Secure acknowledgment device for one-way data transfer system

US 8,732,453 B2
Filed: 07/14/2011
Issued: 05/20/2014
Est. Priority Date: 07/19/2010
Status: Active Grant

First Claim

Patent Images

1. An acknowledgement apparatus, comprising:

an inlet interface for receiving a message from a first node;

a first hash number calculator for hashing the message from the inlet interface;

an outlet interface;

a first one-way data link for unidirectional transfer from the inlet interface to the first hash number calculator; and

a second one-way data link for unidirectional transfer from the first hash number calculator to the outlet interface;

wherein the outlet interface is coupled to a second node and comprises;

a second hash calculator for hashing a second message corresponding to the first message received from the second node; and

a comparison engine having a first input coupled to the second one way link to receive the hashed message from the first hash number calculator, a second input coupled to the second hash calculator to receive the hashed second message and an output coupled to the second node, the comparison engine configured to compare the hashed message and the hashed second message and to forward the results of the comparison on the output.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus for relaying a hashed message from a first node to a second node, comprising an inlet interface for receiving a message from the first node, a hash number calculator for hashing the message from the inlet interface, an outlet interface for sending the hashed message to the second node, a first one-way data link for unidirectional transfer from the inlet interface to the hash number calculator, and a second one-way data link for unidirectional transfer from the hash number calculator to the outlet interface, is provided. The apparatus provides a secure mechanism and communication channel for relaying hashed acknowledgment messages from a receive node to a send node to inform the status of data transfer from the send node to the receive node across a one-way data link. The apparatus may be further implemented with the capability of comparing hashed messages from the two nodes.

Citations

50 Claims

1. An acknowledgement apparatus, comprising:
- an inlet interface for receiving a message from a first node;
  
  a first hash number calculator for hashing the message from the inlet interface;
  
  an outlet interface;
  
  a first one-way data link for unidirectional transfer from the inlet interface to the first hash number calculator; and
  
  a second one-way data link for unidirectional transfer from the first hash number calculator to the outlet interface;
  
  wherein the outlet interface is coupled to a second node and comprises;
  
  a second hash calculator for hashing a second message corresponding to the first message received from the second node; and
  
  a comparison engine having a first input coupled to the second one way link to receive the hashed message from the first hash number calculator, a second input coupled to the second hash calculator to receive the hashed second message and an output coupled to the second node, the comparison engine configured to compare the hashed message and the hashed second message and to forward the results of the comparison on the output.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The apparatus of claim 1, wherein:
    - the first node is a receive node;
      
      the second node is a send node; and
      
      the message comprises an acknowledgment message relating to receipt of data from the send node by the receive node via a third one-way data link.
  - 3. The apparatus of claim 1, wherein the message has a fixed length.
  - 4. The apparatus of claim 1, wherein the inlet interface comprises an interface for unidirectional communication from the first node.
  - 5. The apparatus of claim 1, wherein the inlet interface comprises an interface for bidirectional communication with the first node.
  - 6. The apparatus of claim 1, wherein the outlet interface comprises an interface for bidirectional communication with the second node.
  - 7. The apparatus of claim 1, wherein the inlet interface comprises a USB interface.
  - 8. The apparatus of claim 1, wherein the outlet interface comprises a USB interface.
  - 9. The apparatus of claim 1, wherein the first and second hash number calculators use MD5 for hashing the message.
  - 10. The apparatus of claim 1, wherein the first and second hash number calculators use SHA for hashing the message.
  - 11. The apparatus of claim 1, wherein the message is a hashed response from the first node.

12. A data transfer system comprising:
- a send node;
  
  a receive node;
  
  a first one-way data link for unidirectional transfer from the send node to the receive node; and
  
  a secure acknowledgment device,wherein the secure acknowledgment device comprises;
  
  an inlet interface for receiving from the receive node an acknowledgment message relating to receipt of data from the send node by the receive node via the first one-way data link;
  
  a first hash number calculator for hashing the acknowledgment message from the inlet interface;
  
  an outlet interface;
  
  a second one-way data link for unidirectional transfer from the inlet interface to the hash number calculator; and
  
  a third one-way data link for unidirectional transfer from the hash number calculator to the outlet interface;
  
  wherein the outlet interface is coupled to the send node and comprises;
  
  a second hash calculator for hashing a second message corresponding to the first message, the second message received from the send node; and
  
  a comparison engine having a first input coupled to the third one way link to receive the hashed message from the first hash number calculator, a second input coupled to the second hash calculator to receive the hashed second message and an output coupled to the send node, the comparison engine configured to compare the hashed message and the hashed second message and to forward the results of the comparison on the output.
- View Dependent Claims (13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 13. The system of claim 12, wherein the acknowledgment message has a fixed length.
  - 14. The system of claim 12, wherein the inlet interface comprises an interface for unidirectional communication from the receive node.
  - 15. The system of claim 12, wherein the inlet interface comprises an interface for bidirectional communication with the receive node.
  - 16. The system of claim 12, wherein the outlet interface comprises an interface for bidirectional communication with the send node.
  - 17. The system of claim 12, wherein the inlet interface comprises a USB interface.
  - 18. The system of claim 12, wherein the outlet interface comprises a USB interface.
  - 19. The system of claim 12, wherein the first and second hash number calculators use MD5 for hashing the acknowledgment message.
  - 20. The system of claim 12, wherein the first hash number calculators use SHA for hashing the acknowledgment message.
  - 21. The system of claim 12, wherein the acknowledgment message comprises a hashed response from the receive node.
  - 22. The system of claim 12, wherein at least one of the first one-way data link, the second one-way data link and the third one-way data link is implemented in hardware.
  - 23. The system of claim 22, wherein the at least one of the first one-way data link, the second one-way data link and the third one-way data link comprises an optical fiber.
  - 24. The system of claim 12, wherein at least one of the first one-way data link, the second one-way data link and the third one-way data link is implemented in software.
  - 25. The system of claim 24, wherein the at least one of the first one-way data link, the second one-way data link and the third one-way data link comprises a specially configured IP architecture using firewalls.

