Distributed security architecture

US 9,166,963 B2
Filed: 04/29/2013
Issued: 10/20/2015
Est. Priority Date: 03/05/2008
Status: Active Grant

First Claim

Patent Images

1. A method for comprehensive processing of open system interconnection (OSI) layers for network/routing isolation and formation of a scalable community of interest providing a hardware and software combined solution that includes open system interconnection 3.5 processing comprising:

providing a hardware and software combined solution;

providing comprehensive open system interconnection layer 3.5 processing;

implementing the comprehensive open system interconnection layer 3.5 processing into the hardware and software combined solution for comprehensive processing of OSI layers for network/routing isolation and formation of a scalable community of interest;

wherein the comprehensive open system interconnection layer 3.5 is in between network layer, layer 3, and transport layer, layer 4;

forming a first scalable community of interest based on at least a first security policy, wherein the first scalable community of interest admits at least a first set of mobile clients and wherein the first security policy includes a set of contextual flags, including at least an alert level flag and a system status flag;

accepting determinable portions of information data at the first set of mobile clients in response to a status condition of the system status flag;

receiving, from a first one of the mobile clients, a request to set the alert level flag to an elevated alert level; and

upon verification that the first mobile client is authorized to write to the alert level flag, setting the alert level flag to an elevated alert level and admitting at least a second set of mobile clients to the first scalable community of interest.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A distributed security architecture may include: a mobile anti-tamper hardware policy enforcement point configured to control communication behaviors of a mobile or stationary client by enforcing communication policies within a policy decision point; an anti-tamper hardware policy decision point encapsulated within the anti-tamper hardware policy enforcement point; a policy exchange channel for policy distribution modes configured to distribute and/or update communication and routing security policies to the client; a context manager configured to handle system-wide status change update signaling; and an authentication manager configured to provide clients with registration and credential/role assignments based on access policies. The distributed security architecture may be configured to provide open system interconnection layer 3.5 policy-based secure routing, and open system interconnection layer 2 policy-based mandatory access control address filtering to provide secure communication and computing for layers 4, 5, 6, and 7.

Citations

12 Claims

1. A method for comprehensive processing of open system interconnection (OSI) layers for network/routing isolation and formation of a scalable community of interest providing a hardware and software combined solution that includes open system interconnection 3.5 processing comprising:
- providing a hardware and software combined solution;
  
  providing comprehensive open system interconnection layer 3.5 processing;
  
  implementing the comprehensive open system interconnection layer 3.5 processing into the hardware and software combined solution for comprehensive processing of OSI layers for network/routing isolation and formation of a scalable community of interest;
  
  wherein the comprehensive open system interconnection layer 3.5 is in between network layer, layer 3, and transport layer, layer 4;
  
  forming a first scalable community of interest based on at least a first security policy, wherein the first scalable community of interest admits at least a first set of mobile clients and wherein the first security policy includes a set of contextual flags, including at least an alert level flag and a system status flag;
  
  accepting determinable portions of information data at the first set of mobile clients in response to a status condition of the system status flag;
  
  receiving, from a first one of the mobile clients, a request to set the alert level flag to an elevated alert level; and
  
  upon verification that the first mobile client is authorized to write to the alert level flag, setting the alert level flag to an elevated alert level and admitting at least a second set of mobile clients to the first scalable community of interest.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 wherein the providing the comprehensive open system interconnection layer 3.5 processing comprises providing secure comprehensive open system interconnection layer 3.5 processing.
  - 3. The method of claim 2, wherein the implementing the comprehensive open system interconnection layer 3.5 processing into the hardware and software combined solution for the comprehensive processing of the OSI layers for the network/routing isolation and the formation of the scalable community of interest comprises issuing policy data of the first security policy within the comprehensive open system interconnection layer 3.5 processing to the first set of mobile clients.
  - 4. The method of claim 3, wherein the issuing the policy data within the comprehensive open system interconnection layer 3.5 processing to the first set of mobile clients comprises:
    - issuing the information data to the first set of mobile clients; and
      
      accepting the determinable portions of the information data at the first set of mobile clients, the determinable portions of the information data being responsive to the policy data.

