Systems, methods, and computer medium to securely transfer business transactional data between networks having different levels of network protection using barcode technology with data diode network security appliance

US 9,210,179 B2
Filed: 07/21/2014
Issued: 12/08/2015
Est. Priority Date: 03/17/2014
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method to transfer data between two or more networks configured to have different levels of network protection, the method comprising:

decoding one or more barcodes indicative of contents of transactional data associated with and positioned within a first network to thereby define one or more data barcodes, responsive to receipt of a scan of a display of a first computer in communication with and positioned within the first network, by use of one or more barcode scanning devices in communication with a second computer positioned remote from the first computer and in communication with and positioned within a second network, to produce contents of the transactional data represented by the one or more data barcodes, the second network configured to have a different level of network security protection than the first network and configured to allow only one-way secure communication from the second network to the first network by use of a data diode unit;

transmitting decoded contents of the transactional data from the second network to the first network through the data diode unit to thereby securely communicate decoded contents of the transactional data in one-way communication from temporary storage associated with the second network to the first network for comparison to contents of the transactional data positioned within the first network;

decoding one or more different barcodes indicative of contents of one or more verification files to thereby define one or more verification barcodes, responsive to receipt of a scan of the display of the first computer by use of the one or more barcode scanning devices, to produce contents of the one or more verification files represented by the one or more verification barcodes, the one or more verification files configured to indicate success of transmission of contents of the transactional data from the first network to the second network; and

storing decoded contents of the transactional data in more permanent storage associated with the second network responsive to an indication from decoded contents of the one or more verification files of successful transmission of contents of the transactional data from the first network to the second network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of computer-implemented methods, systems, and non-transitory computer-readable medium having one or more computer programs stored therein are provided to transfer contents of transactional data between two or more networks configured to have different levels of network protection using barcode technology with a data diode network security appliance. Generated data barcodes can be decoded to produce contents of transactional data to be transmitted between two or more networks configured to have different levels of network security protection, and decoded contents of the transactional data can then be securely communicated back to the sender for comparison by use of a data diode unit. Generated verification barcodes can then be decoded to produce verification data. Verification data can confirm success of the transmission of contents of the transactional data encoded in the data barcodes. Decoded contents of the transactional data can then be stored responsive to an indication of successful transmission.

15 Citations

View as Search Results

24 Claims

1. A computer-implemented method to transfer data between two or more networks configured to have different levels of network protection, the method comprising:
- decoding one or more barcodes indicative of contents of transactional data associated with and positioned within a first network to thereby define one or more data barcodes, responsive to receipt of a scan of a display of a first computer in communication with and positioned within the first network, by use of one or more barcode scanning devices in communication with a second computer positioned remote from the first computer and in communication with and positioned within a second network, to produce contents of the transactional data represented by the one or more data barcodes, the second network configured to have a different level of network security protection than the first network and configured to allow only one-way secure communication from the second network to the first network by use of a data diode unit;
  
  transmitting decoded contents of the transactional data from the second network to the first network through the data diode unit to thereby securely communicate decoded contents of the transactional data in one-way communication from temporary storage associated with the second network to the first network for comparison to contents of the transactional data positioned within the first network;
  
  decoding one or more different barcodes indicative of contents of one or more verification files to thereby define one or more verification barcodes, responsive to receipt of a scan of the display of the first computer by use of the one or more barcode scanning devices, to produce contents of the one or more verification files represented by the one or more verification barcodes, the one or more verification files configured to indicate success of transmission of contents of the transactional data from the first network to the second network; and
  
