58 results about "Multilevel security" patented technology

The data security method, system and associated data mining enables multiple users, each having a respective security clearance level to access security sensitive words, data objects, characters or icons. The method extracts security sensitive words, data objects, characters or icons from plaintext or other source documents to obtain (a) subsets of extracted data and (b) remainder data. The extracted data is, in one embodiment, stored in a multilevel security system (MLS) which separates extract data of different security levels with MLS guards. Some or all of the original data is reconstructed via one or more of the subsets of extracted data and remainder data only in the presence of a predetermined security level. In this manner, an inquiring party, with the proper security clearance, can data mine the data in the MLS secured storage.

The invention relates to an embedded system supporting dynamic loading operation of application programs. The system comprises a frame management module, an application execution engine module, a basic functional unit library module and an API module, wherein the API module, the application execution engine module and the basic functional unit library module are orderly arranged from top to bottom; the frame management module is the core management unit and used for implementing the unified management and dispatching on the terminal software and hardware resources; the frame management moduleis used for providing a system resource acquisition and release interface for the loaded application program, thereby implementing the unified management and dispatching on the system software and hardware resources; the basic functional unit library module is used for being called by other units or application execution engine; and the basic functional unit is distributed onto the terminal accessible server, so that the frame management module can remotely load the basic functional unit according to user needs when the terminal operates. The embedded system of the invention also comprises a multilevel security management module which comprises process management submodules at three levels.

A method for initiating a security and billing feature request at the beginning or during an active telephone call. The telephone subscriber can select one of a plurality of security levels that may be required to ensure privacy during a call. Since each level of security is based on a different encryption and authentication algorithm, the levels of security can be incrementally priced. Thus, selecting an algorithm which is deemed to be very secure can be billed to the subscriber at a higher rate than an algorithm that is deemed to be less secure.

The invention relates to a forced access control method and a device applied to a virtual environment in the technical field of computer application. The method comprises: designating a virtual machine in a virtual environment as a credible virtual machine with security management authority, in which, the credible virtual machine uses security classification and security category as a sensitive label to identify the security level of a single virtual machine; establishing an access matrix and setting the access type set of each virtual machine to other virtual machines; and when a certain virtual machine main body gets access to a certain virtual machine object in a certain access type, judging whether the access is permitted according to the sensitive label of both the main body and the object and the access type set of the main body to the object in the access matrix. The device comprises an access control initializing module, a virtual machine state monitoring module, an access judgment module, a security management assisting module and a virtual machine security information management module in the credible virtual machine. The forced access control method and the device can effectively control communication and resource sharing between virtual machines in a virtual environment of multilevel security.

A Multilevel Security (MLS) server provides MLS functionality to single-level applications running on a remote Multiple Independent Level Security (MILS) or MLS client device. More specifically, the MLS server provides a plurality of different security domains in which applications can execute. The client device executes a single-level application in a first security domain, the single-level application not natively capable of communicating with other domains. The single-level application in the first security domain sends a request to the MLS server. The MLS server receives the request, passing it to all applicable domains, including a second security domain, where it is duly executed. The MLS server then provides the results of the request execution—if any—back to an appropriate application on the client device. For example, the single-level application in the first security domain can display the aggregated results obtained from multiple distinct security domains, or an application running in the second security domain can display the results.

Techniques for authentication are provided. A first authentication request transformed with a private portion of a first type split private key is received. A first user is authenticated for a first level of network access based upon the first request being transformed with the first type of split private key. A second authentication request that is transformed with a private portion of a second type private key is also received. A second user is authenticated for a second level of network access based upon the second request being transformed with the second type of split private key.

The present invention describes the user authentication system comprising of multiple levels of security which is used to authorize the user. The system uses more than one levels of authentication process which receives the credentials from the user and authorizes them to allow access to the IoT devices which are used by the user.

The connected devices represent individual targets, for the cyber-criminals who 20 would hack the devices to retrieve the secure information of the users. Such insecurities about the IoT, devices and the system are eliminated by using the multiple level user authentication system which is described in the present invention.

