System and method for securing a computer communication network
First Claim
Patent Images
1. A system for securing a trusted computer communication network comprising:
- a master decision maker unit coupled to the trusted network; and
at least one slave communication unit coupled to the master unit by a wide bus connection that has multiple unidirectional communication channels, said slave communication unit being further connected to a non-trusted network;
characterized in that;
(i) a chip based circuit is provided between said trusted network and said non-trusted network thereby keeping said networks is physically and logically disconnected from each other at all times, by preventing data streaming therebetween;
(ii) all data transported between the trusted network and said non-trusted network is transported between said master unit and said slave unit in static form;
(iii) all data transported between the trusted network and said non-trusted network is transported through unidirectional communication channels, using a handshake mechanism solely controlled by said trusted side, thereby preventing data streaming therebetween.
1 Assignment
0 Petitions
Accused Products
Abstract
A system for providing a trusted computer communication network including a master decision maker unit coupled to the trusted network; and at least one slave communication unit coupled to the master unit by a wide bus connection that has multiple unidirectional communication channels, and connected to a non-trusted network; wherein the trusted network is physically isolated at all times from the non-trusted network, and all data transported between the trusted network and the non-trusted network is transported between the master unit and the slave unit.
-
Citations
28 Claims
-
1. A system for securing a trusted computer communication network comprising:
-
a master decision maker unit coupled to the trusted network; and
at least one slave communication unit coupled to the master unit by a wide bus connection that has multiple unidirectional communication channels, said slave communication unit being further connected to a non-trusted network;
characterized in that;
(i) a chip based circuit is provided between said trusted network and said non-trusted network thereby keeping said networks is physically and logically disconnected from each other at all times, by preventing data streaming therebetween;
(ii) all data transported between the trusted network and said non-trusted network is transported between said master unit and said slave unit in static form;
(iii) all data transported between the trusted network and said non-trusted network is transported through unidirectional communication channels, using a handshake mechanism solely controlled by said trusted side, thereby preventing data streaming therebetween. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for securing a trusted computer communication network while allowing data to pass between said trusted computer communication network and a non trusted network, comprising the steps of:
-
a. disconnecting the trusted network from all non-trusted computer networks;
b. inserting a system between the trusted network and non-trusted network that maintains a physical and logical disconnection between said trusted network and non-trusted network at all times by preventing data streaming therebetween yet allows passage of data thereacross;
c. enabling transportation of data between said trusted network and said non-trusted network only with approval of said master decision maker using a handshake mechanism and thereby preventing data streaming therebetween wherein said system comprises a master decision maker unit coupled to the trusted network and to a slave communication unit;
said master unit including a master computer and a master wide bus gate card;
said slave unit including a slave computer and a slave wide bus gate card;
said master unit being connected to said slave unit by a wide bus connection connecting said master wide bus gate card to said slave wide bus gate card;
and said wide gate cards including a chip based circuit that only allows static data to pass therethrough. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method for securing a trusted computer communication network while allowing data to pass between said trusted computer communication network and a non trusted network, comprising the steps of:
-
disconnecting the trusted network from all non-trusted computer networks;
inserting a system between the trusted network and non-trusted network that maintains a physical and logical disconnection therebetween at all times by preventing data streaming therebetween yet allows passage of data thereacross;
wherein said system comprises a master decision maker unit coupled to the trusted network and to a slave communication unit;
said master unit including a master computer and a master wide bus gate card;
said slave unit including a slave computer and a slave wide bus gate card;
said master unit being connected to said slave unit by a wide bus connection connecting said master wide bus gate card to said slave wide bus gate card;
and said wide gate cards including a chip based circuit that only allows static data to pass therethrough;
wherein all data import processes into said trusted network occur over said wide bus connection through said chip based circuit, in accordance with the following steps;
(i) initiating a data import process by said master unit or by said slave unit subject to approval of said master unit and thereby enabling transportation of data between said trusted network and said non-trusted network only with approval of said master unit;
(ii) receiving said data from said non-trusted network at said slave computer;
(iii) signing said data with data signature thereby causing data to become static (iv) pulling said static data and said data signature from said slave computer by said slave wide bus gate card;
(v) pushing said signed static data to the master wide bus gate card while simultaneously calculating and verifying the data signature by said slave wide bus gate card;
(vi) verifying by said slave wide bus gate card that the computed accumulated data signature subsequent to termination of the pulling of said signed data is correct; and
, where said data signature is allowed, signaling allowance to said master wide bus card, but where said accumulated data signature is not allowed, providing a delete command to said master wide bus card in accordance with the result of said step of verifying;
(vii) encoding said data using a key generated by and known only to said master wide bus gate card;
(vii) transporting said encoded data from said master wide bus gate card to said master computer;
(viii) verifying said data signature, and if allowed, examining said data by said master computer, however, if said data signature is not allowed, providing a delete command;
(ix) said step of examining includes (a) providing said key from said master wide bus gate card to said master computer;
(b) decoding said encoded data by said master computer;
(c) examining said decoded data by said master computer, and (d) providing said allowable data to said trusted network.
-
Specification