System and method for installing an auditable secure network
First Claim
1. A system for generating, installing to a plurality of linked remote computers, and monitoring a secure network of nodes, said system comprising:
- A. at least one software application;
B. an installation server, configured to facilitate installation of said at least one software application;
C. a generator, configured to generate a plurality of software components from a network definition, including a plurality of agent modules, wherein each agent module is executable on a corresponding remote computer to initiate communication with said installation server and subsequent installation of a corresponding software application on said remote computer to form a node, wherein each of said nodes is capable of automatically establishing communication with others of said nodes according to said network definition;
D. a monitor node configured to monitor security of said network; and
E. wherein said network definition includes a plurality of node definitions, each node definition including;
(i) an identification of one of said plurality of remote computers;
(ii) an identification of at least one software application to be installed on said remote computer to form a node; and
(iii) an identification of each other node to which said node is to be linked.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for generating and remotely installing a private secure and auditable network is provided. Node identification, link, and application information is input into a template. A generator generates components using the information in the template and the components are remotely installed using an installation server. The components include agent modules which are each installed at predetermined target site and establish communication with the installation server to facilitate the download of other components, including application software and configuration files. Each node can only be installed once and is specific to a predetermined target site. For each link, a unique pair of keys is generated in a form which is not human readable, each key corresponds to a different direction of communication over the link. Data transmitted between nodes is encrypted using public-private key pairs. At least one monitor node manages the security of the network, strobes keys, and may take nodes out of the network in the event of a security violation. In such a case, one or more nodes, or the entire network, may be regenerated and installed anew. Throughout the generation and installation a plurality of verifications, authorizations, and password entries may be required by independent groups to arrive at the network. Preferably, the installation is audited by several groups, and the overall operation may be audited by a second monitor node to detect the presence of an interposed “pirate” node.
222 Citations
58 Claims
-
1. A system for generating, installing to a plurality of linked remote computers, and monitoring a secure network of nodes, said system comprising:
-
A. at least one software application;
B. an installation server, configured to facilitate installation of said at least one software application;
C. a generator, configured to generate a plurality of software components from a network definition, including a plurality of agent modules, wherein each agent module is executable on a corresponding remote computer to initiate communication with said installation server and subsequent installation of a corresponding software application on said remote computer to form a node, wherein each of said nodes is capable of automatically establishing communication with others of said nodes according to said network definition;
D. a monitor node configured to monitor security of said network; and
E. wherein said network definition includes a plurality of node definitions, each node definition including;
(i) an identification of one of said plurality of remote computers;
(ii) an identification of at least one software application to be installed on said remote computer to form a node; and
(iii) an identification of each other node to which said node is to be linked. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A system for generating, installing to a plurality of linked remote computers, and monitoring a secure network of nodes, said system comprising:
-
A. at least one software application;
B. an installation server, configured to facilitate installation of said at least one software application;
C. a generator, configured to generate a plurality of software components from a network definition, including a plurality of agent modules, wherein each agent module is executable on a corresponding remote computer to initiate communication with said installation server and subsequent installation of a corresponding software application on said remote computer to form a node, wherein each of said nodes is capable of automatically establishing communications with others of said nodes according to said network definition;
D. a monitor node configured to monitor security of said network, wherein said monitor node and each of said nodes communicate using secure data transfer; and
E. wherein said network definition includes a plurality of node definitions, each node definition including;
(i) an identification of one of said plurality of remote computers;
(ii) an identification of at least one software application to be installed on said remote computer to form a node; and
(iii) an identification of each other node to which said node is to be linked. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A system for generating, installing to a plurality of linked remote computers, and monitoring an auditible secure network of nodes, said system comprising an secure network:
-
A. at least one software application;
B. an installation server, configured to facilitate installation of said at least one software application;
C. a generator, configured to generate a plurality of software components from a network definition, including a plurality of agent modules, wherein each agent module is executable on a predetermined corresponding remote computer to initiate communication with said installation server and subsequent installation of a predetermined corresponding software application on said remote computer to form a node, wherein each of said nodes is capable of automatically establishing communication with others of said nodes according to said network definition, and wherein said subsequent installation is contingent upon a first verification that said agent module is installed on its corresponding remote computer and wherein said installation is further contingent upon a second verification that said software application is installed on its predetermined corresponding remote computer;
D. a monitor node configured to monitor security of said network; and
E. wherein said network definition includes a plurality of node definitions, each node definition including;
(i) an identification of one of said plurality of remote computers;
(ii) an identification of at least one software application to be installed on said remote computer to form a node; and
