Patent
Distributed multilevel computer security system and method
Douglas C. Barlow
- 11 Jun 1991
45
TL;DR: In this paper, a trust realm table defines which computers are members of predefined trust realms, and each computer that is a member of a trust realms enforces a predefined security policy, and also defines a security level for each set of data stored in the computer.
read more
Abstract: A computer network has a number of computers coupled thereto at distinct nodes. A trust realm table defines which computers are members of predefined trust realms. All the members of each predefined trust realm enforce a common set of security protocols for protecting the confidentiality of data. Each computer that is a member of a trust realm enforces a predefined security policy, and also defines a security level for each set of data stored in the computer. Thus, each message has an associated label denoting how to enforce the computer's security policy with respect to the message. A trust realm service program prepares a specified message for transmission to a specified other computer system. To do this it uses the trust realm table to verify that both the computer system and the specified computer system are members of at least one common trust realm, and then selects one of those common trust realms. The message is transmitted as a protocol data unit, which includes a sealed version of the message, authenticated identifiers for the sending system and user, the message's label, and an identifier for the selected trust realm. Received protocol data units are processed by validating each of the components of the received protocol data unit before accepting the sealed message in the protocol data unit as authentic. Further, the label in the received protocol data unit is used by the receiving computer to determine what predefined security policy is to be enforced with respect to the message.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Patent
Log-on service providing credential level change without loss of session continuity
Darien Wood,Paul Weschler,Derk Norton,Chris Ferris,Yvonne Wilson,William R. Soley +5 more
- 19 Sep 2006
TL;DR: In this paper, a security architecture for multiple information resources is presented, in which a single sign-on is provided for a single information resource and access is granted without the need for further credentials and authentication.
639
Patent
Method and system of security location discrimination
Mario C. Goertzel,Susi E. Strom,Praerit Garg,Bharat Shah +3 more
- 09 Jun 1999
TL;DR: In this article, a location-based discrimination mechanism is proposed to distinguish local users, intranet users, and dial-up users from one another, based on information including the location and user's credentials.
436
Patent
Method and system for secure running of untrusted content
Shannon J. Chan,Gregory Jensenworth,Mario C. Goertzel,Bharat Shah,Michael M. Swift,Richard B. Ward +5 more
- 09 Jun 1999
TL;DR: In this article, a restricted process is set up for the untrusted content, and any actions attempted by the content are subject to the restrictions of the process, which may be based on various criteria.
335
Patent
Access management system and method employing secure credentials
Darien Wood,Derk Norton +1 more
- 31 Jul 2000
TL;DR: In this paper, a single sign-on is provided for session credentials to maintain continuity of a persistent session across multiple accesses to one or more information resources, and in some embodiments, across credential level changes.
320
Patent
Method of protecting electronically published materials using cryptographic protocols
Abhijit K. Choudhury,Nicholas F. Maxemchuk,Sanjoy Paul,Henning Schulzrinne +3 more
- 27 Jan 1994
TL;DR: In this paper, the authors present a method of protecting electronically published documents, which involves operating a computer system and network for electronic publication of documents, including the steps of: a) receiving requests for documents from a plurality of users (117) having computers with display devices (121) or printers (123), including with the requests unique user identification for each of the plurality's users; b) authenticating the requests from the pluralityof users with a copyright server (7); c) using the copyright server to direct a document server (3) to act upon proper authentication of each request
289
References
A model for multilevel security in computer networks
Wen-Pai Lu,Malur K. Sundareshan +1 more
- 27 Mar 1988
TL;DR: A model which precisely describes the mechanism that enforces the security policy and requirements for a multilevel secure network is described, and a procedure is given to verify the security of a network that implements the present model.
40
Patent
Closed user group facility
Kyuta Dipl Ing Saito,Fukuya Dipl Ing Ishino +1 more
- 26 Nov 1976
TL;DR: In this article, a closed user group facility in a data transmission system is defined, in which the switching network registers a terminating terminal in response to a request for registration of that designated terminating terminal from another one of the terminals.
12