Stand alone security device for computer networks

US 6,067,620 A
Filed: 05/28/1998
Issued: 05/23/2000
Est. Priority Date: 07/30/1996
Status: Expired due to Term

First Claim

Patent Images

1. A secured network interface unit (SNIU) for providing multi-level security on a network having a plurality of secured and unsecured users comprising:

network interface means for communicating with other SNIUs, and intercepting and retransmitting packets on said network, wherein said packets correspond to a message sent between a source and destination user, both selected from said plurality of secured and unsecured users;

means for identifying said source and destination users;

associating means for dynamically determining whether another SNIU is affiliated with said destination user, and dynamically creating an association with said other SNIU if one does not already exist;

said association including security and encryption data relating to both said source and destination users;

a trusted computing base for determining whether said message, if retransmitted to said destination user, will violate security parameters; and

,cryptographic means for encrypting messages sent to, and decrypting messages received from said other SNIU affiliated with said destination user.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A secured network interface unit (SNIU) for providing multi-level security on a network having a plurality of secured and unsecured users including: network interface means for communicating on the network; identifying the source and destination of a message intercepted on the network; determining the security levels of each of the plurality of users; a trusted computing base for determining whether the message, if transmitted to the destination user, will violate security parameters; and, cryptographically encrypting messages sent to, and decrypting messages received from another SNIU affiliated with the destination user.

155 Citations

23 Claims

1. A secured network interface unit (SNIU) for providing multi-level security on a network having a plurality of secured and unsecured users comprising:
- network interface means for communicating with other SNIUs, and intercepting and retransmitting packets on said network, wherein said packets correspond to a message sent between a source and destination user, both selected from said plurality of secured and unsecured users;
  
  means for identifying said source and destination users;
  
  associating means for dynamically determining whether another SNIU is affiliated with said destination user, and dynamically creating an association with said other SNIU if one does not already exist;
  
  said association including security and encryption data relating to both said source and destination users;
  
  a trusted computing base for determining whether said message, if retransmitted to said destination user, will violate security parameters; and
  
  ,cryptographic means for encrypting messages sent to, and decrypting messages received from said other SNIU affiliated with said destination user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The SNIU of claim 1, wherein the only path between said source and destination users is through said SNIU.
  - 3. The SNIU of claim 1, wherein said trusted computer base further comprises:
    - scheduler means for controlling the flow of data through said SNIU, access to memory, and ensuring that messages corresponding to the packets intercepted are not directly retransmitted to said destination user, without first accessing said trusted computing base; and
      
      ,message parser means for determining whether an association already exists with another SNIU corresponding to said first and second users.
  - 4. The SNIU of claim 3, wherein said scheduler means further controls the flow of data within said SNIU.
  - 5. The SNIU of claim 1, further comprising at least one table for logging an entry relating to select users of said plurality of secured and unsecured users, each entry including security data.
  - 6. The SNIU of claim 5, wherein said associating means further comprising means for substantially simultaneously transmitting a message intended to evoke a response from said destination user, and a message intended to evoke a response from another SNIU affiliated with said destination user, when there is no entry in said at least one table corresponding to said destination user.
  - 7. The SNIU of claim 6, wherein said SNIU further comprises response means for selectively deleting, processing, or forwarding messages received from other SNIUs, based upon the type of message each is, respectively.
  - 8. The SNIU of claim 7, wherein said response means further deletes messages intended to evoke a response from a destination user, processes messages intended to evoke a response from it, and forwards messages intended to evoke a response from another SNIU.
  - 9. The device of claim 1, wherein said intercepting means further processes Address Resolution Protocol (ARP) messages and Reverse Address Resolution Protocol (RARP) messages.
  - 10. The device of claim 1, wherein said interface means further coordinates the address of the multi-level security network interface with the addresses of said source and destination users.
  - 11. The device of claim 1, further comprising audit manager means for generating error messages when instructed to by said trusted computing base.

12. A method of providing multilevel security network on a network having a plurality of users comprising:
- transmitting a first message over said network from a first user selected from said plurality intended for a second user selected from said plurality;
  
  intercepting said first message with a first multilevel security network interface unit (SNIU);
  
  transmitting second and third messages over said network from said first SNIU intended for said second user;
  
  intercepting said second and third messages, and saving said second message, utilizing a second SNIU;
  
  transmitting fourth and fifth messages over said network intended for said second user utilizing said second SNIU;
  
  receiving said fourth and fifth messages at said second user, and causing said second user to ignore said fourth message and respond to said fifth message by transmitting a sixth message over said network intended for said second SNIU;
  
  receiving said sixth message with said second SNIU and transmitting a seventh message over said network intended for said first SNIU;
  
  receiving said seventh message with said first SNIU, and transmitting an eighth message over said network from said first SNIU intended for said second SNIU;
  
  receiving said eighth message with said second SNIU; and
  
  ,transmitting said first message over said network from said second SNIU, and intended for said second user.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22)
- - 13. The method of claim 12, wherein said second and fourth messages are messages intended to evoke a response from a SNIU affiliated with said second user.
  - 14. The method of claim 12, wherein said third and fifth messages are messages intended to evoke a response from said second user.
  - 15. The method of claim 12, wherein said seventh message includes security data.
  - 16. The method of claim 15, wherein said security data includes the security level of the second user and encryption information relating to said second SNIU.
  - 17. The method of claim 16, wherein said eighth message comprises said first message encrypted utilizing said encryption information included in said seventh message.
  - 18. The method of claim 15, wherein said first SNIU transmits said eighth message only if security parameters will not be violated.
  - 19. The method of claim 18, wherein said second SNIU transmits said first message only if said security parameters will not be violated.
  - 20. The method of claim 18, wherein said security parameters comprise mandatory access control parameters.
  - 21. The method of claim 19, wherein said security parameters comprise discretionary access control parameters.
  - 22. The method of claim 12, wherein if said first SNIU receives a response from said third message, said first SNIU transmits said first message directly to said second user only if security parameters will not be violated.

23. A secured network interface unit (SNIU) for providing multi-level security on a network having a plurality of secured and unsecured users comprising:
- network interface means for communicating on said network;
  
  means for identifying the source and destination of a message intercepted on said network;
  
  means for determining the security levels of each of said plurality of users;
  
  a trusted computing base for determining whether said message, if transmitted to said destination user, will violate security parameters; and
  
  , cryptographic means for encrypting messages sent to, and decrypting messages received from another SNIU affiliated with said destination user.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Round Rock Research LLC
Original Assignee
Micron Technology, Inc.
Inventors
Nickel, James O., Levin, Stephen E., Wrench, Edwin H., Holden, James M.
Primary Examiner(s)
Peeso, Thomas R.

Application Number

US09/086,367
Time in Patent Office

726 Days
Field of Search

713/155, 713/156, 713/160, 713/162, 713/168, 713/169, 713/201
US Class Current

713/155
CPC Class Codes

G06F 21/445   by mutual authentication, e...

G06F 21/57   Certifying or maintaining t...

G06F 2211/005   Network, LAN, Remote Access...

H04L 63/0218   Distributed architectures, ...

H04L 63/0272   Virtual private networks

H04L 63/0428   wherein the data content is...

H04L 63/12   Applying verification of th...

H04L 63/162   at the data link layer

Stand alone security device for computer networks

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

155 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

Stand alone security device for computer networks

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

155 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others