COMPUTERIZED ACCESS DEVICE WITH NETWORK SECURITY
First Claim
1. A network access device adapted to provide network security functions, comprising:
- a software stack operative to run on said access device; and
first network security apparatus for use with said stack, said security apparatus adapted to communicate data with other like network security apparatus resident on a portable computing device over a data network by establishing an association, and where said first network security apparatus is configured to;
receive a message sent from said network security apparatus of said computing device;
determine whether an association between said network security apparatus and said network security apparatus of said portable computing device on said network exists;
convert at least a portion of said received message to a format utilized by said network; and
transmit said message received from said network security apparatus of said portable computing device to a third network security apparatus when said association does exist.
2 Assignments
0 Petitions
Accused Products
Abstract
A computerized access device useful within a network and adapted to provide communication security. In one embodiment, the network comprises an untrusted network, and the access device comprises stand-alone network security apparatus adapted to create associations with other network security devices on the network. Traffic between the associated devices may be encrypted for e.g., data confidentiality and integrity protection. In one variant, the network security apparatus comprises a software entity disposed at least partly within the software stack of a stand-alone hardware device. In another variant, the device functions as a gateway or portal to another network (e.g., the Internet or another untrusted network), or to another device within the same network.
104 Citations
101 Claims
-
1. A network access device adapted to provide network security functions, comprising:
-
a software stack operative to run on said access device; and
first network security apparatus for use with said stack, said security apparatus adapted to communicate data with other like network security apparatus resident on a portable computing device over a data network by establishing an association, and where said first network security apparatus is configured to;
receive a message sent from said network security apparatus of said computing device;
determine whether an association between said network security apparatus and said network security apparatus of said portable computing device on said network exists;
convert at least a portion of said received message to a format utilized by said network; and
transmit said message received from said network security apparatus of said portable computing device to a third network security apparatus when said association does exist. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44)
-
-
45. A portal device in communication with one or more devices via a data network and further adapted to provide network security functions, comprising:
-
a software stack operative to run on said portal device; and
network security apparatus for use with said stack, said security apparatus adapted to communicate data between a second network security apparatus resident on an untrusted computerized device on said data network and said one or more devices also located on said data network;
said network security apparatus operative to;
establish an ad hoc and temporary association between said portal device and said second network security apparatus of said computerized device;
receive a message sent from said computerized device;
modify at least a part of said received message to produce a modified message; and
transmit said modified message to at least one of said one or more devices resident on said data network. - View Dependent Claims (46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61)
-
-
62. A substantially stand-alone gateway device adapted to provide network security functions and bridging between two networks, comprising:
-
a software stack operative to run on said device; and
first network security apparatus for use with said stack, said security apparatus adapted to communicate data with other like network security apparatus over at least one of first and second data networks in data communication with said gateway device by establishing an association, and where said first network security apparatus is configured to;
receive a message sent from a higher layer process in said device for transmission over at least one of said networks;
determine whether an association between said first network security apparatus and another network security apparatus in communication with said at least one network exists;
convert at least a portion of said received message to a format utilized by said at least one network; and
transmit at least portions of said message to said another network security apparatus when said association does exist. - View Dependent Claims (63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88)
-
-
89. An access portal comprising;
-
a host computerized device;
a first computer program operative to run on said host computerized device to establish an ad hoc security association between said portal and a portable computer device, said first computer program comprising a key exchange algorithm adapted to cause said portal and said portable device to exchange respective cryptographic keys generated substantially while establishing said association, said keys being substantially unique to said association, said establishment of said association further comprising at least authentication of said portable device to said portal;
a second computer program operative to run on said host computer and adapted to decrypt data sent to the portal using at least one of said cryptographic keys; and
a third computer program operative to run on said host computer and adapted to evaluate said encrypted data sent from the portable device for at least data integrity using cryptographic residues generated by both said portable device and said residue. - View Dependent Claims (90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101)
-
Specification