Trusted, cross domain information sharing between multiple legacy and IP based devices

US 8,739,270 B1
Filed: 04/19/2011
Issued: 05/27/2014
Est. Priority Date: 01/28/2009
Status: Active Grant

First Claim

Patent Images

1. A method for a high-to-low security level exchange of information from a first host operating in a higher security domain using a legacy protocol to a second host operating in a lower security domain using internet protocol (IP), the method comprising:

transmitting, by the first host, data to a driver in a data guard;

establishing, by a second task group, a transmission control protocol (TCP) connection from the second task group to the second host through a second interface;

establishing, by a first task group, a user datagram protocol (UDP) connection from the first task group to the second task group;

transmitting the data, by a first interface, to the first task group;

storing, by the first task group, the data in a file system;

receiving, by a filter task group, a file name for the data;

filtering, by the filter task group, the data according to a rule set;

changing, by the filter task group, a security level of the data;

forwarding, by the filter task group, the file name to the second task group for forwarding the data to the second host; and

forwarding, by the second task group, the data to the second host,wherein the first task group and the second task group allow for processes of the first hostto be isolated from processes of the second host,wherein the second host operates in one of a secret domain and an unclassified domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The methods and systems of the present disclosure provide a high assurance means for multiple legacy communication (e.g., Mil-Std-1553 communications protocol) system users and/or devices and multiple IP based network users and/or devices to seamlessly, and in real time, share information across various security domains. Specifically, the system enables multiple legacy communication system protocols and interfaces to communicate with existing IP interfaces and protocols with a high degree of trust. The system includes a configurable filtering capability to allow for the data to be inspected prior to being passed from one security domain to another security domain.

Citations

17 Claims

1. A method for a high-to-low security level exchange of information from a first host operating in a higher security domain using a legacy protocol to a second host operating in a lower security domain using internet protocol (IP), the method comprising:
- transmitting, by the first host, data to a driver in a data guard;
  
  establishing, by a second task group, a transmission control protocol (TCP) connection from the second task group to the second host through a second interface;
  
  establishing, by a first task group, a user datagram protocol (UDP) connection from the first task group to the second task group;
  
  transmitting the data, by a first interface, to the first task group;
  
  storing, by the first task group, the data in a file system;
  
  receiving, by a filter task group, a file name for the data;
  
  filtering, by the filter task group, the data according to a rule set;
  
  changing, by the filter task group, a security level of the data;
  
  forwarding, by the filter task group, the file name to the second task group for forwarding the data to the second host; and
  
  forwarding, by the second task group, the data to the second host,wherein the first task group and the second task group allow for processes of the first hostto be isolated from processes of the second host,wherein the second host operates in one of a secret domain and an unclassified domain.
- View Dependent Claims (2, 3, 4, 5)
- - 2. The method of claim 1, wherein the first host employs the Mil-Std-1553 communications protocol.
  - 3. The method of claim 1, wherein the driver operates as a remote terminal.
  - 4. The method of claim 1, wherein the first host operates in one of a top secret domain and a secret domain.
  - 5. The method of claim 1, wherein the data guard includes the driver, the first interface, the second interface, the first task group, the second task group, and the filter task group.

6. A method for a high-to-low security level exchange of information from a first host operating in a higher security domain using a legacy protocol to a second host operating in a lower security domain using the legacy protocol, the method comprising:
- transmitting, by the first host, data to a driver in a data guard;
  
  discarding, by the driver, a first command word of the data;
  
  storing, by the driver, the data as a user datagram protocol (UDP) packet;
  
  writing, by a first interface, the UDP packet to a file;
  
  forwarding, by the first interface, a file name of the file to a network interface;
  
  forwarding, by the network interface, the file name to a second interface;
  
  binding, by a filter task group, with the network interface to receive all subsequent UDP packet file names;
  
  filtering, by the filter task group, the UDP packet according to a rule set;
  
  forwarding, by the filter task group, a file name of the filtered UDP packet to the second interface for forwarding to the second host; and
  
  forwarding, by the second interface, the UDP packet to the second host,wherein the second host operates in one of a secret domain and an unclassified domain.
- View Dependent Claims (7, 8, 9, 10)
- - 7. The method of claim 6, wherein the first host and the second host employ the Mil-Std-1553 communications protocol.
  - 8. The method of claim 6, wherein the driver operates as a remote terminal.
  - 9. The method of claim 6, wherein the first host operates in one of a top secret domain and a secret domain.
  - 10. The method of claim 6, wherein the data guard includes the driver, the first interface, the second interface, the network interface, and the filter task group.

11. A method for a low-to-high security level exchange of information from a first host operating in a lower security domain using internet protocol (IP) to a second host operating in a higher security domain using a legacy protocol, the method comprising:
- establishing, by a second task group, a user datagram protocol (UDP) connection with an interface and a first driver;
  
  informing, by the first driver, the second host that the first driver has data for the second host;
  
  sending, by the second task group, a message to a first task group;
  
  establishing, by the first task group, a transmission control protocol (TCP) connection with the interface and the first host;
  
  transmitting, by the first host, data to the first driver;
  
  storing, by the first task group, the data in a file system;
  
  sending, by the first task group, a file name of the data to the second task group;
  
  forwarding, by the second task group, the data to a second driver; and
  
  forwarding, by the second driver, the data to the second host,wherein the first task group and the second task group allow for processes of the first host to be isolated from processes of the second host,wherein the second host operates in one of a top secret domain and a secret domain.
- View Dependent Claims (12, 13, 14, 15, 16, 17)
- - 12. The method of claim 11, wherein the second host employs the Mil-Std-1553 communications protocol.
  - 13. The method of claim 11, wherein the first driver operates as a remote terminal.
  - 14. The method of claim 11, wherein the second driver operates as a remote terminal.
  - 15. The method of claim 11, wherein the second driver operates as a bus controller.
  - 16. The method of claim 11, wherein the first host operates in a secret domain.
  - 17. The method of claim 11, wherein the first host operates in an unclassified domain.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Arnold, Steven L.
Primary Examiner(s)
Rahman, Mahfuzur

Application Number

US13/090,167
Time in Patent Office

1,134 Days
Field of Search

726/13
US Class Current

726/13
CPC Class Codes

H04L 63/105 Multiple levels of security

H04L 63/30 for supporting lawful inter...

Trusted, cross domain information sharing between multiple legacy and IP based devices

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Trusted, cross domain information sharing between multiple legacy and IP based devices

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links