Methods of operating portable computerized device with network security

Abstract

A multi-level network security system is disclosed for a computer host device coupled to at least one computer network. The system including a secure network interface Unit (SNIU) contained within a communications stack of the computer device that operates at a user layer communications protocol. The SNIU communicates with other like SNIU devices on the network by establishing an association, thereby creating a global security perimeter for end-to-end communications and wherein the network may be individually secure or non-secure without compromising security of communications within the global security perimeter. The SNIU includes a host / network interface for receiving messages sent between the computer device and network. The interface operative to convert the received messages to and from a format utilized by the network. A message parser for determining whether the association already exists with another SNIU device. A session manager coupled to said network interface for identifying and verifying the computer device requesting access to said network. The session manager also for transmitting messages received from the computer device when the message parser determines the association already exists. An association manager coupled to the host / network interface for establishing an association with other like SNIU devices when the message parser determines the association does not exist.

Description

RELATED APPLICATIONS [0001] The present application is a continuation of U.S. patent application Ser. No. 09 / 924,214, filed on Aug. 7, 2001, now U.S. Pat. No. 6,760,768, issued on Jul. 6, 2004, which is a continuation of U.S. patent application Ser. No. 09 / 127,280, filed on Jul. 31, 1998, now U.S. Pat. No. 6,272,538, issued on Aug. 7, 2001, which is a continuation-in-part of U.S. application Ser. No. 08 / 688,543, filed Jul. 30, 1996, now U.S. Pat. No. 5,832,228, issued on Nov. 3, 1998; and related to U.S. Pat. No. 5,577,209, entitled APPARATUS AND METHOD FOR PROVIDING MULTI-LEVEL SECURITY FOR COMMUNICATION AMONG COMPUTERS AND TERMINALS ON A NETWORK, issued to Boyle et al., Nov. 19, 1996. These references are hereby incorporated herein by reference in their entireties.BACKGROUND OF THE INVENTION [0002] 1. Field of the Invention [0003] The present invention relates in general to secure and multi-level secure (MLS) networks and in particular to a system and method for providing security...

AI Technical Summary

Benefits of technology

"The present invention provides a network security apparatus and method for ensuring security policy enforcement, controlled communication release, controlled communication flow, and secure session protocols through each computer unit interface. The invention includes a secure network interface unit (SNIU) that can be placed between two networks, providing a global security perimeter for end-to-end communications. The SNIU is capable of communicating with other like SNIU devices creating a secure network. The invention allows for a separation of the host / network interface from the rest of the software, ensuring the underlying security of the system as a whole. The SNIU contains an association and session manager to handle host computer and peer SNIU identification, audit, and maintenance of sealer keys. The software SNIU is also contained within a communications stack of a portable computer device operating at a user layer communications protocol."

Problems solved by technology

For instance, a host might not be able to handle video data, and, therefore, the separation function would prevent the host from receiving video data.

For instance, access may be denied if the user is not identified as an authorized participant on a particular project.

VSLAN is limited to users on a local area network (LAN) as is the Boeing MLS Lan.

However, these protocols lack user accountability since they do not identify which user of the host is using the network, nor are they capable of preventing certain users from accessing the network.

Such computer devices often include valuable information, which may be lost or stolen due to these computers being accessed through the non-secured network.

A problem with the above described products is that none are based upon the use of highly trusted software.

Veil is an off-line encryption utility, which cannot prevent the inadvertent release of non-encrypted information.

While Raptor Eagle and Raptor Remote are based on software instantiations and thus cannot be verified at the same level of assurance.

Images