High-assurance web-based configuration of secure network server

US 7,890,755 B2
Filed: 02/28/2006
Issued: 02/15/2011
Est. Priority Date: 02/28/2006
Status: Active Grant

First Claim

Patent Images

1. A method of configuring a secure network server comprising the following steps:

separating a disk of a network management secure network server into network management and user partitions;

creating an HTTP web server task group when an HTTP connection is initiated with said network management secure network server'"'"'s router address as an IP destination address, said HTTP web server task group being part of a non-trusted security functionality of said network management secure network server;

uploading a file containing modified configuration data from a remote computer to said network management secure network server, said HTTP web server task group receiving said uploaded file via an IP router interface that is within a trusted security functionality of said network management secure network server and storing said received file in said user partition of said network management secure network server;

copying said modified configuration data file from said user partition to said network management partition on said disk of said network management secure network server;

reviewing said modified configuration data in said modified configuration data file in said network management partition using a command line interface that is part of the trusted security functionality of said network management secure network server; and

configuring said network management secure network server or a second secure network server connected to said network management secure network server in accordance with said modified configuration data in response to the acceptance, via said command line interface, of said modified configuration data by an administrative user,wherein said copying step is performed by a file mover task group that is part of the trusted security functionality of said network management secure network server.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secure network server having an embedded Hyper-Text Transfer Protocol (HTTP) server that is not within its trusted security functionality and that is used to configure the SNS security and networking features.

Citations

19 Claims

1. A method of configuring a secure network server comprising the following steps:
- separating a disk of a network management secure network server into network management and user partitions;
  
  creating an HTTP web server task group when an HTTP connection is initiated with said network management secure network server'"'"'s router address as an IP destination address, said HTTP web server task group being part of a non-trusted security functionality of said network management secure network server;
  
  uploading a file containing modified configuration data from a remote computer to said network management secure network server, said HTTP web server task group receiving said uploaded file via an IP router interface that is within a trusted security functionality of said network management secure network server and storing said received file in said user partition of said network management secure network server;
  
  copying said modified configuration data file from said user partition to said network management partition on said disk of said network management secure network server;
  
  reviewing said modified configuration data in said modified configuration data file in said network management partition using a command line interface that is part of the trusted security functionality of said network management secure network server; and
  
  configuring said network management secure network server or a second secure network server connected to said network management secure network server in accordance with said modified configuration data in response to the acceptance, via said command line interface, of said modified configuration data by an administrative user,wherein said copying step is performed by a file mover task group that is part of the trusted security functionality of said network management secure network server.
- View Dependent Claims (2, 3, 4, 14, 15, 16)
- - 2. The method as recited in claim 1, wherein said modified configuration data comprises filtering rules.
  - 3. The method as recited in claim 1, wherein said modified configuration data comprises specifications of device-to-secure network server connectivity.
  - 4. The method as recited in claim 1, further comprising the step of setting a configuration flag for said IP router interface of said network management secure network server, wherein if said configuration flag is not set, said IP router interface will not allow said HTTP web server task group to be created.
  - 14. The method as recited in claim 1, wherein said file mover task group receives a file name of said modified configuration data file from said HTTP web server task group via an executive mailbox.
  - 15. The method as recited in claim 1, wherein said HTTP web server task group will not be created unless a configuration flag has been previously set by an administrative user.
  - 16. The method as recited in claim 1, wherein said modified configuration data is inputted using a standard HTTP web browser at said remote computer.

5. A secure network server having trusted security functionality and non-trusted security functionality, comprising a disk that has been separated into network management and user partitions, an HTTP web server task group that is within the non-trusted security functionality, a file mover task group that is within the trusted security interface, an IP router interface that is within the trusted security functionality and a command line interface that is within the trusted security functionality, wherein said HTTP web server task group stores configuration data in said user partition on said disk which said HTTP web server task group received via said IP router interface, and said HTTP web server task group causes said file mover task group to copy that configuration data from said user partition to said network management partition on said disk, the secure network server being programmed to configure itself or another secure network server connected thereto in accordance with said configuration data in response to acceptance, via said command line interface, of said configuration data by an administrative user.
- View Dependent Claims (6, 7, 8, 9)
- - 6. The server as recited in claim 5, wherein said configuration data comprises filtering rules.
  - 7. The server as recited in claim 5, wherein said configuration data comprises specifications of device-to-secure network server connectivity.
  - 8. The server as recited in claim 5, wherein said secure network server is further programmed to create said HTTP web server task group in response to initiation of an HTTP connection with the router address of said secure network server as an IP destination address.
  - 9. The server as recited in claim 8, wherein if a configuration flag of said IP router interface is not set, said IP router interface will not allow said HTTP web server task group to be created.

