Trusted labeler
First Claim
1. A cryptographic device for processing classified information having a plurality of different classification levels, the cryptographic device comprising:
- a labeler module comprising;
a first input port;
a first input labeler coupled to the first input port, wherein the first input labeler labels first packets after the first packets have been received at the first input port with first input label information associated with the first input port;
a second input port physically isolated from the first input port;
a second input labeler different from the first input labeler, the second input labeler coupled to the second input port, wherein the second input labeler labels second packets after the second packets have been received at the second input port with second input label information associated with the second input port, and further wherein the first input label information is distinguishable from the second input label information;
an input label checker between the first and/or second input labelers and a cryptographic module, wherein the input label checker checks if the first input labeler has labeled the first packets with the first label information and/or checks if the second input labeler has labeled the second packets with the second label information; and
a combiner that combines the first packets and the second packets and outputs the combined first and second packets on a first common datachannel;
the cryptographic module coupled to the combiner and configured to process the combined first and second packets received from the combiner, wherein;
the cryptographic module uses the first and second input label information to distinguish the first packets from the second packets, andthe cryptographic module produces a first processed packet from the first packet and a second processed packet from the second packet and outputs the first processed packet and the second processed packet on a second common datachannel;
a divider module comprising;
a first output port;
a second output port physically isolated from the first output port;
a router coupled to the cryptographic module that receives the first and second processed packets on the second common datachannel from the cryptographic module, wherein;
the router divides out the first processed packets from the second processed packets according to output labels, wherein the output labels of the first processed packets comprise information indicating that the first processed packets are destined for the first output port and the output labels of the second processed packets comprise information indicating that the second processed packets are destined for the second output port,the router couples the first processed packets to the first output port without including the second processed packets, andthe router couples the second processed packets to the second output port without including the first processed packets;
an output label checker between the router and the first and/or second output ports that checks if the output labels of the first processed packets comprise the information indicating that the first processed packets are destined for the first output port and/or checks if the output labels of the second processed packets comprise the information indicating that the second processed packets are destined for the second output port.
5 Assignments
0 Petitions
Accused Products
Abstract
A cryptographic device and method are disclosed for processing different levels of classified information. Input and output ports are physically isolated on the cryptographic device. Within the cryptographic device, each port has its packets labeled in such a way that it can be processed differently from other packets by a cryptographic module. High-assurance techniques are used to assure labeling and proper processing of the packets. These labeled packets are intermixed on common pathways regardless of level of classification. Despite intermixing, separation of the packets is assured through the process.
65 Citations
22 Claims
-
1. A cryptographic device for processing classified information having a plurality of different classification levels, the cryptographic device comprising:
-
a labeler module comprising; a first input port; a first input labeler coupled to the first input port, wherein the first input labeler labels first packets after the first packets have been received at the first input port with first input label information associated with the first input port; a second input port physically isolated from the first input port; a second input labeler different from the first input labeler, the second input labeler coupled to the second input port, wherein the second input labeler labels second packets after the second packets have been received at the second input port with second input label information associated with the second input port, and further wherein the first input label information is distinguishable from the second input label information; an input label checker between the first and/or second input labelers and a cryptographic module, wherein the input label checker checks if the first input labeler has labeled the first packets with the first label information and/or checks if the second input labeler has labeled the second packets with the second label information; and a combiner that combines the first packets and the second packets and outputs the combined first and second packets on a first common datachannel; the cryptographic module coupled to the combiner and configured to process the combined first and second packets received from the combiner, wherein; the cryptographic module uses the first and second input label information to distinguish the first packets from the second packets, and the cryptographic module produces a first processed packet from the first packet and a second processed packet from the second packet and outputs the first processed packet and the second processed packet on a second common datachannel; a divider module comprising; a first output port; a second output port physically isolated from the first output port; a router coupled to the cryptographic module that receives the first and second processed packets on the second common datachannel from the cryptographic module, wherein; the router divides out the first processed packets from the second processed packets according to output labels, wherein the output labels of the first processed packets comprise information indicating that the first processed packets are destined for the first output port and the output labels of the second processed packets comprise information indicating that the second processed packets are destined for the second output port, the router couples the first processed packets to the first output port without including the second processed packets, and the router couples the second processed packets to the second output port without including the first processed packets; an output label checker between the router and the first and/or second output ports that checks if the output labels of the first processed packets comprise the information indicating that the first processed packets are destined for the first output port and/or checks if the output labels of the second processed packets comprise the information indicating that the second processed packets are destined for the second output port. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A cryptographic device for processing information divided into partitions in a high-assurance manner, the cryptographic device comprising:
-
a labeler module comprising; a first input port; a first input labeler coupled to the first input port, wherein the first input labeler labels first packets after the first packets have been received at the first input port with first input label information associated with the first input port; a second input port physically isolated from the first input port; a second input labeler different from the first input labeler, the second input labeler coupled to the second input port, wherein the second input labeler labels second packets after the first packets have been received at the second input port with second input label information associated with the second input port; and a combiner that combines the first packets and the second packets and outputs the combined first and second packets on a first common datachannel; a cryptographic module coupled to the combiner and configured to process the combined first and second packets received from the combiner according to input labels, wherein; different processing algorithms are used for the first and second packets to produce first processed packets and second processed packets, and the cryptographic module uses the first input label information and the second input label information to distinguish the first packets from the second packets; the cryptographic module outputs the first processed packets and the second processed packets on a second common datachannel; a divider module comprising; a first output port; a second output port physically isolated from the first output port; and a router coupled to the cryptographic module that receives the first and second processed packets on the second common datachannel, wherein; the router divides out the first processed packets from the second processed packets according to the first and second input label information, the router couples the first processed packets to the first output port without including the second processed packets, and the router couples the second processed packets to the second output port without including the first processed packets. - View Dependent Claims (8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A method for cryptographically processing information in a high-assurance manner, the method comprising steps of:
-
receiving a first packet on a first input port; after receiving the first packet, labeling the first packet using a first input labeler to produce a labeled first packet; checking that labeling the first packet step was performed; transporting the labeled first packet to a combiner; receiving a second packet on a second input port; after receiving the second packet, labeling the second packet using a second input labeler different from the first input labeler to produce a labeled second packet; checking that labeling the second packet step was performed; transporting the labeled second packet to the combiner; transporting the labeled first packet and the labeled second packet from the combiner to a cryptographic module on a first common datachannel; processing the labeled first packet and the labeled second packet with the cryptographic module to produce a processed first packet and a processed second packet; transporting the processed first packet and the processed second packet from the cryptographic module to a divider on a second common datachannel; separating the processed first packet from the processed second packet at the divider; checking labeling on the processed first packet to confirm that the processed first packet is intended for a first output port; coupling information from the processed first packet to the first output port; checking labeling on the processed second packet to confirm that the processed second packet is intended for a second output port; and coupling information from the processed second packet to the second output port. - View Dependent Claims (17, 18, 19, 20, 21, 22)
-
Specification