Systems and methods for utilizing uni-directional inter-host communication in an air gap environment
First Claim
1. A method comprising:
- generating a request message, with a trusted network entity executing trusted code on a first network layer, the request message to target a non-trusted network entity executing non-trusted code, on a second network layer;
transmitting the request message from the trusted network entity to the non-trusted network entity through at least a policy enforcement entity, wherein the policy enforcement entity applies one or more network traffic rules to enforce a unidirectional flow of traffic from the first network layer to the second network layer;
generating a response check message with the trusted network entity, the response check message to determine whether response information is available on the non-trusted network entity in response to the request message; and
transmitting the response check message from the trusted network entity to the non-trusted network entity through at least the policy enforcement entity, the response check message to determine whether the response information is stored in a conceptual mailbox on the non-trusted network entity.
1 Assignment
0 Petitions
Accused Products
Abstract
A request message is generated with a trusted network entity executing trusted code on a first network layer. The request message to target a non-trusted network entity executing non-trusted code on a second network layer. The request message is transmitted from the trusted network entity to the non-trusted network entity through at least a policy enforcement entity. The policy enforcement entity applies one or more network traffic rules to enforce a unidirectional flow of traffic from the first network layer to the second network layer. A response check message is generated with the trusted network entity. The response check message to determine whether response information is available on the non-trusted network entity in response to the request message. The response check message is transmitted from the trusted network entity to the non-trusted network entity through at least the policy enforcement entity. The response check message to determine whether the response information is stored in a conceptual mailbox on the non-trusted network entity.
124 Citations
14 Claims
-
1. A method comprising:
-
generating a request message, with a trusted network entity executing trusted code on a first network layer, the request message to target a non-trusted network entity executing non-trusted code, on a second network layer; transmitting the request message from the trusted network entity to the non-trusted network entity through at least a policy enforcement entity, wherein the policy enforcement entity applies one or more network traffic rules to enforce a unidirectional flow of traffic from the first network layer to the second network layer; generating a response check message with the trusted network entity, the response check message to determine whether response information is available on the non-trusted network entity in response to the request message; and transmitting the response check message from the trusted network entity to the non-trusted network entity through at least the policy enforcement entity, the response check message to determine whether the response information is stored in a conceptual mailbox on the non-trusted network entity. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors, is configurable to:
-
generate a request message, with a trusted network entity executing trusted code on a first network layer, the request message to target a non-trusted network entity executing non-trusted code, on a second network layer; transmit the request message from the trusted network entity to the non-trusted network entity through at least a policy enforcement entity, wherein the policy enforcement entity applies one or more network traffic rules to enforce a unidirectional flow of traffic from the first network layer to the second network layer; generate a response check message with the trusted network entity, the response check message to determine whether response information is available on the non-trusted network entity in response to the request message; and transmit the response check message from the trusted network entity to the non-trusted network entity through at least the policy enforcement entity, the response check message to determine whether the response information is stored in a conceptual mailbox on the non-trusted network entity. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
Specification