Patent
1996-10-03
1999-08-17
Palys, Joseph E.
G06F 1100, G06F 1300
Patent
active
059405910
ABSTRACT:
A multi-level security apparatus and method for a network employs a secure network interface unit (SNIU) coupled between each host or user computer unit and a network, and a security management (SM) architecture, including a security manager (SM) coupled to the network, for controlling the operation and configuration of the SNIUs coupled to the network. Each SNIU is operative at a session level of interconnection which occurs when a user on the network is identified and a communication session is to commence. When an SNIU is implemented at each computer unit on the network, a global security perimeter is provided. In a preferred embodiment, the SNIU is configured to perform a defined session level protocol (SLP), including the core functions of user interface, session manager, dialog manager, association manager and data sealer, and network interface. The SM architecture is implemented to ensure user accountability, configuration management, security administration, and validation key management on the network. The SM functions are distributed over three platforms, i.e., a SNIU security manager (SSM), an area security manager (ASM), and a network security manager (NSM).
REFERENCES:
patent: 4694492 (1987-09-01), Wirstrom et al.
patent: 4799153 (1989-01-01), Hann et al.
patent: 4882752 (1989-11-01), Lindman et al.
patent: 4962449 (1990-10-01), Schlesinger
patent: 5032979 (1991-07-01), Hecht et al.
patent: 5056140 (1991-10-01), Kimbell
patent: 5075884 (1991-12-01), Sherman et al.
patent: 5111390 (1992-05-01), Ketcham
patent: 5113499 (1992-05-01), Ankney et al.
patent: 5126728 (1992-06-01), Hall
patent: 5163147 (1992-11-01), Orita
patent: 5204961 (1993-04-01), Barlow
patent: 5249212 (1993-09-01), Covey et al.
patent: 5249231 (1993-09-01), Covey et al.
patent: 5283828 (1994-02-01), Saunders et al.
patent: 5287519 (1994-02-01), Dayan et al.
patent: 5295266 (1994-03-01), Hinsley et al.
patent: 5323146 (1994-06-01), Glaschick
patent: 5369702 (1994-11-01), Shanton
patent: 5369707 (1994-11-01), Follendore, III
patent: 5375244 (1994-12-01), McNair
patent: 5414833 (1995-05-01), Hershey et al.
patent: 5414844 (1995-05-01), Wang
patent: 5416842 (1995-05-01), Aziz
patent: 5511122 (1996-04-01), Atkinson
patent: 5519704 (1996-05-01), Farinacci et al.
patent: 5537544 (1996-07-01), Morisawa et al.
patent: 5550984 (1996-08-01), Gelb
patent: 5555373 (1996-09-01), Dayan et al.
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5574912 (1996-11-01), Hu et al.
patent: 5577209 (1996-11-01), Boyle et al.
patent: 5590266 (1996-12-01), Carson et al.
patent: 5596718 (1997-01-01), Boebert
patent: 5606668 (1997-02-01), Shwed
patent: 5692124 (1997-11-01), Holden et al.
"Development of a Multilevel Secure Local Area Network", by D.D. Schnackenberg from the proceedings of the 8th National Computer Security Conference on Sep. 30, 1985.
"Integration of Digital, Voice and Video Data on a Multilevel Secure Fiber Optic Network", by Junior Nagaki et al, presented at MILCOM '85 on Oct. 21, 1985.
"Designing Multilevel Secure Networks" by Phillip C. Stover of Boeing Aerospace Company.
"The Digital Distributed System Security Architecture" by Morrie Grasser et al. From the proceedings of the 1990 IEEE Conference on Security and Privacy.
A Data Sheet published by the National Computer Security Center at Fort Meade, Maryland, dated Jul. 25, 1990, describing the Verdix Secure Local Area Network (VSLAN).
Security Through Software, by Bob Mitze, dated Nov. 1989, discussing UNIX System V/MLS multi-level security operating system.
Microsoft to conform to Posix, C2 security level, by Scott D. Palmer, dated Apr. 10, 1989, published in the Federal Computer Week.
Network Communications, by Jan Watts, dated Jan. 1991, published in PC Computing.
NCR Unveils Top end . . . (Online Tranaction Processing), published Jan. 28, 1991, in the Work Group Computing Report.
"Security of Open Systems", by Jan P. Kruys, from Computers and Security 8 (1989), pp. 139-147.
"A Distribted Secure System", by J.M. Rushby et al., published in the IEEE, 1983.
"SDNS Architecture and End-to-End Encryption", by Ruth Nelson et al., of GTE Government System Corporation Electronic Defense Communications Division, dated 1989.
"Security Mechanisms in High-Level Network Protocols", by Victor L. Voydock et al., published in Computing Surveys, vol. 15, No. 2, Jun. 1983.
R. Atkins, "IP Authentication Header", Naval Research Laboratory, Aug. 1995.
R. Atkins, "IP Encapsulating Security Payload (ESP)", Naval Research Laboratory, Aug. 1995.
Kent, et al. "Security Architecture for the Internet Protocol", Network Working Group, Jul. 1998 (Internet Draft).
G. Lawton, "S/WAN Swims Along", SunWorld, Jun. 1996.
Maughan, et al., Internet Security Association and Key Management Protocol (ISAKMP), IPSEC Working Group, Mar. 10, 1998 (Internet Draft).
T. Matthews, "The S/WAN Initiative: Achieving IPSec Interoperability", Silicon Valley Networking Conference, May 21, 1996 (Internet Draft).
Lu, et al., A Model for Multilevel Security in Computer Networks', IEEE, 1988.
Dinkel, et al., "Prototyping SP4 a Security Data Network System Transport Protocol Interoperability Demonstration Project", NISTIR 90-4228, 1990.
"Remote Access to LANs, Intranets, Extranets becomes safe and easy" AT&T Debuts AT&T WorldNet Virtual Private Network Service, Released Nov. 18, 1997.
"Toshiba's Cryptogate Software Enables Creation of Virtual Private Networks" Technology, Feb. 5, 1997.
Boyle John M.
Maiwald Eric S.
Snow David W.
Elbaum Saul
ITT Corporation
Palys Joseph E.
Plevy Arthur L.
LandOfFree
Apparatus and method for providing network security does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Apparatus and method for providing network security, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Apparatus and method for providing network security will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-323654