File manifest filter for unidirectional transfer of files
First Claim
1. A manifest transfer engine comprising:
- a send side client computer configured to receive and store a file manifest table having a list of file characteristics from an administrator server computer via a first dedicated Transmission Control Protocol (TCP) port, to receive a file from a user via a second separate dedicated TCP port and compare an identifying characteristic of the received file with the list of file characteristics in the file manifest table, and, only if there is a match between the received file characteristic and an entry in the list, to transfer the file on an output;
a one-way data link having a single input coupled to the output of the send side client computer and a single output, and configured to enforce unidirectional data flow only from the single input to the single output;
a receive side server computer having an input coupled to the single output of the one-way data link and configured to receive transferred files via the input;
wherein the send side client computer is coupled to the receive side server computer only via the one-way data link such that no data or signals can be transmitted from the receive side server computer to the send side client computer;
wherein the receive side server computer has no communications path for transmitting TCP handshake signals to the send side server computer;
wherein send side server computer removes all internet protocol information from each file prior to transfer of that file on the output;
wherein the send side client computer deletes or quarantines any received file when there is no match between the received file characteristic for that received file and the list of file characteristics in the file manifest table; and
wherein the first dedicated TCP port and the second dedicated TCP port are each the same TCP port during operation.
6 Assignments
0 Petitions
Accused Products
Abstract
A manifest transfer engine for a one-way file transfer system is disclosed. The manifest transfer engine comprises a send side, a receive side, and a one-way data link enforcing unidirectional data flow from the send side to the receive side. The send side receives and stores a file manifest table from an administrator server. The send side also receives a file from a user and compares it with the file manifest table. Transfer of the file to the receive side via the one-way data link is allowed only when there is a match between the file and the file manifest table. In an alternative embodiment, the receive side instead receives and stores the file manifest table from the administrator server and compares it with the file received from the send side via the one-way data link to determine whether to allow transfer of the file.
-
Citations
27 Claims
-
1. A manifest transfer engine comprising:
-
a send side client computer configured to receive and store a file manifest table having a list of file characteristics from an administrator server computer via a first dedicated Transmission Control Protocol (TCP) port, to receive a file from a user via a second separate dedicated TCP port and compare an identifying characteristic of the received file with the list of file characteristics in the file manifest table, and, only if there is a match between the received file characteristic and an entry in the list, to transfer the file on an output; a one-way data link having a single input coupled to the output of the send side client computer and a single output, and configured to enforce unidirectional data flow only from the single input to the single output; a receive side server computer having an input coupled to the single output of the one-way data link and configured to receive transferred files via the input; wherein the send side client computer is coupled to the receive side server computer only via the one-way data link such that no data or signals can be transmitted from the receive side server computer to the send side client computer; wherein the receive side server computer has no communications path for transmitting TCP handshake signals to the send side server computer; wherein send side server computer removes all internet protocol information from each file prior to transfer of that file on the output; wherein the send side client computer deletes or quarantines any received file when there is no match between the received file characteristic for that received file and the list of file characteristics in the file manifest table; and wherein the first dedicated TCP port and the second dedicated TCP port are each the same TCP port during operation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for one-way transfer of files, comprising:
-
an administrator server computer configured to create and output a file manifest table having a list of file characteristics; and a manifest transfer engine comprising a send side client computer, a receive side server computer, and a one-way data link having a single input coupled to an output of the send side client computer and a single output coupled to an input of the receive side server computer, the one-way data link enforcing unidirectional data flow only from the single input to the single output; wherein the send side client computer is configured to receive and store a file from a file source client, to receive and store the file manifest table, to compare an identifying characteristic of the received file with the list of file characteristics in the file manifest table, and, only if there is a match between the received file characteristic and an entry in the list of file characteristics in the file manifest table, to transfer the file to the receive side server computer via the one-way data link; wherein the receive side server computer is configured to forward received files to a file destination server computer; wherein the send side client computer is coupled to the receive side server computer only via the one-way data link such that no data or signals can be transmitted from the receive side server computer to the send side client computer; and wherein the send side client computer of the manifest transfer engine receives the file manifest table from the administrator server computer via a first dedicated Transmission Control Protocol (TCP) port and the file from the file source client via a second separate dedicated TCP port; wherein the receive side server computer has no communications path for transmitting TCP handshake signals to the send side server computer; wherein send side server computer removes all internet protocol information from each file prior to transfer of that file on the output; wherein the send side client computer deletes or quarantines any received file when there is no match between the received file characteristic for that received file and the list of file characteristics in the file manifest table; and wherein the first dedicated TCP port and the second dedicated TCP port are each the same TCP port during operation. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
-
-
21. A method of file manifest filtering for file transfer across a one-way data link coupling a send side client computer to a receive side server computer, the one-way data link having a single input coupled to an output of the send side client computer and a single output coupled to an input of the receive side client computer, the one-way data link configured to enforce unidirectional data flow only from the single input to the single output, the send side client computer coupled to the receive side server computer only via the one-way data link, the receive side server computer having no communications path for transmitting TCP handshake signals to the send side server computer, comprising the steps of:
-
maintaining a file manifest table received via a first dedicated Transmission Control Protocol (TCP) port containing a list of file characteristics in the send side client computer; receiving a file from a user in the send side client computer via a second separate dedicated TCP port; computing an identifying characteristic for the received file in the send side client computer; comparing the computed characteristic with the list of file characteristics in the file manifest table in the send side client computer; only if there is a match between the computed characteristic and an entry in the list of file characteristics in the file manifest table, removing all internet protocol information from the file and transferring the file to the receive side server computer across the one-way data link; only if there is no match between the computed characteristic and an entry in the list of file characteristics in the file manifest table, deleting or quarantining the received file in the send side client computer; and wherein the first dedicated TCP port and the second dedicated TCP port are each the same TCP port during operation. - View Dependent Claims (22, 23, 24, 25, 26, 27)
-
Specification