Secure one-way data transfer system using network interface circuitry

US 20080259929A1
Filed: 04/18/2007
Published: 10/23/2008
Est. Priority Date: 04/18/2007
Status: Active Grant

First Claim

Patent Images

1. Network interface circuitry for a secure one-way data transfer from a Send Node to a Receive Node over a data link, comprising:

send-only network interface circuitry for transmitting data from said Send Node to said data link; and

receive-only network interface circuitry for receiving said data from said data link and transmitting said received data to said Receive Node,wherein said send-only network interface circuitry is configured not to receive any data from said data link, and said receive-only network interface circuitry is configured not to send any data to said data link.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network interface circuitry for a secure one-way data transfer from a sender'"'"'s computer (“Send Node”) to a receiver'"'"'s computer (“Receive Node”) over a data link, such as an optical fiber or shielded twisted pair copper wire communication cable, comprising send-only network interface circuitry for transmitting data from the Send Node to the data link, and receive-only network interface circuitry for receiving the data from the data link and transmitting the received data to the Receive Node, wherein the send-only network interface circuitry is configured not to receive any data from the data link, and the receive-only network interface circuitry is configured not to send any data to the data link. The network interface circuitry may use various interface means such as PCI interface, USB connection, FireWire connection, or serial port connection for coupling to the Send Node and the Receive Node.

87 Citations

View as Search Results

83 Claims

1. Network interface circuitry for a secure one-way data transfer from a Send Node to a Receive Node over a data link, comprising:
- send-only network interface circuitry for transmitting data from said Send Node to said data link; and
  
  receive-only network interface circuitry for receiving said data from said data link and transmitting said received data to said Receive Node,wherein said send-only network interface circuitry is configured not to receive any data from said data link, and said receive-only network interface circuitry is configured not to send any data to said data link.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 74, 75, 76, 77)
- - 2. The network interface circuitry of claim 1, whereinsaid send-only network interface circuitry comprises a data transmitter, a first interface to said Send Node, and a first interface circuit for controlling the flow of said data between said first interface and said data transmitter;
    - and
3. The network interface circuitry of claim 2, wherein said data link is an optical data link.
4. The network interface circuitry of claim 3, wherein said optical data link comprises an optical fiber.
5. The network interface circuitry of claim 3, wherein said data transmitter comprises an optical emitter and said data receiver comprises an optical detector.
6. The network interface circuitry of claim 5, wherein said optical data link comprises an optical fiber, said data transmitter further includes a first integrated fiber optic connector, and said data receiver further comprises a second integrated fiber optic connector.
7. The network interface circuitry of claim 2, wherein said data link is a shielded twisted pair copper wire communication cable.
8. The network interface circuitry of claim 7, wherein said data transmitter comprises a serial digital cable driver and said data receiver comprises an adaptive cable driver.
9. The network interface circuitry of claim 8, wherein said data transmitter further comprises a first RJ45 connector configured to only send said data to said data link and said data receiver further comprises a second RJ45 connector configured to only receive said data from said data link.
10. The network interface circuitry of claim 2, wherein said first interface comprises a Peripheral Component Interconnect (PCI) interface.
11. The network interface circuitry of claim 2, wherein said first interface comprises a Universal Serial Bus (USB) connector.
12. The network interface circuitry of claim 2, wherein said first interface comprises a FireWire connector.
13. The network interface circuitry of claim 2, wherein said first interface comprises a serial port connector.
14. The network interface circuitry of claim 2, wherein said second interface comprises a PCI interface.
15. The network interface circuitry of claim 2, wherein said second interface comprises a USB connector.
16. The network interface circuitry of claim 2, wherein said second interface comprises a FireWire connector.
17. The network interface circuitry of claim 2, wherein said second interface comprises a serial port connector.
18. The network interface circuitry of claim 2, wherein each of said first and second interface circuits comprises an Asynchronous Transfer Mode (ATM) network interface circuit.
19. The network interface circuitry of claim 18, wherein said ATM network interface circuit comprises an ATM physical interface chip and an ATM segmentation and reassembly chip.
20. The network interface circuitry of claim 2, further comprising a send-only network interface card to have the components of said send-only network interface circuitry populating thereon.
21. The network interface circuitry of claim 20, wherein said send-only network interface card has a low form factor.
22. The network interface circuitry of claim 20, wherein said send-only network interface card has an unpopulated space.
23. The network interface circuitry of claim 22, wherein said send-only network interface card comprises silkscreen words placed on its unpopulated surface to indicate the send-only functionality of said send-only network interface circuitry populating said send-only network interface card.
24. The network interface circuitry of claim 2, further comprising a receive-only network interface card to have the components of said receive-only network interface circuitry populating thereon.
25. The network interface circuitry of claim 24, wherein said receive-only network interface card has a low form factor.
26. The network interface circuitry of claim 24, wherein said receive-only network interface card has an unpopulated space.
27. The network interface circuitry of claim 26, wherein said receive-only network interface card comprises silkscreen words placed on its unpopulated surface to indicate the receive-only functionality of said receive-only network interface circuitry populating said receive-only network interface card.
74. The network interface circuitry of claim 2, wherein said send-only network interface circuitry further comprises a data receiver which is disabled to communicate with said first interface circuit and said first interface.
75. The network interface circuitry of claim 2, wherein said receive-only network interface circuitry further comprises a data transmitter which is disabled to communicate with said second interface circuit and said second interface.
76. The network interface circuitry of claim 22, wherein said unpopulated space comprises a space reserved for but not populated by a data detector.
77. The network interface circuitry of claim 26, wherein said unpopulated space comprises a space reserved for but not populated by a data transmitter.

