BILATERAL TRANSFER SYSTEM USING MULTIPLE ONE-WAY DATA LINKS

US 20150058385A1
Filed: 10/07/2014
Published: 02/26/2015
Est. Priority Date: 05/10/2013
Status: Abandoned Application

First Claim

Patent Images

1. A secure system for bilaterally transferring information between a client coupled to a first network and a server coupled to a second network, comprising:

a first platform comprising a first send server having a data communications interface, a first one-way data link having an input and an output, and a first receive server having a data communications interface, the first send server coupled to the input of the first one-way data link and the first receive server coupled to the output of the first one-way data link, the first send server configured to forward information received at the data communications interface to the input of the first one-way data link, the first receive server configured to forward information received from the output of the first one-way data link to the data communications interface;

a second platform comprising a second send server having a network connection and a data communications interface, a second one-way data link having an input and an output, and a second receive server having a network connection and a data communications interface, the second send server coupled to the input of the second one-way data link and the second receive server coupled to the output of the second one-way data link, the second receive server coupled to the first network via the network connection, the data communications interface of the second receive server coupled only to the data communications interface of the first send server, the second send server coupled to the second network via the network connection and the data communications interface of the second send server coupled only to the data communications interface of the first receive server;

wherein the second receive server is configured to receive first information from the client via the first network and the network connection, to process the received first information and to forward the processed first information to the first send server via the data communications interface;

wherein the second send server is configured to receive the processed first information via the data communications interface and to forward the processed first information to the server via the network connection and second network;

wherein the second send server is also configured to receive second information from the server via the second network and the network connection and to forward the second information to the second receive server via the second one-way data link, andwherein the second receive server is also configured to receive the second information from the second one-way data link and to forward the second information to the client via the network connection and first network.

View all claims

4 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system for bilaterally transferring information between a client and a remote server. The client is coupled with a server proxy running on a second receive server via a first network and communicates thereon. Processed first information is passed to a first send server via a dedicated network connection. The first send server causes the first information to be transmitted to the remote server, via a first one-way data link, a first receive server, a second dedicated network connection and a client proxy running on a second send server. The remote server is coupled to the client proxy via a second network. The client proxy forwards information received from the server to the client via a second one-way link, the server proxy running on the second receive server, and the first network.

Citations

36 Claims

1. A secure system for bilaterally transferring information between a client coupled to a first network and a server coupled to a second network, comprising:
- a first platform comprising a first send server having a data communications interface, a first one-way data link having an input and an output, and a first receive server having a data communications interface, the first send server coupled to the input of the first one-way data link and the first receive server coupled to the output of the first one-way data link, the first send server configured to forward information received at the data communications interface to the input of the first one-way data link, the first receive server configured to forward information received from the output of the first one-way data link to the data communications interface;
  
  a second platform comprising a second send server having a network connection and a data communications interface, a second one-way data link having an input and an output, and a second receive server having a network connection and a data communications interface, the second send server coupled to the input of the second one-way data link and the second receive server coupled to the output of the second one-way data link, the second receive server coupled to the first network via the network connection, the data communications interface of the second receive server coupled only to the data communications interface of the first send server, the second send server coupled to the second network via the network connection and the data communications interface of the second send server coupled only to the data communications interface of the first receive server;
  
  wherein the second receive server is configured to receive first information from the client via the first network and the network connection, to process the received first information and to forward the processed first information to the first send server via the data communications interface;
  
  wherein the second send server is configured to receive the processed first information via the data communications interface and to forward the processed first information to the server via the network connection and second network;
  
  wherein the second send server is also configured to receive second information from the server via the second network and the network connection and to forward the second information to the second receive server via the second one-way data link, andwherein the second receive server is also configured to receive the second information from the second one-way data link and to forward the second information to the client via the network connection and first network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the second receive server and the second send server are each also configured to maintain the first information and the processed first information completely separate from the second information.
  - 3. The system of claim 1, wherein the processing performed by the second receive server comprises filtering the first information to remove a predetermined category of information.
  - 4. The system of claim 3, wherein the predetermined category of information comprises identification information.
  - 5. The system of claim 4, wherein the identification information comprises user credentials.
  - 6. The system of claim 1, wherein the second receive server is configured to operate as an NFS server proxy.
  - 7. The system of claim 1, wherein the second send server is configured to operate as an NFS client proxy.
  - 8. The system of claim 1, wherein the second send server is further configured to filter the second information prior to forwarding the information to the second receive server via the second one-way data link.

