Method and apparatus for reliable, high speed data transfers in a high assurance multiple level secure environment

US 8,024,788 B2
Filed: 05/31/2007
Issued: 09/20/2011
Est. Priority Date: 05/31/2007
Status: Active Grant

First Claim

Patent Images

1. A method of passing data from a first application to a second application, comprising the steps of:

establishing, in a first computer executing the first application at a first security level, an upchannel communications link from the first application to a second application executing in a second computer at a second security level higher than the first security level via a data guard, the upchannel communications link complying with a user datagram protocol (UDP);

establishing, in the second computer, a backchannel communications link from the second application to the first application via the data guard, the backchannel communications link complying with a transmission control protocol (TCP);

sending a first transmission having a first portion of the data from the first application executing in the first computer to the second application executing in the second computer via the upchannel communications link;

transmitting an acknowledgement message from the second application executing in the second computer to the first application executing in the first computer via the backchannel link;

receiving the acknowledgement message in the first application executing in the first computer, the acknowledgement message comprising information describing the reception of the first portion of the data; and

sending a second transmission of the data from the first application executing in the first computer to the second application executing in the second computer according to the received acknowledgement message.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for passing data from a first application at a first security level to a second application in a second security level higher than the first security level is disclosed. A backchannel communications link is established between the first application and the second application, and the backchannel link is used to transmit information such as an acknowledgement message from the second application to the first application.

19 Citations

View as Search Results

20 Claims

1. A method of passing data from a first application to a second application, comprising the steps of:
- establishing, in a first computer executing the first application at a first security level, an upchannel communications link from the first application to a second application executing in a second computer at a second security level higher than the first security level via a data guard, the upchannel communications link complying with a user datagram protocol (UDP);
  
  establishing, in the second computer, a backchannel communications link from the second application to the first application via the data guard, the backchannel communications link complying with a transmission control protocol (TCP);
  
  sending a first transmission having a first portion of the data from the first application executing in the first computer to the second application executing in the second computer via the upchannel communications link;
  
  transmitting an acknowledgement message from the second application executing in the second computer to the first application executing in the first computer via the backchannel link;
  
  receiving the acknowledgement message in the first application executing in the first computer, the acknowledgement message comprising information describing the reception of the first portion of the data; and
  
  sending a second transmission of the data from the first application executing in the first computer to the second application executing in the second computer according to the received acknowledgement message.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1, wherein the first portion of the data comprises a plurality of messages and the information further comprises information indicating which messages were not received.
  - 3. The method of claim 2, wherein each message of the plurality of messages is associated with a sequential message identifier, and the information indicating which messages were not received comprises the message identifier of the unreceived messages.
  - 4. The method of claim 1, wherein the first portion of the data comprises a plurality of messages and the information further comprises an indication of a preferred transmission rate of further messages.
  - 5. The method of claim 1, wherein:
    - the first application establishes the upchannel communications link; and
      
      the second application establishes the backchannel communications link.
  - 6. The method of claim 1, wherein the backchannel communications link is established in response to the establishment of the upchannel communications link.
  - 7. The method of claim 1, wherein:
    - the method further comprising the step of after the establishment of the backchannel communications link, receiving a confirming acknowledgement message in the first application executing in the first computer from the second application executing in the second computer via the backchannel link; and
      
      the first transmission is sent in response to the confirming acknowledgement message.

8. An apparatus for passing data, comprising:
- a first computer, for performing processing including a first application at a first security level;
  
  a second computer, coupled to the first computer via a data guard, the second computer for performing processing including a second application on a second security level higher than the first security level;
  
  the first application, operating on the first computer, for establishing an upchannel communications link from the first application to the second application via the data guard, the upchannel link complying with a user datagram protocol (UDP);
  
  the second application, operating on the second computer, for establishing a backchannel communications link from the second application to the first application via the data guard, the backchannel communications link complying with a transmission control protocol (TCP);
  
  wherein the first application sends a first transmission having a first portion of the data to the second application via the upchannel communications link;
  
  wherein the second application transmits an acknowledgement message to the first application via the backchannel link, the acknowledgement message comprising information describing the reception of the first portion of the data by the second application; and
  
  wherein the first application sends a second transmission of the data according to the received acknowledgement message.
- View Dependent Claims (9, 10, 11, 12, 13)
- - 9. The apparatus of claim 8, wherein the first portion of the data comprises a plurality of messages and the information further comprises information indicating which messages were not received.
  - 10. The apparatus of claim 9, wherein each message of the plurality of messages is associated with a message identifier, and the information indicting which messages were not received comprises the message identifier of the unreceived messages.
  - 11. The apparatus of claim 8, wherein the first portion of the data comprises a plurality of messages and the information further comprises an indication of the preferred transmission rate of further messages.
  - 12. The apparatus of claim 8, wherein:
    - the first application establishes the upchannel communications link; and
      
      the second application establishes the backchannel communications link.
  - 13. The apparatus of claim 8, wherein:
    - after the establishment of the backchannel communications link, a confirming acknowledgement message is received in the first application from the second application via the backchannel link; and
      
      the first transmission is sent in response to the confirming acknowledgment message.

14. An apparatus for passing data from a first application to a second application, comprising:
- means for establishing an upchannel communications link from a first application executing at a first security level to a second application executing at a second security level higher than the first security level via a data guard, the upchannel communications link complying with a user datagram protocol (UDP);
  
  means for establishing a backchannel communications link from the second application to the first application via the data guard, the backchannel communications link complying with a transmission control protocol (TCP);
  
  means for sending a first transmission having a first portion of the data from the first application to the second application via the upchannel communications link;
  
  means for transmitting an acknowledgement message from the second application to the first application via the backchannel link;
  
  means for receiving the acknowledgement message in the first application, the first acknowledgement message comprising information describing the reception of the first portion of the data; and
  
  means for sending a second transmission of the data according to the received acknowledgement message.
- View Dependent Claims (15, 16, 17, 18, 19, 20)
- - 15. The apparatus of claim 14, wherein the first portion of the data comprises a plurality of messages and the information further comprises information indicating which messages were not received.
  - 16. The apparatus of claim 15, wherein each message of the plurality of messages is associated with a sequential message identifier, and the information indicating which messages were not received comprises the message identifier of the unreceived messages.
  - 17. The apparatus of claim 14, wherein the first portion of the data comprises a plurality of messages and the information further comprises an indication of a preferred transmission rate of further messages.
  - 18. The apparatus of claim 14, wherein:
    - the first application establishes the upchannel communications link; and
      
      the second application establishes the backchannel communications link.
  - 19. The apparatus of claim 14, wherein the backchannel communications link is established in response to the establishment of the upchannel communications link.
  - 20. The apparatus of claim 14, wherein:
    - the apparatus further comprises means for receiving a confirming acknowledgement message in the first application from the second application via the backchannel link after the establishment of the backchannel communications link; and
      
      the first transmission is sent in response to the confirming acknowledgement message.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Arnold, Steven L., Donofrio, Thomas E.
Primary Examiner(s)
Gergiso; Techane

Application Number

US11/809,262
Publication Number

US 20080301799A1
Time in Patent Office

1,573 Days
Field of Search

726/14, 713/151
US Class Current

726/14
CPC Class Codes

G06F 21/6218   to a system of files or obj...

G06F 2221/2113   Multi-level security, e.g. ...

H04L 63/105   Multiple levels of security

Method and apparatus for reliable, high speed data transfers in a high assurance multiple level secure environment

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

19 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for reliable, high speed data transfers in a high assurance multiple level secure environment

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

19 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links