Electrical computers and digital processing systems: support – Multiple computer communication using cryptography – Protection at a particular protocol layer
Reexamination Certificate
1998-02-18
2001-03-13
Iqbal, Nadeem (Department: 2785)
Electrical computers and digital processing systems: support
Multiple computer communication using cryptography
Protection at a particular protocol layer
C380S044000
Reexamination Certificate
active
06202153
ABSTRACT:
FIELD OF THE INVENTION
The present invention relates to methods and systems for securing information during communication.
BACKGROUND OF THE INVENTION
Method for securing information are known in art. Conventional methods are based on encryption wherein secured data is processed according to a predetermined encryption method or key to provide an encrypted file. Decoding the encrypted file, back to the original information requires processing the encrypted file backwards according to the encryption method or key.
Computers which are connected to WAN or LAN communication networks are vulnerable to hostile intrusion by unauthorized persons or data viruses which attempt to access classified files, download them and “crack” their encryption.
The problem is significantly enhanced for portable computers, which are also liable to be stolen along with the information contained therein.
Another major problem relates to securing access to data and devices when in communication over a network. Unauthorized network users may attempt to penetrate the secured system or try to send damaging software, such as software viruses. Prior art software systems such as fire-walls and the like, do not provide a full proof solution against such unauthorized attempts.
Another major problem relates to securing an organization's networks and computers against virus programs. A number of products currently provide on-line scanning of incoming communication to identify damaging software such as viruses (such as WebShield of Finjan Software Ltd. of Netania, Israel, PCFireWall and WebScan of McCafee Inc. of Santa Clara Calif.). It will be appreciated that scanning all incoming data and data changes during communication consumes a great deal of resources and is generally not performed at a full scale in real time.
U.S. Pat. No. 5,434,562 to David C. Reardon describes a manually user operable switch for securing a device such as a hard disk from unauthorized access from a network.
In computer systems, it is common to implement an audit log, to record security related activities in the system. In this case, the recorded log itself needs to be secured against future alteration, which will deceive the auditor to trust a forged record.
It will be appreciated that an effective security log needs to be written on a media which cannot be altered. A common method is to print the log on hard copy. While hard copy is difficult to alter, it is also more difficult to duplicate, process and communicate in a computerized environment.
Another method is to write the log on a Write Once Read Many media (such as Pinnacle RCD-1000, Pinnacle Micro Corporation). It will be appreciated that in practice Write Once Read Many data storage solutions are inferior to common read-write technologies (such as magnetic hard disks) in both performance and reliability. Furthermore, the installation of a Write Once device for the sole purpose of recording a log involves significant costs.
Special software applications are able to detect attempts of such hostile intrusion to computer resources by unauthorized persons or data viruses. In this case, the computer has to be restarted (boot operation) from a “clean media” which is often called a rescue diskette, since the hard drives of the computer are suspected to be contaminated. This clean media often includes removable media such as a diskette or a CD-ROM.
Methods for remotely connecting stations to devices are known in the art. It will be appreciated that in order to connect to a specified device, a user is usually required to provide access information, which includes one or more predetermined sequences, such as identification number, password and the like. Accordingly, the receiving device does not require any other information other than the access information.
The connecting or disconnecting of a station to a selected device is basically performed by a relay, electro-mechanical or electronic, at the remote switching device.
SUMMARY OF THE PRESENT INVENTION
It is an object of the present invention to provide a novel switching device for securely connecting a plurality of computer stations to a plurality of peripheral devises, which overcomes the disadvantages of the prior art.
It is a further object of the present invention to provide a novel method for securely connecting a plurality of computer stations to a plurality of peripheral devises.
There is thus provided in accordance with the present invention a system which includes a switching element for each of the computer stations connected thereto and further connected to at least two of the communication devices, a filter, connected to the switching element and a communication interface connected between the computer station and the filter.
The communication interface receives a connection request from the computer station, to connect to a requested one of the selected communication devices and provides a connection command to the filter, when the selected computer station is configured according to the connection request.
The filter provides the connection command to the switching element which connects the requested communication device to the selected computer station.
Furthermore, the filter and the communication interface provide data communication between the requested communication device and the computer station.
According to one aspect of the invention, the switching element disconnects the computer station from any communication device, before the connecting to the requested communication device.
According to another aspect of the present invention, there is provided a system for securely connecting at least one computer station to a plurality of communication devices. The system includes a switching element for each selected one of the computer stations, connected thereto. The switching element is further connected to at least two selected ones of the communication devices and a controller, connected to the switching element and the selected computer station.
The controller receives a connection request from the computer station, to connect to a requested one of the selected communication devices. The controller provides the connection command to the switching element, when the selected computer station is configured according to the connection request. Accordingly, the switching element connects the requested communication device to the selected computer station.
In accordance with another aspect of the present invention, there is thus provided a system for securely connecting a predetermined number of computer stations to a predetermined number of communication devices, via a predetermined number of communication lines. The number of communication lines is less than any one of the predetermined number of computer stations and the predetermined number of communication devices.
The system includes a remote switching device, connected to the communication devices, and a local switching device, connected to the computer stations. The remote switching device and the local switching device are connected therebetween via the communication lines.
The local switching device receives a connection request from one of the computer stations and connects the one of the computer stations to the remote switching device, via an available one of the communication lines.
The remote switching element further connects the available one of the communication lines to the requested communication device.
The local switching device can further connect the computer station to the remote switching device, via an available one of the communication lines, only when the computer station is configured according to the connect ion request.
The communication devices are generally peripheral devices and connections such as a printer, a network interface, a scanner, a modem, a switch, a hub, a router, a computer peripheral device, a server and the like.
The switching element is basically any element which can alternately connect between devices, such as a relay, a packet switch, a frequency based switch, a code switch, an optical switch, an analog switch, a
Brachel Nir
Diamant Erez
Netzer Lior
Prescher Amir
Darby & Darby
Iqbal Nadeem
Voltaire Advanced Data Security Ltd.
LandOfFree
Security switching device does not yet have a rating. At this time, there are no reviews or comments for this patent.
If you have personal experience with Security switching device, we encourage you to share that experience with our LandOfFree.com community. Your opinion is very important and Security switching device will most certainly appreciate the feedback.
Profile ID: LFUS-PAI-O-2529781