Systems and methods for providing increased computer security
First Claim
1. A method of communicating between a first network and a second network via a device, the first network having a first degree of trust and the second network having a second degree of trust that is higher than the first degree of trust, the device having a first processor in communication with the first network, a second processor in communication with the second network and an interface in communication with the first processor and the second processor, said method comprising:
- providing control information to the second processor;
generating first status information in the first processor;
generating second status information in the second processor;
transmitting data from the first network to the first processor;
processing, via the first processor, the transmitted data from the first network to provide first processed data;
transmitting the first processed data to the interface;
transmitting the first processed data from the interface to the second processor,processing, via the second processor, the first processed data to provide second processed data;
exchanging a portion of the first status information, a portion of the second status information and a portion of the control information between the first processor and the second processor;
acknowledging, at a probabilistic rate derived from a moving average of a rate at which the second processor is acknowledging messages from the second network, transmission from the first processor to the second processor via a communication channel between the first processor and the second processor; and
transmitting the second processed data to the second network,wherein said transmitting the first processed data to the interface, said transmitting the first processed data from the interface to the second processor, said exchanging and said acknowledging of the transmission from the first processor to the second processor minimize data communication from the second network to the first network.
1 Assignment
0 Petitions
Accused Products
Abstract
In a communication system having a plurality of networks, a method of achieving network separation between first and second networks is described. First and second networks with respective first and second degrees of trust are defined, the first degree of trust being higher than the second degree of trust. Communication between the first and second networks is enabled via a network interface system having a protocol stack, the protocol stack implemented by the network interface system in an application layer. Data communication from the second network to the first network is enabled while data communication from the first network to the second network is minimized.
48 Citations
3 Claims
-
1. A method of communicating between a first network and a second network via a device, the first network having a first degree of trust and the second network having a second degree of trust that is higher than the first degree of trust, the device having a first processor in communication with the first network, a second processor in communication with the second network and an interface in communication with the first processor and the second processor, said method comprising:
-
providing control information to the second processor; generating first status information in the first processor; generating second status information in the second processor; transmitting data from the first network to the first processor; processing, via the first processor, the transmitted data from the first network to provide first processed data; transmitting the first processed data to the interface; transmitting the first processed data from the interface to the second processor, processing, via the second processor, the first processed data to provide second processed data; exchanging a portion of the first status information, a portion of the second status information and a portion of the control information between the first processor and the second processor; acknowledging, at a probabilistic rate derived from a moving average of a rate at which the second processor is acknowledging messages from the second network, transmission from the first processor to the second processor via a communication channel between the first processor and the second processor; and transmitting the second processed data to the second network, wherein said transmitting the first processed data to the interface, said transmitting the first processed data from the interface to the second processor, said exchanging and said acknowledging of the transmission from the first processor to the second processor minimize data communication from the second network to the first network.
-
-
2. A method of communicating between a first network and a second network via a device, the first network having a first degree of trust and the second network having a second degree of trust that is higher than the first degree of trust, the device having a first processor in communication with the first network, a second processor in communication with the second network and an interface in communication with the first processor and the second processor, said method comprising:
-
providing limited control information from the second processor to the first processor; generating first status information in the first processor; generating second status information in the second processor; transmitting data from the first network to the first processor; processing, via the first processor, the transmitted data from the first network to provide first processed data; transmitting the first processed data to the interface; transmitting the first processed data from the interface to the second processor, processing, via the second processor, the first processed data to provide second processed data; exchanging a portion of the first status information, a portion of the second status information and a portion of the control information between the first processor and the second processor; acknowledging, at a probabilistic rate derived from a moving average of a rate at which the second processor is acknowledging messages from the second network, transmission from the first processor to the second processor via a communication channel between the first processor and the second processor; and transmitting the second processed data to the second network, wherein said transmitting the first processed data to the interface, said transmitting the first processed data from the interface to the second processor, said exchanging and said acknowledging of the transmission from the first processor to the second processor minimize data communication from the second network to the first network.
-
-
3. A communication system for communicating between a first network and a second network, the first network having a first degree of trust and the second network having a second degree of trust that is higher than the first degree of trust, said communication system comprising:
-
a first processor operable to receive data from the first network and to process the received data; an interface; a second processor; and communication lines connecting said first processor with said second processor and being operable to permit an exchange of status and control information between said first processor and said second processor, wherein said interface is operable to receive processed data from said first processor and to transmit the processed data to said second processor, wherein said second processor is operable to further process the processed data from said interface and to transmit the further processed data to the second network, wherein said interface is further operable to acknowledge, at a probabilistic rate derived from a moving average of a rate at which said second processor is acknowledging messages from the second network, transmission from said first processor to said second processor, and wherein said interface and said communication lines minimize data communication from the second network to the first network.
-
Specification