Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Particular communication authentication technique
Reexamination Certificate
1997-05-01
2001-04-03
Gregory, Bernarr E. (Department: 3662)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Particular communication authentication technique
C380S277000, C380S278000, C380S255000, C380S287000, C713S150000, C713S189000, C713S152000, C713S152000
Reexamination Certificate
active
06212636
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates in general to computer networks and in particular to establishing trust between secured users in a computer network environment.
BACKGROUND OF THE INVENTION
Multi-level secure (MLS) networks provide a means of transmitting data of different classification levels (i.e. Unclassified, Confidential, Secret and Top Secret) over the same physical network. To be secure, the network must provide the following security functions: data integrity protection, separation of data types, access control, authentication and user identification and accountability.
Data integrity protection ensures that data sent to a terminal is not modified enroute. Header information and security level are also protected against uninvited modification. Data integrity protection can be performed by checksum routines or through transformation of data, which includes private key encryption and public key encryption.
Separation of data types controls the ability of a user to send or receive certain types of data. Data types can include voice, video, E-Mail, etc. For instance, a host might not be able to handle video data, and, therefore, the separation function would prevent the host from receiving video data.
Access control restricts communication to and from a host. In rule based access control, access is determined by the system assigned security attributes. For instance, only a user having Secret or Top Secret security clearance might be allowed access to classified information. In identity based access control, access is determined by user-defined attributes. For instance, access may be denied if the user is not identified as an authorized participant on a particular project. For control of network assets, a user may be denied access to certain elements of the network. For instance, a user might be denied access to a modem, or to a data link, or to communication on a path from one address to another address.
Identification of a user can be accomplished by a unique name, password, retina scan, smart card or even a key for the host. Accountability ensures that a specific user is accountable for particular actions. Once a user establishes a network connection, it may be desirable that the user's activities be audited such that a “trail” is created. If the user's actions do not conform to a set of norms, the connection may be terminated.
Currently, there are three general approaches to providing security for a network: trusted networks, trusted hosts with trusted protocols, and encryption devices. The trusted network provides security by placing security measures within the configuration of the network. In general, the trusted network requires that existing protocols and, in some cases, physical elements be replaced with secure systems. In the Boeing MLS LAN, for instance, the backbone cabling is replaced by optical fiber and all access to the backbone is mediated by security devices. In the Verdix VSLAN, similar security devices are used to interface to the network, and the network uses encryption instead of fiber optics to protect the security of information transmitted between devices. VSLAN is limited to users on a local area network (LAN) as is the Boeing MLS LAN.
Trusted hosts are host computers that provide security for a network by reviewing and controlling the transmission of all data on the network. For example, the U.S. National Security Agency (NSA) has initiated a program called Secure Data Network System (SDNS) which seeks to implement a secure protocol for trusted hosts. In order to implement this approach, the installed base of existing host computers must be upgraded to run the secure protocol. Such systems operate at the Network or Transport Layers (Layers
3
or
4
) of the Open Systems Interconnection (OSI) model.
Encryption devices are used in a network environment to protect the confidentiality of information. They may also be used for separation of data types or classification levels. Packet encryptors or end-to-end encryption (EEE) devices, for instance, utilize different keys and labels in protocol headers to assure the protection of data. However, these protocols lack user accountability since they do not identify which user of the host is using the network, nor are they capable of preventing certain users from accessing the network. EEE devices typically operate at the Network Layer (Layer
3
) of the OSI model. There is a government effort to develop cryptographic protocols which operate at other protocol layers.
An area of growing concern in network security is the use of computer devices in non-secure networks. Such computer devices often include valuable information, which may be lost or stolen due to these computers being accessed through the non-secured network. In light of this problem, a number of related products have been developed. The products developed include Raptor Eagle, Raptor Remote, Entrust, Secret Agent and Veil. Although, these products serve the same purpose, a number of different approaches have been utilized. For example, Raptor Eagle, Raptor Remote, and Veil implement these products as software instantiations. While Entrust and Secret Agent utilize hardware cryptographic components. Additionally, Raptor products are also application independent.
A problem with the above described products is that none are based upon the use of highly trusted software. Veil is an off-line encryption utility, which cannot prevent the inadvertent release of un-encrypted information. While Raptor Eagle and Raptor Remote are based on software instantiations and thus cannot be verified at the same level of assurance. Secret Agent and Entrust while hardware based are dependent upon the development of integration software for specific applications.
Existing security devices require extensive management support or message overhead to establish trust between secured users in a network environment. The extensive management means that, in effect each secure network interface requires knowledge of all other secure network interfaces. This creates either a tremendous planning burden so that the data can be pre-positioned or a significant communications overhead to secure availability and consistency of the network configuration data.
Any scheme using symmetric encryption that requires pre-planning of a network topology also requires key extensive management support. In a tactical environment, the topology changes and one piece of equipment replaces another. Pre-planning becomes expensive and ineffective.
The alternative to pre-planning is message overhead. The message overhead can involve the introduction of messaging protocols as well as demands on bandwidth. Adding protocols decreases the deployability of the system by increasing the risk that the new protocols will be inconsistent with legacy systems.
Accordingly, an object of the present invention is to provide a security method capable of discovering needed trusted information over a computer network when that information is needed.
SUMMARY OF THE INVENTION
The present invention provides a method for establishing trust between secured users in a computer network. Dragonfly Secure Network Interface Units (SNIUs) use a combination of custom messages and standard ICMP Echo Request and Echo Reply messages to discover other Dragonfly SNIUs between two users on a network and establish a trusted communications path. The SNIUs in the communications path authenticate each other and exchange security parameters. Each SNIU is initialized with its own security parameters, but has no pre-positioned information concerning any other units or network topology. Once the path and an association between two SNIUs has been established, user datagrams are encapsulated in custom Dragonfly messages called Protected User Datagrams for secure transmission between two SNIUs. This collection of messages to establish and utilize associations is referred to as the Dragonfly Trusted Session Protocol (TSP).
REFERENCES:
patent: 4694492 (1987-09-01), Wirstrom et al.
patent: 4799153 (1989-01-01), Hann et
Boyle John
Holden James M.
Levin Stephen E.
Maiwald Eric S.
Nickel James O.
Buchanan & Ingersoll PC
Gregory Bernarr E.
ITT Manufacturing Enterprises
Plevy Arthur L.
Snow Mary
LandOfFree
Method for establishing trust in a computer network via... does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Method for establishing trust in a computer network via..., we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Method for establishing trust in a computer network via... will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2553128