SYSTEM AND METHODS FOR PROVIDING DATA SECURITY AND SELECTIVE COMMUNICATION

US 20120047364A1
Filed: 08/20/2010
Published: 02/23/2012
Est. Priority Date: 08/20/2010
Status: Abandoned Application

First Claim

Patent Images

1. A system for managing the selective communication of electronic data comprising:

a memory device having volatile memory and non-volatile memory;

a separation kernel stored in the non-volatile memory and configured to provide;

(a) a first partition with a first classification level and a second partition with a second classification level in the volatile memory, the second classification level being lower than the first classification level, and(b) a unidirectional communication path between the first partition and the second partition, and(c) a first operating environment in the first partition and a second operating environment in the second partition;

a first communication application stored in the non-volatile memory and configured to operate in the first operating environment and to receive electronic data having a first data set;

a guard application stored in the non-volatile memory and configured to examine the first data set and determine a first data subset authorized for communication from the first partition to the second partition;

a processor in communication with the first partition and the second partition and configured to control communication of the first data subset from the first partition to the second partition via the unidirectional communication path; and

a second communication application configured to operate in the second operating environment and to transmit the first data subset.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for providing data security and selective communication are provided in which a classified communication is received and processed for retransmission to a recipient having a different clearance authorization than that associated with the communication. The retransmitted data includes a subset of data that is selected based on predetermined criteria, and is determined automatically by a guard application, such that the retransmitted information is properly sanitized.

Citations

20 Claims

1. A system for managing the selective communication of electronic data comprising:
- a memory device having volatile memory and non-volatile memory;
  
  a separation kernel stored in the non-volatile memory and configured to provide;
  
  (a) a first partition with a first classification level and a second partition with a second classification level in the volatile memory, the second classification level being lower than the first classification level, and(b) a unidirectional communication path between the first partition and the second partition, and(c) a first operating environment in the first partition and a second operating environment in the second partition;
  
  a first communication application stored in the non-volatile memory and configured to operate in the first operating environment and to receive electronic data having a first data set;
  
  a guard application stored in the non-volatile memory and configured to examine the first data set and determine a first data subset authorized for communication from the first partition to the second partition;
  
  a processor in communication with the first partition and the second partition and configured to control communication of the first data subset from the first partition to the second partition via the unidirectional communication path; and
  
  a second communication application configured to operate in the second operating environment and to transmit the first data subset.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 15, 16, 17, 18, 19, 20)
- - 2. The system of claim 1, wherein at least a portion of the guard application is configured to operate in the first operating environment.
  - 3. The system of claim 2 further comprising a second guard application, wherein at least a portion of the second guard application is configured to operate in the second operating environment.
  - 4. The system of claim 3 further comprising a third partition in the memory device, wherein the second communication application is further configured to receive electronic data having a second data set and the second guard application is configured to determine a second data subset authorized for communication from the second partition to the third partition.
  - 5. The system of claim 1, wherein the memory device further comprises a third partition,wherein the separation kernel is further configured to provide a third operating environment in the third partition, andwherein the guard application is configured to operate in the third operating environment.
  - 6. The system of claim 5, wherein the memory device further comprises a fourth partition,wherein the separation kernel is further configured to provide a fourth operating environment in the fourth partition, andwherein one or more device drivers are configured to operate in the fourth operating environment.
  - 7. The system of claim 6 wherein the memory device further comprises a fifth partition with a third classification level.
  - 15. A method of communicating electronic data comprising a data set including a data subset, the method comprising,providing a system as described in claim 1;
    - receiving electronic data having the first data set using the first communication application;
      
      examining the first data set using the guard application;
      
      determining the first data subset with the guard application;
      
      authorizing communication of the data subset with the guard application; and
      
      communicating the data subset from the first partition to the second partition.
  - 16. The method of claim 15 wherein the step of determining the first data subset comprises determining the first data subset based at least in part on the classification level of the second partition.
  - 17. The method of claim 15 further comprising the step of transmitting the first data subset with the second communication application.
  - 18. The method of claim 17 further comprising the step of receiving a request for information from a requesting entity.
  - 19. The method of claim 18 wherein the step of determining the first data subset comprises determining the first data subset based at least in part on a characteristic of the requesting entity.
  - 20. The method of claim 19 wherein the characteristic of the requesting entity is selected based at least in part on the classification authorization of the requesting entity.

