Method and apparatus for multi-level security implementation

US 7,958,351 B2
Filed: 12/31/2002
Issued: 06/07/2011
Est. Priority Date: 08/29/2002
Status: Active Grant

First Claim

Patent Images

1. A multi-level security apparatus for processing a plurality of different classification levels of information, the apparatus comprising:

a plurality of processors configured to collectively process information simultaneously at a classified level of information and an unclassified level of information;

a data interconnection configured to interconnect the plurality of processors;

a first card having a first key connected to the data interconnection and to a first processor of the plurality of processors, wherein the first processor is configured to communicate with the data interconnection through the first card;

a second card having a second key connected to the data interconnection and to a second processor of the plurality of processors, wherein the second processor is configured to communicate with the data interconnection through the second card;

a processing module configured to be in communication with the first card and the second card through the data interconnection for reallocating said first and second processors from processing said unclassified level of information to said classified level of information, the processing module comprising an information security module with a guard function configured to allow information to be passed in an unrestricted way from an unclassified side of the apparatus to a classified side of the apparatus.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method of operating a multi-level security system including the steps of providing a plurality of processors. At least some of said processors are equipped with a data card which permits simultaneous processing of different classification levels of information and the dynamic reallocation of processors to different classification levels.

Citations

20 Claims

1. A multi-level security apparatus for processing a plurality of different classification levels of information, the apparatus comprising:
- a plurality of processors configured to collectively process information simultaneously at a classified level of information and an unclassified level of information;
  
  a data interconnection configured to interconnect the plurality of processors;
  
  a first card having a first key connected to the data interconnection and to a first processor of the plurality of processors, wherein the first processor is configured to communicate with the data interconnection through the first card;
  
  a second card having a second key connected to the data interconnection and to a second processor of the plurality of processors, wherein the second processor is configured to communicate with the data interconnection through the second card;
  
  a processing module configured to be in communication with the first card and the second card through the data interconnection for reallocating said first and second processors from processing said unclassified level of information to said classified level of information, the processing module comprising an information security module with a guard function configured to allow information to be passed in an unrestricted way from an unclassified side of the apparatus to a classified side of the apparatus.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The apparatus of claim 1 wherein each of said first and second data cards comprises a daughter card.
  - 3. The apparatus of claim 1 wherein the processing module is configured to dynamically reallocate security levels of said first and second processors.
  - 4. The apparatus of claim 1 wherein the plurality of different classification levels comprises TOP SECRET, SECRET, and CONFIDENTIAL.
  - 5. The apparatus of claim 1 wherein the first card comprises a first virtual private network (VPN) card and the second comprises a second VPN card.
  - 6. The apparatus of claim 1 wherein the data interconnection comprises a data fabric included in a bus.
  - 7. The apparatus of claim 6 wherein the first and second keys are the same, the first card configured to encrypt data contained in the first processor creating encrypted data for transmission over the data fabric of the bus for receipt and decryption by the second card and receipt by the second processor, the encrypted data not readable by a general processor of the plurality of processors.
  - 8. The apparatus of claim 6 wherein the first and second cards are keyed for a higher and a lower classification level, whereby when data from the first processor is encrypted and put on the bus, garbled information is received at the second processor.
  - 9. The apparatus of claim 8 wherein information that goes across the data fabric is either unclassified information or classified information that has been encrypted.
  - 10. The apparatus of claim 8 wherein the first and second keys are keyed for a plurality of different classification levels.
  - 11. The apparatus of claim 1 further comprising an information security module which is keyed for a plurality of different classification levels.
  - 12. The apparatus of claim 1 wherein the first card and the second card are keyed for at least one of a classified information or for a classification level.
  - 13. The apparatus of claim 1 further comprising a tuner and an FPGA card configured to simultaneously perform communication, signal intelligence (SIGINT), and jamming functions.

14. A method for securely transmitting information comprising:
- setting a first key corresponding to a first classification level for a first card operatively connected between a bus and a first processing device;
  
  setting a second key corresponding to a second classification level for a second card operatively connected between the bus and a second processing device;
  
  receiving first information encrypted at the first classification level and second information encrypted at the second classification level at the bus simultaneously;
  
  receiving the first information at an information security module in communication with the bus;
  
  determining that the first information is intended for the second processing device;
  
  decrypting the first information at the information security module to create decrypted first information;
  
  encrypting the decrypted first information corresponding to the second classification level to create second encrypted first information;
  
  receiving and decrypting the second encrypted first information at the second card.
- View Dependent Claims (15, 16)
- - 15. The method of claim 14 further comprising:
    - storing a plurality of keys at an information security module in communication with the bus;
      
      deleting the second key from the second card;
      
      loading a key from the plurality of keys stored at the information security module at the second card.
  - 16. The method of claim 14 further comprising:
    - sending a jamming signal from a transmitter in communication with the bus;
      
      receiving encrypted information at a receiver in communication with the bus.

17. A multi-level security apparatus for processing a plurality of different classification levels of information, the apparatus comprising:
- a plurality of processors;
  
  a bus connected for communication among the plurality of processors;
  
  a first card having a first key connected to the bus and to a first processor of the plurality of processors, wherein the first processor is configured to communicate with the bus through the first card;
  
  a second card having a second key connected to the bus and to a second processor of the plurality of processors, wherein the second processor is configured to communicate with the bus through the second card;
  
  an information security module with a guard function configured to allow information to be passed in an unrestricted way from an unclassified side of the apparatus to a classified side of the apparatus;
  
  wherein the apparatus is configured to receive first information encrypted at a first classification level and second information encrypted at a second classification level at the bus simultaneously;
  
  wherein the plurality of processors are configured to collectively process information simultaneously at the first classification classified level, the second classification level, and at an unclassified level of information.
- View Dependent Claims (18, 19, 20)
- - 18. The apparatus of claim 17 further comprising a processing module connected for communication with the bus, wherein the processing module is configured to dynamically reallocate security levels of the first and second processors.
  - 19. The apparatus of claim 17 further comprising an information security module keyed for a plurality of different classification levels.
  - 20. The apparatus of claim 17 further comprising a tuner and an FPGA card configured to simultaneously perform communication, signal intelligence (SIGINT), and jamming functions.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Callahan Cellular LLC (Intellectual Ventures LLC)
Original Assignee
Wisterium Development LLC (Intellectual Ventures LLC)
Inventors
Luthi, Peter O.
Primary Examiner(s)
Abrishamkar; Kaveh
Assistant Examiner(s)
DOAN, TRANG T

Application Number

US10/334,318
Publication Number

US 20040044902A1
Time in Patent Office

3,080 Days
Field of Search

713/166, 713/189, 726 26- 27, 380/264, 380/286
US Class Current

713/166
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/0464   using hop-by-hop encryption...

H04L 63/0485   Networking architectures fo...

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

Method and apparatus for multi-level security implementation

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for multi-level security implementation

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links