Abstract: A system and method of achieving network separation within a computing system having a plurality of network interfaces. A plurality of burbs or regions is defined, wherein the plurality of burbs includes a first and a second burb and wherein each burb includes a protocol stack. Each of the plurality of network interfaces is assigned to one of the plurality of burbs and more than one network interface can be assigned to a particular burb. Processes are bound to specific burbs when they try to access that burb's protocol stack and communication between processes assigned to different burbs is restricted so that a communication between a process bound to one burb must pass through a proxy before being sent to a different burb.

Abstract: A proxy which is part of a firewall program controls exchanges of messages between two application entities. The proxy interrogates attempts to send a communication session by requesting entities with a server entity in accordance with defined authentication procedures. The Proxy interfaces with networking software to direct a communication stack to monitor connection messages to any address on specific ports. The requestor's address, and the server's address are extracted from the messages and checked fo compliance with a security policy such as one including an access control list. If either address is invalid, the proxy deletes the message. If both are valid, the message is relayed, and the ports used are tracked for a predetermined time. Reply messages are then sent using the address of the server entity so that the proxy is transparent to the requester.

Abstract: A secure commerce server system and method. A secure commerce server system includes a plurality of regions or burbs, including an internal burb and an external burb, a commerce server and an administration server. Processes and data objects associated with the administration server are bound to the internal burb. Processes and data objects associated with the commerce server are bound to the external burb. Processes bound to one burb cannot communicate directly to processes and data objects bound to other burbs. The administration server cannot be manipulated by a process bound to the external burb.

Abstract: A system and method of providing increased security for compiled program code. Compiled program code is installed in a computer having type enforcement capability. The compiled program code is allowed to execute and type enforcement violations are logged. The execution environment of the compiled program code is then modified to prevent recurrence of the logged type enforcement violations.

Abstract: A method and apparatus for ensuring secure communication over an unsecured communications medium between a user working on an unsecured workstation or computer and a host computer. A secure user interface is created by inserting a trusted path subsystem between input/output devices to the workstation and the workstation itself. Data transferred from the input/output devices is intercepted, encrypted and transmitted in packets to the host computer. Packets of screen display data from the host computer are decrypted and presented within a user-defined screen overlay.

Abstract: A system and method for encrypting blocks of plain text. Output FIFO memories are provided for decoupling pseudorandom vector generation from plain text encryption. The output FIFOs produce the effect of multiplexing several cryptographic devices together and can be combined with feedback FIFO memories in order to provide key agility and parallel secret key encryption. Throughput is also enhanced by constructing wide codebooks so that a block of data can be enciphered as a whole.

Abstract: A method and apparatus for ensuring secure communication over an unsecured communications medium between a user working on an unsecured workstation or computer and a host computer. A secure user interface is created by inserting a trusted path subsystem between input/output devices to the workstation and the workstation itself. Data transferred from the input/output devices is intercepted, encrypted and transmitted in packets to the host computer. Packets of screen display data from the host computer are decrypted and presented within a user-defined screen overlay.

Abstract: A data communication system providing for the secure transfer and sharing of data via a local area network and/or a wide area network. The system includes a secure processing unit which communicates with a personal keying device and a crypto media controller attached to a user's Workstation. The communication between these processing elements generates a variety of data elements including keys, identifiers, and attributes. The data elements are used to identify and authenticate the user, assign user security access rights and privileges, and assign media and device attributes to a data access device according to a predefined security policy. The data elements are manipulated, combined, protected, and distributed through the network to the appropriate data access devices, which prevents the user from obtaining unauthorized data.

Abstract: A system and method for identifying and authenticating users and for controlling the access of those users to privileged instructions within a data enclave. The data enclave includes a plurality of controllers, such as workstations, connected over a network to a security server; each data enclave is assigned a cryptographic key. A personal keying device having an encrypted user unique identifier is assigned to each user; provisions are made for temporarily connecting the personal keying device to one of the controllers and for transmitting an encrypted message, including the user unique identifier and the last countersign, to the security server to authenticate the user and establish his/her access rights. A mechanism for updating the countersign is provided so that trusted path communications can be established between the user and the security server.

Abstract: A data communication system providing for the secure transfer and sharing of data via a local area network and/or a wide area network. The system includes a secure processing unit which communicates with a personal keying device and a crypto media controller attached to a user's Workstation. The communication between these processing elements generates a variety of data elements including keys, identifiers, and attributes. The data elements are used to identify and authenticate the user, assign user security access rights and privileges, and assign media and device attributes to a data access device according to a predefined security policy. The data elements are manipulated, combined, protected, and distributed through the network to the appropriate data access devices, which prevents the user from obtaining unauthorized data.

Abstract: Communication elements for secure data communication between remote nodes of a computer system on a standard communications medium. Terminals, workstations and personal computers are connected through a user-side terminator to a standard unsecured communications medium. Processors are connected through a computer-side terminator to the same medium. The combination of a user-side terminator, a computer-side terminator and a standard communications medium constitutes a secure computer interface.