Method and system for protecting operations of trusted internal networks
First Claim
1. A system for allowing limited communication between an external computing environment and an internal computing environment, the system comprising:
- a first processing entity for receiving an external message from the external environment, the external message containing content represented in one or more external environment protocols, for converting the external message to a simplified message by mapping all or part of the external message content into a simplified representation of the content in accordance with a simplified protocol, the simplified protocol defining a simplified representation for only some content which may be contained in a message represented in the one or more external environment protocols, and for transmitting the simplified message;
a second processing entity for receiving the simplified message transmitted by the first processing entity, for converting the simplified message to an internal message by mapping the simplified representation of the content into an internal representation of the content in accordance with one or more internal environment protocols, and for transmitting the internal message to an application operating on the internal computing environment; and
a communication channel between the first and second processing entities for transferring the simplified message.
6 Assignments
0 Petitions
Accused Products
Abstract
The present invention is a security gateway system positioned between an external, untrusted computing environment and an internal, trusted computing environment that converts messages received from the external environment into simplified messages and converts the simplified messages into messages suitable for use on the internal environment. The conversion involves the removal of external environment transfer protocols and the reduction of the content of the messages left after removing the protocols into a simplified representation of the content to create a simplified message. The simplified representation is then converted to an internal message by converting the simplified representation to a representation appropriate to the internal environment, including to applications operating on the internal environment, and adding internal environment protocols, including transfer protocols, to the converted message. Simplified representations exist for some but not necessarily all types of content which may be received from the external environment, thus limiting the content which may be passed from the external to the internal environment.
-
Citations
24 Claims
-
1. A system for allowing limited communication between an external computing environment and an internal computing environment, the system comprising:
-
a first processing entity for receiving an external message from the external environment, the external message containing content represented in one or more external environment protocols, for converting the external message to a simplified message by mapping all or part of the external message content into a simplified representation of the content in accordance with a simplified protocol, the simplified protocol defining a simplified representation for only some content which may be contained in a message represented in the one or more external environment protocols, and for transmitting the simplified message;
a second processing entity for receiving the simplified message transmitted by the first processing entity, for converting the simplified message to an internal message by mapping the simplified representation of the content into an internal representation of the content in accordance with one or more internal environment protocols, and for transmitting the internal message to an application operating on the internal computing environment; and
a communication channel between the first and second processing entities for transferring the simplified message. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A method for allowing limited communication between an external computing environment and an internal computing environment, the method comprising:
-
receiving an external message from the external computing environment, the message comprising content represented in one or more external environment protocols;
reducing the received external message to a simplified message by mapping all or part of the external message content into simplified representations of the content in accordance with a simplified protocol, the simplified protocol defining simplified representations for only some content which may be contained in a message represented in the one or more external environment protocol;
converting the simplified message to an internal message by mapping the simplified representation of the content in the simplified message into an internal environment representation of the content in accordance with one or more internal environment protocols; and
transferring the application message to an application operating on the internal computing environment. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21)
receiving an internal message from the application operating on the internal computing environment, the internal message containing application content represented in one or more internal environment protocols;
reducing the received internal message to a simplified message comprising all or part of the application content;
converting the simplified message to an external message; and
transmitting the external message to the external computing environment.
-
-
18. The method of claim 17, wherein the step of reducing the received internal message to the simplified message comprises mapping all or part of the application content into the simplified representation of the application content in accordance with the simplified protocol.
-
19. The method of claim 18, wherein the step of converting the simplified message to the external message comprises mapping the application content contained in the simplified message into an external environment representation of the application content in accordance with one of a plurality of external environment protocols.
-
20. The method of claim 19, wherein the step of converting the simplified message to the external message further comprises encapsulating the mapped application content in one or more transfer communication protocols for the external computing environment.
-
21. The method of claim 14, wherein a first part of the external message content is not defined by simplified representations in the simplified protocol, and wherein the step of reducing the received external message to the simplified message comprises mapping only a second part of the external message content into simplified representations.
-
22. A system for allowing limited communication between an internal computing environment and an external computing environment, the system comprising:
-
a first processing entity for receiving an application message from an application operating on the internal computing environment, the application message containing application content represented in one or more internal environment protocols, for converting the application message into a simplified message by mapping all or part of the application content into a simplified representation of the application content in accordance with a simplified protocol, the simplified protocol defining simplified representations for only some content which may be contained in a message represented in the application protocol, and for transmitting the simplified message;
a second processing entity for receiving the simplified message from the first processing entity, converting the simplified message to an external message by mapping the simplified representation of the application content into an external environment representation of the second content in accordance with one or more external environment protocols, and transmitting the external message to the external computing environment; and
a communication channel between the first and second processing entities for transferring the simplified message.
-
-
23. A method for allowing limited communication between an internal computing environment and an external computing environment, the method comprising:
-
receiving an application message from an application operating on the internal computing environment, the application message containing application content represented in one or more internal environment protocols;
reducing the received application message to a simplified message comprising all or part of the application content by mapping all or part of the application content into the simplified representation of the application content in accordance with a simplified protocol, the simplified protocol defining simplified representations for only some content which may be contained in a message represented in the one or more internal environment protocols;
converting the simplified message to an external message by mapping the simplified representation of the application content in the simplified message into an external environment representation of the content in accordance with one or more external environment protocols; and
transmitting the external message to the external computing environment.
-
-
24. A method for enabling formal verification of a system, the system comprising a first processing entity and a second processing entity connected by a communication bus, the first processing entity being connected to an untrusted computing environment and the second processing entity being connected to a trusted computing environment, the method comprising:
-
providing a simplified communication protocol between the first and second processing entities comprising data for transferring messages only between the first and second processing entities; and
formally verifying only the second processing entity.
-
Specification