Systems, methods, and computer medium to securely transfer large volumes of data between physically isolated networks having different levels of network protection

US 9,223,991 B2
Filed: 07/21/2014
Issued: 12/29/2015
Est. Priority Date: 03/17/2014
Status: Expired due to Fees

First Claim

Patent Images

1. A computer-implemented method to transfer data between two or more networks configured to have different levels of network protection, the method comprising:

decoding a first set of one or more barcodes indicative of contents of a plurality of transactional database records associated with and positioned within a first network to thereby define one or more data barcodes, responsive to receipt of a scan of a display of a first computer in communication with and positioned within the first network, by use of one or more barcode scanning devices in communication with a second computer positioned remote from the first computer and in communication with and positioned within a second network, to produce contents of the plurality of transactional database records represented by the one or more data barcodes, the second network configured to have a different level of network security protection than the first network and configured to allow only one-way secure communication from the second network to the first network;

decoding a second set of one or more different barcodes indicative of contents of one or more validation files to thereby define one or more validation barcodes, responsive to receipt of a scan of a display of the second computer, by use of a different one or more barcode scanning devices in communication with the first computer, to produce contents of the one or more validation files represented by the one or more validation barcodes, the one or more validation barcodes configured to encode contents of the one or more validation files, the one or more validation files configured to include decoded contents of the plurality of transactional database records, to thereby securely communicate decoded contents of the plurality of transactional database records in one-way communication from temporary storage associated with the second network to the first network for comparison to contents of the plurality of transactional database records associated with the first network;

decoding a third set of one or more different barcodes indicative of contents of one or more verification files to thereby define one or more verification barcodes, responsive to receipt of a scan of the display of the first computer by use of the one or more barcode scanning devices in communication with the second computer, to produce contents of the one or more verification files represented by the one or more verification barcodes, the one or more verification barcodes configured to encode contents of the one or more verification files, the one or more verification files configured to indicate success of transmission of contents of the plurality of transactional database records from the first network to the second network; and

storing decoded contents of the plurality of transactional database records in more permanent storage associated with the second network responsive to an indication from decoded contents of the one or more verification files of successful transmission of contents of the plurality of transactional database records associated with the first network to the second network.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments of computer-implemented methods, systems, and non-transitory computer-readable medium having one or more computer programs stored therein are provided to transfer contents of transactional database records associated with a data historian between two or more networks configured to have different levels of network protection. Generated data barcodes can be decoded to produce contents of transactional database records to be transmitted between two or more networks having different levels of network security protection. Decoded contents of the transactional database records can then be securely communicated back to the sender for comparison by generating validation barcodes to be decoded by the sender. Generated verification barcodes can then be decoded to produce verification data. Verification data can confirm success of the transmission of contents of transactional database records encoded in the data barcodes. Decoded contents of transactional database records can then be stored responsive to an indication of successful transmission.

11 Citations

View as Search Results

21 Claims

1. A computer-implemented method to transfer data between two or more networks configured to have different levels of network protection, the method comprising:
- decoding a first set of one or more barcodes indicative of contents of a plurality of transactional database records associated with and positioned within a first network to thereby define one or more data barcodes, responsive to receipt of a scan of a display of a first computer in communication with and positioned within the first network, by use of one or more barcode scanning devices in communication with a second computer positioned remote from the first computer and in communication with and positioned within a second network, to produce contents of the plurality of transactional database records represented by the one or more data barcodes, the second network configured to have a different level of network security protection than the first network and configured to allow only one-way secure communication from the second network to the first network;
  
  decoding a second set of one or more different barcodes indicative of contents of one or more validation files to thereby define one or more validation barcodes, responsive to receipt of a scan of a display of the second computer, by use of a different one or more barcode scanning devices in communication with the first computer, to produce contents of the one or more validation files represented by the one or more validation barcodes, the one or more validation barcodes configured to encode contents of the one or more validation files, the one or more validation files configured to include decoded contents of the plurality of transactional database records, to thereby securely communicate decoded contents of the plurality of transactional database records in one-way communication from temporary storage associated with the second network to the first network for comparison to contents of the plurality of transactional database records associated with the first network;
  
  decoding a third set of one or more different barcodes indicative of contents of one or more verification files to thereby define one or more verification barcodes, responsive to receipt of a scan of the display of the first computer by use of the one or more barcode scanning devices in communication with the second computer, to produce contents of the one or more verification files represented by the one or more verification barcodes, the one or more verification barcodes configured to encode contents of the one or more verification files, the one or more verification files configured to indicate success of transmission of contents of the plurality of transactional database records from the first network to the second network; and
  
