Abstract: A portable computing device configured to provide secure data communications with a network via a network communications interface. In one embodiment, the portable computing device includes a network security apparatus configured to communicate data with other network security apparatus over the network via the establishment of an association, the establishment of the association between the network security apparatus and the other network security apparatus resultant in the execution of a key generation algorithm configured to cause the network security apparatus and the other network security apparatus to exchange information utilized in the generation of cryptogaphic keys.

Abstract: Methods for providing for secure communications across data networks, including untrusted networks. In one embodiment, the method comprises establishing security associations between devices on the network using a digital certificate and key exchange protocol. In one variant, the digital certificate comprises a public encryption key; the recipient of the certificate authenticates the sender using at least the signature, and then generates a cryptographic element (e.g., key), and initialization vector. The key is encrypted and sent back to the originator, where it is decrypted and used to encrypt datagrams sent between the devices. The initialization vector may be used to initialize the encryption algorithm on the receiving device.

Abstract: A network security apparatus adapted to provide for secure communications across data networks, including untrusted networks. In one embodiment, the security apparatus comprises one or more components disposed within the software stack of a computerized device, the components including an association process adapted to establish security associations between devices on the network, and an encryption key generation process adapted to generate one or more encryption keys. In one variant, the keys are specifically for use with temporary or ad hoc security associations. The one or more keys are exchanged according to a key exchange protocol after the device is authenticated or authenticates another device. In one implementation, the device comprises a portable device such as a laptop computer.

Abstract: Methods of operating a portable communications device so as to provide communications security and user identification and authentication. In one embodiment, the method comprises placing the device in communication with an untrusted network, and using its security apparatus for creating associations with one or more security devices on the network. Traffic between the associated devices may be encrypted and protected for e.g., data confidentiality and integrity protection. In one variant, the security apparatus comprises a software entity disposed at least partly within the software stack of a host, and a removable security card. The portable device may be untrusted (e.g., have an untrusted operating system) and also be physically unsecure.

Abstract: A network security apparatus adapted to provide for secure communications across data networks, including untrusted networks. In one embodiment, the security apparatus comprises one or more components disposed within the software stack of a computerized device, the components including an association process adapted to establish security associations between devices on the network, and an encryption key generation process adapted to generate one or more encryption keys. In one variant, the keys are specifically for use with temporary or ad hoc security associations. The one or more keys are exchanged according to a key exchange protocol after the device is authenticated or authenticates another device. In one implementation, the device comprises a portable device such as a laptop computer.

Abstract: Methods for providing for secure communications across data networks, including untrusted networks. In one embodiment, the method comprises establishing security associations between devices on the network using a digital certificate and key exchange protocol. In one variant, the digital certificate comprises a public encryption key; the recipient of the certificate authenticates the sender using at least the signature, and then generates a cryptographic element (e.g., key), and initialization vector. The key is encrypted and sent back to the originator, where it is decrypted and used to encrypt datagrams sent between the devices. The initialization vector may be used to initialize the encryption algorithm on the receiving device.

Abstract: Methods for providing communication security between computerized devices in, for example, an ad hoc or temporary networked environment. In one embodiment, the network comprises an untrusted network, and the method includes providing network security apparatus adapted to create security associations between devices on the network, including mutual authentication. The method further may comprise encrypting traffic between the associated devices for e.g., data confidentiality and integrity protection by running one or more computer programs on the respective devices. In one variant, the network security apparatus comprises a software entity disposed at least partly within the software stack of the devices. The associated devices may be for example fixed or portable, and may be untrusted (e.g., have an untrusted operating systems).

Abstract: A multi-level network security system is disclosed for a computer host device coupled to at least one computer network. The system including a secure network interface Unit (SNIU) contained within a communications stack of the computer device that operates at a user layer communications protocol. The SNIU communicates with other like SNIU devices on the network by establishing an association, thereby creating a global security perimeter for end-to-end communications and wherein the network may be individually secure or non-secure without compromising security of communications within the global security perimeter. The SNIU includes a host/network interface for receiving messages sent between the computer device and network. The interface operative to convert the received messages to and from a format utilized by the network. A message parser for determining whether the association already exists with another SNIU device.

Abstract: A portable communications device adapted to provide communication security in, for example, an ad hoc or temporary networked environment. In one embodiment, the network comprises an untrusted medium, and the device includes network security apparatus adapted to create security associations between devices on the network, including mutual authentication. Traffic between the associated devices may be encrypted for e.g., data confidentiality and integrity protection. In one variant, the network security apparatus comprises a software entity disposed at least partly within the software stack of the device. The device may be untrusted (e.g., have an untrusted operating system). User identification or validation may also be provided, for example via inputs received via a user interface.

Abstract: A system useful within a network and adapted to provide communication security. In one embodiment, the network comprises an untrusted network, and the system includes network security apparatus adapted to create security associations between devices on the network, including mutual authentication. Traffic between the associated devices may be encrypted for e.g., data confidentiality and integrity protection. In one variant, the network security apparatus comprises a software entity disposed at least partly within the software stack of the devices. The associated devices may be for example fixed or portable, and may also act as a gateway to other networks (including the Internet). The portable devices may be untrusted (e.g., have an untrusted operating system).