10. A system comprising first and second secure network servers connected by a trunk line, and first and second networks connected via said second secure network server, said first and second networks operating at different security levels, wherein each of said first and second secure network servers has trusted security functionality and non-trusted security functionality, said first secure network server comprising a disk that has been separated into network management and user partitions, an HTTP web server task group that is within the non-trusted security functionality, a file mover task group that is within the trusted security functionality, an IP router interface that is within the trusted security functionality and a command line interface that is within the trusted security functionality, wherein said HTTP web server task group stores configuration data in said user partition on said disk which said HTTP web server task group received via said IP router interface, and said HTTP web server task group causes said file mover task group to copy that configuration data from said user partition to said network management partition on said disk, said first secure network server being programmed to configure itself or said second secure network server in accordance with said configuration data in response to acceptance, via said command line interface, of said configuration data by an administrative user.
- View Dependent Claims (11, 12, 13)
- - 11. The system as recited in claim 10, further comprising a computer connected to said first secure network server via a third network, wherein said configuration data is downloaded to said first secure network server using a web browser on said computer.
  - 12. The system as recited in claim 10, wherein said first secure network server is further programmed to create said HTTP web server task group in response to initiation of an HTTP connection with the router address of said first secure network server as an IP destination address.
  - 13. The system as recited in claim 12, wherein if a configuration flag of said IP router interface is not set, said IP router interface will not allow said HTTP web server task group to be created.

17. A method of configuring a secure network server comprising the following steps:
- separating a disk of a network management secure network server into network management and user partitions;
  
  uploading a file containing modified configuration data from a remote computer to said network management secure network server, wherein an HTTP web server task group that is within a non-trusted security functionality of said network management secure network server receives said uploaded file via an IP router interface that is within a trusted security functionality of said network management secure network server and stores said received file in said user partition of said network management secure network server;
  
  sending a file name of said modified configuration data file to a file mover task group through an executive mailbox, said file mover task group being part of the trusted security functionality of said network management secure network server, said sending step being performed by said HTTP web server task group;
  
  copying said modified configuration data file from said user partition to said network management partition on said disk of said network management secure network server, said copying step being performed by said file mover task group;
  
  reviewing said modified configuration data in said modified configuration data file in said network management partition using a command line interface that is part of the trusted security functionality of said network management secure network server; and
  
  configuring said network management secure network server or a second secure network server connected to said network management secure network server in accordance with said modified configuration data in response to the acceptance, via said command line interface, of said modified configuration data by an administrative user.
- View Dependent Claims (18, 19)
- - 18. The method as recited in claim 17, further comprising the step of creating said HTTP web server task group when an HTTP connection is initiated with said network management secure network server'"'"'s router address as an IP destination address.
  - 19. The method as recited in claim 17, further comprising the step of setting a configuration flag for an IP router interface of said network management secure network server, wherein if said configuration flag is not set, said IP router interface will not allow said HTTP web server task group to be created.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Bunn, Kelly S., Schnackenberg, Daniel D.
Primary Examiner(s)
Smithers; Matthew B
Assistant Examiner(s)
Branske; Hilary

Application Number

US11/365,044
Publication Number

US 20070204151A1
Time in Patent Office

1,813 Days
Field of Search

713/100, 713/151, 713/161, 713/153, 713/164, 713/165, 713/166, 713/167, 713/189, 713/191, 726/3, 726/34, 709/217, 709/218, 709/219, 709/222, 709/223, 709/225, 717/168, 717/169, 717/170, 717/171, 717/172, 717/173
US Class Current

713/166
CPC Class Codes

G06F 21/57   Certifying or maintaining t...

G06F 2221/2113   Multi-level security, e.g. ...

G06F 2221/2119   Authenticating web pages, e...

H04L 63/0227   Filtering policies mail mes...

H04L 63/105   Multiple levels of security

High-assurance web-based configuration of secure network server

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

High-assurance web-based configuration of secure network server

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links