Scaleable multi-level security method in object oriented open network systems

US 20040015720A1
Filed: 07/19/2002
Published: 01/22/2004
Est. Priority Date: 07/19/2002
Status: Active Grant

First Claim

Patent Images

1. A method for securely transferring data between applications over a network comprising:

selecting a receive site address on a server;

defining a data payload for transmittal including data for transfer;

encrypting the data payload; and

transmitting the encrypted data payload from a send site address over a network to the receive site address.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system and method are provided for securely transferring data between applications over a network. According to one embodiment, a receive site address on a server is selected based on a first IP address/object filter table and a desired security level. A data payload for transmittal is defined the data payload is encrypted for transfer and the encrypted data payload is transmitted from a send site address over a network to the receive site address. The transmitted encrypted data is only received at the receive site address by decrypting the data payload and accepting the data based upon a second IP filter table and the address of the send site.

16 Citations

View as Search Results

23 Claims

1. A method for securely transferring data between applications over a network comprising:
- selecting a receive site address on a server;
  
  defining a data payload for transmittal including data for transfer;
  
  encrypting the data payload; and
  
  transmitting the encrypted data payload from a send site address over a network to the receive site address.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein selecting a site address is based upon a first IP address/object filter table and a desired security level.
  - 3. The method of claim 2, further comprising:
    - receiving the transmitted encrypted data payload over the network at the receive site address;
      
      decrypting the data payload; and
      
      accepting the data based upon a second IP address/object filter table and the send site address.
  - 4. The method of claim 1, wherein the data payload includes a data payload header comprising:
    - the system receive site address;
      
      a send object name;
      
      a receive object name; and
      
      receive object parameters.
  - 5. The method of claim 4, wherein the receiving includes separately decrypting the data payload header.
  - 6. The method of claim 5, wherein decrypting the data payload header includes accepting the data payload for decryption based upon anticipated values contained in the data payload header.
  - 7. The method of claim 1, wherein either the first or second IP address/object filter tables are changed periodically.
  - 8. The method of claim 1, wherein data is selected for secure transfer according to the predetermined security level.

9. A software product in an object-oriented networked system for secure transfer of data, the software product comprising:
- a first executable wrapper to wrap a first software application including;
  
  a first program code for accepting data at a send site from the first software application;
  
  a second program code for selecting a receive site on a network from a first filter table based upon a predetermined level security;
  
  a third program code for encrypting the accepted data from the first software application; and
  
  a fourth program code for transmitting data from the send site to the selected receive sight; and
  
  a second executable wrapper to wrap a second software application, the second executable wrapper including;
  
  a fifth program code for accepting transmitted data from the network at a selected receive site;
  
  a sixth program code for decrypting accepted data from the network;
  
  a seventh program code for accepting the decrypted data based upon the send site and a second filter table; and
  
  an eighth program code for providing decrypted data to the second software application.
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The software product of claim 9, wherein the second program code assembles the accepted data into a data payload including a data payload header.
  - 11. The software product of claim 10, wherein the data payload header includes:
    - the receive site address;
      
      a send object name;
      
      a receive object name; and
      
      receive object parameters.
  - 12. The software product of claim 11, wherein the seventh program code includes the data payload header.
  - 13. The software product of claim 12, wherein the sixth program code decrypts the data payload header by accepting data based upon anticipated values contained within the data payload header.
  - 14. The software product of claim 9, wherein the first and second filter tables are changed periodically.
  - 15. The software product of claim 9, wherein data is selected for secure transfer according to the desired security level.

16. A system for transmitting data objects across a network of computers comprising:
- a network of computers, including at least one server and at least one of client computers;
  
  a send addressable memory site within the network;
  
  a receive addressable memory site within the network;
  
  a first set of executable data located at a first addressable memory site within the network including;
  
  a first program code for selecting the receive memory site from a first filter table based upon a desired level of security;
  
  a second program code for encrypting a data payload including data for transmittal; and
  
  a third program code for transmitting the data payload from the send memory site to the receive memory site;
  
  a second set of executable data located at the receive memory site, the second set of executable data including;
  
  a fourth program code for accepting the transmitted data payload;
  
  a fifth program code for decrypting the accepted data payload; and
  
  a sixth program code for accepting the decrypted data payload based upon the send memory site and a second filter table.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The system of claim 16, wherein the data payload further includes a data payload header.
  - 18. The system of claim 16, wherein the data payload header includes:
    - the receive site address;
      
      a send object name;
      
      a receive object name; and
      
      receive object parameters.
  - 19. The system of claim 16, wherein the fifth program code further decrypts the data payload header.
  - 20. The system of claim 16, wherein decrypting the data payload header includes accepting data based upon the anticipated value of the data payload header.
  - 21. The system of claim 16, wherein the first and second filter tables are changed periodically.
  - 22. The system of claim 16, wherein the client is an unmanned combat air vehicle.
  - 23. The system of claim 16, wherein the client is a personal digital assistant.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Dubuque, Mark W.

Granted Patent

US 7,047,425 B2
Time in Patent Office

Days
Field of Search
US Class Current

713/201
CPC Class Codes

H04L 63/0428 wherein the data content is...

H04L 63/104 Grouping of entities

Scaleable multi-level security method in object oriented open network systems

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

16 Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Scaleable multi-level security method in object oriented open network systems

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links