  storing decoded contents of the plurality of transactional database records in more permanent storage associated with the second network responsive to an indication from decoded contents of the one or more verification files of successful transmission of contents of the plurality of transactional database records associated with the first network to the second network.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A computer-implemented method of claim 1, wherein the one or more barcode scanning devices in communication with the second computer are configured to scan a plurality of barcodes simultaneously, and wherein the one or more barcode scanning devices in communication with the first computer are configured to scan a plurality of barcodes simultaneously.
  - 3. A computer-implemented method of claim 2, wherein the plurality of transactional database records are associated with one or more data historians.
  - 4. A computer-implemented method of claim 1, wherein the method further comprises:
    - generating the one or more data barcodes on the display of the first computer;
      
      transferring decoded contents of the plurality of transactional database records to temporary storage associated with the second network after decoding the one or more data barcodes;
      
      generating the one or more validation barcodes on the display of the second computer;
      
      transferring decoded contents of the one or more validation files to temporary storage associated with the first network after decoding the one or more validation barcodes to thereby transfer decoded contents of the plurality of transactional database records to the first network for comparison to contents of the plurality of transactional database records;
      
      generating the one or more verification barcodes on the display of the first computer, responsive to a comparison of the securely communicated decoded contents of the plurality of transactional database records and contents of the plurality of transactional database records positioned in the first network; and
      
      discarding decoded contents of the plurality of transactional database records in temporary storage associated with the second network, responsive to an indication from decoded contents of the one or more verification files of unsuccessful transmission of contents of the plurality of transactional database records to the second network.
  - 5. A computer-implemented method of claim 1, wherein the first network is a high-security network and the second network is a low-security network.
  - 6. A computer-implemented method of claim 1, wherein the first network is a low-security network and the second network is a high-security network.
  - 7. A computer-implemented method of claim 1, wherein decoding the one or more data barcodes includes disregarding error-correction capabilities of the one or more data barcodes;
    - wherein the one or more data barcodes, the one or more validation barcodes, and the one or more verification barcodes include one or more of the following;
      
      two-dimensional matrix codes, QR Codes, Aztec Codes, and PDF417 codes; and
      
      wherein a barcode scanning device includes one or more of the following;
      
      a barcode reading device, a QR Code reading device, a field-of-view barcode reading device, and a camera.

8. A system to transfer data between two or more networks configured to have different levels of network protection, the system comprising:
- a first computer in communication with and positioned within a first network, the first computer including;
  
  one or more processors,one or more barcode scanning devices in communication with the one or more processors,one or more displays in communication with the one or more processors, andnon-transitory memory medium in communication with the one or more processors, the memory medium including computer-readable instructions stored therein that when executed cause the first computer to perform the step of;
  
  decoding a first set of one or more barcodes indicative of contents of one or more validation files to thereby define one or more validation barcodes, responsive to receipt of a scan of one or more of one or more displays of a second computer by use of the one or more barcode scanning devices of the first computer, to produce contents of the one or more validation files represented by the one or more validation barcodes, the one or more validation barcodes configured to encode contents of the one or more validation files; and
  
  the second computer, the second computer positioned remote from the first computer and in communication with and positioned within a second network, the second network configured to have temporary storage and separate more permanent storage associated therewith, the second network further configured to have a different level of network security protection than the first network and to allow only one-way secure communication from the second network to the first network, the second computer including;
  
  one or more processors,one or more input and output units in communication with the one or more processors of the second computer,one or more displays in communication the one or more processors of the second computer,another different one or more barcode scanning devices in communication with the one or more processors of the second computer, andnon-transitory memory medium in communication with the one or more processors of the second computer, the memory medium including computer-readable instructions stored therein that when executed cause the second computer to perform the steps of;
  
