Methods and systems for managing concurrent unsecured and cryptographically secure communications across unsecured networks
First Claim
1. An endpoint comprising:
- a computing system including a programmable circuit operatively connected to a memory and a communication interface, the communication interface configured to send and receive data packets via a data communications network;
a filter defined in the memory of the computing system, the filter configured to define one or more access lists, each access list defining a group of access permissions for a community of interest, wherein the community of interest includes one or more users, and wherein an access list from among the one or more access lists defines a set of clear text access permissions associated with a community of interest; and
a driver executable by the programmable circuit, the driver configured to cooperate with the communication interface to send and receive data packets via the data communications network, the driver configured to selectively split and encrypt a data packet into a plurality of data packets based at least in part upon the contents of the one or more access lists, the driver further configured to effectuate transmission of the split and encrypted data packet through transmission of the plurality data packets;
wherein the driver encrypts the data packets using a community-of-interest specific encryption key associated with the community of interest as identified upon the access list.
10 Assignments
0 Petitions
Accused Products
Abstract
An endpoint, method, and authorization server are disclosed which can be used to allow concurrent secure and clear text communication. An endpoint includes a computing system including a programmable circuit operatively connected to a memory and a communication interface, the communication interface configured to send and receive data packets via a data communications network. The endpoint also includes a filter defined in the memory of the computing system, the filter configured to define one or more access lists, each access list defining a group of access permissions for a community of interest. The community of interest includes one or more users, and an access list from among the one or more access lists defines a set of clear text access permissions associated with a community of interest. The endpoint also includes a driver executable by the programmable circuit, the driver configured to cooperate with the communication interface to send and receive data packets via the data communications network. The driver is also configured to selectively split and encrypt data into a plurality of data packets to be transmitted via the data communications network based at least in part upon the contents of the one or more access lists.
14 Citations
21 Claims
-
1. An endpoint comprising:
-
a computing system including a programmable circuit operatively connected to a memory and a communication interface, the communication interface configured to send and receive data packets via a data communications network; a filter defined in the memory of the computing system, the filter configured to define one or more access lists, each access list defining a group of access permissions for a community of interest, wherein the community of interest includes one or more users, and wherein an access list from among the one or more access lists defines a set of clear text access permissions associated with a community of interest; and a driver executable by the programmable circuit, the driver configured to cooperate with the communication interface to send and receive data packets via the data communications network, the driver configured to selectively split and encrypt a data packet into a plurality of data packets based at least in part upon the contents of the one or more access lists, the driver further configured to effectuate transmission of the split and encrypted data packet through transmission of the plurality data packets; wherein the driver encrypts the data packets using a community-of-interest specific encryption key associated with the community of interest as identified upon the access list. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A computer-implemented method of authorizing an computer-based endpoint for use in a secure network, the method comprising:
-
transmitting a request from the computer-based endpoint to authorize a user of the computer-based endpoint for operation on the secure network, the request including an identity of a user of the computer-based endpoint; receiving at the computer-based endpoint a set of one or more keys associated with communities of interest, the communities of interest defined to include the user; receiving at the computer-based endpoint one or more filters defining one or more access lists, wherein an access list from among the one or more access lists defines a set of clear text access permissions associated with a community of interest; and transmitting data packets from the computer-based endpoint to a network location, wherein the computer-based endpoint selectively splits and encrypts each data packet to be transmitted into a plurality of data packets based at least in part upon the contents of the one or more access lists, and wherein the computer-based endpoint transmits a split and encrypted data packet by transmitting the plurality of data packets split and encrypted from the data packet; wherein the computer-based endpoint encrypts the data packets using a community-of-interest specific encryption keys associated with the community of interest as identified upon the access list. - View Dependent Claims (12, 13, 14, 15, 16, 17)
-
-
18. An authorization system integrable into a secure network, the authorization system comprising:
-
an authorization server including a programmable circuit communicatively connected to a memory; a provisioning utility executable on the programmable circuit, the provisioning utility including program instructions which, when executed, cause the authorization server to; in response to a request from an computer-based endpoint to authorize a user of the computer-based endpoint for operation on the secure network, determine a set of communities of interest associated with the user defined in the provisioning utility; respond to the request by sending to the endpoint a set of one or more keys, associated with communities of interest, the communities of interest defined to include the user; sending to the endpoint one or more filters defining one or more access lists, wherein an access list from among the one or more access lists defines a set of clear text access permissions associated with a community of interest; and receiving a plurality of data packets from the computer-based endpoint, the plurality of data packets representing a primary data packet and being selectively split and encrypted from the primary data packet based at least in part upon the contents of the one or more access lists; wherein the computer-based endpoint encrypts the data packets using a community-of-interest specific encryption keys associated with the community of interest as identified upon the access list. - View Dependent Claims (19, 20, 21)
-
Specification