28. A secure one-way data transfer system, comprising:
- a Send Node;
  
  a Receive Node;
  
  a data link;
  
  send-only network interface circuitry for transmitting data from said Send Node to said data link, said send-only network interface circuitry interfacing said Send Node to said data link; and
  
  receive-only network interface circuitry for receiving said data from said data link and transmitting said received data to said Receive Node, said receive-only network interface circuitry interfacing said data link to said Receive Node,wherein said send-only network interface circuitry is configured not to receive any data from said data link, and said receive-only network interface circuitry is configured not to send any data to said data link.
- View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 78, 79, 80, 81)
- - 29. The system of claim 28, wherein said Send Node and said Receive Node are computers based on Microsoft Windows operating system.
  - 30. The system of claim 28, wherein said Send Node and said Receive Node are computers based on Unix-based operating system.
  - 31. The system of claim 30, wherein said Unix-based operation system is Linux, Ultrix, or Solaris.
  - 32. The system of claim 28, whereinsaid send-only network interface circuitry comprises a data transmitter, a first interface to said Send Node, and a first interface circuit for controlling the flow of said data between said first interface and said data transmitter;
    - and
33. The system of claim 32, wherein said data link is an optical data link.
34. The system of claim 33, wherein said optical data link comprises an optical fiber.
35. The system of claim 33, wherein said data transmitter comprises an optical emitter and said data receiver comprises an optical detector.
36. The system of claim 35, wherein said optical data link comprises an optical fiber, said data transmitter further includes a first integrated fiber optic connector, and said data receiver further comprises a second integrated fiber optic connector.
37. The system of claim 32, wherein said data link is a shielded twisted pair copper wire communication cable.
38. The system of claim 37, wherein said data transmitter comprises a serial digital cable driver and said data receiver comprises an adaptive cable driver.
39. The system of claim 38, wherein said data transmitter further comprises a first RJ45 connector configured to only send said data to said data link and said data receiver further comprises a second RJ45 connector configured to only receive said data from said data link.
40. The system of claim 32, wherein said first interface comprises a PCI interface.
41. The system of claim 32, wherein said first interface comprises a USB connector.
42. The system of claim 32, wherein said first interface comprises a FireWire connector.
43. The system of claim 32, wherein said first interface comprises a serial port connector.
44. The system of claim 32, wherein said second interface comprises a PCI interface.
45. The system of claim 32, wherein said second interface comprises a USB connector.
46. The system of claim 32, wherein said second interface comprises a FireWire connector.
47. The system of claim 32, wherein said second interface comprises a serial port connector.
48. The system of claim 32, wherein each of said first and second interface circuits comprises an ATM network interface circuit.
49. The system of claim 48, wherein said ATM network interface circuit comprises an ATM physical interface chip and an ATM segmentation and reassembly chip.
50. The system of claim 32, further comprising a send-only network interface card to have the components of said send-only network interface circuitry populating thereon.
51. The system of claim 50, wherein said send-only network interface card has a low form factor.
52. The system of claim 50, wherein said send-only network interface card has an unpopulated space.
53. The system of claim 52, wherein said send-only network interface card comprises silkscreen words placed on its unpopulated surface to indicate the send-only functionality of said send-only network interface circuitry populating said send-only network interface card.
54. The system of claim 32, further comprising a receive-only network interface card to have the components of said receive-only network interface circuitry populating thereon.
55. The system of claim 54, wherein said receive-only network interface card has a low form factor.
56. The system of claim 54, wherein said receive-only network interface card has an unpopulated space.
57. The system of claim 56, wherein said receive-only network interface card comprises silkscreen words placed on its unpopulated surface to indicate the receive-only functionality of said receive-only network interface circuitry populating said receive-only network interface card.
78. The system of claim 32, wherein said send-only network interface circuitry further comprises a data receiver which is disabled to communicate with said first interface circuit and said first interface.
79. The system of claim 32, wherein said receive-only network interface circuitry further comprises a data transmitter which is disabled to communicate with said second interface circuit and said second interface.
80. The system of claim 52, wherein said unpopulated space comprises a space reserved for but not populated by a data detector.
81. The system of claim 56, wherein said unpopulated space comprises a space reserved for but not populated by a data transmitter.

