OWL COMPUTING TECHNOLOGIES, INC. Patent applications |
Patent application number | Title | Published |
20150278520 | SYSTEM AND METHOD FOR INTEGRITY ASSURANCE OF PARTIAL DATA - A system is disclosed for assuring the integrity of file segments. A first server has an associated file repository storing a plurality of files and transfers a file segment on an output upon request. A second server also has an associated file repository and receives and stores the file segment in the associated file repository. The second server identifies if there are additional segments of the same file in the associated file repository and processes the received file segment together with the additional identified file segments to identify the presence of malware. Finally, the second server transfers the received file segment on an output as a scanned file segment only if no malware is identified. A third server has an associated file repository and is configured to receive and store the scanned file segments in the associated file repository and to transfer a received scanned file segment to a client. | 10-01-2015 |
20150067104 | SECURE ONE-WAY INTERFACE FOR ARCHESTRA DATA TRANSFER - A system for transmitting ArchestrA information from a first network in a first security domain to a second network in a second security domain. A first stand-alone server within the first security domain retrieves information via the first network from a first ArchestrA Galaxy and/or from a first historian in the first security domain and forwards the retrieved information to a send server coupled to the first network. The send server forwards the received information received to a receive server via a one-way data link. The receive server receives the information from the send server and forwards the received information to a second stand-alone server via the second network. The second stand-alone server receives the information from the receive server and forwards the information to a second ArchestrA Galaxy and/or to a second historian in the second security domain. | 03-05-2015 |
20150058925 | SECURE ONE-WAY INTERFACE FOR OPC DATA TRANSFER - A system for transmitting OPC information from a first network in a first security domain to a second network in a second security domain. A first stand-alone server within the first security domain retrieves information via the first network from a first OPC server in the first security domain and forwards the retrieved information to a send server coupled to the first network. The send server forwards the received information received to a receive server via a one-way data link. The receive server receives the information from the send server and forwards the received information to a second stand-alone server via the second network. The second stand-alone server receives the information from the receive server and forwards the information to one or more OPC clients in the second security domain. | 02-26-2015 |
20140337410 | ENTERPRISE CROSS-DOMAIN SOLUTION HAVING CONFIGURABLE DATA FILTERS - A cross-domain system for transferring files from a client to a server. A first server in the first network domain receives and stores files from the client via the first network. The received files are processed based on predetermined instructions stored in an associated file. The processed received files are transmitted to a second server via a one-way data link. The second server in the second network domain receives and stores the processed received files. The received files are further processed based on predetermined instructions stored in an associated file. The further processed received files are transmitted to the server via the second network. The two associated files are stored in permanent memory with security policies which prevent the files from disrupting operation of the first and second servers, respectively. The security policies allow the associated files to be overwritten to update the processing performed by the associated server. | 11-13-2014 |
20140304371 | SECURE ONE-WAY INTERFACE FOR A NETWORK DEVICE - A one-way interface for a network device which secures status registers therein from unauthorized changes. The interface includes a first server, a one-way data link and a second server. The first server is coupled to the status registers to read information stored therein. The first server reads the information from the status registers and transmits the information on an output. The one-way data link has an input coupled to the output of the first server and an output. The second server has an input coupled to the output of the one-way data link and an output coupled to a network. The second server receives the information from the first server via the one-way data link. The second server transmits the information on the output to a predetermined network destination and/or provides a user interface for providing access to the information via the network. | 10-09-2014 |
20140237561 | SECURE FRONT-END INTERFACE - A secure front-end interface for a PLC, RTU or similar device is disclosed. A first server is coupled to the PLC via a communications link and is configured to receive status information from the device and transmit the information to a second server via a one-way data link. The second server has a network interface for coupling to a network and receives the information from the first server via the one-way data link and outputs the information via the network interface based upon a user request. The front-end interface may further include a second one-way data link coupled from the second server to the first server to allow user command entry. The secure front-end interface may alternatively consist only of a single server coupled between the device and the network which requires a user to enter a password before obtaining access to the status information. | 08-21-2014 |
