ABSTRACT:
A multi-level network security system is disclosed for a computer host device coupled to at least one computer network. The system including a secure network interface Unit (SNIU) contained within a communications stack of the computer device that operates at a user layer communications protocol. The SNIU communicates with other like SNIU devices on the network by establishing an association, thereby creating a global security perimeter for end-to-end communications and wherein the network may be individually secure or non-secure without compromising security of communications within the global security perimeter. The SNIU includes a host
etwork interface for receiving messages sent between the computer device and network. The interface operative to convert the received messages to and from a format utilized by the network. A message parser for determining whether the association already exists with another SNIU device. A session manager coupled to said network interface for identifying and verifying the computer device requesting access to said network. The session manager also for transmitting messages received from the computer device when the message parser determines the association already exists. An association manager coupled to the host
etwork interface for establishing an association with other like SNIU devices when the message parser determines the association does not exist.
REFERENCES:
patent: 4104721 (1978-08-01), Markstein et al.
patent: 4694492 (1987-09-01), Wirstrom et al.
patent: 4799153 (1989-01-01), Hann et al.
patent: 4882752 (1989-11-01), Lindman et al.
patent: 4885789 (1989-12-01), Burger et al.
patent: 4896319 (1990-01-01), Lidinsky et al.
patent: 4924513 (1990-05-01), Herbison et al.
patent: 4962449 (1990-10-01), Schlesinger
patent: 5032979 (1991-07-01), Hecht et al.
patent: 5056140 (1991-10-01), Kimbell
patent: 5075884 (1991-12-01), Sherman et al.
patent: 5111390 (1992-05-01), Ketcham
patent: 5113499 (1992-05-01), Ankney et al.
patent: 5126728 (1992-06-01), Hall
patent: 5163147 (1992-11-01), Orita
patent: 5204961 (1993-04-01), Barlow
patent: 5249212 (1993-09-01), Covey et al.
patent: 5249231 (1993-09-01), Covey et al.
patent: 5253294 (1993-10-01), Maurer
patent: 5272754 (1993-12-01), Boerbert
patent: 5276735 (1994-01-01), Boebert et al.
patent: 5283828 (1994-02-01), Saunders et al.
patent: 5287519 (1994-02-01), Dayan et al.
patent: 5295266 (1994-03-01), Hinsley et al.
patent: 5323146 (1994-06-01), Glaschick
patent: 5361359 (1994-11-01), Tajalli et al.
patent: 5369702 (1994-11-01), Shanton
patent: 5369707 (1994-11-01), Follendore, III
patent: 5375244 (1994-12-01), McNair
patent: 5410543 (1995-04-01), Seitz et al.
patent: 5414833 (1995-05-01), Hershey et al.
patent: 5414844 (1995-05-01), Wang
patent: 5416842 (1995-05-01), Aziz
patent: 5442702 (1995-08-01), van Ooijen et al.
patent: 5455861 (1995-10-01), Faucher et al.
patent: 5473696 (1995-12-01), van Breemen et al.
patent: 5511122 (1996-04-01), Atkinson
patent: 5515441 (1996-05-01), Faucher
patent: 5519704 (1996-05-01), Farinacci et al.
patent: 5533123 (1996-07-01), Force et al.
patent: 5535276 (1996-07-01), Ganesan
patent: 5537544 (1996-07-01), Morisawa et al.
patent: 5544245 (1996-08-01), Tsubakiyama
patent: 5548721 (1996-08-01), Denslow
patent: 5550984 (1996-08-01), Gelb
patent: 5555373 (1996-09-01), Dayan et al.
patent: 5557742 (1996-09-01), Smaha et al.
patent: 5574912 (1996-11-01), Hu et al.
patent: 5577209 (1996-11-01), Boyle et al.
patent: 5586260 (1996-12-01), Hu
patent: 5590266 (1996-12-01), Carson et al.
patent: 5596718 (1997-01-01), Boebert
patent: 5602918 (1997-02-01), Chen et al.
patent: 5606668 (1997-02-01), Shwed
patent: 5619657 (1997-04-01), Sudama et al.
patent: 5623601 (1997-04-01), Vu
patent: 5652908 (1997-07-01), Douglas et al.
patent: 5680461 (1997-10-01), McManis
patent: 5689566 (1997-11-01), Nguyen
patent: 5692124 (1997-11-01), Holden et al.
patent: 5708655 (1998-01-01), Toth et al.
patent: 5712914 (1998-01-01), Aucsmith et al.
patent: 5774551 (1998-06-01), Wu et al.
patent: 5781550 (1998-07-01), Templin et al.
patent: 5781632 (1998-07-01), Odom
patent: 5784566 (1998-07-01), Viavant et al.
