Administration of multiple network system with a single trust module
First Claim
Patent Images
1. A secure internetwork system comprising:
- at least two networks each having a local encryption/decryption module to encrypt and decrypt data that does not include security control information;
a communication channel directly connecting the at least two networks over which the at least two networks communicate only data that does not include security control information to each other;
a first control channel, independent of the communication channel, over which to convey only security control information;
a second control channel, independent of the communication channel, over which to convey only security control information; and
a trust module isolated from the communication channel so as to not receive data and independent of the at least two networks to convey the security control information over the first control channel to the local encryption/decryption module of one of the at least two networks and to convey the security control information over the second control channel to the local encryption/decryption module of another of the at least two networks in order to manage authentication and rules for secure communication between and/or among the at least two networks, wherein the security control information that is conveyed over the first control channel and the second control channel to the local encryption/decryption module of the at least two networks is isolated from the communication channel over which data is conveyed in order to prevent the security control information from being conveyed on a same channel as the data.
1 Assignment
0 Petitions
Accused Products
Abstract
A trust module suitable for providing and managing network administration across multiple networks with different security levels. The trust module comprises an administration module to provide secure communication rules between and among the networks that define the manner in which the networks exchange secure communication over a data channel. The administration module includes a user interface to enable an administrator to define the secure communication rules and an encryption module to encrypt the secure communication rules. Advantageously, the trust module of the present invention allows for secure communication and attestation across an unsecure network and a secure network.
21 Citations
20 Claims
-
1. A secure internetwork system comprising:
-
at least two networks each having a local encryption/decryption module to encrypt and decrypt data that does not include security control information; a communication channel directly connecting the at least two networks over which the at least two networks communicate only data that does not include security control information to each other; a first control channel, independent of the communication channel, over which to convey only security control information; a second control channel, independent of the communication channel, over which to convey only security control information; and a trust module isolated from the communication channel so as to not receive data and independent of the at least two networks to convey the security control information over the first control channel to the local encryption/decryption module of one of the at least two networks and to convey the security control information over the second control channel to the local encryption/decryption module of another of the at least two networks in order to manage authentication and rules for secure communication between and/or among the at least two networks, wherein the security control information that is conveyed over the first control channel and the second control channel to the local encryption/decryption module of the at least two networks is isolated from the communication channel over which data is conveyed in order to prevent the security control information from being conveyed on a same channel as the data. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A method for providing secure communication between and among multiple networks, wherein each of the multiple networks has a local encryption/decryption module to encrypt and decrypt information that does not include security control information, the method comprising:
-
providing a trust module to manage secure communication between and among the networks; enabling an administrator to access the trust module in order to provide authorizations that define secure communication rules between and among the networks; providing a first control channel from the trust module to the local encryption/decryption module of a first network of the multiple networks and providing a second control channel from the trust module to the local encryption/decryption module of a second network of the multiple networks, the first control channel and the second control channel convey only the secure communication rules; sending the secure communication rules to the local encryption/decryption modules over the control channel; providing a data channel independent of the control channel over which the networks exchange only data that does not include security control information; and isolating the trust module from the data channel so as to not receive data; conveying data between or among the respective networks over the data channel in accordance with the secure communication rules received from the trust module. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
-
-
16. A trust module for an internetwork communication system that includes at least two independent networks each having a local encryption/decryption module to encrypt and decrypt data that does not include security control information, a data channel over which the networks communicate only the data, a control channel to convey only security control information with each of the local encryption/decryption modules of the at least two independent networks, the trust module comprising:
-
an administration module to provide secure communication rules between and among the networks that define the manner in which the networks exchange secure communication over the data channel; a user interface of the administration module to enable an administrator to define the secure communication rules; an encryption module of the administration module to encrypt the secure communication rules; and a first control channel entirely separate and independent of the data channel through which to send only the encrypted secure communication rules to the local encryption/decryption modules of a first network of the at least two independent networks and a second control channel physically separate from the first control channel and entirely and physically separate and independent of the data channel through which to send only the encrypted secure communication rules to the local encryption/decryption modules of a second network of the at least two independent networks, whereby to enable the respective networks to intercommunicate with each other according to rules defined by the administration module, wherein the trust module is isolated from the data channel so as to not receive the data. - View Dependent Claims (17, 18, 19, 20)
-
Specification