Cross domain gateway having temporal separation

US 9,560,012 B1
Filed: 06/27/2013
Issued: 01/31/2017
Est. Priority Date: 06/27/2013
Status: Active Grant

First Claim

Patent Images

1. A computer network comprising:

a first domain, the first domain having a first security classification such that the first domain accepts data in response to the data complying with the first security classification;

a second domain, the second domain having a second security classification such that the second domain accepts data in response to the data complying with the second security classification, wherein the security classification of the second domain has a higher level of security classification than the security classification of the first domain; and

a Temporal Separation Cross Domain Gateway (TSEP-CDG) having a temporal separation hardware interlock configured to physically prevent communication between the first and the second domains, wherein the TSEP-CDG is configured to;

connect, via the temporal separation hardware interlock, with the first domain;

receive data from the first domain, the data complying with the first security classification of the first domain, but not the second security classification of the second domain;

disconnect the temporal separation hardware interlock from the first domain;

execute an information-invariant data transformation on the received data to transform the data to comply with the security classification of the second domain;

connect, via the temporal separation hardware interlock, with the second domain;

transmit the transformed data to the second domain, the transformed data complying with the security classification of the second domain; and

disconnect the temporal separation hardware interlock from the second domain.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A computer network is disclosed that includes a first domain and a second domain. The second domain has a higher security classification than the first domain. The computer network also comprises a Temporal Separation Cross Domain Gateway (TSEP-CDG) having a temporal separation hardware interlock. The interlock is configured to physically prevent communication between the first and second domains. It connects with the first domain in a first state to allow the TSEP-CDG to receive data from the first domain. The TSEP-CDG executes an information-invariant data transformation (IIDT) on the received data before it is available to the second domain. The IIDT alters the representation of the data while conveying the same information, disrupting anti-malware present in the received data. The temporal separation hardware interlock is configured for connection with the second domain in a second state to allow the TSEP-CDG to transmit the transformed data to the second domain.

Citations

20 Claims

1. A computer network comprising:
- a first domain, the first domain having a first security classification such that the first domain accepts data in response to the data complying with the first security classification;
  
  a second domain, the second domain having a second security classification such that the second domain accepts data in response to the data complying with the second security classification, wherein the security classification of the second domain has a higher level of security classification than the security classification of the first domain; and
  
  a Temporal Separation Cross Domain Gateway (TSEP-CDG) having a temporal separation hardware interlock configured to physically prevent communication between the first and the second domains, wherein the TSEP-CDG is configured to;
  
  connect, via the temporal separation hardware interlock, with the first domain;
  
  receive data from the first domain, the data complying with the first security classification of the first domain, but not the second security classification of the second domain;
  
  disconnect the temporal separation hardware interlock from the first domain;
  
  execute an information-invariant data transformation on the received data to transform the data to comply with the security classification of the second domain;
  
  connect, via the temporal separation hardware interlock, with the second domain;
  
  transmit the transformed data to the second domain, the transformed data complying with the security classification of the second domain; and
  
  disconnect the temporal separation hardware interlock from the second domain.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The computer network of claim 1, wherein the TSEP-CDG is configured to execute the information-invariant data transformation on the data from the first domain immediately as it is being received TSEP-CDG.
  - 3. The computer network of claim 1, wherein the TSEP-CDG is configured to temporarily store received data in volatile memory before executing the information-invariant data transformation.
  - 4. The computer network of claim 3, wherein the TSEP-CDG is configured to execute a data purge operation on the volatile memory prior to connecting with the second domain.
  - 5. The computer network of claim 1, wherein the TSEP-CDG stores the transformed data locally on a RAMdisk or non-volatile memory and transfers the stored transformed data to the second domain when the temporal separation hardware interlock is connected to the second domain.
  - 6. The computer network of claim 1, wherein the TSEP-CDG comprises a first communication interface for connection to the first domain, and a second communication interface for connection to the second domain, wherein the first communication interface and the second communication interface are physically isolated from one another by the temporal separation hardware interlock.
  - 7. The computer network of claim 1, wherein the first domain comprises a portable electronic device.
  - 8. The computer network of claim 7, wherein the first domain comprises a portable electronic device selected from the group consisting of a portable phone, a digital camera, and a memory card.

