System and method of protecting a system that includes unprotected computer devices

US 8,321,926 B1
Filed: 12/02/2008
Issued: 11/27/2012
Est. Priority Date: 12/02/2008
Status: Expired due to Fees

First Claim

Patent Images

1. A computer system, comprising:

a back panel including a protected back panel portion and a non-protected back panel portion, including;

a first logical node;

a second logical node;

a back panel network that connects the first logical node to the second logical node for communication, wherein the first and second logical nodes are in the non-protected back panel portion;

a switch configured to the back panel network and associated with the first logical node, wherein the switch includes a blocked state for selectively isolating to block the first logical node from communicating with the back panel network, and an unblocked state for allowing the first logical node to be in communication with the back panel network; and

an I/O controller that controls the switch to be in the blocked state or the unblocked state, wherein the I/O controller is in the protected back panel portion;

a first computer device connected to the first logical node;

a second computer device connected to the second logical node; and

a network interface unit (NIU) connected to the first computer device and a trusted network, wherein when the switch is in the blocked state, the first computer device is not in direct communication with the trusted network, and the first computer device is configured to send data to the trusted network via the NIU and receive data from the trusted network via the NIU.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method to selectively isolate one or more unprotected computer devices from the rest of the computer system and/or from the network. The ability to isolate and/or authenticate the software and/or hardware on or interacting with the unprotected software and/or hardware provides for a secured system despite the presence or use of an unprotected computer device.

60 Citations

View as Search Results

17 Claims

1. A computer system, comprising:
- a back panel including a protected back panel portion and a non-protected back panel portion, including;
  
  a first logical node;
  
  a second logical node;
  
  a back panel network that connects the first logical node to the second logical node for communication, wherein the first and second logical nodes are in the non-protected back panel portion;
  
  a switch configured to the back panel network and associated with the first logical node, wherein the switch includes a blocked state for selectively isolating to block the first logical node from communicating with the back panel network, and an unblocked state for allowing the first logical node to be in communication with the back panel network; and
  
  an I/O controller that controls the switch to be in the blocked state or the unblocked state, wherein the I/O controller is in the protected back panel portion;
  
  a first computer device connected to the first logical node;
  
  a second computer device connected to the second logical node; and
  
  a network interface unit (NIU) connected to the first computer device and a trusted network, wherein when the switch is in the blocked state, the first computer device is not in direct communication with the trusted network, and the first computer device is configured to send data to the trusted network via the NIU and receive data from the trusted network via the NIU.
- View Dependent Claims (2, 3, 4, 5, 6, 17)
- - 2. The computer system according to claim 1, further comprising a trusted computing module (TCM) that controls the I/O controller.
  - 3. The computer system according to claim 2, wherein the NIU includes:
    - an I/O component;
      
      an authenticator component;
      
      an encrypting/decrypting component; and
      
      a security component.
  - 4. The computer system according to claim 1, wherein the NIU is configured to receive authentication information from the first computer device, receive an authentication response from the first computer device, send authentication queries to the first computer device, and send authentication results to the first computer device.
  - 5. The computer system according to claim 1, wherein the first computer device is an unprotected computer device.
  - 6. The computer system according to claim 1, wherein the back panel network includes:
    - a high speed interconnect connection;
      
      a discrete I/O connection;
      
      an Ethernet connection; and
      
      a power connection.
  - 17. A method for selectively isolating a first node connected to a back panel network of the computer system according to claim 2, the method comprising:
    - sending a signal from the TCM to the I/O controller for blocking the switch; and
      
      sending a signal from the I/O controller to the switch that blocks the switch for selectively isolating the first node from communicating with the back panel network.

