Patent application number | Description | Published |
20080259929 | Secure one-way data transfer system using network interface circuitry - Network interface circuitry for a secure one-way data transfer from a sender's computer (“Send Node”) to a receiver's computer (“Receive Node”) over a data link, such as an optical fiber or shielded twisted pair copper wire communication cable, comprising send-only network interface circuitry for transmitting data from the Send Node to the data link, and receive-only network interface circuitry for receiving the data from the data link and transmitting the received data to the Receive Node, wherein the send-only network interface circuitry is configured not to receive any data from the data link, and the receive-only network interface circuitry is configured not to send any data to the data link. The network interface circuitry may use various interface means such as PCI interface, USB connection, FireWire connection, or serial port connection for coupling to the Send Node and the Receive Node. | 10-23-2008 |
20090222564 | Apparatus and Method for Supporting Connection Establishment in an Offload of Network Protocol Processing - A number of improvements in network adapters that offload protocol processing from the host processor are provided. Specifically, a mechanism for improving connection establishment in a system utilizing an offload network adapter is provided. The connection establishment mechanism provides the ability to offload connection establishment and maintenance of connection state information to the offload network adapter. As a result of this offloading of connection establishment and state information maintenance, the number of communications needed between the host system and the offload network adapter may be reduced. In addition, offloading of these functions to the offload network adapter permits bulk notification of established connections and state information to the host system rather than piecemeal notifications as is present in known computing systems. | 09-03-2009 |
20110161456 | Apparatus and Method for Supporting Memory Management in an Offload of Network Protocol Processing - A number of improvements in network adapters that offload protocol processing from the host processor are provided. Specifically, mechanisms for handling memory management and optimization within a system utilizing an offload network adapter are provided. The memory management mechanism permits both buffered sending and receiving of data as well as zero-copy sending and receiving of data. In addition, the memory management mechanism permits grouping of DMA buffers that can be shared among specified connections based on any number of attributes. The memory management mechanism further permits partial send and receive buffer operation, delaying of DMA requests so that they may be communicated to the host system in bulk, and expedited transfer of data to the host system. | 06-30-2011 |
20110167134 | Apparatus and Method for Supporting Memory Management in an Offload of Network Protocol Processing - A number of improvements in network adapters that offload protocol processing from the host processor are provided. Specifically, mechanisms for handling memory management and optimization within a system utilizing an offload network adapter are provided. The memory management mechanism permits both buffered sending and receiving of data as well as zero-copy sending and receiving of data. In addition, the memory management mechanism permits grouping of DMA buffers that can be shared among specified connections based on any number of attributes. The memory management mechanism further permits partial send and receive buffer operation, delaying of DMA requests so that they may be communicated to the host system in bulk, and expedited transfer of data to the host system. | 07-07-2011 |
20110252116 | BILATERAL COMMUNICATION USING MULTIPLE ONE-WAY DATA LINKS - Bilateral communication using multiple one-way data links for data transfers in opposite directions, each of which is subject to separately administered security restrictions and data filtering processes. Operating together, they enable secure bilateral communications across different network security domains. | 10-13-2011 |
20120017079 | Secure Acknowledgment Device For One-Way Data Transfer System - An apparatus for relaying a hashed message from a first node to a second node, comprising an inlet interface for receiving a message from the first node, a hash number calculator for hashing the message from the inlet interface, an outlet interface for sending the hashed message to the second node, a first one-way data link for unidirectional transfer from the inlet interface to the hash number calculator, and a second one-way data link for unidirectional transfer from the hash number calculator to the outlet interface, is provided. While the apparatus is capable of bidirectional communications with either or both of the first and second nodes through the respective interfaces, the unidirectionality of data flow through the apparatus is strictly enforced by the hardware of the apparatus. The apparatus provides a secure mechanism and communication channel for relaying hashed acknowledgment messages from a receive node to a send node to inform the status of data transfer from the send node to the receive node across a one-way data link. The apparatus may be further implemented with the capability of comparing hashed messages from the two nodes. | 01-19-2012 |
20120030768 | RUGGEDIZED, COMPACT AND INTEGRATED ONE-WAY CONTROLLED INTERFACE TO ENFORCE CONFIDENTIALITY OF A SECURE ENCLAVE - A rugged, integrated network interface appliance for ensuring secure data transfer comprising send-only network interface circuitry comprising a microprocessor, a program memory, a first host interface, and a first serial interface; receive-only network interface circuitry comprising a microprocessor, a program memory, a second host interface, and a second serial interface; a single data link connecting the first serial interface of the send-only network interface circuitry to the second serial interface of the receive-only network interface circuitry that is configured such that the send-only network interface circuitry is configured not to receive any data from said data link, and the receive-only network interface circuitry is configured not to send any data to said data link. | 02-02-2012 |
20120042357 | Secure one-way data transfer system using network interface circuitry - Network interface circuitry for a secure one-way data transfer from a sender's computer (“Send Node”) to a receiver's computer (“Receive Node”) over a data link, such as an optical fiber or shielded twisted pair copper wire communication cable, comprising send-only network interface circuitry for transmitting data from the Send Node to the data link, and receive-only network interface circuitry for receiving the data from the data link and transmitting the received data to the Receive Node, wherein the send-only network interface circuitry is configured not to receive any data from the data link, and the receive-only network interface circuitry is configured not to send any data to the data link. The network interface circuitry may use various interface means such as PCI interface, USB connection, FireWire connection, or serial port connection for coupling to the Send Node and the Receive Node. | 02-16-2012 |
20120151075 | CONCURRENT DATA TRANSFER INVOLVING TWO OR MORE TRANSPORT LAYER PROTOCOLS OVER A SINGLE ONE-WAY DATA LINK - A data transfer application for concurrent transfer of data streams based on two or more transport layer protocols via a single one-way data link. The present invention provides a great degree of routing flexibility by providing seamless network connectivity under a plurality of transport layer protocols, such as TCP and UDP, between multiple source and destination platforms over a single one-way data link. | 06-14-2012 |
20120162697 | Remote Print File Transfer And Spooling Application For Use With A One-Way Data Link - A system for printing includes one or more printers, a send platform, a print spooling platform coupled to the one or more printers, and a one-way data link enforcing unidirectional data transfer from the send platform to the print spooling platform, wherein the send platform is configured to receive a print job, convert the print job into a print file in a printable format for the one or more printers, and send the print file to the print spooling platform across the one-way data link, and the print spooling platform is configured to receive the print file from the one-way data link, control spooling of the print file for the one or more printers, and send the print file to the one or more printers, and wherein the one or more printers cannot communicate to the send platform. | 06-28-2012 |
20120331097 | BILATERAL COMMUNICATION USING MULTIPLE ONE-WAY DATA LINKS - A bilateral data transfer system comprising a first node, a second node, a first one-way link for unidirectional transfer of first data from the first node to the second node, and a second one-way link for unidirectional transfer of second data from the second node to the first node, wherein the unidirectional transfer of the first data across the first one-way link and the unidirectional transfer of the second data across the second one-way link are independently administered by the bilateral data transfer system. Under such bilateral data transfer system, each of the one-way data links may be subject to separately administered security restrictions and data filtering processes. Hence, it enables secure bilateral communications across different network security domains. | 12-27-2012 |
20130097283 | BILATERAL COMMUNICATION USING MULTIPLE ONE-WAY DATA LINKS - A bilateral data transfer system comprising a first node, a second node, a first one-way link for unidirectional transfer of first data from the first node to the second node, and a second one-way link for unidirectional transfer of second data from the second node to the first node, wherein the unidirectional transfer of the first data across the first one-way link and the unidirectional transfer of the second data across the second one-way link are independently administered by the bilateral data transfer system. Under such bilateral data transfer system, each of the one-way data links may be subject to separately administered security restrictions and data filtering processes, enabling secure bilateral communications across different network security domains. | 04-18-2013 |
20130254878 | METHOD AND APPARATUS FOR DATA TRANSFER RECONCILIATION - A method and system for monitoring data transfers over a one-way data link from a send node to a receive node. A send log file monitoring and transmitting module associated with the send node on a first server outputs a send log file containing information about data sent by the send node. A receive log file monitoring and transmitting module associated with the receive node on a second server outputs a receive log file containing information about data received by the receive node. A reconciliation module on a third server receives the send log file and the receive log file and identifies any data transfer errors by comparing the send log file with the receive log file. A web server is coupled to the reconciliation module to provide user access to the identified data transfer errors. | 09-26-2013 |
20140020109 | FILE MANIFEST FILTER FOR UNIDIRECTIONAL TRANSFER OF FILES - A manifest transfer engine for a one-way file transfer system is disclosed. The manifest transfer engine comprises a send side, a receive side, and a one-way data link enforcing unidirectional data flow from the send side to the receive side. The send side receives and stores a file manifest table from an administrator server. The send side also receives a file from a user and compares it with the file manifest table. Transfer of the file to the receive side via the one-way data link is allowed only when there is a match between the file and the file manifest table. In an alternative embodiment, the receive side instead receives and stores the file manifest table from the administrator server and compares it with the file received from the send side via the one-way data link to determine whether to allow transfer of the file. | 01-16-2014 |
