System for extranet security

US 8,468,235 B2
Filed: 08/08/2007
Issued: 06/18/2013
Est. Priority Date: 08/09/2006
Status: Active Grant

First Claim

Patent Images

1. A system for communication with a server, the system comprising:

a user computer configured to run a first operating environment for performing general-purpose operations, and a second operating environment configured expressly for interacting with the server in a protected communication session and is isolated from the first operating environment, where in the protected communication session the second operating environment exchanges transaction data with the server via a security protocol, where the general-purpose operations performed in the first operating environment do not affect operation of the second operating environment, and where the first operating environment does not interact with the server in the protected communication session; and

a central management subsystem coupled to the server and the user computer and external to the server and to the user computer, configured to assess a trustworthiness of the second operating environment running on the user computer including to monitor a performance of software components of the second operating environment during the protected communication session to determine if the monitored performance matches an expected performance of code for the second operating environment, the central management subsystem further to report the assessed trustworthiness to the server to cause the server to control the communication session between the server and the user computer based on the assessed trustworthiness,wherein the central management subsystem is further coupled to one or more additional servers and one or more additional user computers, each user computer configured to run respective first and second operating environments to interact in respective communication sessions with one or more of the additional servers using the second operating environments and to perform general-purpose operations using the first operating environments,wherein the second operating environments are isolated from the respective first operating environments, and the central management subsystem external to the servers and the user computers, the central management subsystem further configured to assess the trustworthiness of respective second operating environments running on the additional user computers including to monitor a performance of software components of the second operating environments during the protected communication sessions to determine if the monitored performance matches an expected performance of code for the second operating environments, the central management subsystem further to report the assessed trustworthiness to the servers to cause the server to control the communication sessions between the servers and the user computers based on the assessed trustworthiness.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for communication with a server includes a user computer, which is configured to run first and second operating environments. The first operating environment is arranged to perform general-purpose operations. The second operating environment is configured expressly for interacting with the server in a communication session and is isolated from the first operating environment such that the general-purpose operations performed in the first operating environment do not affect operation of the second operating environment. The system further includes a central management subsystem, which is external to the server and to the user computer and is coupled to monitor the operation of the second operating environment running on the user computer and to control the communication session based on the monitored operation.

80 Citations

31 Claims

1. A system for communication with a server, the system comprising:
- a user computer configured to run a first operating environment for performing general-purpose operations, and a second operating environment configured expressly for interacting with the server in a protected communication session and is isolated from the first operating environment, where in the protected communication session the second operating environment exchanges transaction data with the server via a security protocol, where the general-purpose operations performed in the first operating environment do not affect operation of the second operating environment, and where the first operating environment does not interact with the server in the protected communication session; and
  