patent: 5793866 (1998-08-01), Brown et al.
patent: 5796424 (1998-08-01), Ely et al.
patent: 5796727 (1998-08-01), Harrison et al.
patent: 5826014 (1998-10-01), Coley et al.
patent: 5828832 (1998-10-01), Holden et al.
patent: 5832228 (1998-11-01), Holden et al.
patent: 5835724 (1998-11-01), Smith
patent: 5864683 (1999-01-01), Boebert et al.
patent: 5889866 (1999-03-01), Cyras et al.
patent: 5896499 (1999-04-01), McKelvey
patent: 5898784 (1999-04-01), Kirby et al.
patent: 5905736 (1999-05-01), Ronen et al.
patent: 5940591 (1999-08-01), Boyle et al.
patent: 5963915 (1999-10-01), Kirsch
patent: 5983350 (1999-11-01), Minear et al.
patent: 6003084 (1999-12-01), Green et al.
patent: 6070198 (2000-05-01), Krause et al.
patent: 6088450 (2000-07-01), Davis et al.
patent: 6088451 (2000-07-01), He et al.
patent: 6141758 (2000-10-01), Benantar et al.
patent: 6226383 (2001-05-01), Jablon
patent: 6272538 (2001-08-01), Holden et al.
patent: 6272639 (2001-08-01), Holden et al.
patent: 6282652 (2001-08-01), Scheifler
patent: 6408336 (2002-06-01), Schneider et al.
patent: 6643698 (2003-11-01), Holden et al.
patent: 6760768 (2004-07-01), Holden et al.
patent: 6993582 (2006-01-01), Holden et al.
patent: 7475137 (2009-01-01), Holden et al.
patent: 2005/0010766 (2005-01-01), Holden et al.
patent: 0436799 (1991-07-01), None
Lu et al., “A Model for Multilevel Security in Computer Networks”, IEEE Transactions on Software Engineering, Jun. 1990, pp. 647-659.
Jan Watts, Network Communications (OSI Model); PC-Computing, v4, No. 1, p. 164 (2); Jan. 1991.
Scott Palmer, Microsoft OS-2 to Conform to Posix, C2 Security Level; Fed. Comp. Week; v3, No. 15, p. 6(1); Apr. 10, 1989 (abstract).
Bob Mitze, Security Through Software (Unix System V/MLS Multi-Level Security O/S); Exe, v4, No. 6, p. 53 (1); Nov. 1989, 2 pages.
D.D. Schnackenberg, “Development of a Multilevel Secure Local Area Network” from the proceedings of the 8th National Computer Security Conference on Sep. 30, 1985, pp. 97-101.
Junior Nagaki et al., “Integration of Digital, Voice and Video Data on a Multi-level Secure Fiber Optic Network”, MILCOM, Oct. 21, 1985, 5 pages.
Phillip C. Stover, “Designing Multilevel Secure Networks” Boeing Aerospace Company.
Morrie Grasser et al., “The Digital Distributed System Security Architecture” 1990 IEEE Conference on Security and Privacy, pp. 305-319.
Data Sheet, published by the National Computer Security Center at Fort Meade, Maryland, dated Jul. 25, 1990, describing the Verdix Secure Local Area Network (VSLAN), 10 pages.
“NCR Unveils Top End; Distributed Transaction Processing Management System Brings Mainframe-Class OLTP to Open Systems” (Online Transaction Processing), published Jan. 28, 1991, in the Work Group Computing Report, 2 pages.
Jan P. Kruys, “Security of Open Systems”, Computers and Security 8 (1989), pp. 139-147.
J.M. Rushby et al., “A Distributed Secure System”, IEEE, 1983, pp. 127-135.
Ruth Nelson et al., “SDNS Architecture and End-to-End Encryption”, of GTE Government System Corporation Electronic Defense Communications Division dated 1989, pp. 356-366.
V. L.. Voydock et al., “Security Mechanisms in High-Level Network Protocols”, published in Computing Surveys, vol. 15, No. 2, Jun. 1983, pp. 135-171.
R. Atkins, “IP Authentication Header”, Naval Research Laboratory, Aug. 1995, 13 pages.
R. Atkins, “IP Encapsulating Security Payload (ESP)”,Naval Research Laboratory, Aug. 1995, 10 pages.
Kent, et al., “RFC 2401—Security Architecture for the Internet Protocol”, Network Working Group, Nov. 1998, 51 pages.
G. Lawton, “S/WAN Swims Along”, SunWorld, Jun. 1996, 7 pages.
Maughan, et al., Internet Security Association and Key Management Protocol (ISAKMP), Network Working Group, Nov. 1998, 81 pages.
Dinkel, et al., �