8. A system for managing the communication of electronic data comprising:
- a memory device having volatile memory and non-volatile memory;
  
  a separation kernel stored in the memory device and configured to provide;
  
  (a) a first partition with a first classification level in the volatile memory, a second partition with a first classification level in the volatile memory, a third partition with a second classification level in the volatile memory, and a fourth partition with second classification level in the volatile memory(b) a unidirectional communication path between the first partition to the fourth partition, and(c) a first operating environment in the first partition, a second operating environment in the second partition, a third operating environment in the third partition, and a fourth operating environment in the fourth partition;
  
  a first communication application configured to operate in the first operating environment and to receive electronic data having a first data set;
  
  a first guard application stored in the non-volatile memory and configured to examine the first data set and determine a first data subset authorized for communication from the first partition;
  
  a second communication application configured to operate in the fourth operating environment and to receive electronic data having a second data set;
  
  a second guard application stored in the non-volatile memory and configured to examine the second data set and determine a second data subset authorized for communication from the fourth partition; and
  
  a processor in communication with the memory device and configured to control transfer of the first data subset from the first partition to the fourth partition via the unidirectional communication path,wherein the second communication application is further configured to receive the first data subset.
- View Dependent Claims (9, 10)
- - 9. The system of claim 8 wherein first guard application is configured to operate in the second operating environment and the second guard application is configured to operate in the third operating environment.
  - 10. The system of claim 9 wherein the second classification level is higher than the first classification level.

11. A system for managing the communication of electronic data comprising a data set, the system comprising:
- a memory device having volatile memory and non-volatile memory;
  
  a separation kernel stored in the non-volatile memory and configured to provide;
  
  (a) a first partition with a first classification level in the volatile memory and a second partition with a second classification level in the volatile memory, the second classification level being different from than the first classification level,(b) a unidirectional communication path between the first partition and the second partition, and(c) a first operating environment in the first partition and a second operating environment in the second partition;
  
  a first communication application configured to operate in the first operating environment and to receive the first data set;
  
  a guard application stored in the memory device and configured to examine the data set in response for a request for information and determine a data subset authorized for communication from the first partition to the second partition;
  
  a processor in communication with the first partition and the second partition and configured to control transfer of the data subset from the first partition to the second partition via the unidirectional communication path; and
  
  a second communication application configured to operate in the second operating environment and to transmit the data subset.
- View Dependent Claims (12, 13, 14)
- - 12. The system of claim 11 wherein the data subset is determined by the guard application based at least in part on the classification level of the second partition.
  - 13. The system of claim 11 wherein the data subset is determined by the guard application based at least in part on a characteristic of an entity communicating the request for information.
  - 14. The system of claim 11 wherein the data subset is determined by the guard application based at least in part on a characteristic of an entity identified to receive the data subset.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SOLUTE, Inc.
Original Assignee
SOLUTE, Inc.
Inventors
Levy, Matt, Wong, Robert

Application Number

US12/860,803
Publication Number

US 20120047364A1
Time in Patent Office

Days
Field of Search
US Class Current

713/166
CPC Class Codes

H04L 63/105 Multiple levels of security

H04L 63/302 gathering intelligence info...

SYSTEM AND METHODS FOR PROVIDING DATA SECURITY AND SELECTIVE COMMUNICATION

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEM AND METHODS FOR PROVIDING DATA SECURITY AND SELECTIVE COMMUNICATION

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links