transmit said message to said network if said association determination process determines that said association exists; and an association manager in communication with said interface capable of establishing an association with one or more other network communications interfaces if said association does not exist; wherein if said association does not exist, said second portion generates an association request message for transmission to at least one of said one or more other network interfaces, said request message comprising at least one of said cryptographic elements. - View Dependent Claims (67, 68, 69)
-
-
70. A portable computerized device, comprising:
-
a host computer; a network communications interface adapted to communicate with an untrusted data network and said host computer; wherein the network communications interface comprises a card-like structure adapted to fit at least partly within a receptacle of said host computer; a first computer program adapted to obtain at least one network address for said computerized device when said communications interface is placed in data communication with said network; a second computer program adapted to establish a security association between said portable device and another device on said network, said second computer program comprising a key exchange algorithm adapted to cause said portable computerized device and said another device to exchange cryptographic keys over an unsecure network while establishing said association; and a third computer program adapted to seal or encrypt data sent from said portable device using at least one of said cryptographic keys. - View Dependent Claims (71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81)
-
Specification