58. A method of configuring a network interface circuitry for secure one-way data transfer from a Send Node to a Receive Node over a data link, comprising the steps of:
- providing a first and a second network interface circuitry;
  
  configuring said first network interface circuitry to enable data transfer from said Send Node to said data link, but to disable any data transfer from said data link to said Send Node;
  
  configuring said second network interface circuitry to enable data transfer from said data link to said Receive Node, but to disable any data transfer from said Receive Node to said data link;
  
  coupling said configured first network interface circuitry to said Send Node and a first end of said data link; and
  
  coupling said configured second network interface circuitry to said Receive Node and a second end of said data link.
- View Dependent Claims (59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 82, 83)
- - 59. The method of claim 58, whereinsaid data link is an optical data link;
    - said step of configuring said first network interface circuitry comprises the step of populating a optical emitter on a first network interface card and leaving the space on said first network interface card for an optical detector unpopulated; and
      
      said step of configuring said second network interface circuitry comprises the step of populating an optical detector on a second network interface card and leaving the space on said second network interface card for an optical emitter unpopulated.
  - 60. The method of claim 58, whereinsaid data link is a shielded twisted pair copper wire communication cable;
    - said step of configuring said first network interface circuitry comprises the step of configuring a first RJ45 connector in said first network interface circuitry to enable data transfer to said data link, but disable data transfer from said data link; and
      
      said step of configuring said second network interface circuitry comprises the step of configuring a second RJ45 connector in said second network interface circuitry to enable data transfer from said data link, but disable data transfer to said data link.
  - 61. The method of claim 58, wherein said step of coupling said configured first network interface circuitry comprises the step of using a PCI interface.
  - 62. The method of claim 58, wherein said step of coupling said configured second network interface circuitry comprises the step of using a PCI interface.
  - 63. The method of claim 58, wherein said step of coupling said configured first network interface circuitry comprises the step of using a USB connector.
  - 64. The method of claim 58, wherein said step of coupling said configured second network interface circuitry comprises the step of using a USB connector.
  - 65. The method of claim 58, wherein said step of coupling said configured first network interface circuitry comprises the step of using a FireWire connector.
  - 66. The method of claim 58, wherein said step of coupling said configured second network interface circuitry comprises the step of using a FireWire connector.
  - 67. The method of claim 58, wherein said step of coupling said configured first network interface circuitry comprises the step of using a serial port connector.
  - 68. The method of claim 58, wherein said step of coupling said configured second network interface circuitry comprises the step of using a serial port connector.
  - 69. The method of claim 58, wherein said providing step comprises the step of providing two ATM network interface cards.
  - 70. The method of claim 69, wherein said step of providing said ATM network interface cards comprises the step of providing an ATM physical interface chip and an ATM segmentation and reassembly chip on each of said two ATM network interface cards.
  - 71. The method of claim 58, wherein said providing step comprises the step of providing a first and a second network interface cards in form of unpopulated circuit boards.
  - 72. The method of claim 71, wherein said providing step further comprises the step of placing silkscreen words on said unpopulated circuit boards.
  - 73. The method of claim 58, wherein said providing step comprises the step of providing a first and a second network interface cards having a low form factor.
  - 82. The method of claim 58, whereinsaid data link is an optical data link;
    - said step of configuring said first network interface circuitry comprises the steps of;
      
      populating a first optical emitter and a first optical detector on a first network interface card;
      
      configuring said first optical emitter to enable data transfer from said Send Node to said optical data link;
      
      configuring said first optical detector to disable any data transfer from said optical data link to said Send Node;
      
      leaving the space on said first network interface card for a second optical emitter and a second optical detector unpopulated; and
      
      said step of configuring said second network interface circuitry comprises the steps of;
      
      populating a third optical emitter and a third optical detector on a second network interface card;
      
      configuring said third optical emitter to disable any data transfer from said Receive Node to said optical data link;
      
      configuring said third optical detector to enable data transfer from said optical data link to said Receive Node;
      
      leaving the space on said second network interface card for a fourth optical emitter and a fourth optical detector unpopulated.
  - 83. The method of claim 60, whereinsaid step of configuring said first network interface circuitry further comprises the step of leaving the space for a third RJ45 connector unpopulated in said first network interface circuitry;
    - andsaid step of configuring said second network interface circuitry further comprises the step of leaving the space for a fourth RJ45 connector unpopulated in said second network interface circuitry.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OWL Cyber Defense Solutions LLC
Original Assignee
Owl Computing Technologies, Inc.
Inventors
Mraz, Ronald

Granted Patent

US 8,068,415 B2
Time in Patent Office

Days
Field of Search
US Class Current

370/395.1
CPC Class Codes

H04L 12/5601   Transfer mode dependent, e....

H04L 63/0209   Architectural arrangements,...

H04L 63/162   at the data link layer

Secure one-way data transfer system using network interface circuitry

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

87 Citations

83 Claims

Specification

Solutions

Use Cases

Quick Links

Secure one-way data transfer system using network interface circuitry

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

87 Citations

83 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links