Secure segregation of data of two or more domains or trust realms transmitted through a common data channel
First Claim
1. A system for transporting data comprising;
- a common channel carrying data of a plurality of domains;
a first switch through which data enters the common channel;
a second switch through which data exits the common channel;
first filter means for filtering data traveling between the first switch and the second switch based on a first filtering criteria;
a first set of routers coupled to the first switch, each router being for a respective one of the plurality of domains;
second filter means for filtering data traveling through each of the first set of routers based on a second filtering criteria, the second filtering criteria being different from the first filtering criteria;
a second set of routers coupled to the second switch, each router being for a respective another of the plurality of domains;
third filter means for filtering data traveling through each of the second set of routers based on a third filtering criteria, the third filtering criteria being different from the first filtering criteria;
a first terminal coupled to one of the first set of routers and being of a first of the plurality of domains;
a second terminal coupled to one of the second set of routers and being of the first of the plurality of domains, wherein data transmitted by the first terminal passes through the one of the first set of routers to the first switch, through the first switch to the common channel, through the common channel to the second switch, through the second switch to the one of the second set of routers, and through the one of the second set of routers to the second terminal;
a third terminal coupled to another of the first set of routers and being of a second of the plurality of domains; and
a fourth terminal coupled to another of the second set of routers and being of a second of the plurality of domains, wherein data transmitted by the third terminal passes through the other of the first set of routers to the first switch, through the first switch to the common channel, through the common channel to the second switch, through the second switch to the other of the second set of routers, and through the other of the second set of routers to the fourth terminal, the first filter means, the second filter means and the third filter means preventing data transmitted by the first terminal from reaching the third terminal and the fourth terminal.
11 Assignments
0 Petitions
Accused Products
Abstract
A system for transporting data comprising a first domain comprising a first plurality of filters in a first communication channel, the first communications channel including a common portion, the first plurality of filters employing a first plurality of filtering criteria; a second domain comprising a second plurality of filters in a second communications channel, the second communications channel including the common portion, the second plurality of filters employing a second plurality of filtering criteria; a plurality of managers each coupled to one of the first plurality of filters and the second plurality of filters, each of the plurality of managers comprising means for configuring the one of the first plurality of filters and the second plurality of filters; and at least one control terminal coupled to the plurality of managers for controlling said plurality of managers.
-
Citations
10 Claims
-
1. A system for transporting data comprising;
-
a common channel carrying data of a plurality of domains;
a first switch through which data enters the common channel;
a second switch through which data exits the common channel;
first filter means for filtering data traveling between the first switch and the second switch based on a first filtering criteria;
a first set of routers coupled to the first switch, each router being for a respective one of the plurality of domains;
second filter means for filtering data traveling through each of the first set of routers based on a second filtering criteria, the second filtering criteria being different from the first filtering criteria;
a second set of routers coupled to the second switch, each router being for a respective another of the plurality of domains;
third filter means for filtering data traveling through each of the second set of routers based on a third filtering criteria, the third filtering criteria being different from the first filtering criteria;
a first terminal coupled to one of the first set of routers and being of a first of the plurality of domains;
a second terminal coupled to one of the second set of routers and being of the first of the plurality of domains, wherein data transmitted by the first terminal passes through the one of the first set of routers to the first switch, through the first switch to the common channel, through the common channel to the second switch, through the second switch to the one of the second set of routers, and through the one of the second set of routers to the second terminal;
a third terminal coupled to another of the first set of routers and being of a second of the plurality of domains; and
a fourth terminal coupled to another of the second set of routers and being of a second of the plurality of domains, wherein data transmitted by the third terminal passes through the other of the first set of routers to the first switch, through the first switch to the common channel, through the common channel to the second switch, through the second switch to the other of the second set of routers, and through the other of the second set of routers to the fourth terminal, the first filter means, the second filter means and the third filter means preventing data transmitted by the first terminal from reaching the third terminal and the fourth terminal. - View Dependent Claims (2, 3, 4, 5)
third filter means for filtering data traveling through each of the first set of routers based on a third filtering criteria, the third filtering criteria being different from the first filtering criteria and the second filtering criteria.
-
-
5. The system of claim 1 wherein said third filter means includes means for filtering based on an error control.
-
6. A method of constructing a system for transporting data comprising:
-
providing a common channel for carrying data of a plurality of domains;
coupling a first switch to the common channel through which data enters the common channel;
coupling a second switch to the common channel through which data exits the common channel;
defining a first filter for filtering data traveling between the first switch and the second switch based on a first filtering criteria;
coupling a first set of routers to the first switch, each router being for a respective one of the plurality of domains;
defining a second filter for filtering data traveling through each of the first set of routers based on a second filtering criteria, the second filtering criteria being different from the first filtering criteria;
coupling a second set of routers to the second switch, each router being for a respective another of the plurality of domains;
defining third filter for filtering data traveling through each of the second set of routers based on a third filtering criteria, the third filtering criteria being different from the first filtering criteria;
coupling a first terminal to one of the first set of routers, the first terminal being of a first of the plurality of domains;
coupling a second terminal to one of the second set of routers, the second terminal being of the first of the plurality of domains, wherein data transmitted by the first terminal passes through the one of the first set of routers to the first switch, through the first switch to the common channel, through the common channel to the second switch, through the second switch to the one of the second set of routers, and through the one of the second set of routers to the second terminal;
coupling a third terminal to another of the first set of routers, the third terminal and being of a second of the plurality of domains; and
coupling a fourth terminal to another of the second set of routers, the fourth terminal being of a second of the plurality of domains, wherein data transmitted by the third terminal passes through the other of the first set of routers to the first switch, through the first switch to the common channel, through the common channel to the second switch, through the second switch to the other of the second set of routers, and through the other of the second set of routers to the fourth terminal, the first filter means, the second filter means and the third filter means preventing data transmitted by the first terminal from reaching the third terminal and the forth terminal. - View Dependent Claims (7, 8, 9, 10)
defining a fourth filter for filtering data traveling through each of the first set of routers based on a fifth filtering criteria, the fourth filtering criteria being different from the first filtering criteria, the second filtering criteria, and the third filtering criteria.
-
-
10. The system of claim 6 wherein said defining of said third filter means includes defining a filter based on an error control.
Specification