20140089388 | SYSTEM AND METHOD FOR PROVIDING A REMOTE VIRTUAL SCREEN VIEW - A system for virtual screen view service, comprising a monitored computer platform, a monitoring computer platform, a server installed on the monitored computer platform, a client installed on the monitoring computer platform, and a one-way data link for unidirectional data transfer from the server to the client, wherein the server is configured to periodically collect screen image data from the monitored computer platform and send it to the client via the one-way data link, and the client is configured to process the image data received from the server via the one-way data link and cause it to be displayed on the monitoring computer platform. An alternative configuration is also disclosed for allowing a remote client to securely monitor the screen of a locally monitored computer platform via an intermediary server. | 03-27-2014 |
20140136657 | DATA TRANSFER SYSTEM - A data transfer system comprising a first node, a second node, and a first one-way link for unidirectional transfer of data from the first node to the second node. The first node is configured to receive data and to allow transfer of the data to the second node via the first one-way link only if there is a match between a characteristic of the received data and an entry in a first predefined configuration file. The system may also include a second one-way link for unidirectional transfer of second data from the second node to the first node. The second node is configured to receive the second data and to allow transfer of the second data to the first node via the second one-way link only if there is a match between a characteristic of the second data and an entry in a predefined configuration file. | 05-15-2014 |
20140139732 | SYSTEM FOR PROVIDING A SECURE VIDEO DISPLAY - A system for providing a secure video display using a one-way data link. An input interface for receives a video stream signal. The one-way data link has an input node coupled to receive the input video stream signal and an output node. A processing system is coupled to the output node of the one-way data link and is configured to run a predetermined operating system. In an embodiment, a video display software program operates within the predetermined operating system to process the video stream signal received from the output node of the one-way data link and to provide an output signal for viewing on a display coupled to the processing system. Optionally, the video display program operates within a virtual operating system running within the predetermined operating system. In other embodiments, the video display program may process a video stream signal containing a plurality of different video programs. | 05-22-2014 |
20140139737 | SYSTEM FOR REAL-TIME CROSS-DOMAIN SYSTEM PACKET FILTERING - A system for filtering a digital signal transmitted in a protocol featuring multi-level packetization from a first server to a second server. The first server is coupled to the second server via a one-way data link. The system includes a filter having an input for receiving the digital signal and an output. The filter is configured to analyze the digital video signal and determine whether the digital signal violates one or more predetermined criteria. The filter may be within the first server, or alternatively, within the second server. The predetermined criteria may be unauthorized security level information included within metadata transmitted with the digital video signal. The predetermined criteria may also be format information that, when not conformed to, indicates potential malware or other bad content included within the digital video signal. The filter provides low data transfer latency and/or decoupling of data filter latency from data transfer latency. | 05-22-2014 |
20140165182 | SYSTEM FOR SECURE TRANSFER OF INFORMATION FROM AN INDUSTRIAL CONTROL SYSTEM NETWORK - A system for securely transferring information from an industrial control system network, including, within the secure domain, one or more remote terminal units coupled by a first network, one or more client computers coupled by a second network, and a send server coupled to the first and second networks. The send server acts as a proxy for communications between the client computers and the remote terminals and transmits first information from such communications on an output. The send server also transmits a poll request to a remote terminal unit via the first network and transmits second information received in response to the poll on the output. The system also includes, outside the secure domain, a receive server having an input coupled to the output of the send server via a one-way data link. The receive server receives and stores the first and second information provided via the input. | 06-12-2014 |
20140207939 | SYSTEM AND METHOD FOR ENABLING THE CAPTURE AND SECURING OF DYNAMICALLY SELECTED DIGITAL INFORMATION - A system is disclosed for monitoring a channel passing information which includes an identifying designation. A channel monitor is coupled to the channel and configured to provide on an output all information passing on the channel. A manifest engine is coupled to the channel monitor to receive the information passing on the channel and to an operator console to receive an information manifest table. The information manifest table contains at least one identifying designation. The manifest engine compares the information received with the information in the information manifest table and only provides on the output that information having an identifying designation that matches an identifying designation included within the information manifest table. A storage server is coupled to the manifest engine and configured to receive and store the information provided from the manifest engine. | 07-24-2014 |
