Processes systems and networks for secured information exchange using computer hardware
First Claim
1. A method of enabling information exchange between a protected system and an external information source wherein the information is contained in a data set carried by a signal while preventing any undesired data from reaching the protected system comprising the steps of:
- A. connecting an intermediate domain computer hardware device between an external data set source and the protected system to receive an initial data set including the information and any undesirable data transmitted from the external information source;
B. processing within the intermediate domain device the signal containing the initial data set to a second data set, wherein processing includes the execution of any programs contained in the initial data set;
C. extracting the information from the second data set to thereby screen out undesirable data;
D. passing the extracted information to the protected system;
E. eliminating the initial data set from the intermediate domain computer hardware device;
F. resetting the intermediate domain computer hardware device to a non-contaminated state; and
G. converting the extracted information to data sets that are optimally processable by the protected system.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for providing external data-signal isolation, and signal-level information-preserving-data-transformations, to enable safe, operationally efficient, information sharing between protected information systems and networks and external, potentially hostile, information systems and networks which neutralizes any imbedded hostile executable codes such as viruses that may be in data-signals incoming from the external systems and networks. The system and method prevent un-transformed external data-signals from entering protected systems and/or networks using an intermediate screen which is a computer hardware device. The intermediate screen (which may be implemented as a network of systems) is deployed between the protected systems and external systems and is used to process all incoming signals from the external system to obtain transformed data sets from which information is extracted before it is passed to the protected system. The incoming signals all remain confined in the intermediate screen.
130 Citations
21 Claims
-
1. A method of enabling information exchange between a protected system and an external information source wherein the information is contained in a data set carried by a signal while preventing any undesired data from reaching the protected system comprising the steps of:
-
A. connecting an intermediate domain computer hardware device between an external data set source and the protected system to receive an initial data set including the information and any undesirable data transmitted from the external information source;
B. processing within the intermediate domain device the signal containing the initial data set to a second data set, wherein processing includes the execution of any programs contained in the initial data set;
C. extracting the information from the second data set to thereby screen out undesirable data;
D. passing the extracted information to the protected system;
E. eliminating the initial data set from the intermediate domain computer hardware device;
F. resetting the intermediate domain computer hardware device to a non-contaminated state; and
G. converting the extracted information to data sets that are optimally processable by the protected system. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for enabling information exchange between a protected system and an external information source when the information is contained in a data set carried by a signal while preventing any undesired data from reaching the protected system, the system comprising:
-
a) means for connecting an intermediate domain computer hardware device between an external data source and the protected system to receive an initial data set including the information and any undesirable data transmitted from the external source;
b) means for processing, within the intermediate domain device, the signals containing the initial data set so as to extract the information from the initial data set thus forming a second data set containing the information thereby screening out undesirable data, wherein means for processing includes the execution of any programs (i.e. executable code) contained in the initial data set;
c) means for securely passing the extracted information to the protected system;
d) means for purging the initial data set from the intermediate domain device;
e) means for resetting the intermediate domain device to a non contaminated state; and
f) means for converting extracted information to data sets optimally processable by the protected system. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification