One way secure link

US 9,762,536 B2
Filed: 12/28/2006
Issued: 09/12/2017
Est. Priority Date: 06/27/2006
Status: Active Grant

First Claim

Patent Images

1. A method for secure communications between a transmitting computer and a receiving computer, the method comprising:

transmitting data from the transmitting computer over a first one-way link to a data security engine, having no means of sending return communications to the transmitting computer;

receiving and validating the data within the data security engine; and

after validating the data, transmitting the data from the data security engine to the receiving computer over a second one-way link, wherein the receiving computer has no means of sending return communications to the data security engine,wherein both the transmission from the transmitting computer to the security engine and from the security engine to the receiving computer are performed over one way links which physically can carry data in only one direction,wherein transmitting the data over the first one-way link is performed during a first time period and transmitting the data over the second one-way link is performed during a second time period subsequent to and not overlapping the first time period, andwherein the first time period is one of a sequence of time intervals, and comprising defining the sequence of time intervals in the transmitting computer and the data security engine prior to transmitting the data from the transmitting computer.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for secure communications between a transmitting computer (24) and a receiving computer (22) includes transmitting data from the transmitting computer over a first one-way link (28) to a data security engine (26), receiving and validating the data within the data security engine, and, after validating the data, transmitting the data from the data security engine to the receiving computer over a second one-way link (30).

177 Citations

29 Claims

1. A method for secure communications between a transmitting computer and a receiving computer, the method comprising:
- transmitting data from the transmitting computer over a first one-way link to a data security engine, having no means of sending return communications to the transmitting computer;
  
  receiving and validating the data within the data security engine; and
  
  after validating the data, transmitting the data from the data security engine to the receiving computer over a second one-way link, wherein the receiving computer has no means of sending return communications to the data security engine,wherein both the transmission from the transmitting computer to the security engine and from the security engine to the receiving computer are performed over one way links which physically can carry data in only one direction,wherein transmitting the data over the first one-way link is performed during a first time period and transmitting the data over the second one-way link is performed during a second time period subsequent to and not overlapping the first time period, andwherein the first time period is one of a sequence of time intervals, and comprising defining the sequence of time intervals in the transmitting computer and the data security engine prior to transmitting the data from the transmitting computer.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
- - 2. The method of claim 1, and comprising:
    - before the first time period, operating a first switch to connect the first one-way link and operating a second switch to disconnect the second one-way link;
      
      following the first time period, operating the first switch to disconnect the first one-way link; and
      
      before the second time period, operating the second switch to connect the second one-way link.
  - 3. The method of claim 2, wherein operating the first and second switches comprises controlling the switches automatically using a switch controller.
  - 4. The method of claim 3, wherein controlling the switches comprises sending a control signal from the data security engine to the switch controller.
  - 5. The method of claim 1, wherein validating the data comprises determining that the data comprises invalid content and rejecting the invalid content.
  - 6. The method of claim 5, wherein determining that the data comprises invalid content comprises issuing an alarm.
  - 7. The method of claim 1, wherein validating the data comprises testing the data for malicious software.
  - 8. The method of claim 1, wherein validating the data comprises testing the data for inappropriate content.
  - 9. The method of claim 1, wherein validating the data comprises authenticating a source of the data.
  - 10. The method of claim 1, wherein the data security engine is configured to receive data over the first one way link only during predetermined first periods and to transmit data over the second one way link only during predetermined second periods and wherein the first and second periods do not overlap.
  - 11. The method of claim 1, comprising instructing a switch controller by the security engine, to prevent transmission over the first one way link, before transmitting the data from the data security engine to the receiving computer.
  - 12. The method of claim 1, comprising preventing transmission over the second one way link, before transmitting the data from the transmitting computer over the first one-way link.

13. A method for secure communications between a transmitting computer and a receiving computer, the method comprising:
- transmitting data from the transmitting computer over a first one-way link to a data security engine, having no means of sending return communications to the transmitting computer;
  
  receiving and validating the data within the data security engine;
  
  after validating the data, transmitting the data from the data security engine to the receiving computer over a second one-way link, wherein the receiving computer has no means of sending return communications to the data security engine,before a first time period, operating a first switch to connect the first one-way link and operating a second switch to disconnect the second one-way link;
  
  following the first time period, operating the first switch to disconnect the first one-way link; and
  
  before a second time period, operating the second switch to connect the second one-way link,wherein both the transmission from the transmitting computer to the security engine and from the security engine to the receiving computer are performed over one way links which physically can carry data in only one direction,wherein transmitting the data over the first one-way link is performed during the first time period and transmitting the data over the second one-way link is performed during the second time period subsequent to and not overlapping the first time period,wherein operating the first and second switches comprises controlling the switches automatically using a switch controller, andwherein controlling the switches comprises defining the first and second time periods in the switch controller prior to transmitting the data from the transmitting computer.

