Processes systems and networks for secure exchange of information and quality of service maintenance using computer hardware
First Claim
1. A method for safe processing of externally generated (e.g. from the Internet) executable code and the secure downloading of information from external sources (such as the Internet), such that no contamination or (other compromise) from such external executable code and/or information is experienced by the system being protected (referred to as the protected-system) by the invention (a secure communications &
- processing front-end signal control system), comprising the steps of;
a. inserting a secure communications &
processing front-end signal control system between the protected-system and external signal sources (e.g. the Internet), such that all external signals are confined in the secure communications &
processing front-end signal control system (the invention), and all external signals are processed inside the invention, whereby the protected-system is thus physically isolated (at the signal level) from potentially hostile/contaminated external signals;
b. viewing (from the protected-system) the processing of external signals taking place inside the invention (where the protected-system is a manned system, such as a workstation) by making the display subsystem of the invention safely viewable from the protected-system, whereby a simple embodiment of this step is to make the monitor (e.g. VGA/SVGA output) signal of the invention viewable on a subset of the raster display (monitor) of the protected-system;
c. allowing the protected-system to capture ( and store in any desired format) the display output signals (e.g. monitor'"'"'s video data stream) from the invention, whereby this capture process results in an information-preserving-signal-transfer process with the carrier signal safely generated by the invention, while the original external signals are confined within the invention (the secure communications &
processing front-end signal control system), thus eliminating any probability of any contamination or hostile signals (such as viruses (of any type), worms (of any type), cookies, false commands, or false command sequences (for process-control and telemetry type applications), and like signals) reaching the protected-system;
d. providing a one-way optical signal path to allow protected-system selected information (e.g. spreadsheets, programs needing updates, etc.) to be safely passed to the invention for update processing inside the invention, whereby the results of such processing (e.g. updates, downloading of program patches, etc.) is tested and evaluated within the invention, and transferred to the protected-system as defined in strep c;
e. processing external commands and external (e.g. from the Internet) requests to the protected system (where the protected-system is an unmanned/autonomous system such as a server, a process-control system, a web-site), and generating allowed command and request signals to the protected-system (based on the external command and request processing results), while confining all external signals in the invention ( the secure communications &
processing front-end signal control system), whereby this process insures no false or unauthorized commands (or unauthorized command sequences) and unauthorized requests reach the protected-system;
f. automatically returning the invention (the secure communications &
processing front-end signal control system) to a predefined secure state (e.g. an initial state) via an automatic system-reset/flush sequence initiated by the end of an external communication session (e.g. with the Internet), thus eliminating all external signals received by (and remaining in) the invention during that session, wherein this step results in an automatic self-cleansing of the invention, therefore eliminating the need for anti-virus software (and updates), cookies countermeasure software, filters, firewalls, and other (at best, marginally effective) InfoSec software functions, and keeping the protected-system safely physically-isolated from all external signals.
0 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing external data-signal isolation, and signal-level information-preserving-data-transformations, to enable safe, operationally efficient, information sharing between protected information systems and networks and external, potentially hostile, information systems and networks which neutralizes any imbedded hostile executable codes such as viruses that may be in data-signals incoming from the external systems and networks. The system and method prevent untransformed external data-signals from entering protected systems and/or networks using an intermediate screen which is a computer hardware device. The intermediate screen (which may be implemented as a network of systems) is deployed between the protected systems and external systems and is used to process all incoming signals from the external system to obtain transformed data sets from which information is extracted before it is passed to the protected system. The incoming signals all remain confined in the intermediate screen.