9. A secure system for bilaterally transferring information between a client coupled to a first network and a server coupled to a second network, comprising:
- a first platform comprising a first send server having a data communications interface, a first one-way data link having an input and an output, and a first receive server having a network connection and a data communications interface, the first send server coupled to the input of the first one-way data link and the first receive server coupled to the output of the first one-way data link, the first send server configured to forward information received at the data communications interface to the input of the first one-way data link, the network connection of the first receive server coupled to the second network;
  
  a second platform comprising a second send server having a data communications interface coupled only to the data communications interface of the first receive server, a second one-way data link having an input and an output, and a second receive server having a data communications interface and a network connection, the second send server coupled to the input of the second one-way data link and the second receive server coupled to the output of the second one-way data link, the second send server configured to forward information received at data communications interface to the input of the second one-way data link, the network connection of the second receive server coupled to the first network and the data communications interface of the second receive server coupled only to the data communications interface of the first send server,wherein the second receive server is configured to receive first information from the client via the first network and the network connection, to process the received first information and to forward the processed first information to the first send server via the data communications interface of the second receive server;
  
  wherein the first receive server is configured to receive the processed first information via the first one-way data link and to forward the processed first information to the server via the network connection and second network;
  
  wherein the first receive server is also configured to receive second information from the server via the second network and the network connection and to forward the second information to the second send server via the data communications interface; and
  
  wherein the second receive server is also configured to receive the second information from the second one-way data link and to forward the second information to the client via the network connection and first network.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The system of claim 9, wherein the second receive server and the first receive server are each also configured to maintain the first information and the processed first information completely separate from the second information.
  - 11. The system of claim 9, wherein the processing performed by the second receive server comprises filtering the first information to remove a predetermined category of information.
  - 12. The system of claim 11, wherein the predetermined category of information comprises identification information.
  - 13. The system of claim 12, wherein the identification information comprises user credentials.
  - 14. The system of claim 9, wherein the second receive server is configured to operate as an NFS server proxy.
  - 15. The system of claim 9, wherein the first receive server is configured to operate as an NFS client proxy.
  - 16. The system of claim 9, wherein the first receive server is further configured to filter the second information prior to forwarding the information to the second send server via the network connection.

17. A secure system for bilaterally transferring information between a client coupled to a first network and a server coupled to a second network, comprising:
- a first platform comprising a first send server having a data communications interface, a first one-way data link having an input and an output, and a first receive server having a data communications interface, the first send server coupled to the input of the first one-way data link and the first receive server coupled to the output of the first one-way data link, the first send server configured to forward information received at the data communications interface to the input of the first one-way data link, the first receive server configured to forward information received from the output of the first one-way data link to the data communications interface;
  
  a second platform comprising a second send server having a network connection and a data communications interface, a second one-way data link having an input and an output, and a second receive server having at least two network connections, the second send server coupled to the input of the second one-way data link and the second receive server coupled to the output of the second one-way data link, the second receive server coupled to the first network via the network connection, the data communications interface of the second receive server coupled only to the data communications interface of the first send server, the second send server coupled to the second network via the network connection, the data communications interface of the second send server coupled only to the data communications interface of the first receive server;
  
  wherein the second receive server is configured to receive first information from the client via the first network and the network connection and to forward the first information to the first send server via the data communications interface;
  
  wherein the second send server is configured to receive the first information via the data communications interface and to forward the first information to the server via the network connection and second network;
  
  wherein the second send server is also configured to receive second information from the server via the second network and the network connection, to process the received second information and to forward the processed second information to the second receive server via the second one-way data link, andwherein the second receive server is also configured to receive the processed second information from the second one-way data link and to forward the processed second information to the client via the network connection and first network.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The system of claim 17, wherein the second receive server and the second send server are each also configured to maintain the first information completely separate from the second information and the processed second information.
  - 19. The system of claim 17, wherein the processing performed by the second receive server comprises filtering the second information to remove a predetermined category of information.
  - 20. The system of claim 19, wherein the predetermined category of information comprises identification information.
  - 21. The system of claim 20, wherein the identification information comprises user credentials.
  - 22. The system of claim 17, wherein the second receive server is configured to operate as an NFS server proxy.
  - 23. The system of claim 17, wherein the second send server is configured to operate as an NFS client proxy.

24. A secure system for bilaterally transferring information between a client coupled to a first network and a server coupled to a second network, comprising:
- a first platform comprising a first send server having a data communications interface, a first one-way data link having an input and an output, and a first receive server having a network connection and a data communications interface, the first send server coupled to the input of the first one-way data link and the first receive server coupled to the output of the first one-way data link, the first send server configured to forward information received at the data communications interface to the input of the first one-way data link, the network connection of the first receive server coupled to the second network;
  
  a second platform comprising a second send server having a data communications interface coupled only to the data communications interface of the first receive server, a second one-way data link having an input and an output, and a second receive server having a data communications interface and a network connections, the second send server coupled to the input of the second one-way data link and the second receive server coupled to the output of the second one-way data link, the second send server configured to forward information received at the data communications interface to the input of the second one-way data link, the network connection of the second receive server coupled to the first network and the data communications interface of the second receive server coupled only to the data communications interface of the first send server,wherein the second receive server is configured to receive first information from the client via the first network and the network connection and to forward the first information to the first send server via the data communications interface of the second receive server;
  