Methods and systems for data communication are disclosed and may include utilizing a multi-level lookup process for determining IPsec parameters from a security association database. The security association database may be stored in content addressable memory, and may include an Internet protocol address table, a security association lookup table, and a security association context table. The security association lookup and security association context tables may include a single table. An Internet protocol address table index may be looked up in the Internet protocol address table for a first lookup of the multi-level lookup process. A security protocol index may be looked up utilizing the Internet protocol address table index for a second lookup of the multi-level lookup process. The Internet protocol security parameters may be determined utilizing the security protocol index. IPsec processing may be performed utilizing the determined Internet protocol security parameters.

The invention relates to an industrial time sensitive network multilevel security data scheduling method, and belongs to the field of communication networks. The method comprises the steps that S1, agateway device is used as a network manager to allocate priorities for data frames sent by field nodes; S2, the industrial wireless network field nodes generate a data frame information table; S3, thenodes perform encryption of different strength grades on the data frames about to be sent, and update the data frame information table; S4, a TSN switching device builds a multilevel security data scheduling model, and comprises a data frame allocation module, a buffer queue module and a data frame scheduling module; the data frame distribution module divides a buffer queue into four grades of encryption waiting queues according to the data frame encryption grades; and S5, the data frame scheduling module performs internal scheduling on the data frames in the encryption waiting queues according to comprehensive priorities. The method meets the requirements of the determinacy of industrial wireless network data transmission and the real-time performance of high-priority data transmission.

The present invention describes network commercial transactions. Current embodiments provide for authorization and payment of an online commercial transaction between a purchaser and a merchant including verification of an identity of the purchaser and verification of an ability of the purchaser to pay for the transaction, wherein the identity provider and the payment provider are often different network entities. Other embodiments also provide for protocols, computing systems, and other mechanisms that allow for identity and payment authentication using a mobile module, which establishes single or multilevel security over an untrusted network (e.g., the Internet). Still other embodiments also provide for a three-way secure communication between a merchant, consumer, and payment provider such that sensitive account information is opaque to the merchant, yet the merchant is sufficiently confident of the consumer's ability to pay for requested purchases. In yet another embodiment, electronic billing information is used for authorization, auditing, payment federation, and other purposes.

Methods and systems for dynamically repurposing and elastically scaling cloud computing networks and infrastructures in response to user workload requirements. The system receives, via a network interface, a workload request to manage a workload, determines workload requirements, and assigns the workload to an appropriate server in a server resource pool. Server capabilities and the server resource pool can be dynamically modified to satisfy current or expected workload requirements. An isolated gateway is provided such that data to and from the cloud computing network is physically segregated, thus providing data security. The cloud computing network is structured to provide multi-level security for workloads and workload owners.

The invention provides a security protection method for an industrial control system using an S7 protocol. The method includes the following steps that: TCP/IP layer protocol analysis is performed on an external access request from a client, the IP address and port number of the client are determined, so that the validity of the external access request can be determined according to a client address white list; the external access request is packetized, the integrity of frames formed by the external access request is detected; the validity of the external access request is determined according to an application function white list, and whether the application function of the external access request is a read-write function is determined; and when the application function of the external access request is a read-write function, the validity of the external access request is determined according to a second preset white the list. The invention also provides a corresponding security protection system. According to the security protection method and the security protection system of the invention, multilevel security protection is carried out in a TCP/IP layer and an application layer, and therefore, a variety of attacks at an industrial control device or system adopting an S7 protocol can be effectively resisted, and security risks caused by the lack of security prevention mechanisms in the prior art can be avoided effectively.

A method for disambiguating entities on a multi-level security display includes receiving a selection of a particular security level and rendering entities having a different security level in a visually distinct way. Visual distinction may include not drawing the entities on the multi-level security display.

A preferred method for providing multi-level security to a gate level information flow receives or specifies a security lattice having more than two security levels. The security lattice defines how security levels relate to each other. A hardware design implementing information flows including flows having security levels specified by the security lattice is received. Logic is created for testing the hardware design in view of the security lattice. A logic function is created based upon the hardware design and the logic for testing to implement the security lattice. Another method receives a hardware design in a hardware description language. At least a portion of the hardware design is synthesized to gate level primitives. Functional component tracking logic supporting more than two-security levels is built from the gate level primitives. Functional components in the hardware design are simulated with the functional component tracking logic.