Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information

US 5,550,984 A
Filed: 12/07/1994
Issued: 08/27/1996
Est. Priority Date: 12/07/1994
Status: Expired due to Fees

First Claim

Patent Images

1. A security system for preventing unauthorized communications between a first network of computers interconnected for Internet Protocol (IP) communications and a second network of computers interconnected for IP communications, while permitting application level communication services between computers connected to said first and said second networks, comprising:

a first network motherboard and a second network motherboard, said first and second network motherboards each having a network interface adapter for communication with said first and said second networks of computers, and for establishing a distinct subnetwork mask, respectively;

each of said network motherboards further having a transfer adapter for communication with said transfer adapter of said other network motherboard, said transfer adapters being identical and matched, each of said network motherboards having network operating software to assign a source address for IP protcol communication in accordance with a susbnetwork mask established for one of said network motherboards which is different from the subnetwork mask established for the other of said network motherboards, said network operating software further including protocol conversion software to translate communications received by each said network interface adapter from said first or said second networks of computers, repectively, in IP protocol format to non-IP protocol format for transmission between the transfer adapters of said first and said second network motherboards, whereby upper level layer protocol information and originating source and destination address information are removed from said communication and routing services communications from said first and second computer networks are prevented from being passed between said network interface adapter and said transfer adapter of each said network motherboard, and thence preventing unauthorized communications between computers connected to said first and said second computer networks; and

at least one of said network motherboards having application programming interface (API) shim software for providing application level communication services to the computers connected to said at least one network motherboard notwithstanding the removal of said original source and destination address information, and the preventing of said routing services communications.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A security system for connecting a first computer network to a second computer network is provided. The security device has a pair of computer motherboards, each of which has a network interface adapter for receiving and transferring communications from a computer network to a transfer adapter to be transmitted to the other computer network through a transfer adapter and network interface adapter provided on the other computer motherboard. Each motherboard provides protocol translation from a first protocol to a second protocol and removes source and destination address information from communications transferred to the other computer motherboard. Application program interface shim software or dynamic link library software provides control of communications between the two motherboards for passing code necessary to request and receive services from the other computer network.

709 Citations

13 Claims

1. A security system for preventing unauthorized communications between a first network of computers interconnected for Internet Protocol (IP) communications and a second network of computers interconnected for IP communications, while permitting application level communication services between computers connected to said first and said second networks, comprising:
- a first network motherboard and a second network motherboard, said first and second network motherboards each having a network interface adapter for communication with said first and said second networks of computers, and for establishing a distinct subnetwork mask, respectively;
  
  each of said network motherboards further having a transfer adapter for communication with said transfer adapter of said other network motherboard, said transfer adapters being identical and matched, each of said network motherboards having network operating software to assign a source address for IP protcol communication in accordance with a susbnetwork mask established for one of said network motherboards which is different from the subnetwork mask established for the other of said network motherboards, said network operating software further including protocol conversion software to translate communications received by each said network interface adapter from said first or said second networks of computers, repectively, in IP protocol format to non-IP protocol format for transmission between the transfer adapters of said first and said second network motherboards, whereby upper level layer protocol information and originating source and destination address information are removed from said communication and routing services communications from said first and second computer networks are prevented from being passed between said network interface adapter and said transfer adapter of each said network motherboard, and thence preventing unauthorized communications between computers connected to said first and said second computer networks; and
  
  at least one of said network motherboards having application programming interface (API) shim software for providing application level communication services to the computers connected to said at least one network motherboard notwithstanding the removal of said original source and destination address information, and the preventing of said routing services communications.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The security system of claim 1 wherein said second computer network is public, and said second network motherboard has API shim software for providing application level communication services to the computers connected to said network interface adapter of said second network motherboard.
  - 3. The security system of claim 1 wherein each of said first and said second computer networks are private, and each of said network motherboards have API shim software for providing application level communication services to the computers connected to said network interface adapter of each said network motherboard.
  - 4. The security system of claim 1 wherein each of said network motherboards are located within a common unit and share a common power supply.
  - 5. The security system of claim 1 wherein each of said network motherboards includes a magnetic storage device and means for periodically backing up information from each said magnetic storage device to each other said magnetic storage device.
  - 6. The security system of claim 5 wherein said magnetic storage devices are of equal capacity.
  - 7. The security system of claim 1 wherein each of said network motherboards independently establishes a distinct Domain Name.
  - 8. The security system of claim 7 wherein each of said network motherboards independently establishes a distinct transport layer protocol TCP/IP address.
  - 9. The security system in accordance with claim 1 wherein said application programing interface (API) shim software includes dynamic link library (DLL) software.