5. A non-transitory computer-readable storage medium storing one or more applications, which, when executed on a processor, perform an operation for comprehensive processing of open system interconnection (OSI) layers for network/routing isolation and formation of a scalable community of interest providing a hardware and software combined solution that includes open system interconnection 3.5 processing, the operation comprising:
- providing a hardware and software combined solution;
  
  providing comprehensive open system interconnection layer 3.5 processing;
  
  implementing the comprehensive open system interconnection layer 3.5 processing into the hardware and software combined solution for comprehensive processing of OSI layers for network/routing isolation and formation of a scalable community of interest;
  
  wherein the comprehensive open system interconnection layer 3.5 is in between network layer, layer 3, and transport layer, layer 4;
  
  forming a first scalable community of interest based on at least a first security policy, wherein the first scalable community of interest admits at least a first set of mobile clients and wherein the first security policy includes a set of contextual flags, including at least an alert level flag and a system status flag;
  
  accepting determinable portions of information data at the first set of mobile clients in response to a status condition of the system status flag;
  
  receiving, from a first one of the mobile clients, a request to set the alert level flag to an elevated alert level; and
  
  upon verification that the first mobile client is authorized to write to the alert level flag, setting the alert level flag to an elevated alert level and admitting at least a second set of mobile clients to the first scalable community of interest.
- View Dependent Claims (6, 7, 8)
- - 6. The non-transitory computer-readable storage medium of claim 5, wherein providing the comprehensive open system interconnection layer 3.5 processing comprises providing secure comprehensive open system interconnection layer 3.5 processing.
  - 7. The non-transitory computer-readable storage medium of claim 6, wherein the implementing the comprehensive open system interconnection layer 3.5 processing into the hardware and software combined solution for the comprehensive processing of the OSI layers for the network/routing isolation and the formation of the scalable community of interest comprises issuing policy data of the first security policy within the comprehensive open system interconnection layer 3.5 processing to the first set of mobile clients.
  - 8. The non-transitory computer-readable storage medium of claim 7, wherein the issuing the policy data within the comprehensive open system interconnection layer 3.5 processing to the first set of mobile clients comprises:
    - issuing the information data to the first set of mobile clients; and
      
      accepting the determinable portions of the information data at the first set of mobile clients, the determinable portions of the information data being responsive to the policy data.

9. A system, comprising:
- a hardware processor; and
  
  a memory storing one or more applications, which, when executed on the processor perform an operation for comprehensive processing of open system interconnection (OSI) layers for network/routing isolation and formation of a scalable community of interest providing a hardware and software combined solution that includes open system interconnection 3.5 processing, the operation comprising;
  
  providing a hardware and software combined solution,providing comprehensive open system interconnection layer 3.5 processing,implementing the comprehensive open system interconnection layer 3.5 processing into the hardware and software combined solution for comprehensive processing of OSI layers for network/routing isolation and formation of a scalable community of interest, wherein the comprehensive open system interconnection layer 3.5 is in between network layer, layer 3, and transport layer, layer 4;
  
  forming a first scalable community of interest based on at least a first security policy, wherein the first scalable community of interest admits at least a first set of mobile clients and wherein the first security policy includes a set of contextual flags, including at least an alert level flag and a system status flag,accepting determinable portions of information data at the first set of mobile clients in response to a status condition of the system status flag,receiving, from a first one of the mobile clients, a request to set the alert level flag to an elevated alert level, andupon verification that the first mobile client is authorized to write to the alert level flag, setting the alert level flag to an elevated alert level and admitting at least a second set of mobile clients to the first scalable community of interest.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9, wherein providing the comprehensive open system interconnection layer 3.5 processing comprises providing secure comprehensive open system interconnection layer 3.5 processing.
  - 11. The system of claim 10, wherein the implementing the comprehensive open system interconnection layer 3.5 processing into the hardware and software combined solution for the comprehensive processing of the OSI layers for the network/routing isolation and the formation of the scalable community of interest comprises issuing policy data of the first security policy within the comprehensive open system interconnection layer 3.5 processing to the first set of mobile clients.
  - 12. The system of claim 11, wherein the issuing the policy data within the comprehensive open system interconnection layer 3.5 processing to the first set of mobile clients comprises:
    - issuing information data to the first set of mobile clients; and
      
      accepting the determinable portions of the information data at the first set of mobile clients, the determinable portions of the information data being responsive to the policy data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Ramesh, Tirumale K., Meier, John L., Amanatullah, Jason Edward, Huang, Ming-Yuh
Primary Examiner(s)
Holder, Bradley
Assistant Examiner(s)
Shayanfar, Ali

Application Number

US13/872,619
Publication Number

US 20130239171A1
Time in Patent Office

904 Days
Field of Search

726/1
US Class Current

1/1
CPC Class Codes

H04L 63/0218   Distributed architectures, ...

H04L 63/0263   Rule management

H04L 63/08   for authentication of entit...

H04L 63/101   Access control lists [ACL]

H04L 63/20   for managing network securi...

H04L 69/32   Architecture of open system...

H04L 69/321   Interlayer communication pr...

Distributed security architecture

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Distributed security architecture

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links