Processes and systems for secured information exchange using computer hardware
First Claim
1. A method of enabling information exchange between a protected system and an external information source wherein the information is contained in an initial data set carried by a signal while preventing any hostile data carried by the signal and which is executable in a first format of the signal from reaching the protected system in an executable format, including the steps of:
- a. using an intermediate domain computer hardware device to receive the signal containing the initial data set transmitted from the external information source;
b. processing, within the intermediate domain computer hardware device, the signal by containing the initial data set within the intermediate domain computer hardware device and transforming the first format of the signal into a different second format to thereby form a second data set containing the information and such that the hostile data is not executable in the second format; and
c. thereafter passing the second data set to the protected system whereby any hostile data included in the signal is transformed from an executable state to a non-executable state in the second format.
4 Assignments
0 Petitions
Accused Products
Abstract
A system and method for providing external data-signal isolation, and signal-level information-preserving-data-transformations, to enable safe, operationally efficient, information sharing between protected information systems and networks and external, potentially hostile, information systems and networks which neutralizes any imbedded hostile executable codes such as viruses that may be in data-signals incoming from the external systems and networks. The system and method prevent untransformed external data-signals from entering protected systems and/or networks using an intermediate screen which is a computer hardware device. The intermediate screen is deployed between the protected systems and external systems and is used to process all incoming signals from the external system to obtain transformed data sets from which information is extracted before it is passed to the protected system.
56 Citations
24 Claims
-
1. A method of enabling information exchange between a protected system and an external information source wherein the information is contained in an initial data set carried by a signal while preventing any hostile data carried by the signal and which is executable in a first format of the signal from reaching the protected system in an executable format, including the steps of:
-
a. using an intermediate domain computer hardware device to receive the signal containing the initial data set transmitted from the external information source;
b. processing, within the intermediate domain computer hardware device, the signal by containing the initial data set within the intermediate domain computer hardware device and transforming the first format of the signal into a different second format to thereby form a second data set containing the information and such that the hostile data is not executable in the second format; and
c. thereafter passing the second data set to the protected system whereby any hostile data included in the signal is transformed from an executable state to a non-executable state in the second format. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A system for enabling information exchange between a protected system and an external information source wherein the information is contained in an initial data set carried by a signal while preventing any hostile data carried by the signal and which is executable in a first format of the signal from reaching the protected system in an executable format, the system including:
-
a) means for connecting an intermediate domain computer hardware device between the external information source and the protected system to receive the signal containing the initial data set from the external source;
b) signal processing means within the intermediate domain computer hardware device, for processing the signal containing the initial data set by confining the initial data set within the intermediate domain computer hardware device and to transform the first format of the signal into a different second format by forming a second data set containing the information and such that any hostile data is not executable in the second format; and
c) means for passing the second data set to the protected system whereby any hostile data included in the signal is transformed from an executable state to a non-executable state in the second format. - View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
-
22. A method of enabling secure information exchange between a protected system and an external information source on the internet wherein the information is contained in an initial data set carried by a signal while preventing any hostile data carried by the signal and which is executable in a first format of the signal from reaching the protected system in an executable format, including the steps of;
-
a. using an intermediate domain computer hardware device between the external information source on the internet and the protected system to receive the signal containing the initial data set transmitted from the external information source;
b. processing, within the intermediate domain computer hardware device, the signal containing the initial data set by containing the initial data set within the intermediate domain computer hardware device and transforming the first format of the signal into a different second format to thereby form a second data set containing the information and such that any hostile data which is executable within the initial data set is not executable in the second format;
c. thereafter, passing the second data set to the protected system whereby any hostile data included in the signal is transformed from an executable state to a non-executable state in the second format. - View Dependent Claims (23, 24)
-
Specification