26. A data transfer system comprising:
- a send server communicatively coupled to a data source platform;
  
  a receive server communicatively coupled to a data destination platform;
  
  a first one-way data link for unidirectional transfer from the send server to the receive server; and
  
  a secure acknowledgment device,wherein the secure acknowledgment device comprises;
  
  an inlet interface for receiving from the data destination platform an acknowledgment message relating to receipt of data from the send server by the receive server via the first one-way data link;
  
  a first hash number calculator for hashing the acknowledgment message from the inlet interface;
  
  an outlet interface;
  
  a second one-way data link for unidirectional transfer from the inlet interface to the hash number calculator; and
  
  a third one-way data link for unidirectional transfer from the hash number calculator to the outlet interface,wherein the outlet interface is coupled to the send node server and comprises;
  
  a second hash calculator for hashing a second message corresponding to the first message, the second message received from the send server; and
  
  a comparison engine having a first input coupled to the third one way link to receive the hashed message from the first hash number calculator, a second input coupled to the second hash calculator to receive the hashed second message and an output coupled to the send server, the comparison engine configured to compare the hashed message and the hashed second message and to forward the results of the comparison on the output.
- View Dependent Claims (27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41)
- - 27. The system of claim 26, wherein the acknowledgment message has a fixed length.
  - 28. The system of claim 26, wherein the inlet interface comprises an interface for unidirectional communication from the data destination platform.
  - 29. The system of claim 26, wherein the inlet interface comprises an interface for bidirectional communication with the data destination platform.
  - 30. The system of claim 26, wherein the outlet interface comprises an interface for bidirectional communication with the data source platform.
  - 31. The system of claim 26, wherein the inlet interface comprises a USB interface.
  - 32. The system of claim 26, wherein the outlet interface comprises a USB interface.
  - 33. The system of claim 26, wherein the first and second hash number calculators use MD5 for hashing the acknowledgment message.
  - 34. The system of claim 26, wherein the first and second hash number calculators use SHA for hashing the acknowledgment message.
  - 35. The system of claim 26, wherein the acknowledgment message comprises a hashed response from the data destination platform.
  - 36. The system of claim 26, wherein the send server and the data source platform reside in a single node.
  - 37. The system of claim 26, wherein the receive server and the data destination platform reside in a single node.
  - 38. The system of claim 26, wherein at least one of the first one-way data link, the second one-way data link and the third one-way data link is implemented in hardware.
  - 39. The system of claim 38, wherein the at least one of the first one-way data link, the second one-way data link and the third one-way data link comprises an optical fiber.
  - 40. The system of claim 26, wherein at least one of the first one-way data link, the second one-way data link and the third one-way data link is implemented in software.
  - 41. The system of claim 40, wherein the at least one of the first one-way data link, the second one-way data link and the third one-way data link comprises a specially configured IP architecture using firewalls.

42. An apparatus for comparing hashed messages, comprising:
- an inlet interface for receiving a message from a first node;
  
  a first hash number calculator for hashing the message from the inlet interface;
  
  an outlet interface for receiving the hashed message from the first hash number calculator and communicating with a second node;
  
  a first one-way data link for unidirectional transfer from the inlet interface to the first hash number calculator; and
  
  a second one-way data link for unidirectional transfer from the first hash number calculator to the outlet interface,wherein the outlet interface comprises;
  
  a second hash number calculator for hashing an expected message from the second node; and
  
  a comparator for comparing the hashed message from the first hash number calculator with the hashed expected message from the second hash number calculator, and for forwarding the results of the comparison to the second node.
- View Dependent Claims (43, 44, 45, 46, 47, 48, 49, 50)
- - 43. The apparatus of claim 42, wherein:
    - the first node is a receive node;
      
      the second node is a send node; and
      
      the message comprises an acknowledgment message relating to receipt of data from the send node by the receive node via a third one-way data link.
  - 44. The apparatus of claim 42, wherein the message has a fixed length.
  - 45. The apparatus of claim 42, wherein the inlet interface comprises an interface for unidirectional communication from the first node.
  - 46. The apparatus of claim 42, wherein the inlet interface comprises an interface for bidirectional communication with the first node.
  - 47. The apparatus of claim 42, wherein the inlet interface comprises a USB interface.
  - 48. The apparatus of claim 42, wherein the outlet interface comprises a USB interface.
  - 49. The apparatus of claim 42, wherein the first and second hash number calculators use MD5 for hashing the message and the expected message, respectively.
  - 50. The apparatus of claim 42, wherein the first and second hash number calculators use SHA for hashing the message and the expected message, respectively.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
OWL Cyber Defense Solutions LLC
Original Assignee
Owl Computing Technologies, Inc.
Inventors
Mraz, Ronald, Hope, James, Menoher, Jeffrey
Primary Examiner(s)
Nalven, Andrew
Assistant Examiner(s)
DO, KHANG D

Application Number

US13/183,208
Publication Number

US 20120017079A1
Time in Patent Office

1,041 Days
Field of Search

713150-181, 709204-207, 370254-257
US Class Current

713/153
CPC Class Codes

H04L 2209/34 Encoding or coding, e.g. Hu...

H04L 9/3236 using cryptographic hash fu...

Secure acknowledgment device for one-way data transfer system

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

Citations

50 Claims

Specification

Solutions

Use Cases

Quick Links

Secure acknowledgment device for one-way data transfer system

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

50 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links