(iii) an identification of each other node to which said node is to be linked. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36)
-
-
37. A method for generating, installing to a plurality of remote computers, and monitoring a secure network having a plurality of nodes, a generator, an installation server, and a monitor node, the method comprising the steps:
-
A. creating a network definition, including information that describes each remote computer, at least one software application to be installed on each remote computer, and each link between nodes;
B. generating with said generator a plurality of software components, as a function of said network definition, including a plurality of agent modules, wherein each agent module is executable on a preselected one of said remote computers and includes functionality to communicate with said installation server;
C. executing an agent module on its corresponding remote computer, wherein said agent module automatically establishes communication with said installation server;
D. downloading, using said installation server, to said remote computer a corresponding at least one software application;
E. executing said at least one software application on said remote computer to form a node and automatically establishing a connection with said monitor node;
F. selectively linking said node to others of said plurality of nodes according to said network definition; and
G. repeating steps C through F for each agent module and corresponding remote computer. - View Dependent Claims (38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55)
-
-
56. A method for generating, installing to a plurality of remote computers, and monitoring a secure network having a plurality of nodes, a generator, an installation server, and a monitor node, said network used for conducting financially related transactions between a custody system of a bank and a trading system of a financial client, the method comprising the steps of:
-
A. creating, by a bank sales department, a network definition embodying the network required by the financial client and to be generated, installed and monitored by the bank;
wherein said network definition includes a plurality of node definitions, each node definition including;
(i) an identification of one of said plurality of remote computers;
(ii) an identification of at least one software application to be installed on said remote computer to form a node; and
(iii) an identification of each other node to which said node is to be linked. B. modeling and testing said network definition, by a bank development group;
C. obtaining authorization from a bank network administration group and installing said network definition on said generator, by said bank development group;
D. obtaining by said bank sales group a sales password and authorization to install network from said network administration group;
E. auditing on said generator a generated network definition by comparing said generated network definition to said network definition and inputting said sales password as an indication of a favorable comparison, by said bank sales group;
F. obtaining by a bank audit group, an audit password and authorization to install network from said network administration group;
G. auditing on said generator a generated network definition by comparing said generated network definition to said network definition and inputting said audit password as an indication of a favorable comparison, by said bank audit group;
H. generating with said generator a plurality of software components to be installed on said plurality of remote computers to form said plurality of nodes of said network, said components including;
(i) a plurality of agent modules, each agent module having the capability to establish communications with said installation server;
(ii) a local sales password, for each agent module;
(iii) a local audit password for each agent module;
I. registering said agent modules with said installation server, wherein said installation server has access to at least one or more bank custody software applications to be stored on each of said plurality of remote computers to form said nodes, according to said network definition;
J. communicating to each remote computer a corresponding one of said local sales passwords to a sales department representative;
K. communicating to each remote computer a corresponding one of said local audit passwords to an audit department representative;
L. executing each agent module on its corresponding remote computer, entering said local sales password to verify that said agent module is installed on its corresponding remote computer according to said network definition, and downloading said corresponding at least one bank custody software application;
M. executing each of said at least one software applications on its corresponding remote computer, establishing communication with said monitor node, entering said local audit password to verify that said at least one software application is installed on its corresponding remote computer according to said network definition; and
N. selectively linking said nodes into said network.
-
-
57. A method for generating, installing to a plurality of remote computers, and monitoring a secure network having a plurality of nodes, a generator, an installation server, and a monitor node, wherein the secure network is used for the exchange of confidential data between a first system of a first group and a second system of a second group, the method comprising the steps:
-
A. creating a network definition, including information that describes each remote computer, at least one first group software application to be installed on each remote computer, and each link between nodes;
B. generating with said generator a plurality of software components, as a function of said network definition, including a plurality of agent modules, wherein each agent module is executable on a preselected one of said remote computers and includes functionality to communicate with said installation server;
C. executing an agent module on its corresponding remote computer, wherein said agent module automatically establishes communication with said installation server;
D. (i) human auditing and verifying that said agent module is installed on its corresponding remote computer according to said network definition by a third group; and
(ii) downloading, using said installation server, to said remote computer a corresponding at least one first group software application;
E. (i) executing said at least one first group software application on said remote computer to form a node and automatically establishing a connection with said monitor node; and
(ii) human auditing and verifying that said at least one first group software application is installed on its corresponding remote computer according to said network definition by a fourth group, independent from said third group;
F. communicating with others of said plurality of nodes according to said network definition; and
G. repeating steps C through F for each agent module and corresponding remote computer. - View Dependent Claims (58)
-
Specification