9. A Temporal Separation Cross Domain Gateway (TSEP-CDG) comprising:
- a first communication interface configured for connection with a first domain, the first domain having a first security classification such that the first domain accepts data in response to the data complying with the first security classification;
  
  a second communication interface configured for connection with a second domain, the second domain having a second security classification such that the second domain accepts data in response to the data complying with the second security classification, wherein the security classification of the second domain has a higher security level of classification than the security classification of the first domain;
  
  a temporal separation hardware interlock configured to physically prevent communication between the first and the second domains; and
  
  a processing system configured toconnect, via the temporal separation hardware interlock, with the first domain;
  
  receive data provided at the first communication interface from the first domain, the data complying with the first security classification of the first domain, but not the second security classification of the second domain;
  
  disconnect the temporal separation hardware interlock from the first domain;
  
  execute an information-invariant data transform on the received data to transform the data to comply with the security classification of the second domain;
  
  connect, via the temporal separation hardware interlock, with the second domain;
  
  provide the information-invariant transformed data at the second communication interface to the first domain, the transformed data complying with the security classification of the second domain; and
  
  disconnect the temporal separation hardware interlock from the second domain.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17)
- - 10. The TSEP-CDG of claim 9, wherein the processing system is further configured to execute a data storage purge of the received data prior to provision of the information-invariant transform data at the second communication interface.
  - 11. The TSEP-CDG of claim 9, wherein the processing system is further configured to upload files from a device connected to the first communication interface without mounting a filesystem of the device.
  - 12. The TSEP-CDG of claim 11, wherein the device comprises a portable phone, portable computer, or portable camera.
  - 13. The TSEP-CDG of claim 9, wherein the processing system is further configured to detect an attempted access of a host system through the second communication interface.
  - 14. The TSEP-CDG of claim 13, wherein the processing system is further configured to enter a forensic mode wherein the attempted access of the host system is detected.
  - 15. The TSEP-CDG of claim 9, wherein the processing system executes a custom file system.
  - 16. The TSEP-CDG of claim 9, wherein at least one of the first and second communication interfaces comprise USB ports.
  - 17. The TSEP-CDG of claim 16, wherein auto-run capability of the USB ports is disabled.

18. A method for transferring data from a first domain to a second domain through a Temporal Separation Cross Domain Gateway (TSEP-CDG) having a temporal separation hardware interlock, wherein the second domain has a higher level of security classification than the first domain, the method comprising:
- connecting, via the temporal separation hardware interlock, with the first domain;
  
  receiving data provided at the first communication interface from the first domain, the data complying with the first security classification of the first domain, but not the second security classification of the second domain;
  
  disconnecting the temporal separation hardware interlock from the first domain;
  
  executing an information-invariant transformation on the received data to transform the data to comply with the security classification of the second domain;
  
  connect, via the temporal separation hardware interlock, with the second domain;
  
  providing the information-invariant transformed data at the second communication interface to the first domain, the transformed data complying with the security classification of the second domain; and
  
  disconnecting the temporal separation hardware interlock from the second domain.
- View Dependent Claims (19, 20)
- - 19. The method of claim 18, further comprising executing a data storage purge operation of the received data prior to providing the information-invariant transformed data to the second domain.
  - 20. The method of claim 18, further comprising uploading files from a device of the first domain without mounting a file system of the device.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Bonang, James Joseph, Corrado, Marco Anthony, Hogan, Michael Cohen, Singer, Kevin Dale
Primary Examiner(s)
Chen, Shin-Hon

Application Number

US13/929,403
Time in Patent Office

1,314 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

H04L 12/66 Arrangements for connecting...

H04L 63/0209 Architectural arrangements,...

Cross domain gateway having temporal separation

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Cross domain gateway having temporal separation

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links