10. A method of preventing unauthorized communications between a first network of computers interconnected for Internet Protocol (IP) communications and a second network of computers interconnected for IP communications, while permitting application level communication services between computers connected to said first and said second networks, comprising the steps of:
- receiving, at a first motherboard from a first network of computers, a communication in IP protocol format;
  
  translating said communication into non-IP protocol format, whereby original source and destination address information are removed from said communication and routing services communications from said first computer network are prevented;
  
  providing application programming interface (API) shim software to permit application level communications between said first and said second networks of computers, notwithstanding the removal of said original source and destination address information, and the preventing of said routing services communications;
  
  transmitting said communication to a second motherboard;
  
  retranslating, at said second motherboard, said communication into IP protocol format and assigning a source address to said communication in accordance with a subnetwork mask established by said second motherboard which is different from the subnetwork mask established for the IP protocol format communication as received by said first motherboard;
  
  transmitting said retranslated communication to said second computer network;
  
  whereby application level communications are permitted between computers connected to said first and said second computer networks, while users connected to said first or said second computer networks are prevented from obtaining routing services information and original source and destination address information pertaining to communications between computers connected to said first and said second computer networks, and thence unauthorized communications between computers connected to said first and said second computer networks are prevented.
- View Dependent Claims (11)
- - 11. The method of claim 10 further including the step of controlling, at said second network motherboard, access to said second computer network by devices connected to said first network motherboard.

12. A security interconnection module for use in combination with a second interconnection module for providing application level communication services between a first network of computers interconnected for Internet Protocol (IP) communications and a second network of computers interconnected for IP communications, while preventing unauthorized communications between computers of said first and second networks, comprising:
- a network motherboard connected to said first network, said second interconnection module being connected for communication with said second network, said network motherboard includinga network interface adapter for communication with said first network of computers, and for establishing a subnetwork mask distinct from the subnetwork mask established by said second interconnection module;
  
  a first transfer adapter for communication with a second transfer adapter included in said second interconnection module, said first transfer adapter and said second transfer adapter being a matched pair;
  
  said network motherboard having network operating software to assign a source address for IP protocol communication in accordance with a subnetwork mask established for said network motherboard which is different from the subnetwork mask established for said other network motherboard, said network operating software further including protocol conversion software to translate communications received from said first network by said network interface adapter from IP protocol format to non-IP protocol format for transmission to said second transfer adapter, thereby removing upper level layer protocol information, originating source and destination address information from said communication and routing services communications are prevented from being transmitted by said first transfer adapter to said second transfer adapter, and thence unauthorized communications between computers connected to said first and said second computer networks; and
  
  said network motherboard having application programming interface (API shim) software for providing application level communication services between the computers of said first and said second networks notwithstanding the removal of said original source and destination address information, and the preventing of said routing services communications.
- View Dependent Claims (13)
- - 13. The security interconnection module in accordance with claim 12 wherein said application programming interface (API) shim software includes Dynamic Link Library (DLL) software.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Panasonic Corporation Of North America (Panasonic Holdings Corporation)
Original Assignee
Matsushita Electric Corporation Of America (Panasonic Holdings Corporation)
Inventors
Gelb, Edward J.
Primary Examiner(s)
Lee, Thomas C.
Assistant Examiner(s)
MEKY, MOUSTAFA M

Application Number

US08/350,541
Time in Patent Office

629 Days
Field of Search

395/200, 395/200.01, 395/200.10, 395/200.13, 395/200.16, 395/200.17, 395/187.01, 370/94.1, 370/60, 380/4, 380/23, 380/49
US Class Current

709/245
CPC Class Codes

A61F 9/0008   Introducing ophthalmic prod...

H04L 63/0209   Architectural arrangements,...

H04L 69/08   Protocols for interworking;...

H04L 69/085   specially adapted for inter...

H04L 9/40   Network security protocols

Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

709 Citations

13 Claims

Specification

Solutions

Use Cases

Quick Links

Security system for preventing unauthorized communications between networks by translating communications received in ip protocol to non-ip protocol to remove address and routing services information

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

709 Citations

13 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links