Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1997-10-24
2001-02-13
Beausoliel, Robert W. (Department: 2785)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S162000
Reexamination Certificate
active
06189101
ABSTRACT:
FIELD OF THE INVENTION
This invention relates generally to computer system network architectures. More particularly this invention relates to a system for creating and maintaining a secure network architecture allowing transmission of data and information when permitted and/or allowed to be accepted by a destination.
BACKGROUND
With the advent of computer networks has come the problem of secure communication over a network. In addition it is important in networks dealing with critical business transactions of an organization to have controls over who can send what information over the network and, as an added precaution, what network resources are permitted to accept what kinds of information.
Network architectures have been the subject of a great deal of inventive effort. For example, U.S. Pat. No. 5,548,726 to Pettus is granted for a “System For Activating New Service in Client Server Network by Reconfiguring the Multi-layer Network Protocol Stack Dynamically Within the Server Node.” This invention allows for a client, in a client server network, to access remote services by means of a communications directory located in each node of the network. The activities of the client are then controlled by the server which allows only certain activities to take place. Thus the client is effectively controlled by the server.
U.S. Pat. No. 5,577,209 to Boyle et al. was granted for an “Apparatus Invented for Providing Multi-level Security for Communication Among computers and terminals on a Network.” This system is a multi-level security system employing a secure network interface unit between each host computer, user computer and the network. This system also provided for security management architecture for controlling operation and configuration of the secure network interface units. Each secure network interface unit is configured to perform certain defined activities. Thus control in the network is achieved by virtue of a secure network interface unit. Presumably limitations on activities of workstations on the network are also controlled by the secure network interface unit.
Other types of architectures have attempted to control processing on the network by imparting to servers or network computers certain controls over the processing taking place on the network. U.S. Pat. No. 5,355,453 to Rew et al. describes a system where all networks are connected to a network controller unit for controlling what traffic is permitted on the network.
U.S. Pat. No. 5,287,537 to Newmark et al. was granted for “Distributing Processing System Having a Plurality of Computers Each Using Identical Retaining Information to Identify Another Computer For Executing a Received Command.” This system causes a computer that receives a command to forward that command to another if the first computer can not fulfill the command. The emphasis here is on the ability to shift processing to computers that can perform the desired task.
U.S. Pat. No. 5,502,576 to Ramsay et al was granted for a “Method and Apparatus for the Transmission, Storage, and Retrieval of Documents in An Electronic Domain.” This invention has a particular structure that facilitates processing time and achieving higher bandwidth over a network. Traffic on the network is concerned with maximizing the bandwidth of information that is sent over the network.
U.S. Pat. No. 5,109,385 to Tseung was granted for a “Guaranteed Reliable Broadcast Network.” This invention introduces a concept of an “arbitrator node” which manages traffic over the network in order to guarantee that a message is received by a particular network resource even though the resource may be busy, slow, or temporarily out of service. Thus the arbitrator node performs the function of a “traffic cop.”
Other inventions in the network security arena relate to methodologies of encryption, for example U.S. Pat. No. 5,295,188 to Wilson et al for “Public Encryption and Decryption Circuitry and Method,” U.S. Pat. No. 5,351,293 to Michener et al for a “System Method and Apparatus for Authenticating an Encrypted Signal,” and U.S. Pat. No. 5,226,079 to Holloway for “Non-repudiation in Computer Networks.”
Other patents have been granted for authentication and signature verification. For example, U.S. Pat. No. 5,189,700 to Blandford was granted for “Devices to 1) Supply Authenticated Time and 2) Time Stamp and Authenticate Digital Documents,” and U.S. Pat. No. 4,326,098 to Bouricius et al for a “High Security System for Electronic Signature Verification.” These and other tools provide certain software solutions whereby one party can sign a digital document and another party can authenticate from the source that the message is truly from a desired party.
These various approaches deal with control over the messages on a network as well as various forms of centralized control over traffic on the network.
However, it would be extremely useful if controls over network traffic, once established by a central authority were automatically enforced by every single network resource (that is, without limitation, all manner of workstations, modems, servers, and other equipment and software residing on the network). Thus, the solution to not only network security but also to the security of the types of transactions on a network could best be enforced if rules existed not only at the network server or node level but also at the workstations originating the traffic, the various network resources along the way to the transaction destination, and enforced by the destination network resource as well. By having these enforcement mechanisms at all locations within the network, network security is enhanced for all manner of transactions or operations on the network. Further, network bandwidth usage decreases since, typically, only those communications that are permitted are ever transmitted on the net.
SUMMARY OF THE INVENTION
It is therefore an object of the present invention to provide a network with enhanced integrity and security in the transmission and reception of information by various network resources.
It is a further object of the present invention to establish communications profiles for all network resources whereby the ability of such network resources to create, transmit, and receive information is defined for the network resources.
It is a further object of the present invention to provide arbitrator nodes as a type of network resource able to control network traffic and having knowledge of important, relevant characteristics of network resources connected to such arbitrators.
It is a further object of the present invention to create individual network resource communications profiles whereby a network resource on the network will be permitted to create only certain types of traffic.
It is a further object of the present invention to create individual network resources having a communications profile comprising certain types of communications which the network resource is capable of creating and certain types of communication (which may be different) which the network resource is capable of receiving.
It is a further object of the present invention to be able to encrypt a bitstream based upon communications profiles of the receiving network resources whereby the receiving network resource will be able to decrypt the bit stream only if the encrypted bitstream comprises information the receiving network resource is permitted to receive.
It is a further object of the present invention to create an arbitrator capability that stores and monitors the individual network resource communications profiles after network resources have been established by the arbitrator to insure that only appropriate traffic emerges from a network resource.
It is yet another object of the present invention to create an arbitrator which monitors the usage of the network resources, software on the network, and information by various network resources.
It is a further object of the present invention to create an arbitrator having knowledge of other network resources which are destinations for traffic and for which the arbitrator o
Beausoliel Robert W.
Elisca Pierre E.
Jones Tullar & Cooper P.C.
LandOfFree
Secure network architecture method and apparatus does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Secure network architecture method and apparatus, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Secure network architecture method and apparatus will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2585796