Secure one-way data transfer using communication interface circuitry

US 8,068,415 B2
Filed: 04/18/2007
Issued: 11/29/2011
Est. Priority Date: 04/18/2007
Status: Active Grant

First Claim

Patent Images

1. A method of transferring data from a Send Node to a Receive Node over an optical data link, comprising the steps of:

providing a first and a second network interface circuitry;

configuring said first network interface circuitry to enable data transfer from said Send Node to said optical data link, but to disable any data transfer from said optical data link to said Send Node;

configuring said second network interface circuitry to enable data transfer from said optical data link to said Receive Node, but to disable any data transfer from said Receive Node to said optical data link;

coupling said configured first network interface circuitry to said Send Node and a first end of said optical data link;

coupling said configured second network interface circuitry to said Receive Node and a second end of said optical data link; and

transferring data from said Send Node to said Receive Node over said optical data link,wherein said first network interface circuitry and said second network interface circuitry are separately administered and require independent authentication keys for communication management;

said step of configuring said first network interface circuitry comprises the steps of;

populating a first optical emitter and a first optical detector on a first network interface card;

configuring said first optical emitter to enable data transfer from said Send Node to said optical data link;

configuring said first optical detector to disable any data transfer from said optical data link to said Send Node;

leaving a space on said first network interface card for a second optical emitter and a second optical detector unpopulated; and

said step of configuring said second network interface circuitry comprises the steps of;

populating a third optical emitter and a third optical detector on a second network interface card;

configuring said third optical emitter to disable any data transfer from said Receive Node to said optical data link;

configuring said third optical detector to enable data transfer from said optical data link to said Receive Node;

leaving a space on said second network interface card for a fourth optical emitter and a fourth optical detector unpopulated.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Network interface circuitry for a secure one-way data transfer from a sender'"'"'s computer (“Send Node”) to a receiver'"'"'s computer (“Receive Node”) over a data link, such as an optical fiber or shielded twisted pair copper wire communication cable, comprising send-only network interface circuitry for transmitting data from the Send Node to the data link, and receive-only network interface circuitry for receiving the data from the data link and transmitting the received data to the Receive Node, wherein the send-only network interface circuitry is configured not to receive any data from the data link, and the receive-only network interface circuitry is configured not to send any data to the data link. The network interface circuitry may use various interface means such as PCI interface, USB connection, FireWire connection, or serial port connection for coupling to the Send Node and the Receive Node.

Citations

29 Claims

1. A method of transferring data from a Send Node to a Receive Node over an optical data link, comprising the steps of:
- providing a first and a second network interface circuitry;
  
  configuring said first network interface circuitry to enable data transfer from said Send Node to said optical data link, but to disable any data transfer from said optical data link to said Send Node;
  
  configuring said second network interface circuitry to enable data transfer from said optical data link to said Receive Node, but to disable any data transfer from said Receive Node to said optical data link;
  
  coupling said configured first network interface circuitry to said Send Node and a first end of said optical data link;
  
  coupling said configured second network interface circuitry to said Receive Node and a second end of said optical data link; and
  
  transferring data from said Send Node to said Receive Node over said optical data link,wherein said first network interface circuitry and said second network interface circuitry are separately administered and require independent authentication keys for communication management;
  
  said step of configuring said first network interface circuitry comprises the steps of;
  
  populating a first optical emitter and a first optical detector on a first network interface card;
  
  configuring said first optical emitter to enable data transfer from said Send Node to said optical data link;
  
  configuring said first optical detector to disable any data transfer from said optical data link to said Send Node;
  
  leaving a space on said first network interface card for a second optical emitter and a second optical detector unpopulated; and
  
  said step of configuring said second network interface circuitry comprises the steps of;
  
  populating a third optical emitter and a third optical detector on a second network interface card;
  
  configuring said third optical emitter to disable any data transfer from said Receive Node to said optical data link;
  
  configuring said third optical detector to enable data transfer from said optical data link to said Receive Node;
  
