Method and apparatus for reliable, high speed data transfers in a high assurance multiple level secure environment

US 20080301799A1
Filed: 05/31/2007
Published: 12/04/2008
Est. Priority Date: 05/31/2007
Status: Active Grant

First Claim

Patent Images

1. A method of passing data from a first application at a first security level to a second application in a second security level higher than the first security level, comprising the steps of:

establishing an upchannel communications link from the first application to the second application via data guard, the upchannel communications link complying with a user datagram protocol (UDP);

establishing a backchannel communications link from the second application to the first application via the data guard, the backchannel communications link complying with a transmission control protocol (TCP);

sending a first transmission having a first portion of the data from the first application to the second application via the upchannel communications link;

transmitting an acknowledgement message from the second application to the first application via the backchannel link;

receiving the first acknowledgement message in the first application, the first acknowledgement message comprising information describing the reception of the first portion of the data; and

sending a second transmission of the data according to the received first acknowledgement message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, apparatus for passing data from a first application at a first security level to a second application in a second security level higher than the first security level is disclosed. A backchannel communications link is established between the first application and the second application, and the backchannel link is used to transmit information such as an acknowledgement message to from the second application to the first application.

44 Citations

View as Search Results

20 Claims

1. A method of passing data from a first application at a first security level to a second application in a second security level higher than the first security level, comprising the steps of:
- establishing an upchannel communications link from the first application to the second application via data guard, the upchannel communications link complying with a user datagram protocol (UDP);
  
  establishing a backchannel communications link from the second application to the first application via the data guard, the backchannel communications link complying with a transmission control protocol (TCP);
  
  sending a first transmission having a first portion of the data from the first application to the second application via the upchannel communications link;
  
  transmitting an acknowledgement message from the second application to the first application via the backchannel link;
  
  receiving the first acknowledgement message in the first application, the first acknowledgement message comprising information describing the reception of the first portion of the data; and
  
  sending a second transmission of the data according to the received first acknowledgement message.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 13)
- - 2. The method of claim 1, wherein the first portion of the data comprises a plurality of messages and the information further comprises information indicating which messages were not received.
  - 3. The method of claim 2, wherein each message of the plurality of messages is associated with a sequential message identifier, and the information indicating which messages were not received comprises the message identifier of the unreceived messages.
  - 4. The method of claim 1, wherein the first portion of the data comprises a plurality of messages and the information further comprises an indication of a preferred transmission rate of further messages.
  - 5. The method of claim 1, wherein:
    - the first application establishes the upchannel communications link;
      
      the second application establishes the backchannel communications link.
  - 6. The method of claim 1, wherein the backchannel communications link is established in response to the establishment of the upchannel communications link.
  - 7. The method of claim 1, wherein:
    - the method further comprising the step of after the establishment of the backchannel communications link, receiving an confirming acknowledge message in the first application from the second application via the backchannel link; and
      
      the first transmission is sent in response to the confirming acknowledgement message.
  - 13. The apparatus of claim 1, wherein:
    - after the establishment of the backchannel communications link, a confirming acknowledgement message is received in the first application from the second application via the backchannel link; and
      
      the first transmission is sent in response to the confirming acknowledgment message.

8. An apparatus for passing data, comprising:
- a first computer, for performing processing at a first security level;
  
  a second computer, coupled to the first computer via a data guard, the second computer for performing processing on a second security level higher than the first security level;
  
  a first application, operating on the first computer, for establishing an upchannel communications link from the first application to the second application via the data guard, the upchannel link complying with a user datagram protocol (UDP);
  
  a second application, operating on the second computer, for establishing a backchannel communications link from the second application to the first application via the data guard, the backchannel communications link complying with a transmission control protocol (TCP);
  
  wherein the first application sends a first transmission having a first portion of the data to the second application via the upchannel communications link;
  
  wherein the second application transmits an acknowledgement message to the first application via the backchannel link, the acknowledgement message comprising information describing the reception of the first portion of the data by the second application; and
  
  wherein the first application sends a second transmission of the data according to the received first acknowledgement message.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The apparatus of claim 8, wherein the first portion of the data comprises a plurality of messages and the information further comprises information indicating which messages were not received.
  - 10. The apparatus of claim 9, wherein each message of the plurality of messages is associated with a message identifier, and the information indicting which messages were not received comprises the message identifier of the unreceived messages.
  - 11. The apparatus of claim 8, wherein the first portion of the data comprises a plurality of messages and the information further comprises an indication of the preferred transmission rate of further messages.
  - 12. The apparatus of claim 8, wherein:
    - the first application establishes the upchannel communications link; and
      
      the second application establishes the backchannel communications link.

14. An apparatus for passing data from a first application at a first security level to a second application in a second security level higher than the first security level, comprising:
- means for establishing an upchannel communications link from the first application to the second application via data guard, the upchannel communications link complying with a user datagram protocol (UDP);
  
  means for establishing a backchannel communications link from the second application to the first application via the data guard, the backchannel communications link complying with a transmission control protocol (TCP);
  
  means for sending a first transmission having a first portion of the data from the first application to the second application via the upchannel communications link;
  
  means for transmitting an acknowledgement message from the second application to the first application via the backchannel link; and
  
  means for receiving the first acknowledgement message in the first application, the first acknowledgement message comprising information describing the reception of the first portion of the data; and
  
  means for sending a second transmission of the data according to the received first acknowledgement message.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The apparatus of claim 14, wherein the first portion of the data comprises a plurality of messages and the information further comprises information indicating which messages were not received.
  - 16. The apparatus of claim 15, wherein each message of the plurality of messages is associated with a sequential message identifier, and the information indicating which messages were not received comprises the message identifier of the unreceived messages.
  - 17. The apparatus of claim 14, wherein the first portion of the data comprises a plurality of messages and the information further comprises an indication of the a preferred transmission rate of further messages.
  - 18. The apparatus of claim 14, wherein:
    - the first application establishes the upchannel communications link; and
      
      the second application establishes the backchannel communications link.
  - 19. The apparatus of claim 14, wherein the backchannel communications link is established in response to the establishment of the upchannel communications link.
  - 20. The apparatus of claim 14, wherein:
    - the apparatus further comprises means for receiving an confirming acknowledge message in the first application from the second application via the backchannel link after the establishment of the backchannel communications link, andthe first transmission is sent in response to the confirming acknowledgement message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Arnold, Steven L., Donofrio, Thomas E.

Granted Patent

US 8,024,788 B2
Time in Patent Office

Days
Field of Search
US Class Current

726/14
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/105   Multiple levels of security

Method and apparatus for reliable, high speed data transfers in a high assurance multiple level secure environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

44 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for reliable, high speed data transfers in a high assurance multiple level secure environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links