20140237372 | SYSTEM AND METHOD FOR SECURE UNIDIRECTIONAL TRANSFER OF COMMANDS TO CONTROL EQUIPMENT - A system for securely transferring commands to a recipient device. An access interface allows a user to enter a command for the recipient device. The access interface only allows the user to enter commands within a subset of commands associated with a role assigned to the user. The control interface receives information, i.e., the command entered by the user and the associated user role, from the access interface. The control interface outputs, to the manifest engine, the information and a manifest table which identifies each role and the subset of commands associated with each role. The manifest engine compares the information with the contents of the received manifest table, and, if the command entered by the user corresponds to a command within the set of commands associated with the role assigned to the user, forwards the command to the recipient device. | 08-21-2014 |
20140208433 | SYSTEM AND METHOD FOR THE SECURE UNIDIRECTIONAL TRANSFER OF SOFTWARE AND SOFTWARE UPDATES - A system is disclosed that provides an authenticated payload, e.g., a software program or update, to a recipient device. A storage device stores a payload. A provider server coupled to the storage device outputs the payload and a manifest table. The manifest table includes information identifying the payload. A manifest engine TX server receives the payload and the manifest table from the provider server, generates information about the received payload, compares the information generated about the payload with the contents of the received manifest table, and, if the information about the received payload matches information for a particular one of the at least one payloads included in the received manifest table, forwards the payload to a one-way data link. The output of the one-way data link is coupled to a manifest engine RX server, which in turn forwards any received payload to a recipient device coupled to an output of the manifest engine RX server. | 07-24-2014 |
20140208420 | SYSTEM FOR REMOTELY MONITORING STATUS INFORMATION OF DEVICES CONNECTED TO A NETWORK - A system for monitoring the status of one or more networks and/or of devices coupled to each of the one or more networks. Status monitoring applications are associated with the networks and/or devices. The status monitoring applications output a respective status log file containing information about the system status of the associated network or device. In one embodiment, the system status is derived from the Windows Event Log. The status monitoring applications are coupled to a remote receive module via a one-way data link or a firewall. The remote receive module receives the log files and processes the log files to either identify any unauthorized status conditions identified therein or to generate a cumulative log file consisting of events occurring over a predetermined time interval. | 07-24-2014 |
20140207939 | SYSTEM AND METHOD FOR ENABLING THE CAPTURE AND SECURING OF DYNAMICALLY SELECTED DIGITAL INFORMATION - A system is disclosed for monitoring a channel passing information which includes an identifying designation. A channel monitor is coupled to the channel and configured to provide on an output all information passing on the channel. A manifest engine is coupled to the channel monitor to receive the information passing on the channel and to an operator console to receive an information manifest table. The information manifest table contains at least one identifying designation. The manifest engine compares the information received with the information in the information manifest table and only provides on the output that information having an identifying designation that matches an identifying designation included within the information manifest table. A storage server is coupled to the manifest engine and configured to receive and store the information provided from the manifest engine. | 07-24-2014 |
20140165182 | SYSTEM FOR SECURE TRANSFER OF INFORMATION FROM AN INDUSTRIAL CONTROL SYSTEM NETWORK - A system for securely transferring information from an industrial control system network, including, within the secure domain, one or more remote terminal units coupled by a first network, one or more client computers coupled by a second network, and a send server coupled to the first and second networks. The send server acts as a proxy for communications between the client computers and the remote terminals and transmits first information from such communications on an output. The send server also transmits a poll request to a remote terminal unit via the first network and transmits second information received in response to the poll on the output. The system also includes, outside the secure domain, a receive server having an input coupled to the output of the send server via a one-way data link. The receive server receives and stores the first and second information provided via the input. | 06-12-2014 |
20140139737 | SYSTEM FOR REAL-TIME CROSS-DOMAIN SYSTEM PACKET FILTERING - A system for filtering a digital signal transmitted in a protocol featuring multi-level packetization from a first server to a second server. The first server is coupled to the second server via a one-way data link. The system includes a filter having an input for receiving the digital signal and an output. The filter is configured to analyze the digital video signal and determine whether the digital signal violates one or more predetermined criteria. The filter may be within the first server, or alternatively, within the second server. The predetermined criteria may be unauthorized security level information included within metadata transmitted with the digital video signal. The predetermined criteria may also be format information that, when not conformed to, indicates potential malware or other bad content included within the digital video signal. The filter provides low data transfer latency and/or decoupling of data filter latency from data transfer latency. | 05-22-2014 |