  decoding a second set of a different one or more barcodes indicative of contents of a plurality of transactional database records associated with and positioned within the first network to thereby define one or more data barcodes, responsive to receipt of a scan of one or more of the one or more displays of the first computer by use of the one or more barcode scanning devices of the second computer, to produce contents of the plurality of transactional database records represented by the one or more data barcodes,generating the one or more validation barcodes on one or more of the one or more displays of the second computer, the one or more validation files configured to include decoded contents of the plurality of transactional database records, to thereby securely communicate decoded contents of the plurality of transactional database records in one-way communication from the temporary storage associated with the second network to the first network for comparison to contents of the plurality of transactional database records associated with the first network,decoding a third set of one or more different barcodes indicative of contents of one or more verification files to thereby define one or more verification barcodes, responsive to receipt of a scan of one or more of the one or more displays of the first computer, by use of the one or more barcode scanning devices of the second computer, the one or more verification barcodes configured to encode contents of the one or more verification files, the one or more verification files configured to indicate success of transmission of contents of the plurality of transactional database records from the first network to the second network, andstoring decoded contents of the plurality of transactional database records in the more permanent storage associated with the second network responsive to an indication from decoded contents of the one or more verification files of successful transmission of contents of the plurality of transactional database records associated with the first network to the second network.
- View Dependent Claims (9, 10, 11, 12, 13, 14)
- - 9. A system of claim 8, wherein the one or more barcode scanning devices of the second computer are configured to scan a plurality of barcodes simultaneously, and wherein the one or more barcode scanning devices of the first computer are configured to scan a plurality of barcodes simultaneously.
  - 10. A system of claim 9, wherein the plurality of transactional database records are associated with one or more data historians.
  - 11. A system of claim 8, wherein the wherein the memory medium of the first computer further includes computer-readable instructions stored therein that when executed cause the first computer to perform the steps of:
    - generating the one or more data barcodes on one or more of the one or more displays of the first computer,transferring decoded contents of the one or more validation files to temporary storage associated with the first network after decoding the one or more validation barcodes to thereby transfer decoded contents of the plurality of transactional database records to the first network for comparison to contents of the plurality of transactional database records, andgenerating the one or more verification barcodes on one or more of the one or more displays of the first computer, responsive to a comparison of the securely communicated decoded contents of the plurality of transactional database records and contents of the plurality of transactional database records positioned in the first network; and
      
      wherein the memory medium of the second computer further includes computer-readable instructions stored therein that when executed cause the second computer to perform the steps of;
      
      transferring decoded contents of the plurality of transactional database records to temporary storage associated with the second network after decoding the one or more data barcodes,generating the one or more validation barcodes on one or more of the one or more displays of the second computer, anddiscarding decoded contents of the plurality of transactional database records in temporary storage associated with the second network, responsive to an indication from decoded contents of the one or more verification files of unsuccessful transmission of contents of the plurality of transactional database records to the second network.
  - 12. A system of claim 8, wherein the first network is a high-security network and the second network is a low-security network.
  - 13. A system of claim 8, wherein the first network is a low-security network and the second network is a high-security network.
  - 14. A system of claim 8, wherein decoding the one or more data barcodes includes disregarding error-correction capabilities of the one or more data barcodes;
    - wherein the one or more data barcodes, the one or more validation barcodes, and the one or more verification barcodes include one or more of the following;
      
      two-dimensional matrix codes, QR Codes, Aztec Codes, and PDF417 codes; and
      
      wherein a barcode scanning device includes one or more of the following;
      
      a barcode reading device, a QR Code reading device, a field-of-view barcode reading device, and a camera.

15. Non-transitory computer-readable medium having one or more computer programs stored therein operable by one or more processors to transfer data between two or more networks configured to have different levels of network protection, the one or more computer programs comprising a set of instructions that, when executed by the one or more processors, cause the one or more processors to perform the operations of:
- decoding a first set of one or more barcodes indicative of contents of a plurality of transactional database records associated with and positioned within a first network to thereby define one or more data barcodes, responsive to receipt of a scan of a display of a first computer in communication with and positioned within the first network, by use of one or more barcode scanning devices in communication with a second computer positioned remote from the first computer and in communication with and positioned within a second network, to produce contents of the plurality of transactional database records represented by the one or more data barcodes, the second network configured to have a different level of network security protection than the first network and to allow only one-way secure communication from the second network to the first network;
  
  decoding a second set of one or more different barcodes indicative of contents of one or more validation files to thereby define one or more validation barcodes, responsive to receipt of a scan of a display of the second computer, by use of a different one or more barcode scanning devices in communication with the first computer, to produce contents of the one or more validation files represented by the one or more validation barcodes, the one or more validation barcodes configured to encode contents of the one or more validation files, the one or more validation files configured to include decoded contents of the plurality of transactional database records, to thereby securely communicate decoded contents of the plurality of transactional database records in one-way communication from temporary storage associated with the second network to the first network for comparison to contents of the plurality of transactional database records associated with the first network;
  