20140208420 | SYSTEM FOR REMOTELY MONITORING STATUS INFORMATION OF DEVICES CONNECTED TO A NETWORK - A system for monitoring the status of one or more networks and/or of devices coupled to each of the one or more networks. Status monitoring applications are associated with the networks and/or devices. The status monitoring applications output a respective status log file containing information about the system status of the associated network or device. In one embodiment, the system status is derived from the Windows Event Log. The status monitoring applications are coupled to a remote receive module via a one-way data link or a firewall. The remote receive module receives the log files and processes the log files to either identify any unauthorized status conditions identified therein or to generate a cumulative log file consisting of events occurring over a predetermined time interval. | 07-24-2014 |
20140208433 | SYSTEM AND METHOD FOR THE SECURE UNIDIRECTIONAL TRANSFER OF SOFTWARE AND SOFTWARE UPDATES - A system is disclosed that provides an authenticated payload, e.g., a software program or update, to a recipient device. A storage device stores a payload. A provider server coupled to the storage device outputs the payload and a manifest table. The manifest table includes information identifying the payload. A manifest engine TX server receives the payload and the manifest table from the provider server, generates information about the received payload, compares the information generated about the payload with the contents of the received manifest table, and, if the information about the received payload matches information for a particular one of the at least one payloads included in the received manifest table, forwards the payload to a one-way data link. The output of the one-way data link is coupled to a manifest engine RX server, which in turn forwards any received payload to a recipient device coupled to an output of the manifest engine RX server. | 07-24-2014 |
20140237372 | SYSTEM AND METHOD FOR SECURE UNIDIRECTIONAL TRANSFER OF COMMANDS TO CONTROL EQUIPMENT - A system for securely transferring commands to a recipient device. An access interface allows a user to enter a command for the recipient device. The access interface only allows the user to enter commands within a subset of commands associated with a role assigned to the user. The control interface receives information, i.e., the command entered by the user and the associated user role, from the access interface. The control interface outputs, to the manifest engine, the information and a manifest table which identifies each role and the subset of commands associated with each role. The manifest engine compares the information with the contents of the received manifest table, and, if the command entered by the user corresponds to a command within the set of commands associated with the role assigned to the user, forwards the command to the recipient device. | 08-21-2014 |
20140237561 | SECURE FRONT-END INTERFACE - A secure front-end interface for a PLC, RTU or similar device is disclosed. A first server is coupled to the PLC via a communications link and is configured to receive status information from the device and transmit the information to a second server via a one-way data link. The second server has a network interface for coupling to a network and receives the information from the first server via the one-way data link and outputs the information via the network interface based upon a user request. The front-end interface may further include a second one-way data link coupled from the second server to the first server to allow user command entry. The secure front-end interface may alternatively consist only of a single server coupled between the device and the network which requires a user to enter a password before obtaining access to the status information. | 08-21-2014 |
20140304371 | SECURE ONE-WAY INTERFACE FOR A NETWORK DEVICE - A one-way interface for a network device which secures status registers therein from unauthorized changes. The interface includes a first server, a one-way data link and a second server. The first server is coupled to the status registers to read information stored therein. The first server reads the information from the status registers and transmits the information on an output. The one-way data link has an input coupled to the output of the first server and an output. The second server has an input coupled to the output of the one-way data link and an output coupled to a network. The second server receives the information from the first server via the one-way data link. The second server transmits the information on the output to a predetermined network destination and/or provides a user interface for providing access to the information via the network. | 10-09-2014 |
20140337407 | NFS STORAGE VIA MULTIPLE ONE-WAY DATA LINKS - A system for bilaterally transferring information between a client and an NFS server. The client is coupled with an NFS server proxy running on a second receive server via a first network and communicates thereon. The processed first information is passed to a first send server via a dedicated network connection. The first send server causes the first information to be transmitted to the NFS server, via a first one-way data link, a first receive server, a second dedicated network connection and an NFS client proxy running on a second send server. The NFS server is coupled to the NFS client proxy via a second network. The NFS client proxy forwards information received from the NFS server to the client via a second one-way link, the NFS server proxy running on the second receive server and the first network. | 11-13-2014 |
20140337410 | ENTERPRISE CROSS-DOMAIN SOLUTION HAVING CONFIGURABLE DATA FILTERS - A cross-domain system for transferring files from a client to a server. A first server in the first network domain receives and stores files from the client via the first network. The received files are processed based on predetermined instructions stored in an associated file. The processed received files are transmitted to a second server via a one-way data link. The second server in the second network domain receives and stores the processed received files. The received files are further processed based on predetermined instructions stored in an associated file. The further processed received files are transmitted to the server via the second network. The two associated files are stored in permanent memory with security policies which prevent the files from disrupting operation of the first and second servers, respectively. The security policies allow the associated files to be overwritten to update the processing performed by the associated server. | 11-13-2014 |