  storing decoded contents of the transactional data in more permanent storage associated with the second network responsive to an indication from decoded contents of the one or more verification files of successful transmission of contents of the transactional data from the first network to the second network.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. A computer-implemented method of claim 1, wherein the method further comprises:
    - displaying one or more representations of contents of the transactional data on the display of the first computer when the one or more data barcodes are generated on the display of the first computer,transferring decoded contents of the transactional data to the temporary storage associated with the second network after decoding the one or more data barcodes to thereby store decoded contents of the transactional data in one or more validation files, contents of the one or more validation files configured to include decoded contents of the transactional data,displaying one or more representations of contents of the one or more validation files on the display of the second computer after decoding the one or more data barcodes, anddisplaying one or more representations of contents of the one or more verification files on the display of the first computer when the one or more verification barcodes are generated on the display of the first computer, andwherein each of the one or more representations of contents of the respective transactional data, one or more validation files, and one or more verification files is configured to include one or more of text and numbers.
  - 3. A computer-implemented method of claim 1, wherein the data diode unit includes a first card configured to receive data to thereby define a receive card, the receive card configured to be in communication with the first computer, wherein the data diode unit further includes a second card configured to transmit data to thereby define a send card, the send card configured to be in communication with the second computer, and wherein transmitting decoded contents of the transactional data from the second network to the first network through the data diode unit includes transmitting decoded contents of the transactional data from the send card to the receive card through an optical link.
  - 4. A computer-implemented method of claim 1, wherein the method further comprises generating the one or more data barcodes on the display of the first computer, generating the one or more verification barcodes on the display of the first computer responsive to a comparison of the securely communicated decoded contents of the transactional data and contents of the transactional data positioned in the first network, and discarding decoded contents of the transactional data in the temporary storage associated with the second network responsive to an indication from decoded contents of the one or more verification files of unsuccessful transmission of contents of the transactional data to the second network.
  - 5. A computer-implemented method of claim 4, wherein the one or more data barcodes are configured to encode contents of the transactional data and the one or more verification barcodes are configured to encode contents of the one or more verification files.
  - 6. A computer-implemented method of claim 1, wherein the first network comprises a high-security network and the second network comprises a low-security network.
  - 7. A computer-implemented method of claim 1, wherein the first network comprises a low-security network and the second network comprises a high-security network.
  - 8. A computer-implemented method of claim 1, wherein decoding the one or more data barcodes includes disregarding error-correction capabilities of the one or more data barcodes;
    - wherein the one or more data barcodes and the one or more verification barcodes include one or more of the following;
      
      two-dimensional matrix codes, QR Codes, Aztec Codes, and PDF417 codes; and
      
      wherein a barcode scanning device includes one or more of the following;
      
      a barcode reading device, a QR Code reading device, a field-of-view barcode reading device, and a camera.

9. A system to transfer data between two or more networks configured to have different levels of network protection, the system comprising:
- a first computer in communication with and positioned within a first network, the first computer including one or more processors and one or more displays in communication with the one or more processors;
  
  a data diode unit in communication with one or more processors of a second computer and positioned to transmit data from the second computer to the first network; and
  
  the second computer positioned remote from the first computer and in communication with and positioned within a second network, the second network configured to have temporary storage and separate more permanent storage associated therewith, the second network further configured to have a different level of network security protection than the first network and to allow only one-way secure communication from the second network to the first network through the data diode unit, the second computer including;
  
  one or more processors,one or more input and output units in communication with the one or more processors of the second computer,one or more barcode scanning devices in communication with the one or more processors of the second computer, andnon-transitory memory medium in communication with the one or more processors of the second computer, the memory medium including computer-readable instructions stored therein that when executed cause the second computer to perform the steps of;
  
