SYSTEM AND METHODS FOR PROVIDING DATA SECURITY AND SELECTIVE COMMUNICATION
First Claim
Patent Images
1. A system for managing the selective communication of electronic data comprising:
- a memory device having volatile memory and non-volatile memory;
a separation kernel stored in the non-volatile memory and configured to provide;
(a) a first partition with a first classification level and a second partition with a second classification level in the volatile memory, the second classification level being lower than the first classification level, and(b) a unidirectional communication path between the first partition and the second partition, and(c) a first operating environment in the first partition and a second operating environment in the second partition;
a first communication application stored in the non-volatile memory and configured to operate in the first operating environment and to receive electronic data having a first data set;
a guard application stored in the non-volatile memory and configured to examine the first data set and determine a first data subset authorized for communication from the first partition to the second partition;
a processor in communication with the first partition and the second partition and configured to control communication of the first data subset from the first partition to the second partition via the unidirectional communication path; and
a second communication application configured to operate in the second operating environment and to transmit the first data subset.
1 Assignment
0 Petitions
Accused Products
Abstract
Systems and methods for providing data security and selective communication are provided in which a classified communication is received and processed for retransmission to a recipient having a different clearance authorization than that associated with the communication. The retransmitted data includes a subset of data that is selected based on predetermined criteria, and is determined automatically by a guard application, such that the retransmitted information is properly sanitized.
-
Citations
20 Claims
-
1. A system for managing the selective communication of electronic data comprising:
-
a memory device having volatile memory and non-volatile memory; a separation kernel stored in the non-volatile memory and configured to provide; (a) a first partition with a first classification level and a second partition with a second classification level in the volatile memory, the second classification level being lower than the first classification level, and (b) a unidirectional communication path between the first partition and the second partition, and (c) a first operating environment in the first partition and a second operating environment in the second partition; a first communication application stored in the non-volatile memory and configured to operate in the first operating environment and to receive electronic data having a first data set; a guard application stored in the non-volatile memory and configured to examine the first data set and determine a first data subset authorized for communication from the first partition to the second partition; a processor in communication with the first partition and the second partition and configured to control communication of the first data subset from the first partition to the second partition via the unidirectional communication path; and a second communication application configured to operate in the second operating environment and to transmit the first data subset. - View Dependent Claims (2, 3, 4, 5, 6, 7, 15, 16, 17, 18, 19, 20)
-
-
8. A system for managing the communication of electronic data comprising:
-
a memory device having volatile memory and non-volatile memory; a separation kernel stored in the memory device and configured to provide; (a) a first partition with a first classification level in the volatile memory, a second partition with a first classification level in the volatile memory, a third partition with a second classification level in the volatile memory, and a fourth partition with second classification level in the volatile memory (b) a unidirectional communication path between the first partition to the fourth partition, and (c) a first operating environment in the first partition, a second operating environment in the second partition, a third operating environment in the third partition, and a fourth operating environment in the fourth partition; a first communication application configured to operate in the first operating environment and to receive electronic data having a first data set; a first guard application stored in the non-volatile memory and configured to examine the first data set and determine a first data subset authorized for communication from the first partition; a second communication application configured to operate in the fourth operating environment and to receive electronic data having a second data set; a second guard application stored in the non-volatile memory and configured to examine the second data set and determine a second data subset authorized for communication from the fourth partition; and a processor in communication with the memory device and configured to control transfer of the first data subset from the first partition to the fourth partition via the unidirectional communication path, wherein the second communication application is further configured to receive the first data subset. - View Dependent Claims (9, 10)
-
-
11. A system for managing the communication of electronic data comprising a data set, the system comprising:
-
a memory device having volatile memory and non-volatile memory; a separation kernel stored in the non-volatile memory and configured to provide; (a) a first partition with a first classification level in the volatile memory and a second partition with a second classification level in the volatile memory, the second classification level being different from than the first classification level, (b) a unidirectional communication path between the first partition and the second partition, and (c) a first operating environment in the first partition and a second operating environment in the second partition; a first communication application configured to operate in the first operating environment and to receive the first data set; a guard application stored in the memory device and configured to examine the data set in response for a request for information and determine a data subset authorized for communication from the first partition to the second partition; a processor in communication with the first partition and the second partition and configured to control transfer of the data subset from the first partition to the second partition via the unidirectional communication path; and a second communication application configured to operate in the second operating environment and to transmit the data subset. - View Dependent Claims (12, 13, 14)
-
Specification