One-Way Router
First Claim
1. A method for routing network traffic using a one-way router, comprising:
- receiving network traffic from one or more network traffic sources;
establishing one or more source sessions with the one or more network traffic sources;
selectively transmitting one or more synthetic destination application responses to the one or more network traffic sources via the one or more source sessions;
transmitting the network traffic through one or more one-way data diodes each corresponding to the one or more source sessions;
establishing one or more destination sessions with one or more network traffic destinations, the one or more destination sessions each isolated from the one or more source sessions by a corresponding one of the one or more one-way data diodes;
transmitting network traffic from the one or more one-way data diodes to the one or more network traffic destinations via the one or more destination sessions;
receiving one or more destination responses from the one or more network traffic destinations responsive to the network traffic; and
selectively transmitting one or more synthetic source application responses to the one or more network traffic destinations.
5 Assignments
0 Petitions
Accused Products
Abstract
A one-way router combines benefits of a network diode and router, and thus can route data between networks of varying confidentiality and/or integrity in a secure, one-way fashion. Secure routing is provided transparently so that the router is compatible with standard network applications by synthesizing responses for standard network protocols to provide many-to-many network connections while preventing bidirectional data flow. Separate network stacks are provided for each connected network, and the network stacks are separated from each other by data diodes that enforce one-way data flow. The one-way router can be implemented in hardware or software, and provides architectural flexibility to customize levels of assurance, performance, reliability, and cost.
-
Citations
20 Claims
-
1. A method for routing network traffic using a one-way router, comprising:
-
receiving network traffic from one or more network traffic sources; establishing one or more source sessions with the one or more network traffic sources; selectively transmitting one or more synthetic destination application responses to the one or more network traffic sources via the one or more source sessions; transmitting the network traffic through one or more one-way data diodes each corresponding to the one or more source sessions; establishing one or more destination sessions with one or more network traffic destinations, the one or more destination sessions each isolated from the one or more source sessions by a corresponding one of the one or more one-way data diodes; transmitting network traffic from the one or more one-way data diodes to the one or more network traffic destinations via the one or more destination sessions; receiving one or more destination responses from the one or more network traffic destinations responsive to the network traffic; and selectively transmitting one or more synthetic source application responses to the one or more network traffic destinations. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A system for routing network traffic, comprising:
-
a receiver configured to receive and process network traffic from one or more network traffic sources, the receiver comprising one or more transport destination synthesizers configured to selectively generate one or more synthetic destination transport responses; one or more application destination synthesizers configured to receive the network traffic from the receiver and selectively transmit to the receiver one or more synthetic destination application responses, the receiver being configured to transmit the one or more synthetic destination application responses to the one or more network traffic sources; one or more data diodes, each of which is coupled to a corresponding one of the one or more application destination synthesizers and configured to selectively provide one-way passage of the network traffic from the corresponding one of the one or more application destination synthesizers; one or more application source synthesizers corresponding to the one or more application destination synthesizers, each of the one or more application source synthesizers coupled to a corresponding one of the one or more data diodes and configured to receive the network traffic from the one or more data diodes; and a sender configured to receive the network traffic from the one or more application source synthesizers, the sender comprising one or more transport source synthesizers configured to selectively generate one or more synthetic source transport responses, wherein the sender is further configured to (i) transmit the one or more synthetic source transport responses to the one or more network traffic destinations, (ii) receive one or more destination responses from the corresponding one or more network traffic destinations, and (iii) transmit the one or more destination responses to the one or more application source synthesizers, wherein the one or more application source synthesizers are further configured to selectively generate and transmit, to the sender, one or more synthetic source application responses, and wherein the sender is further configured to transmit, to the corresponding one or more network traffic destinations, the network traffic and the one or more synthetic source application responses from the one or more application source synthesizers. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. A tangible computer-readable medium having stored thereon, computer-executable instructions that, if executed by a computing device, cause the computing device to perform a method for routing network traffic using a one-way router, comprising:
-
receiving network traffic from one or more network traffic sources; selectively transmitting one or more synthetic destination transport responses and one or more synthetic destination application responses to the one or more network traffic sources, responsive to the network traffic; selectively transmitting one or more synthetic source transport responses to one or more network traffic destinations; transmitting the network traffic through one or more one-way data diodes to the one or more network traffic destinations; receiving one or more destination responses from the one or more network traffic destinations responsive to the network traffic; and selectively transmitting one or more synthetic source application responses to the one or more network traffic destinations.
-
Specification