20150020155 | ONE-WAY INTERFACE FOR PI TO PI DATA TRANSFER - A system for transferring information from a first PI server coupled to a first network to a second PI server coupled to a second network. The system includes a source platform coupled to the first network and in communication with the first PI server, a receive platform coupled to the second network and in communication with the second PI server, and a one-way data link coupling the source platform to the receive platform. The source platform is configured to read transfer configuration information from the first PI server and to dynamically modify the transfer parameters based thereon. The receive platform is configured to, if there is changed database record configuration information, continually store a current predefined portion of the historical information in memory without transferring such information to the second PI server until a user, via a user interface, authorizes the release of such information to the second PI server. | 01-15-2015 |
20150020194 | SYSTEM AND METHOD FOR IMPROVING THE RESILIENCY OF WEBSITES AND WEB SERVICES - A system is disclosed for monitoring the status of a website operating on a host and for remedying any identified problems. A first platform is coupled to the host for monitoring the website and periodically transmits status information about the website. A second platform is coupled to the first platform for periodically receiving the status information about the at least one feature. The second platform is configured to compare the received status information with a copy of the website and based thereon determine if the website has been compromised. The second platform is further configured to output an alert signal after determining that the website has been compromised. A third platform is coupled to the second platform and separately coupled to the host computer. The third platform is configured to receive the alert signal from the second platform and to forward the alert signal to the host computer. | 01-15-2015 |
20150026792 | SYSTEM FOR PROVIDING A SECURE VIDEO DISPLAY - A system for providing a secure video display using a one-way data link. An input interface for receives a video stream signal. The one-way data link has an input node coupled to receive the input video stream signal and an output node. A processing system is coupled to the output node of the one-way data link and is configured to run a predetermined operating system. In an embodiment, a video display software program operates within the predetermined operating system to process the video stream signal received from the output node of the one-way data link and to provide an output signal for viewing on a display coupled to the processing system. Optionally, the video display program operates within a virtual operating system running within the predetermined operating system. In other embodiments, the video display program may process a video stream signal containing a plurality of different video programs. | 01-22-2015 |
20150058385 | BILATERAL TRANSFER SYSTEM USING MULTIPLE ONE-WAY DATA LINKS - A system for bilaterally transferring information between a client and a remote server. The client is coupled with a server proxy running on a second receive server via a first network and communicates thereon. Processed first information is passed to a first send server via a dedicated network connection. The first send server causes the first information to be transmitted to the remote server, via a first one-way data link, a first receive server, a second dedicated network connection and a client proxy running on a second send server. The remote server is coupled to the client proxy via a second network. The client proxy forwards information received from the server to the client via a second one-way link, the server proxy running on the second receive server, and the first network. | 02-26-2015 |
20150058925 | SECURE ONE-WAY INTERFACE FOR OPC DATA TRANSFER - A system for transmitting OPC information from a first network in a first security domain to a second network in a second security domain. A first stand-alone server within the first security domain retrieves information via the first network from a first OPC server in the first security domain and forwards the retrieved information to a send server coupled to the first network. The send server forwards the received information received to a receive server via a one-way data link. The receive server receives the information from the send server and forwards the received information to a second stand-alone server via the second network. The second stand-alone server receives the information from the receive server and forwards the information to one or more OPC clients in the second security domain. | 02-26-2015 |
20150067104 | SECURE ONE-WAY INTERFACE FOR ARCHESTRA DATA TRANSFER - A system for transmitting ArchestrA information from a first network in a first security domain to a second network in a second security domain. A first stand-alone server within the first security domain retrieves information via the first network from a first ArchestrA Galaxy and/or from a first historian in the first security domain and forwards the retrieved information to a send server coupled to the first network. The send server forwards the received information received to a receive server via a one-way data link. The receive server receives the information from the send server and forwards the received information to a second stand-alone server via the second network. The second stand-alone server receives the information from the receive server and forwards the information to a second ArchestrA Galaxy and/or to a second historian in the second security domain. | 03-05-2015 |