14. Apparatus for secure communications between a transmitting computer and a receiving computer, the apparatus comprising:
- a data security engine having a transmit port and a receive port that is configured to receive data at the receive port, to validate the data, and to output the data after being validated at the transmit port;
  
  a first one-way link, which physically can carry data in only one direction, that carries the data from the transmitting computer to the receive port of the data security engine; and
  
  a second one-way link, which physically can carry data in only one direction, that carries the data from the transmit port of the data security engine to the receiving computer,wherein the data security engine has no means of sending return communications to the transmitting computer and no means of receiving return communications from the receiving computer,wherein the data security engine is configured to transmit the data over the second one-way link during a second time period subsequent to and not overlapping a first time period during which the data was received over the first one way link,wherein the apparatus further comprises;
  
  a first switch, that connects the first one-way link before the first time period and disconnects the first one-way link following the first time period;
  
  a second switch, that disconnects the second one-way link before the first time period and connects the second one-way link before the second time period; and
  
  a switch controller configured to operate the first and second switches automatically,wherein the switch controller is configured with predefined settings defining the first and second time periods.
- View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
- - 15. The apparatus of claim 14, wherein the data security engine determines when the data comprises invalid content and rejects invalid content.
  - 16. The apparatus of claim 15, wherein the data security engine issues an alarm responsively to determining that the data comprises invalid content.
  - 17. The apparatus of claim 14, wherein the data security engine validates the data by testing the data for malicious software.
  - 18. The apparatus of claim 14, wherein the data security engine validates the data by testing the data for inappropriate content.
  - 19. The apparatus of claim 14, wherein the data security engine validates the data by authenticating a source of the data.
  - 20. The apparatus of claim 14, wherein the data security engine is configured to receive data over the first one way link only during predetermined first periods and to transmit data over the second one way link only during predetermined second periods and wherein the first and second periods do not overlap.
  - 21. The apparatus of claim 14, wherein the data security engine is configured to instruct a switch controller to prevent transmission over the first one way link, before outputting data at the transmit port.
  - 22. The apparatus of claim 14, comprising first and second switches which controllably allow or prevent transmission on the first and second one way links, respectively.
  - 23. The apparatus of claim 22, wherein the first and second switches are configured to allow and prevent transmissions on the first and second one way links according to a predetermined time schedule.
  - 24. The apparatus of claim 22, wherein the first and second switches are configured to allow and prevent transmissions on the first and second one way links according to instructions from the security engine.
  - 25. The apparatus of claim 22, wherein the first and second switches are configured to physically prevent transmission on both the first and second one way links simultaneously.

26. Apparatus for secure communications between a transmitting computer and a receiving computer, the apparatus comprising:
- a data security engine having a transmit port and a receive port that is configured to receive data at the receive port, to validate the data, and to output the data after being validated at the transmit port;
  
  a first one-way link, which physically can carry data in only one direction, that carries the data from the transmitting computer to the receive port of the data security engine; and
  
  a second one-way link, which physically can carry data in only one direction, that carries the data from the transmit port of the data security engine to the receiving computer,wherein the data security engine has no means of sending return communications to the transmitting computer and no means of receiving return communications from the receiving computer,wherein the data security engine is configured to transmit the data over the second one-way link during a second time period subsequent to and not overlapping a first time period during which the data was received over the first one way link,wherein the first time period is one of a sequence of time intervals, and wherein settings in the transmitting computer and in the data security engine define the sequence.
- View Dependent Claims (27, 28, 29)
- - 27. The apparatus of claim 26, and comprising:
    - a first switch, that connects the first one-way link before the first time period and disconnects the first one-way link following the first time period; and
      
      a second switch, that disconnects the second one-way link before the first time period and connects the second one-way link before the second time period.
  - 28. The apparatus of claim 27, and comprising a switch controller configured to operate the first and second switches automatically.
  - 29. The apparatus of claim 28, wherein the switch controller is coupled to receive a control signal from the data security engine defining the first and second time periods.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Waterfall Security Solutions Ltd.
Original Assignee
Waterfall Security Solutions Ltd.
Inventors
Frenkel, Lior, Zilberstein, Amir
Primary Examiner(s)
Homayounmehr, Farid
Assistant Examiner(s)
Harris, Christopher C

Application Number

US12/306,692
Publication Number

US 20090328183A1
Time in Patent Office

3,911 Days
Field of Search

726 11
US Class Current
CPC Class Codes

G06F 21/30   Authentication, i.e. establ...

G06F 21/51   at application loading time...

G06F 21/567   using dedicated hardware

G06F 2221/2137   Time limited access, e.g. t...

G06F 2221/2151   Time stamp

H04L 63/0209   Architectural arrangements,...

H04L 63/0227   Filtering policies mail mes...

H04L 63/08   for authentication of entit...

One way secure link

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

177 Citations

29 Claims

Specification

Solutions

Use Cases

Quick Links

One way secure link

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

177 Citations

29 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links