7. A computer system, comprising:
- a back panel including a protected back panel portion and a non-protected back panel portion, including;
  
  a plurality of logical nodes;
  
  a back panel network that connects at least one of the plurality of logical nodes to another logical node for communication, wherein the plurality of logical nodes are in the non-protected back panel portion;
  
  a plurality of switches configured to the back panel network, wherein each of the switches is associated with respective one of the logical nodes, and each of the switches includes a blocked state for selectively isolating to block the respective one of the logical nodes from communicating with the back panel network, and an unblocked state for allowing the respective one of the logical nodes to be in communication with the back panel network; and
  
  an I/O controller that controls each of the plurality of switches to be in the blocked state or the unblocked state, wherein the I/O controller is in the protected back panel portion;
  
  a plurality of computer devices, each computer device is connected to a respective one of the logical nodes;
  
  a plurality of network interface units (NIUs), each NIU is connected to a respective one of the computer devices; and
  
  wherein each NIU is connected to a trusted network, wherein at least one of the plurality of computer devices connected to its respective logical node is not in direct communication with its respective trusted network when the switch associated with the same respective logical node is in the blocked state, and each of the plurality of computer devices is configured to send data to the trusted network via the respective NIU and receive data from the trusted network via the respective NIU.
- View Dependent Claims (8, 9, 10, 11, 12)
- - 8. The computer system according to claim 7, further comprising a trusted computing module (TCM) connected to the I/O controller that controls the I/O controller.
  - 9. The computer system according to claim 8, wherein each of the plurality of NIUs includes:
    - an I/O component;
      
      an authenticator component;
      
      an encrypting/decrypting component; and
      
      a security component.
  - 10. The computer system according to claim 9, wherein each NIU is configured to receive authentication information from its respective connected computer device, receive an authentication response from its respective connected computer device, send authentication queries to its respective connected computer device, and send authentication results to its respective connected computer device.
  - 11. The computer system according to claim 7, wherein at least one of the plurality of computer devices is an unprotected computer device.
  - 12. The computer system according to claim 7, wherein the back panel network includes:
    - a high speed interconnect connection;
      
      a discrete I/O connection;
      
      an Ethernet connection; and
      
      a power connection.

13. A method for building a computer system that is to be connected to a trusted network, comprising:
- configuring a back panel that includes a first logical node, a second logical node, an I/O controller, and a back panel network that includes a switch, wherein the back panel includes a protected back panel portion and a non-protected back panel portion, and wherein the first and second logical nodes are in the non-protected back panel portion and the I/O controller is in the protected back panel portion;
  
  configuring the I/O controller to control the switch, wherein the switch includes a blocked state for selectively isolating to block the first logical node from communicating with the back panel network, and an unblocked state for allowing the first logical node to be in communication with the back panel network;
  
  configuring the back panel network to be in communication with the first logical node and the second logical node;
  
  configuring a first computer device to be in communication with the first logical node;
  
  configuring a second computer device to be in communication with the second logical node;
  
  configuring a network interface unit (NIU) to be in communication with the first computer device and the trusted network, wherein the first computer device is configured to not be in direct communication with the trusted network when the switch is in the blocked state, and the first computer device is configured to send data to the trusted network via the NIU and receive data from the trusted network via the NIU.
- View Dependent Claims (14, 15, 16)
- - 14. The method according to claim 13, further comprising configuring a trusted computer module (TCM) to be in communication with the I/O controller.
  - 15. The method according to claim 14, further comprising configuring the TCM to be in communication with the trusted network.
  - 16. The method according to claim 14, wherein the TCM is connected to the trusted network, and, wherein selectively isolating the first logical node includes:
    - sending a signal to the TCM from the trusted network for blocking the switch;
      
      sending a signal from the TCM to the I/O controller for blocking the switch; and
      
      sending a signal from the I/O controller to the switch that blocks the switch.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Lockheed Martin Corporation (Martin Marietta Corporation)
Original Assignee
Lockheed Martin Corporation (Martin Marietta Corporation)
Inventors
Sutterfield, Brian D., Atwater, Bradley T.
Primary Examiner(s)
Kosowski, Carolyn B

Application Number

US12/326,246
Time in Patent Office

1,456 Days
Field of Search

726/11, 726/34
US Class Current

726/11
CPC Class Codes

G06F 1/266   Arrangements to supply powe...

G06F 21/85   interconnection devices, e....

H04L 63/0428   wherein the data content is...

H04L 63/08   for authentication of entit...

System and method of protecting a system that includes unprotected computer devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

60 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

System and method of protecting a system that includes unprotected computer devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

60 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links