  decoding one or more barcodes indicative of contents of transactional data associated with and positioned within the first network to thereby define one or more data barcodes, responsive to receipt of a scan of one or more of the one or more displays of the first computer by use of the one or more barcode scanning devices, to produce contents of the transactional data represented by the one or more data barcodes,transmitting decoded contents of the transactional data from the second network to the first network through the data diode unit to thereby securely communicate decoded contents of the transactional data in one-way communication from the temporary storage associated with the second network to the first network for comparison to contents of the transactional data positioned within the first network,decoding one or more different barcodes indicative of contents of one or more verification files to thereby define one or more verification barcodes, responsive to receipt of a scan of one or more of the one or more displays of the first computer by use of the one or more barcode scanning devices, to produce contents of the one or more verification files represented by the one or more verification barcodes, the one or more verification files configured to indicate success of transmission of contents of the transactional data from the first network to the second network, andstoring decoded contents of the transactional data in the more permanent storage associated with the second network, responsive to an indication from decoded contents of the one or more verification files of successful transmission of contents of the transactional data from the first network to the second network.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. A system of claim 9, wherein one or more representations of contents of the transactional data are displayed on one or more of the one or more displays of the first computer when the one or more data barcodes are displayed on one or more of the one or more displays of the first computer, wherein one or more representations of contents of the one or more verification files are displayed on one or more of the one or more displays of the first computer when the one or more verification barcodes are displayed on one or more of the one or more displays of the first computer, wherein the memory medium further includes computer-readable instructions stored therein that when executed cause the second computer to perform the steps of, after decoding the one or more data barcodes, transferring decoded contents of the transactional data to the temporary storage associated with the second network to thereby store decoded contents of the transactional data in one or more validation files and further displaying one or more representations of contents of the one or more validation files on one or more of the one or more displays of the second computer, contents of the one or more validation files configured to include decoded contents of the transactional data, and wherein each of the one or more representations of contents of the respective transactional data, one or more validation files, and one or more verification files is configured to include one or more of text and numbers.
  - 11. A system of claim 9, wherein the one or more barcode scanning devices are positioned to enable scanning of the one or more displays of the first computer, wherein the data diode unit includes a first card configured to receive data to thereby define a receive card, the receive card configured to be in communication with the one or more processors of the first computer, wherein the data diode unit further includes a second card configured to transmit data to thereby define a send card, the send card configured to be in communication with the one or more processors of the second computer, and wherein transmitting decoded contents of the transactional data from the second network to the first network through the data diode unit includes transmitting decoded contents of the transactional data from the send card to the receive card through an optical link.
  - 12. A system of claim 9, wherein the memory medium further includes computer-readable instructions stored therein that when executed cause the second computer to perform the step of discarding decoded contents of the transactional data in the temporary storage associated with the second network, responsive to an indication from decoded contents of the one or more verification files of unsuccessful transmission of contents of the transactional data to the second network, and wherein the first computer further includes one or more input and output units in communication with the one or more processors of the first computer and non-transitory memory medium in communication with the one or more processors of the first computer, the memory medium of the first computer including computer-readable instructions stored therein that when executed cause the first computer to perform the steps of:
    - generating the one or more data barcodes on one or more of the one or more displays of the first computer, andgenerating, responsive to a comparison of contents of the transactional data and the securely communicated decoded contents of the transactional data, the one or more verification barcodes on one or more of the one or more displays of the first computer.
  - 13. A system of claim 12, wherein the one or more data barcodes are configured to encode contents of the transactional data, and wherein the one or more verification barcodes are configured to encode contents of the one or more verification files.
  - 14. A system of claim 9, wherein the first network comprises a high-security network and the second network comprises a low-security network.
  - 15. A system of claim 9, wherein the first network comprises a low-security network and the second network comprises a high-security network.
  - 16. A system of claim 9, wherein decoding the one or more data barcodes includes disregarding error-correction capabilities of the one or more data barcodes;
    - wherein the one or more data barcodes and the one or more verification barcodes include one or more of the following;
      
      two-dimensional matrix codes, QR Codes, Aztec Codes, and PDF417 codes; and
      
      wherein a barcode scanning device includes one or more of the following;
      
      a barcode reading device, a QR Code reading device, a field-of-view barcode reading device, and a camera.

17. Non-transitory computer-readable medium having one or more computer programs stored therein operable by one or more processors to transfer data between two or more networks configured to have different levels of network protection, the one or more computer programs comprising a set of instructions that, when executed by the one or more processors, cause the one or more processors to perform the operations of:
- decoding one or more barcodes indicative of contents of transactional data associated with and positioned within a first network to thereby define one or more data barcodes, responsive to receipt of a scan of a display of a first computer in communication with and positioned within the first network, by use of one or more barcode scanning devices in communication with a second computer positioned remote from the first computer and in communication with and positioned within a second network, to produce contents of the transactional data represented by the one or more data barcodes, the second network configured to have a different level of network security protection than the first network and configured to allow only one-way secure communication from the second network to the first network by use of a data diode unit;
  
  transmitting decoded contents of the transactional data from the second network to the first network through the data diode unit to thereby securely communicate decoded contents of the transactional data in one-way communication from temporary storage associated with the second network to the first network for comparison to contents of the transactional data positioned within the first network;
  
  decoding one or more different barcodes indicative of contents of one or more verification files to thereby define one or more verification barcodes, responsive to receipt of a scan of the display of the first computer by use of the one or more barcode scanning devices, to produce contents of the one or more verification files represented by the one or more verification barcodes, the one or more verification files configured to indicate success of transmission of contents of the transactional data from the first network to the second network; and
  
