Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-08-19
2004-01-27
Barron, Gilberto (Department: 2132)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C370S256000
Reexamination Certificate
active
06684335
ABSTRACT:
CROSS-REFERENCE TO RELATED APPLICATIONS
Not applicable.
STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT
Not applicable.
BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention generally relates to network architecture. More particularly, the invention relates to an architecture that facilitates isolating security intrusions. Still more particularly, the invention relates to a computer architecture in which each node in the architecture can communicate with and be programmed by only certain other predetermined nodes.
2. Background of the Invention
Computer networks generally comprise a plurality of computers or terminals coupled together to form a cohesive group of machines that can easily communicate with one another. Generally, each computer in a network can communicate directly with each of the other computers in the network. In the context of publicly available networks such as the Internet, any computer linked to the Internet generally can access all other computers linked to the Internet.
Individuals or companies that operate computer networks often employ system administrators to manage the network. The system administrator generally has unique privileges, not available to the general population of users of the network, to permit effective administration of the network. For example, the system administrator will be able to add or delete user accounts to control who should have access to the network. The administrator will also be able to specify what privileges or access rights each user will have. Certain sensitive information can be protected by only permitting those users with a need to such information to be able to access such information. The administrator can configure all other users to prevent them accessing the sensitive information. Often, there are multiple administrators of a computer network. More than one administrator may be necessary particularly to keep up with network administration needs of larger networks and companies.
With the ease of information access in a computer network, security may be a problem. A company may have highly sensitive information for which security is extremely important. A few examples of sensitive information include payroll data, personnel data, and customer specific confidential information. Breaches in network security can arise from at least two sources—infiltration from an unauthorized outside person (e.g., a non-employee) or a corrupt or dishonest employee internal to the company. Once having access to the network, either person may be able to copy, print or email sensitive information, erase accessible data to sabotage the system or other undesirable actions. A dishonest system administrator can cause even more harm than a user. For example, an administrator can erase or reformat a hard drive, prevent authorized users from accessing certain files and directories, and other actions.
Quickly and effectively responding to a security breach is extremely important. The response to a security breach includes two basic tasks. First, the security breach must be detected. That is, the system or security administrator must be able to detect that someone or some entity is attempting to infiltrate the network. Second, the system administrator must minimize the potential harm the security breach may cause. To date, however, there have not been consistently quick and accurate methods to isolate a security breach and minimize the harm to the system.
Accordingly, it would be extremely desirable to have a computer network that can quickly, accurately and consistently isolate a security breach thereby preventing the unauthorized entity or person from causing additional harm to the rest of the computer network. Despite the desire for improved network security, to date the field still lacks adequate security measures.
BRIEF SUMMARY OF THE INVENTION
The problems noted above are solved in large part by a communication network implementing a “resistance cell architecture.” Each cell in the architecture comprises communication equipment such as a cell communication device coupled to one or more computers or terminals. Each cell is only permitted to communicate directly with certain predetermined other cells in the architecture. If a cell has a communication to be transmitted to a cell to which it does not directly communicate, the communication will be sent from one cell to another until the communication reaches the intended recipient.
A security breach in the network can quickly, easily and effectively be isolated using the resistance cell architecture. For example, once the security intrusion (e.g., an unauthorized entity attempting to gain access the network) is detected, the cell through which the security intrusion is detected can be deactivated. Once deactivated, no transmissions from that infected cell or branch of the resistance cell architecture can reach other parts of the network. Alternatively, the infected cell or branch of the network can be ordered to self-destruct thereby providing additional security and assurance that the security breach is effectively eliminated.
Many cells in the resistance cell architecture can act as “masters” to other cells (called “subordinate” cells). Master cells control many functions and the communication behavior of their subordinate cells. A set of commands, including controls and sub-controls, permits the master cells to initiate subordinate cells into the resistance cell architecture, alter the operating characteristics of the architecture, respond to detected security breaches and problems, and permit administrators of master and subordinate cells to configure the administrator's cell.
REFERENCES:
patent: 4998279 (1991-03-01), Weiss
patent: 5159629 (1992-10-01), Double et al.
patent: 5280527 (1994-01-01), Gullman et al.
patent: 5353350 (1994-10-01), Unsworth et al.
patent: 5432850 (1995-07-01), Rothenberg
patent: 5440547 (1995-08-01), Easki et al.
patent: 5596718 (1997-01-01), Boebert et al.
patent: 5636282 (1997-06-01), Holmquist et al.
patent: 5778071 (1998-07-01), Caputo et al.
patent: 5790670 (1998-08-01), Bramlett
patent: 5815252 (1998-09-01), Price Francis
patent: 5878142 (1999-03-01), Caputo et al.
patent: 5905859 (1999-05-01), Holloway et al.
patent: 5931946 (1999-08-01), Terada et al.
patent: 6373826 (2002-04-01), Russell et al.
A complete CEM detector system for vacuum use, Electron And ION Detector Amptektron®, MD-501.
Frequently Asked Questions, Tellurex Corporation.
Hoover's Online: Hoover's Company Capsules.
Cryptography: The Study of Encryption, Copyright© Francis Litterio (2 pp.).
What is cryptography?, RSA Laboratories, Copyright © 1998 RSA Data Security, Inc. (18 pp.).
Epstein, III Edwin A.
Lu Chia-Sheng
Souvannavong Souk
Barron Gilberto
Conley & Rose, P.C.
Nobahar A.
LandOfFree
Resistance cell architecture does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Resistance cell architecture, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Resistance cell architecture will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3191256