  wherein the first receive server is configured to receive the first information via the first one-way data link and to forward the first information to the server via the network connection and second network;
  
  wherein the first receive server is also configured to receive second information from the server via the second network and the network connection, to process the received second information and to forward the processed second information to the second send server via the data communications interface; and
  
  wherein the second receive server is also configured to receive the processed second information from the second one-way data link and to forward the processed second information to the client via the network connection and first network.
- View Dependent Claims (25, 26, 27, 28, 29, 30, 31)
- - 25. The system of claim 24, wherein the second receive server and the first receive server are each also configured to maintain the first information completely separate from the second information and the processed second information.
  - 26. The system of claim 24, wherein the processing performed by the second receive server comprises filtering the information to remove a predetermined category of information.
  - 27. The system of claim 26, wherein the predetermined category of information comprises identification information.
  - 28. The system of claim 27, wherein the identification information comprises user credentials.
  - 29. The system of claim 24, wherein the second receive server is configured to operate as an NFS server proxy.
  - 30. The system of claim 24, wherein the first receive server is configured to operate as an NFS client proxy.
  - 31. The system of claim 24, wherein the second receive server is further configured to filter the first information prior to forwarding the first information to the second send server via the network connection.

32. A secure system for bilaterally transferring information between a first client/server coupled to a first network and a second client/server coupled to a second network, comprising:
- a first platform comprising a first send server having a data communications interface, a first one-way data link having an input and an output, and a first receive server having a network connection and a data communications interface, the first send server coupled to the input of the first one-way data link and the first receive server coupled to the output of the first one-way data link, the first send server configured to forward information received at the data communications interface to the input of the first one-way data link, the network connection of the first receive server coupled to the second network;
  
  a second platform comprising a second send server having a data communications interface coupled only to the data communications interface of the first receive server, a second one-way data link having an input and an output, and a second receive server having a network connection and a data communications interface, the second send server coupled to the input of the second one-way data link and the second receive server coupled to the output of the second one-way data link, the second send server configured to forward information received at the data communications interface to the input of the second one-way data link, the network connection of the second receive server coupled to the first network and the data communications interface of the second receive server coupled only to the data communications interface of the first send server,wherein the second receive server is configured to receive first information from the first client/server via the first network and the network connection and to forward the first information to the first send server via the data communications interface of the second receive server;
  
  wherein the first receive server is configured to receive the first information via the first one-way data link and to forward the first information to the server via the network connection and second network;
  
  wherein the first receive server is also configured to receive second information from the second client/server via the second network and the network connection and to forward the second information to the second send server via the data communications interface; and
  
  wherein the second receive server is also configured to receive the second information from the second one-way data link and to forward the second information to the client via the network connection and first network.
- View Dependent Claims (33, 34, 35, 36)
- - 33. The system of claim 32, wherein the second receive server and the first receive server are each also configured to maintain the first information completely separate from the second information.
  - 34. The system of claim 32, wherein the second receive server is configured to process the first information prior to forwarding the first information to the first send server.
  - 35. The system of claim 32, wherein the first receive server is configured to process the second information prior to forwarding the second information to the second send server.
  - 36. The system of claim 32, wherein the second receive server is configured to process the first information prior to forwarding the first information to the first send server and wherein the first receive server is configured to process the second information prior to forwarding the second information to the second send server.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OWL Cyber Defense Solutions LLC
Original Assignee
Owl Computing Technologies, Inc.
Inventors
Mraz, Ronald, Lerman, Kenneth, Silberman, Gabriel

Application Number

US14/508,188
Publication Number

US 20150058385A1
Time in Patent Office

Days
Field of Search
US Class Current

707/827
CPC Class Codes

G06F 16/335   Filtering based on addition...

H04L 43/028   by filtering

H04L 63/0209   Architectural arrangements,...

H04L 63/0281   Proxies

H04L 63/0428   wherein the data content is...

H04L 63/105   Multiple levels of security

H04L 63/18   using different networks or...

H04L 67/01   Protocols

H04L 67/1097   for distributed storage of ...

H04L 67/56   Provisioning of proxy servi...

BILATERAL TRANSFER SYSTEM USING MULTIPLE ONE-WAY DATA LINKS

First Claim

4 Assignments

0 Petitions

Accused Products

Abstract

Citations

36 Claims

Specification

Solutions

Use Cases

Quick Links

BILATERAL TRANSFER SYSTEM USING MULTIPLE ONE-WAY DATA LINKS

First Claim

4 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

36 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links