  decoding a third set of one or more different barcodes indicative of contents of one or more verification files to thereby define one or more verification barcodes, responsive to receipt of a scan of the display of the first computer by use of the one or more barcode scanning devices in communication with the second computer, to produce contents of the one or more verification files represented by the one or more verification barcodes, the one or more verification barcodes configured to encode contents of the one or more verification files, the one or more verification files configured to indicate success of transmission of contents of the plurality of transactional database records from the first network to the second network; and
  
  storing decoded contents of the plurality of transactional database records in more permanent storage associated with the second network responsive to an indication from decoded contents of the one or more verification files of successful transmission of contents of the plurality of transactional database records associated with the first network to the second network.
- View Dependent Claims (16, 17, 18, 19, 20, 21)
- - 16. Non-transitory computer-readable medium having one or more computer programs stored therein of claim 15, wherein the one or more barcode scanning devices in communication with the second computer are configured to scan a plurality of barcodes simultaneously, and wherein the one or more barcode scanning devices in communication with the first computer are configured to scan a plurality of barcodes simultaneously.
  - 17. Non-transitory computer-readable medium having one or more computer programs stored therein of claim 16, wherein the plurality of transactional database records are associated with one or more data historians.
  - 18. Non-transitory computer-readable medium having one or more computer programs stored therein of claim 15, wherein the set of instructions, when executed by the one or more processors, further cause the one or more processors to perform the operations of:
    - generating the one or more data barcodes on the display of the first computer;
      
      transferring decoded contents of the plurality of transactional database records to temporary storage associated with the second network after decoding the one or more data barcodes;
      
      generating the one or more validation barcodes on the display of the second computer;
      
      transferring decoded contents of the one or more validation files to temporary storage associated with the first network after decoding the one or more validation barcodes to thereby transfer decoded contents of the plurality of transactional database records to the first network for comparison to contents of the plurality of transactional database records;
      
      generating the one or more verification barcodes on the display of the first computer, responsive to a comparison of the securely communicated decoded contents of the plurality of transactional database records and contents of the plurality of transactional database records positioned in the first network; and
      
      discarding decoded contents of the plurality of transactional database records in temporary storage associated with the second network, responsive to an indication from decoded contents of the one or more verification files of unsuccessful transmission of contents of the plurality of transactional database records to the second network.
  - 19. Non-transitory computer-readable medium having one or more computer programs stored therein of claim 15, wherein the first network is a high-security network and the second network is a low-security network.
  - 20. Non-transitory computer-readable medium having one or more computer programs stored therein of claim 15, wherein the first network is a low-security network and the second network is a high-security network.
  - 21. Non-transitory computer-readable medium having one or more computer programs stored therein of claim 15, wherein decoding the one or more data barcodes includes disregarding error-correction capabilities of the one or more data barcodes;
    - wherein the one or more data barcodes, the one or more validation barcodes, and the one or more verification barcodes include one or more of the following;
      
      two-dimensional matrix codes, QR Codes, Aztec Codes, and PDF417 codes; and
      
      wherein a barcode scanning device includes one or more of the following;
      
      a barcode reading device, a QR Code reading device, a field-of-view barcode reading device, and a camera.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Saudi Arabian Oil Company (Government of Saudi Arabia)
Original Assignee
Saudi Arabian Oil Company (Government of Saudi Arabia)
Inventors
Mevec, Paul Francis, Marhoon, Ibrahim A.
Primary Examiner(s)
PERUNGAVOOR, VENKATANARAY

Application Number

US14/336,423
Publication Number

US 20150261962A1
Time in Patent Office

526 Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/1448   Management of the data invo...

G06F 16/9554   by using bar codes

G06F 21/60   Protecting data

G06F 21/604   Tools and structures for ma...

G06F 21/606   by securing the transmissio...

G06F 21/6218   to a system of files or obj...

G06F 2201/84   Using snapshots, i.e. a log...

H04L 63/0227   Filtering policies mail mes...

H04L 63/04   for providing a confidentia...

H04L 63/105   Multiple levels of security

H04L 63/123   received data contents, e.g...

H04L 63/126   the source of the received ...

H04L 63/18   using different networks or...

H04L 63/20   for managing network securi...

H04L 67/10   in which an application is ...

H04L 67/1097   for distributed storage of ...

Systems, methods, and computer medium to securely transfer large volumes of data between physically isolated networks having different levels of network protection

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

11 Citations

21 Claims

Specification

Use Cases

Quick Links

Others

Systems, methods, and computer medium to securely transfer large volumes of data between physically isolated networks having different levels of network protection

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

11 Citations

21 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others