Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1999-03-12
2003-04-01
Hua, Ly V. (Department: 2131)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C713S152000, C713S151000, C713S153000, C709S200000, C709S241000
Reexamination Certificate
active
06542993
ABSTRACT:
BACKGROUND OF THE INVENTION
1. Field of the Invention
This invention relates to a security management system in an electronic network and a method for providing a plurality of security functions and, in particular, to such a system and method providing a plurality of security services and using a plurality of security mechanisms.
2. Discussion of the Related Art
Existing electronic network security services and products provide methods and mechanisms that are aimed at satisfying user needs for security. Some of these services and products claim a layered architecture, or multiple overlapping security methods or mechanisms.
Nevertheless, none of the existing methods and mechanisms comprises a logical architecture for complete end-to-end network security. That is, some needs are not provided for, or are not provided for in an effective, efficient way. For example, support for electronic commerce should provide secure support for all associated protocols.
SUMMARY OF THE INVENTION
According to one aspect of the invention, a method of managing security in an electronic network includes the steps of providing a plurality of security services, providing a plurality of security mechanisms, and linking the services and mechanisms with a plurality of security management functions.
It is a feature of the invention that the method supports all associated security protocols in the electronic network while maintaining transparency for message exchange.
Advantageously, the method of the invention readily provides compatibility with a plurality of environments, network types, and technologies.
In a preferred implementation of the invention, the method for providing electronic network security provides five functional hierarchical layers, one protocol handling access to the layers, and includes a security management information base segmented according to the five functional layers. The five functional layers are, from the base, fundamental security primitives, security mechanisms, security services, security management functions, and security policies. Each layer can contain several independent modules. Exchange of messages between modules in a layer and between layers is provided.
According to a second aspect of the invention, a security system for an electronic network includes a plurality of electronic processor-based devices organized in a plurality of hierarchies and/or layers. The devices provide a plurality of security services and a plurality of security mechanisms. The plurality of electronic processor-based devices also links the plurality of security services and the plurality of security mechanisms with a plurality of security management functions.
It is also a feature of this aspect of the invention that the system supports all associated security protocols in the electronic network while maintaining transparency for message exchange. Advantageously, the system of the invention readily provides compatibility with a plurality of environments, network types, and technologies.
In a preferred implementation of this aspect of the invention, the system for providing electronic network security includes devices in an electronic computational environment providing five functional hierarchical layers, includes one protocol manager handling access to the layers, and includes a security management information base segmented according to the five functional layers. The five functional layers are, from the base, fundamental security primitives, security mechanisms, security services, security management functions, and security policies. Each layer can contain several independent modules. Exchange of messages between modules in a layer and between layers is provided.
REFERENCES:
patent: 5933503 (1999-08-01), Schell et al.
patent: 5968176 (1999-10-01), Nessett et al.
patent: 6106569 (2000-08-01), Bohrer et al.
patent: 6212633 (2001-04-01), Levy et al.
Muftic et al.,SecurityArchitecture for Open Disitributed Systems, pp. 163-169, 1993, Chicester, UK, John Wiley and Sons.
Feghhi et al.,Digital Certificates: Applied Internet Security, pp. 22-26, Sep., 1998, Addison-Wesley.
Stallings,Network and Internetwork Security; Principles and Practice, pp. 4-14, 1995, Englewood Cliffs, NJ, Prentice-Hall.
Sherwood, “SALSA: A Method for Developing the Enterprise Security Architecture And Strategy”,Computers&Security, pp. 501-506, 1996, vol 15.
Hua Ly V.
Lucent Technologies - Inc.
LandOfFree
Security management system and method does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Security management system and method, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Security management system and method will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-3040862