Abstract: A system for providing communications security and authentication to a plurality of computerized devices is disclosed. In one embodiment, the system is useful with an untrusted network, and comprises security apparatus adapted to create associations with a plurality of security devices on the network. Traffic between the associated devices may be encrypted and residue-protected for e.g., data confidentiality and integrity protection. In one variant, the security apparatus of the system comprises a software entity disposed at least partly within the software stack of a host. A security card may also be used as part of the security apparatus system. The computerized devices of the system may be untrusted (e.g., have an untrusted operating system) and also be physically unsecure.

Abstract: A portable computerized device useful within a network and adapted to provide communication security. In one embodiment, the network comprises an untrusted network, and the portable device comprises network security apparatus adapted to create associations with other network security devices on the network. Traffic between the associated devices may be encrypted for e.g., data confidentiality and integrity protection. In one variant, the network security apparatus comprises a software entity disposed at least partly within the software stack of a host computer. A card-like hardware structure may also be used as part of the security apparatus. The host computer may be untrusted (e.g., have an untrusted operating system).

Abstract: A portable communications device adapted to provide communications security and user identification, and authentication. In one embodiment, the device is useful with an untrusted network, and comprises security apparatus adapted to create associations with one or more security devices on the network. Traffic between the associated devices may be encrypted and residue-protected for e.g., data confidentiality and integrity protection. In one variant, the security apparatus comprises a software entity disposed at least partly within the software stack of a host. A security card may also be used as part of the security apparatus. The portable device may be untrusted (e.g., have an untrusted operating system) and also be physically unsecure. In one variant, the security apparatus is also agnostic to the portable device with which it is used.

Abstract: A system adapted to provide communication security between computerized devices in, for example, an ad hoc or temporary networked environment. In one embodiment, the network comprises an untrusted network, and the system includes network security apparatus adapted to create security associations between devices on the network, including mutual authentication. Traffic between the associated devices may be encrypted for e.g., data confidentiality and integrity protection. In one variant, the network security apparatus comprises a software entity disposed at least partly within the software stack of the devices. The associated devices may be for example fixed or portable, and may be untrusted (e.g., have an untrusted operating system).

Abstract: A computerized access device useful within a network and adapted to provide communication security. In one embodiment, the network comprises an untrusted network, and the access device comprises stand-alone network security apparatus adapted to create associations with other network security devices on the network. Traffic between the associated devices may be encrypted for e.g., data confidentiality and integrity protection. In one variant, the network security apparatus comprises a software entity disposed at least partly within the software stack of a stand-alone hardware device. In another variant, the device functions as a gateway or portal to another network (e.g., the Internet or another untrusted network), or to another device within the same network.

Abstract: A multi-level network security system is disclosed for a computer host device coupled to at least one computer network. The system including a secure network interface Unit (SNIU) contained within a communications stack of the computer device that operates at a user layer communications protocol. The SNIU communicates with other like SNIU devices on the network by establishing an association, thereby creating a global security perimeter for end-to-end communications and wherein the network may be individually secure or non-secure without compromising security of communications within the global security perimeter. The SNIU includes a host/network interface for receiving messages sent between the computer device and network. The interface operative to convert the received messages to and from a format utilized by the network. A message parser for determining whether the association already exists with another SNIU device.

Abstract: A multi-level network security system is disclosed for a computer host device coupled to at least one computer network. The system including a secure network interface Unit (SNIU) contained within a communications stack of the computer device that operates at a user layer communications protocol. The SNIU communicates with other like SNIU devices on the network by establishing an association, thereby creating a global security perimeter for end-to-end communications and wherein the network may be individually secure or non-secure without compromising security of communications within the global security perimeter. The SNIU includes a host/network interface for receiving messages sent between the computer device and network. The interface operative to convert the received messages to and from a format utilized by the network. A message parser for determining whether the association already exists with another SNIU device.

Abstract: A multi-level network security system is disclosed for a computer host device coupled to at least one computer network. The system including a secure network interface Unit (SNIU) contained within a communications stack of the computer device that operates at a user layer communications protocol. The SNIU communicates with other like SNIU devices on the network by establishing an association, thereby creating a global security perimeter for end-to-end communications and wherein the network may be individually secure or non-secure without compromising security of communications within the global security perimeter. The SNIU includes a host/network interface for receiving messages sent between the computer device and network. The interface operative to convert the received messages to and from a format utilized by the network. A message parser for determining whether the association already exists with another SNIU device.

Abstract: A multi-level network security system is disclosed for a computer host device coupled to at least one computer network. The system including a secure network interface Unit (SNIU) contained within a communications stack of the computer device that operates at a user layer communications protocol. The SNIU communicates with other like SNIU devices on the network by establishing an association, thereby creating a global security perimeter for end-to-end communications and wherein the network may be individually secure or non-secure without compromising security of communications within the global security perimeter. The SNIU includes a host/network interface for receiving messages sent between the computer device and network. The interface operative to convert the received messages to and from a format utilized by the network. A message parser for determining whether the association already exists with another SNIU device.

Abstract: A method is disclosed for establishing trusted communications with associations for communications between users on an Internet Protocol based computer network. The method entails the first user's SNIU determining the Internet Protocol (IP) address of a second user's SNIU on the computer network through the use of custom and ICMP Echo Request and Reply messages. The user's SNIUs exchange security related information needed to complete the establishment of a trusted association. The trusted association is maintained during all communications between the first user and the second user.