Cross domain gateway having temporal separation
First Claim
1. A computer network comprising:
- a first domain, the first domain having a first security classification such that the first domain accepts data in response to the data complying with the first security classification;
a second domain, the second domain having a second security classification such that the second domain accepts data in response to the data complying with the second security classification, wherein the security classification of the second domain has a higher level of security classification than the security classification of the first domain; and
a Temporal Separation Cross Domain Gateway (TSEP-CDG) having a temporal separation hardware interlock configured to physically prevent communication between the first and the second domains, wherein the TSEP-CDG is configured to;
connect, via the temporal separation hardware interlock, with the first domain;
receive data from the first domain, the data complying with the first security classification of the first domain, but not the second security classification of the second domain;
disconnect the temporal separation hardware interlock from the first domain;
execute an information-invariant data transformation on the received data to transform the data to comply with the security classification of the second domain;
connect, via the temporal separation hardware interlock, with the second domain;
transmit the transformed data to the second domain, the transformed data complying with the security classification of the second domain; and
disconnect the temporal separation hardware interlock from the second domain.
1 Assignment
0 Petitions
Accused Products
Abstract
A computer network is disclosed that includes a first domain and a second domain. The second domain has a higher security classification than the first domain. The computer network also comprises a Temporal Separation Cross Domain Gateway (TSEP-CDG) having a temporal separation hardware interlock. The interlock is configured to physically prevent communication between the first and second domains. It connects with the first domain in a first state to allow the TSEP-CDG to receive data from the first domain. The TSEP-CDG executes an information-invariant data transformation (IIDT) on the received data before it is available to the second domain. The IIDT alters the representation of the data while conveying the same information, disrupting anti-malware present in the received data. The temporal separation hardware interlock is configured for connection with the second domain in a second state to allow the TSEP-CDG to transmit the transformed data to the second domain.
-
Citations
20 Claims
-
1. A computer network comprising:
-
a first domain, the first domain having a first security classification such that the first domain accepts data in response to the data complying with the first security classification; a second domain, the second domain having a second security classification such that the second domain accepts data in response to the data complying with the second security classification, wherein the security classification of the second domain has a higher level of security classification than the security classification of the first domain; and a Temporal Separation Cross Domain Gateway (TSEP-CDG) having a temporal separation hardware interlock configured to physically prevent communication between the first and the second domains, wherein the TSEP-CDG is configured to; connect, via the temporal separation hardware interlock, with the first domain; receive data from the first domain, the data complying with the first security classification of the first domain, but not the second security classification of the second domain; disconnect the temporal separation hardware interlock from the first domain; execute an information-invariant data transformation on the received data to transform the data to comply with the security classification of the second domain; connect, via the temporal separation hardware interlock, with the second domain; transmit the transformed data to the second domain, the transformed data complying with the security classification of the second domain; and disconnect the temporal separation hardware interlock from the second domain. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A Temporal Separation Cross Domain Gateway (TSEP-CDG) comprising:
-
a first communication interface configured for connection with a first domain, the first domain having a first security classification such that the first domain accepts data in response to the data complying with the first security classification; a second communication interface configured for connection with a second domain, the second domain having a second security classification such that the second domain accepts data in response to the data complying with the second security classification, wherein the security classification of the second domain has a higher security level of classification than the security classification of the first domain; a temporal separation hardware interlock configured to physically prevent communication between the first and the second domains; and a processing system configured to connect, via the temporal separation hardware interlock, with the first domain; receive data provided at the first communication interface from the first domain, the data complying with the first security classification of the first domain, but not the second security classification of the second domain; disconnect the temporal separation hardware interlock from the first domain; execute an information-invariant data transform on the received data to transform the data to comply with the security classification of the second domain; connect, via the temporal separation hardware interlock, with the second domain; provide the information-invariant transformed data at the second communication interface to the first domain, the transformed data complying with the security classification of the second domain; and disconnect the temporal separation hardware interlock from the second domain. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A method for transferring data from a first domain to a second domain through a Temporal Separation Cross Domain Gateway (TSEP-CDG) having a temporal separation hardware interlock, wherein the second domain has a higher level of security classification than the first domain, the method comprising:
-
connecting, via the temporal separation hardware interlock, with the first domain; receiving data provided at the first communication interface from the first domain, the data complying with the first security classification of the first domain, but not the second security classification of the second domain; disconnecting the temporal separation hardware interlock from the first domain; executing an information-invariant transformation on the received data to transform the data to comply with the security classification of the second domain; connect, via the temporal separation hardware interlock, with the second domain; providing the information-invariant transformed data at the second communication interface to the first domain, the transformed data complying with the security classification of the second domain; and disconnecting the temporal separation hardware interlock from the second domain. - View Dependent Claims (19, 20)
-
Specification