280 Citations
45 Claims
-
1. A method for safe processing of externally generated (e.g. from the Internet) executable code and the secure downloading of information from external sources (such as the Internet), such that no contamination or (other compromise) from such external executable code and/or information is experienced by the system being protected (referred to as the protected-system) by the invention (a secure communications &
- processing front-end signal control system), comprising the steps of;
a. inserting a secure communications &
processing front-end signal control system between the protected-system and external signal sources (e.g. the Internet), such that all external signals are confined in the secure communications &
processing front-end signal control system (the invention), and all external signals are processed inside the invention, whereby the protected-system is thus physically isolated (at the signal level) from potentially hostile/contaminated external signals;
b. viewing (from the protected-system) the processing of external signals taking place inside the invention (where the protected-system is a manned system, such as a workstation) by making the display subsystem of the invention safely viewable from the protected-system, whereby a simple embodiment of this step is to make the monitor (e.g. VGA/SVGA output) signal of the invention viewable on a subset of the raster display (monitor) of the protected-system;
c. allowing the protected-system to capture ( and store in any desired format) the display output signals (e.g. monitor'"'"'s video data stream) from the invention, whereby this capture process results in an information-preserving-signal-transfer process with the carrier signal safely generated by the invention, while the original external signals are confined within the invention (the secure communications &
processing front-end signal control system), thus eliminating any probability of any contamination or hostile signals (such as viruses (of any type), worms (of any type), cookies, false commands, or false command sequences (for process-control and telemetry type applications), and like signals) reaching the protected-system;
d. providing a one-way optical signal path to allow protected-system selected information (e.g. spreadsheets, programs needing updates, etc.) to be safely passed to the invention for update processing inside the invention, whereby the results of such processing (e.g. updates, downloading of program patches, etc.) is tested and evaluated within the invention, and transferred to the protected-system as defined in strep c;
e. processing external commands and external (e.g. from the Internet) requests to the protected system (where the protected-system is an unmanned/autonomous system such as a server, a process-control system, a web-site), and generating allowed command and request signals to the protected-system (based on the external command and request processing results), while confining all external signals in the invention ( the secure communications &
processing front-end signal control system), whereby this process insures no false or unauthorized commands (or unauthorized command sequences) and unauthorized requests reach the protected-system;
f. automatically returning the invention (the secure communications &
processing front-end signal control system) to a predefined secure state (e.g. an initial state) via an automatic system-reset/flush sequence initiated by the end of an external communication session (e.g. with the Internet), thus eliminating all external signals received by (and remaining in) the invention during that session, wherein this step results in an automatic self-cleansing of the invention, therefore eliminating the need for anti-virus software (and updates), cookies countermeasure software, filters, firewalls, and other (at best, marginally effective) InfoSec software functions, and keeping the protected-system safely physically-isolated from all external signals. - View Dependent Claims (2, 3, 4, 5, 6, 17)
- processing front-end signal control system), comprising the steps of;
-
7. A system for safe processing of externally generated (e.g. from the Internet) executable code and the secure downloading of information from external sources (such as the Internet), such that no contamination or (other compromise) from such external executable code and/or information is experienced by the system being protected (referred to as the protected-system) by the invention (a secure communications &
- processing front-end signal control system), comprising;
a. a means for inserting a secure communications &
processing front-end signal control system between the protected-system and external signal sources (e.g. the Internet), such that all external signals are confined in the secure communications &
processing front-end signal control system (the invention), and all external signals are processed inside the invention, whereby the protected-system is thus physically isolated (at the signal level) from potentially hostile/contaminated external signals;
b. a means for viewing (from the protected-system) the processing of external signals taking place inside the invention (where the protected-system is a manned system, such as a workstation) by making the display subsystem of the invention safely viewable from the protected-system, whereby a simple embodiment of this step is to make the monitor (e.g. VGA/SVGA output) signal of the invention viewable on a subset of the raster display (monitor) of the protected-system;
c. a means for allowing the protected-system to capture (and store in any desired format) the display output signals (e.g. monitor'"'"'s video data stream) from the invention, whereby this capture process results in an information-preserving-signal-transfer process with the carrier signal safely generated by the invention, while the original external signals are confined within the invention (the secure communications &
processing front-end signal control system), thus eliminating any probability of any contamination or hostile signals (such as viruses (of any type), worms (of any type), cookies, false commands, or false command sequences (for process-control and telemetry type applications), and like signals) reaching the protected-system;
d. a means for providing a one-way optical signal path to allow protected-system selected information (e.g. spreadsheets, programs needing updates, etc.) to be safely passed to the invention for update processing inside the invention, whereby the results of such processing (e.g. updates, downloading of program patches, etc.) is tested and evaluated within the invention, and transferred to the protected-system as defined in step c;
e. a means for processing external commands and external (e.g. from the Internet) requests to the protected system (where the protected-system is an unmanned/autonomous system such as a server, a process-control system, a web-site), and generating allowed command and request signals to the protected-system (based on the external command and request processing results), while confining all external signals in the invention (the secure communications &
processing front-end signal control system), whereby this process insures no false or unauthorized commands (or unauthorized command sequences) and unauthorized requests reach the protected-system;
f. a means for automatically returning the invention (the secure communications &
processing front-end signal control system) to a predefined secure state (e.g. an initial state) via an automatic system-reset/flush sequence initiated by the end of an external communication session (e.g. with the Internet), thus eliminating all external signals received by (and remaining in) the invention during that session, wherein this step results in an automatic self-cleansing of the invention, therefore eliminating the need for anti-virus software (and updates), cookies countermeasure software, filters, firewalls, and other (at best, marginally effective) InfoSec software functions, and keeping the protected-system safely physically-isolated from all external signals. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45)
- processing front-end signal control system), comprising;
Specification