20140139732 | SYSTEM FOR PROVIDING A SECURE VIDEO DISPLAY - A system for providing a secure video display using a one-way data link. An input interface for receives a video stream signal. The one-way data link has an input node coupled to receive the input video stream signal and an output node. A processing system is coupled to the output node of the one-way data link and is configured to run a predetermined operating system. In an embodiment, a video display software program operates within the predetermined operating system to process the video stream signal received from the output node of the one-way data link and to provide an output signal for viewing on a display coupled to the processing system. Optionally, the video display program operates within a virtual operating system running within the predetermined operating system. In other embodiments, the video display program may process a video stream signal containing a plurality of different video programs. | 05-22-2014 |
20140136657 | DATA TRANSFER SYSTEM - A data transfer system comprising a first node, a second node, and a first one-way link for unidirectional transfer of data from the first node to the second node. The first node is configured to receive data and to allow transfer of the data to the second node via the first one-way link only if there is a match between a characteristic of the received data and an entry in a first predefined configuration file. The system may also include a second one-way link for unidirectional transfer of second data from the second node to the first node. The second node is configured to receive the second data and to allow transfer of the second data to the first node via the second one-way link only if there is a match between a characteristic of the second data and an entry in a predefined configuration file. | 05-15-2014 |
20140089388 | SYSTEM AND METHOD FOR PROVIDING A REMOTE VIRTUAL SCREEN VIEW - A system for virtual screen view service, comprising a monitored computer platform, a monitoring computer platform, a server installed on the monitored computer platform, a client installed on the monitoring computer platform, and a one-way data link for unidirectional data transfer from the server to the client, wherein the server is configured to periodically collect screen image data from the monitored computer platform and send it to the client via the one-way data link, and the client is configured to process the image data received from the server via the one-way data link and cause it to be displayed on the monitoring computer platform. An alternative configuration is also disclosed for allowing a remote client to securely monitor the screen of a locally monitored computer platform via an intermediary server. | 03-27-2014 |
20140020109 | FILE MANIFEST FILTER FOR UNIDIRECTIONAL TRANSFER OF FILES - A manifest transfer engine for a one-way file transfer system is disclosed. The manifest transfer engine comprises a send side, a receive side, and a one-way data link enforcing unidirectional data flow from the send side to the receive side. The send side receives and stores a file manifest table from an administrator server. The send side also receives a file from a user and compares it with the file manifest table. Transfer of the file to the receive side via the one-way data link is allowed only when there is a match between the file and the file manifest table. In an alternative embodiment, the receive side instead receives and stores the file manifest table from the administrator server and compares it with the file received from the send side via the one-way data link to determine whether to allow transfer of the file. | 01-16-2014 |
20130254878 | METHOD AND APPARATUS FOR DATA TRANSFER RECONCILIATION - A method and system for monitoring data transfers over a one-way data link from a send node to a receive node. A send log file monitoring and transmitting module associated with the send node on a first server outputs a send log file containing information about data sent by the send node. A receive log file monitoring and transmitting module associated with the receive node on a second server outputs a receive log file containing information about data received by the receive node. A reconciliation module on a third server receives the send log file and the receive log file and identifies any data transfer errors by comparing the send log file with the receive log file. A web server is coupled to the reconciliation module to provide user access to the identified data transfer errors. | 09-26-2013 |
20130152206 | METHOD AND APPARATUS FOR PREVENTING UNAUTHORIZED ACCESS TO INFORMATION STORED IN A NON-VOLATILE MEMORY - A communications device for ensuring secure data transfer provided having an interface device for controlling data transfer, an integrated circuit coupled to the interface device and having a processor, a non-volatile memory for storing at least program code for the processor, a volatile memory, an input pin and an output pin; and an electrical conductor which electrically connects the input pin and the output pin. The electrical conductor passes through an external portion of the enclosure, e.g., a slot, which allows a user to easily sever the electrical conductor. In operation, a portion of the program code detects when the electrical conductor is severed and causes the program code in the non-volatile memory to be erased, data transfer via the interface device to be disabled, and power to the integrated circuit cut off to ensure that all information in volatile memory is erased. | 06-13-2013 |
20130097283 | BILATERAL COMMUNICATION USING MULTIPLE ONE-WAY DATA LINKS - A bilateral data transfer system comprising a first node, a second node, a first one-way link for unidirectional transfer of first data from the first node to the second node, and a second one-way link for unidirectional transfer of second data from the second node to the first node, wherein the unidirectional transfer of the first data across the first one-way link and the unidirectional transfer of the second data across the second one-way link are independently administered by the bilateral data transfer system. Under such bilateral data transfer system, each of the one-way data links may be subject to separately administered security restrictions and data filtering processes, enabling secure bilateral communications across different network security domains. | 04-18-2013 |
20120331097 | BILATERAL COMMUNICATION USING MULTIPLE ONE-WAY DATA LINKS - A bilateral data transfer system comprising a first node, a second node, a first one-way link for unidirectional transfer of first data from the first node to the second node, and a second one-way link for unidirectional transfer of second data from the second node to the first node, wherein the unidirectional transfer of the first data across the first one-way link and the unidirectional transfer of the second data across the second one-way link are independently administered by the bilateral data transfer system. Under such bilateral data transfer system, each of the one-way data links may be subject to separately administered security restrictions and data filtering processes. Hence, it enables secure bilateral communications across different network security domains. | 12-27-2012 |
20120278884 | METHOD AND SYSTEM FOR PROCESSING A FILE TO IDENTIFY UNEXPECTED FILE TYPES - A method and system for testing a file (or packet) formed from a sequential series of information units, each information unit within a predetermined set of information units, e.g., each information unit may correspond to a character within the ASCII character set. An information unit-pair entropy density measurement is calculated for the received file using a probability matrix. The probability matrix tabulates the probabilities of occurrence for each possible sequential pair of information units of the predetermined set of information units. The computed information unit-pair entropy density measurement is compared with a threshold associated with an expected file type to determine whether the received file is of the expected file type or of an unexpected file type. The probability matrix may optionally be generated from the received file prior to calculating the density thereof. The probability matrix may optionally be predetermined based on the expected file type. | 11-01-2012 |
20120162697 | Remote Print File Transfer And Spooling Application For Use With A One-Way Data Link - A system for printing includes one or more printers, a send platform, a print spooling platform coupled to the one or more printers, and a one-way data link enforcing unidirectional data transfer from the send platform to the print spooling platform, wherein the send platform is configured to receive a print job, convert the print job into a print file in a printable format for the one or more printers, and send the print file to the print spooling platform across the one-way data link, and the print spooling platform is configured to receive the print file from the one-way data link, control spooling of the print file for the one or more printers, and send the print file to the one or more printers, and wherein the one or more printers cannot communicate to the send platform. | 06-28-2012 |
20120151075 | CONCURRENT DATA TRANSFER INVOLVING TWO OR MORE TRANSPORT LAYER PROTOCOLS OVER A SINGLE ONE-WAY DATA LINK - A data transfer application for concurrent transfer of data streams based on two or more transport layer protocols via a single one-way data link. The present invention provides a great degree of routing flexibility by providing seamless network connectivity under a plurality of transport layer protocols, such as TCP and UDP, between multiple source and destination platforms over a single one-way data link. | 06-14-2012 |
20120042357 | Secure one-way data transfer system using network interface circuitry - Network interface circuitry for a secure one-way data transfer from a sender's computer (“Send Node”) to a receiver's computer (“Receive Node”) over a data link, such as an optical fiber or shielded twisted pair copper wire communication cable, comprising send-only network interface circuitry for transmitting data from the Send Node to the data link, and receive-only network interface circuitry for receiving the data from the data link and transmitting the received data to the Receive Node, wherein the send-only network interface circuitry is configured not to receive any data from the data link, and the receive-only network interface circuitry is configured not to send any data to the data link. The network interface circuitry may use various interface means such as PCI interface, USB connection, FireWire connection, or serial port connection for coupling to the Send Node and the Receive Node. | 02-16-2012 |
20120017079 | Secure Acknowledgment Device For One-Way Data Transfer System - An apparatus for relaying a hashed message from a first node to a second node, comprising an inlet interface for receiving a message from the first node, a hash number calculator for hashing the message from the inlet interface, an outlet interface for sending the hashed message to the second node, a first one-way data link for unidirectional transfer from the inlet interface to the hash number calculator, and a second one-way data link for unidirectional transfer from the hash number calculator to the outlet interface, is provided. While the apparatus is capable of bidirectional communications with either or both of the first and second nodes through the respective interfaces, the unidirectionality of data flow through the apparatus is strictly enforced by the hardware of the apparatus. The apparatus provides a secure mechanism and communication channel for relaying hashed acknowledgment messages from a receive node to a send node to inform the status of data transfer from the send node to the receive node across a one-way data link. The apparatus may be further implemented with the capability of comparing hashed messages from the two nodes. | 01-19-2012 |
20110252116 | BILATERAL COMMUNICATION USING MULTIPLE ONE-WAY DATA LINKS - Bilateral communication using multiple one-way data links for data transfers in opposite directions, each of which is subject to separately administered security restrictions and data filtering processes. Operating together, they enable secure bilateral communications across different network security domains. | 10-13-2011 |