  leaving a space on said second network interface card for a fourth optical emitter and a fourth optical detector unpopulated.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
- - 2. The method of claim 1, wherein said step of coupling said configured first network interface circuitry comprises the step of using a PCI interface.
  - 3. The method of claim 1, wherein said step of coupling said configured second network interface circuitry comprises the step of using a PCI interface.
  - 4. The method of claim 1, wherein said step of coupling said configured first network interface circuitry comprises the step of using a USB connector.
  - 5. The method of claim 1, wherein said step of coupling said configured second network interface circuitry comprises the step of using a USB connector.
  - 6. The method of claim 1, wherein said step of coupling said configured first network interface circuitry comprises the step of using a FireWire connector.
  - 7. The method of claim 1, wherein said step of coupling said configured second network interface circuitry comprises the step of using a FireWire connector.
  - 8. The method of claim 1, wherein said step of coupling said configured first network interface circuitry comprises the step of using a serial port connector.
  - 9. The method of claim 1, wherein said step of coupling said configured second network interface circuitry comprises the step of using a serial port connector.
  - 10. The method of claim 1, wherein said providing step comprises the step of providing two ATM network interface cards.
  - 11. The method of claim 10, wherein said step of providing said ATM network interface cards comprises the step of providing an ATM physical interface chip and an ATM segmentation and reassembly chip on each of said two ATM network interface cards.
  - 12. The method of claim 1, wherein said providing step comprises the step of providing a first and a second network interface cards in form of unpopulated circuit boards.
  - 13. The method of claim 12, wherein said providing step further comprises the step of placing silkscreen words on said unpopulated circuit boards.
  - 14. The method of claim 1, wherein said providing step comprises the step of providing a first and a second network interface cards having a low form factor.

15. A system for transferring data from a Send Node to a Receive Node over an optical data link, comprising:
- a first network interface circuitry which is configured to enable data transfer from said Send Node to said optical data link, but to disable any data transfer from said optical data link to said Send Node, and is coupled to said Send Node and a first end of said optical data link; and
  
  a second network interface circuitry which is configured to enable data transfer from said optical data link to said Receive Node, but to disable any data transfer from said Receive Node to said optical data link, and is coupled to said Receive Node and a second end of said optical data link,wherein;
  
  said first network interface circuitry and said second network interface circuitry are separately administered and require independent authentication keys for communication management;
  
  said first network interface circuitry comprises a first optical emitter and a first optical detector populated on a first network interface card;
  
  said first optical emitter is configured to enable data transfer from said Send Node to said optical data link;
  
  said first optical detector is configured to disable any data transfer from said optical data link to said Send Node;
  
  said first network interface card comprises an unpopulated space thereon for a second optical emitter and a second optical detector;
  
  said second network interface circuitry comprises a third optical emitter and a third optical detector populated on a second network interface card;
  
  said third optical emitter is configured to disable any data transfer from said Receive Node to said optical data link;
  
  said third optical detector is configured to enable data transfer from said optical data link to said Receive Node; and
  
  said second network interface card comprises an unpopulated space thereon for a fourth optical emitter and a fourth optical detector.
- View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29)
- - 16. The system of claim 15, wherein said first network interface circuitry is coupled to said Send Node by a PCI interface.
  - 17. The system of claim 15, wherein said second network interface circuitry is coupled to said Receive Node by a PCI interface.
  - 18. The system of claim 15, wherein said first network interface circuitry is coupled to said Send Node by a USB connector.
  - 19. The system of claim 15, wherein said second network interface circuitry is coupled to said Receive Node by a USB connector.
  - 20. The system of claim 15, wherein said first network interface circuitry is coupled to said Send Node by a FireWire connector.
  - 21. The system of claim 15, wherein said second network interface circuitry is coupled to said Receive Node by a FireWire connector.
  - 22. The system of claim 15, wherein said first network interface circuitry is coupled to said Send Node by a serial port connector.
  - 23. The system of claim 15, wherein said second network interface circuitry is coupled to said Receive Node by a serial port connector.
  - 24. The system of claim 15, wherein each of said first network interface circuitry and said second network interface circuitry comprises an Asynchronous Transfer Mode (ATM) network interface circuit.
  - 25. The system of claim 24, wherein said ATM network interface circuit comprises an ATM physical interface chip and an ATM segmentation and reassembly chip.
  - 26. The system of claim 15, wherein silkscreen words indicating the send-only functionality are placed on said unpopulated space on said first network interface card.
  - 27. The system of claim 15, wherein silkscreen words indicating the receive-only functionality are placed on said unpopulated space on said second network interface card.
  - 28. The system of claim 15, wherein said first network interface card has a low form factor.
  - 29. The system of claim 15, wherein said second network interface card has a low form factor.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OWL Cyber Defense Solutions LLC
Original Assignee
Owl Computing Technologies, Inc.
Inventors
Mraz, Ronald
Primary Examiner(s)
Kizou; Hassan
Assistant Examiner(s)
FARAHMAND, ASHIL S

Application Number

US11/787,778
Publication Number

US 20080259929A1
Time in Patent Office

1,686 Days
Field of Search

370229-241, 370/431, 370/463, 709/250
US Class Current

370/230
CPC Class Codes

H04L 12/5601   Transfer mode dependent, e....

H04L 63/0209   Architectural arrangements,...

H04L 63/162   at the data link layer

Secure one-way data transfer using communication interface circuitry

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

Secure one-way data transfer using communication interface circuitry

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links