  storing decoded contents of the transactional data in more permanent storage associated with the second network responsive to an indication from decoded contents of the one or more verification files of successful transmission of contents of the transactional data from the first network to the second network.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. Non-transitory computer-readable medium having one or more computer programs stored therein of claim 17, wherein the set of instructions, when executed by the one or more processors, further cause the one or more processors to perform the operations of:
    - displaying one or more representations of contents of the transactional data on the display of the first computer when the one or more data barcodes are generated on the display of the first computer,transferring decoded contents of the transactional data to the temporary storage associated with the second network after decoding the one or more data barcodes to thereby store decoded contents of the transactional data in one or more validation files, contents of the one or more validation files configured to include decoded contents of the transactional data,displaying one or more representations of contents of the one or more validation files on the display of the second computer after decoding the one or more data barcodes, anddisplaying one or more representations of contents of the one or more verification files on the display of the first computer when the one or more verification barcodes are generated on the display of the first computer, andwherein each of the one or more representations of contents of the respective transactional data, one or more validation files, and one or more verification files is configured to include one or more of text and numbers.
  - 19. Non-transitory computer-readable medium having one or more computer programs stored therein of claim 17, wherein the data diode unit includes a first card configured to receive data to thereby define a receive card, the receive card configured to be in communication with the first computer, wherein the data diode unit further includes a second card configured to transmit data to thereby define a send card, the send card configured to be in communication with the second computer, and wherein transmitting decoded contents of the transactional data from the second network to the first network through the data diode unit includes transmitting decoded contents of the transactional data from the send card to the receive card through an optical link.
  - 20. Non-transitory computer-readable medium having one or more computer programs stored therein of claim 17, wherein the set of instructions, when executed by the one or more processors, further cause the one or more processors to perform the operations of:
    - generating the one or more data barcodes on the display of the first computer;
      
      generating the one or more verification barcodes on the display of the first computer, responsive to a comparison of the securely communicated decoded contents of the transactional data and contents of the transactional data; and
      
      discarding decoded contents of the transactional data, responsive to an indication from decoded contents of the one or more verification files of unsuccessful transmission of contents of the transactional data to the second network.
  - 21. Non-transitory computer-readable medium having one or more computer programs stored therein of claim 20, wherein the one or more data barcodes are configured to encode contents of the transactional data, and wherein the one or more verification barcodes are configured to encode contents of the one or more verification files.
  - 22. Non-transitory computer-readable medium having one or more computer programs stored therein of claim 17, wherein the first network comprises a high-security network and the second network comprises a low-security network.
  - 23. Non-transitory computer-readable medium having one or more computer programs stored therein of claim 17, wherein the first network comprises a low-security network and the second network comprises a high-security network.
  - 24. Non-transitory computer-readable medium having one or more computer programs stored therein of claim 17, wherein decoding one or more data barcodes includes disregarding error-correction capabilities of the one or more data barcodes;
    - wherein the one or more data barcodes and the one or more verification barcodes include one or more of the following;
      
      two-dimensional matrix codes, QR Codes, Aztec Codes, and PDF417 codes; and
      
      wherein a barcode scanning device includes one or more of the following;
      
      a barcode reading device, a QR Code reading device, a field-of-view barcode reading device, and a camera.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Saudi Arabian Oil Company (Government of Saudi Arabia)
Original Assignee
Saudi Arabian Oil Company (Government of Saudi Arabia)
Inventors
Mevec, Paul Francis, Marhoon, Ibrahim A.
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US14/336,154
Publication Number

US 20150264056A1
Time in Patent Office

505 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/1448   Management of the data invo...

G06F 16/9554   by using bar codes

G06F 21/60   Protecting data

G06F 21/604   Tools and structures for ma...

G06F 21/606   by securing the transmissio...

G06F 21/6218   to a system of files or obj...

G06F 2201/84   Using snapshots, i.e. a log...

H04L 63/0227   Filtering policies mail mes...

H04L 63/04   for providing a confidentia...

H04L 63/105   Multiple levels of security

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 63/18   using different networks or...

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

H04L 67/1097   for distributed storage of ...

Systems, methods, and computer medium to securely transfer business transactional data between networks having different levels of network protection using barcode technology with data diode network security appliance

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

15 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Systems, methods, and computer medium to securely transfer business transactional data between networks having different levels of network protection using barcode technology with data diode network security appliance

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

15 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links