  a central management subsystem coupled to the server and the user computer and external to the server and to the user computer, configured to assess a trustworthiness of the second operating environment running on the user computer including to monitor a performance of software components of the second operating environment during the protected communication session to determine if the monitored performance matches an expected performance of code for the second operating environment, the central management subsystem further to report the assessed trustworthiness to the server to cause the server to control the communication session between the server and the user computer based on the assessed trustworthiness,wherein the central management subsystem is further coupled to one or more additional servers and one or more additional user computers, each user computer configured to run respective first and second operating environments to interact in respective communication sessions with one or more of the additional servers using the second operating environments and to perform general-purpose operations using the first operating environments,wherein the second operating environments are isolated from the respective first operating environments, and the central management subsystem external to the servers and the user computers, the central management subsystem further configured to assess the trustworthiness of respective second operating environments running on the additional user computers including to monitor a performance of software components of the second operating environments during the protected communication sessions to determine if the monitored performance matches an expected performance of code for the second operating environments, the central management subsystem further to report the assessed trustworthiness to the servers to cause the server to control the communication sessions between the servers and the user computers based on the assessed trustworthiness.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 2. The system according to claim 1, and comprising a connector unit, which is connected to the server and is arranged to communicate with the central management subsystem, wherein the central management subsystem is coupled to report the assessed trustworthiness to the connector unit.
  - 3. The system according to claim 2, wherein the central management subsystem is coupled to compute a trust rank quantifying the trustworthiness of the second operating environment and to send the trust rank to the connector unit, and wherein the connector unit is arranged to apply a policy applicable to the communication session responsively to the trust rank.
  - 4. The system according to claim 3, wherein the central management subsystem is coupled to receive the policy from the server via the connector unit.
  - 5. The system according to claim 2, wherein the central management subsystem is coupled to compute a trust rank quantifying the trustworthiness of the second operating environment and to apply a policy applicable to the communication session responsively to the trust rank.
  - 6. The system according to claim 1, wherein the central management subsystem is coupled to report the assessed trustworthiness to the server by sending the assessed trustworthiness to the user computer, and wherein the user computer is coupled to send the assessed trustworthiness to the server.
  - 7. The system according to claim 1, wherein the central management subsystem is coupled to assess the trustworthiness by detecting variations in the operation of the second operating environment.
  - 8. The system according to claim 1, wherein the central management subsystem is coupled to provide Trusted Network Information (TNI) to the user computer for conducting the communication session, and wherein the user computer is coupled to receive the TNI from the central management subsystem and to conduct the communication session using the received TNI.
  - 9. The system according to claim 8, wherein the TNI comprises at least one information type selected from a group of types consisting of an Internet Protocol (IP) address, routing information, domain resolution information and a security certificate.
  - 10. The system according to claim 1, wherein the user computer is coupled to notify the central management subsystem before initiation of the communication session with the server, and wherein the central management subsystem is coupled to notify the server of the session initiation and of communication attributes to be used by the user computer in the session initiation, so as to cause the server to allow the session initiation based on the notified communication attributes.
  - 11. The system according to claim 10, and comprising a connector unit, which is connected to the server and is arranged to communicate with the central management subsystem so as to receive the communication attributes of the session initiation, and a packet filter, which is attached to the server and is arranged to accept the communication attributes from the connector unit and to allow the session initiation having the communication attributes.
  - 12. The system according to claim 10, wherein the communication attributes comprise at least one attribute selected from a group of attributes consisting of an IP address, a port number and a security certificate to be used by the user computer in the session initiation.
  - 13. The system according to claim 1, wherein the user computer comprises a virtualization unit, which is arranged to allocate resources of the user computer to the first and second operating environments.
  - 14. The system according to claim 1, wherein the user computer is coupled to enforce a policy of the server using the second operating environment.
  - 15. The system according to claim 14, wherein, in accordance with the policy, the user computer is coupled to selectively process information provided by the server from within the second operating environment.
  - 16. The system according to claim 15, wherein the information provided by the server comprises documents.
  - 17. The system according to claim 14, wherein, in accordance with the policy, the user computer is coupled to log an event related to the second operating environment and to forward the logged event to the server.
  - 18. The system according to claim 14, wherein, in accordance with the policy, the user computer is coupled, upon identifying that an action performed by a user of the user computer is predefined as a non-repudiation action, to cause the user to perform re-authentication and to forward a log of the re-authentication to the server.
  - 19. The system according to claim 1, wherein the central management subsystem is coupled to receive a notification from the server upon a change in communication settings of the server, and to update the user computer with the change.
  - 20. The system according to claim 1, wherein the central management subsystem is coupled to receive a notification from the user computer upon a change in communication settings of the user computer, and to update the server with the change.
  - 21. The system according to claim 1, wherein the user computer is coupled to identify a data packet indicating that a user of the user computer requests to initiate the communication session with the server from within the first operating environment, and to switch to initiating the communication session from within the second operating environment.
  - 22. The system according to claim 21, wherein the user computer runs a packet filtering process, which is arranged to process the data packet in accordance with a rule, and to forward the data packet to the second operating environment when the rule identifies that the data packet is related to communication with the server.
  - 23. The system according to claim 21, wherein the user computer is coupled to terminate initiation of the communication session in the first operating environment by sending an imitated reply packet to the first operating environment in response to the data packet.
  - 24. The system according to claim 1, wherein the central management subsystem is coupled to store an image code of the second operating environment, and wherein the user computer is coupled to download the image from the central management subsystem during the communication session.
  - 25. The system according to claim 1, wherein the central management subsystem comprises a configuration interface for configuring the second operating environment of the user computer.
  - 26. The system according to claim 1, wherein the central management subsystem is coupled to produce attestation information regarding the second operating environment based on the assessed trustworthiness of the second operating environment, and to provide the attestation information to the server.
  - 27. The system according to claim 1, wherein the central management subsystem is coupled to produce authentication information regarding the user computer based on the assessed trustworthiness of the second operating environment, and to provide the authentication information to the server.
  - 28. The system according to claim 1, wherein the central management subsystem is coupled to produce authentication information regarding a user of the user computer based on the assessed trustworthiness of the second operating environment, and to provide the authentication information to the server.
  - 29. The system according to claim 1, wherein the central management subsystem is coupled to assess the trustworthiness of information conveyed in the communication session and to report the assessed trustworthiness of the information to the server.

