Systems and methods for providing increased computer security
First Claim
1. In a communication system having a plurality of networks, a method of achieving network separation between first and second networks comprising:
- defining the first network with a first degree of trust;
defining the second network with a second degree of trust that is lower than the first degree of trust;
enabling communication between first and second networks via a network interface system using a communication protocol implemented in an application layer of a communication protocol stack; and
enabling data communication from the second network to the first network while minimizing data communication from the first network to the second network.
1 Assignment
0 Petitions
Accused Products
Abstract
In a communication system having a plurality of networks, a method of achieving network separation between first and second networks is described. First and second networks with respective first and second degrees of trust are defined, the first degree of trust being higher than the second degree of trust. Communication between the first and second networks is enabled via a network interface system having a protocol stack, the protocol stack implemented by the network interface system in an application layer. Data communication from the second network to the first network is enabled while data communication from the first network to the second network is minimized.
27 Citations
20 Claims
-
1. In a communication system having a plurality of networks, a method of achieving network separation between first and second networks comprising:
-
defining the first network with a first degree of trust;
defining the second network with a second degree of trust that is lower than the first degree of trust;
enabling communication between first and second networks via a network interface system using a communication protocol implemented in an application layer of a communication protocol stack; and
enabling data communication from the second network to the first network while minimizing data communication from the first network to the second network. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A network separation method for achieving network separation between first and second networks of a communication system, comprising:
-
providing a computer server configured to have a communication protocol stack implemented in an application layer; and
enabling data communication from the second network to the first network via the computer server, the first network having a higher degree of trust than the second network, and wherein rate of acknowledgment of messages by the computer server is probabilistic derived from a mean rate based on a moving average of the rate at which the first network accepts messages sent from the second network. - View Dependent Claims (12, 13)
-
-
14. A system for achieving network separation between first and second networks of a communication system, comprising:
-
a first processor for processing information from the first network;
a second processor for processing information from the second network, the first network having a higher degree of trust than the second network; and
wherein a rate of acknowledgment of messages by the system is probabilistic derived from a mean rate based on a moving average of the rate at which the first network accepts messages sent from the second network. - View Dependent Claims (15, 16, 17, 18)
-
-
19. The system of claim 19, wherein for each active connection, the system maintains a distinct variable that reflects a moving average of the time it takes for the first application program interface to accept messages from the second network, and messages received from the second application program interface are delayed based on the moving average using a random variable of a pseudo-exponential or similar type, and further wherein information flow from the first application program interface to the second application program interface occurs through changes in the moving average values.
-
20. A network separation system for achieving network separation between first and second networks of a communication system, comprising:
-
means for providing a computer server configured to have a communication protocol stack implemented in an application layer; and
means for enabling data communication from the second network to the first network via the computer server, the first network having a higher degree of trust than the second network, and wherein the rate of acknowledgment of messages by the computer server is probabilistic with a mean rate based on a moving average of the rate at which the first network accepts messages sent from the second network.
-
Specification