Systems and methods for providing increased computer security

US 7,149,897 B2
Filed: 07/25/2003
Issued: 12/12/2006
Est. Priority Date: 07/25/2003
Status: Active Grant

First Claim

Patent Images

1. A method of communicating between a first network and a second network via a device, the first network having a first degree of trust and the second network having a second degree of trust that is higher than the first degree of trust, the device having a first processor in communication with the first network, a second processor in communication with the second network and an interface in communication with the first processor and the second processor, said method comprising:

providing control information to the second processor;

generating first status information in the first processor;

generating second status information in the second processor;

transmitting data from the first network to the first processor;

processing, via the first processor, the transmitted data from the first network to provide first processed data;

transmitting the first processed data to the interface;

transmitting the first processed data from the interface to the second processor,processing, via the second processor, the first processed data to provide second processed data;

exchanging a portion of the first status information, a portion of the second status information and a portion of the control information between the first processor and the second processor;

acknowledging, at a probabilistic rate derived from a moving average of a rate at which the second processor is acknowledging messages from the second network, transmission from the first processor to the second processor via a communication channel between the first processor and the second processor; and

transmitting the second processed data to the second network,wherein said transmitting the first processed data to the interface, said transmitting the first processed data from the interface to the second processor, said exchanging and said acknowledging of the transmission from the first processor to the second processor minimize data communication from the second network to the first network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In a communication system having a plurality of networks, a method of achieving network separation between first and second networks is described. First and second networks with respective first and second degrees of trust are defined, the first degree of trust being higher than the second degree of trust. Communication between the first and second networks is enabled via a network interface system having a protocol stack, the protocol stack implemented by the network interface system in an application layer. Data communication from the second network to the first network is enabled while data communication from the first network to the second network is minimized.

48 Citations

View as Search Results

3 Claims

1. A method of communicating between a first network and a second network via a device, the first network having a first degree of trust and the second network having a second degree of trust that is higher than the first degree of trust, the device having a first processor in communication with the first network, a second processor in communication with the second network and an interface in communication with the first processor and the second processor, said method comprising:
- providing control information to the second processor;
  
  generating first status information in the first processor;
  
  generating second status information in the second processor;
  
  transmitting data from the first network to the first processor;
  
  processing, via the first processor, the transmitted data from the first network to provide first processed data;
  
  transmitting the first processed data to the interface;
  
  transmitting the first processed data from the interface to the second processor,processing, via the second processor, the first processed data to provide second processed data;
  
  exchanging a portion of the first status information, a portion of the second status information and a portion of the control information between the first processor and the second processor;
  
  acknowledging, at a probabilistic rate derived from a moving average of a rate at which the second processor is acknowledging messages from the second network, transmission from the first processor to the second processor via a communication channel between the first processor and the second processor; and
  
  transmitting the second processed data to the second network,wherein said transmitting the first processed data to the interface, said transmitting the first processed data from the interface to the second processor, said exchanging and said acknowledging of the transmission from the first processor to the second processor minimize data communication from the second network to the first network.

2. A method of communicating between a first network and a second network via a device, the first network having a first degree of trust and the second network having a second degree of trust that is higher than the first degree of trust, the device having a first processor in communication with the first network, a second processor in communication with the second network and an interface in communication with the first processor and the second processor, said method comprising:
- providing limited control information from the second processor to the first processor;
  
  generating first status information in the first processor;
  
  generating second status information in the second processor;
  
  transmitting data from the first network to the first processor;
  
  processing, via the first processor, the transmitted data from the first network to provide first processed data;
  
  transmitting the first processed data to the interface;
  
  transmitting the first processed data from the interface to the second processor,processing, via the second processor, the first processed data to provide second processed data;
  
  exchanging a portion of the first status information, a portion of the second status information and a portion of the control information between the first processor and the second processor;
  
  acknowledging, at a probabilistic rate derived from a moving average of a rate at which the second processor is acknowledging messages from the second network, transmission from the first processor to the second processor via a communication channel between the first processor and the second processor; and
  
  transmitting the second processed data to the second network,wherein said transmitting the first processed data to the interface, said transmitting the first processed data from the interface to the second processor, said exchanging and said acknowledging of the transmission from the first processor to the second processor minimize data communication from the second network to the first network.

3. A communication system for communicating between a first network and a second network, the first network having a first degree of trust and the second network having a second degree of trust that is higher than the first degree of trust, said communication system comprising:
- a first processor operable to receive data from the first network and to process the received data;
  
  an interface;
  
  a second processor; and
  
  communication lines connecting said first processor with said second processor and being operable to permit an exchange of status and control information between said first processor and said second processor,wherein said interface is operable to receive processed data from said first processor and to transmit the processed data to said second processor,wherein said second processor is operable to further process the processed data from said interface and to transmit the further processed data to the second network,wherein said interface is further operable to acknowledge, at a probabilistic rate derived from a moving average of a rate at which said second processor is acknowledging messages from the second network, transmission from said first processor to said second processor, andwherein said interface and said communication lines minimize data communication from the second network to the first network.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
the united states of america as represented by the secretary of the navy
Original Assignee
the united states of america as represented by the secretary of the navy
Inventors
Moskowitz, Ira S, Kang, Myong Hoon, Chincheck, Stanley, Parsonese, Jim
Primary Examiner(s)
ZIA, SYED

Application Number

US10/627,102
Publication Number

US 20050022023A1
Time in Patent Office

1,236 Days
Field of Search

713/200, 713/201, 713/166, 713/168, 713155-159, 709/223, 726 2- 3, 726 15- 16, 340/825
US Class Current

713/166
CPC Class Codes

H04L 2212/00   Encapsulation of packets

H04L 61/35   involving non-standard use ...

H04L 69/32   Architecture of open system...

H04L 69/329   in the application layer [O...

Systems and methods for providing increased computer security

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

48 Citations

3 Claims

Specification

Solutions

Use Cases

Quick Links

Systems and methods for providing increased computer security

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

3 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links