30. A user computer, comprising:
- a first operating environment for performing general-purpose operations; and
  
  a second operating environment configured expressly for interacting with a server in a protected communication session and is isolated from the first operating environment, where in the protected communication session the second operating environment exchanges transaction data with the server via a security protocol, where the general-purpose operations performed in the first operating environment do not affect operation of the second operating environment, and where the first operating environment does not interact with the server in the protected communication session,the second operating environment further coupled to provide information to a central management subsystem external to the user computer to enable the central management subsystem to assess a trustworthiness of the second operating environment including to monitor a performance of software components of the second operating environment during the protected communication session to determine if the monitored performance matches an expected performance of code for the second operating environment, the central management subsystem further to report the assessed trustworthiness to the server to cause the server to control the communication session between the server and the user computer based on the assessed trustworthiness,wherein the central management subsystem is further coupled to one or more additional servers and one or more additional user computers, each user computer configured to run respective first and second operating environments to interact in respective communication sessions with one or more of the additional servers using the second operating environments and to perform general-purpose operations using the first operating environments,wherein the second operating environments are isolated from the respective first operating environments, and the central management subsystem external to the servers and the user computers, the central management subsystem further configured to assess the trustworthiness of respective second operating environments running on the additional user computers including to monitor a performance of software components of the second operating environments during the protected communication sessions to determine if the monitored performance matches an expected performance of code for the second operating environments, the central management subsystem further to report the assessed trustworthiness to the servers to cause the server to control the communication sessions between the servers and the user computers based on the assessed trustworthiness.

31. A computer software product for use in a user computer, the product comprising a non-transitory computer-readable storage medium, in which program instructions are stored, which instructions, when executed by the user computer, cause the user computerto run a first operating environment for performing general-purpose operations,to run a second operating environment configured expressly for interacting with a server in a protected communication session and is isolated from the first operating environment, where in the protected communication session the second operating environment exchanges transaction data with the server via a security protocol, where the general-purpose operations performed in the first operating environment do not affect operation of the second operating environment, and where the first operating environment does not interact with the server in the protected communication session, andto provide information by the second operating environment to a central management subsystem external to the user computer to enable the central management subsystem to assess a trustworthiness of the second operating environment including to monitor a performance of software components of the second operating environment during the protected communication sessionto determine if the monitored performance matches an expected performance of code for the second operating environment, andto control the communication session between the server and the user computer based on the assessed trustworthiness,wherein the central management subsystem is further coupled to one or more additional servers and one or more additional user computers, each user computer configured to run respective first and second operating environments to interact in respective communication sessions with one or more of the additional servers using the second operating environments and to perform general-purpose operations using the first operating environments,wherein the second operating environments are isolated from the respective first operating environments, and the central management subsystem external to the servers and the user computers, the central management subsystem further configured to assess the trustworthiness of respective second operating environments running on the additional user computers including to monitor a performance of software components of the second operating environments during the protected communication sessions to determine if the monitored performance matches an expected performance of code for the second operating environments, the central management subsystem further to report the assessed trustworthiness to the servers to cause the server to control the communication sessions between the servers and the user computers based on the assessed trustworthiness.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Intel Corporation, Neocleus Israel Limited
Original Assignee
Intel Corporation
Inventors
Bogner, Etay
Primary Examiner(s)
CHOUDHURY, AZIZUL Q

Application Number

US11/835,995
Publication Number

US 20080040478A1
Time in Patent Office

2,141 Days
Field of Search

None
US Class Current

709/224
CPC Class Codes

H04L 63/0263 Rule management

System for extranet security

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

80 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

System for extranet security

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

80 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links