One way secure link
First Claim
Patent Images
1. A method for secure communications between a transmitting computer and a receiving computer, the method comprising:
- transmitting data from the transmitting computer over a first one-way link to a data security engine, having no means of sending return communications to the transmitting computer;
receiving and validating the data within the data security engine; and
after validating the data, transmitting the data from the data security engine to the receiving computer over a second one-way link, wherein the receiving computer has no means of sending return communications to the data security engine,wherein both the transmission from the transmitting computer to the security engine and from the security engine to the receiving computer are performed over one way links which physically can carry data in only one direction,wherein transmitting the data over the first one-way link is performed during a first time period and transmitting the data over the second one-way link is performed during a second time period subsequent to and not overlapping the first time period, andwherein the first time period is one of a sequence of time intervals, and comprising defining the sequence of time intervals in the transmitting computer and the data security engine prior to transmitting the data from the transmitting computer.
1 Assignment
0 Petitions
Accused Products
Abstract
A method for secure communications between a transmitting computer (24) and a receiving computer (22) includes transmitting data from the transmitting computer over a first one-way link (28) to a data security engine (26), receiving and validating the data within the data security engine, and, after validating the data, transmitting the data from the data security engine to the receiving computer over a second one-way link (30).
177 Citations
29 Claims
-
1. A method for secure communications between a transmitting computer and a receiving computer, the method comprising:
-
transmitting data from the transmitting computer over a first one-way link to a data security engine, having no means of sending return communications to the transmitting computer; receiving and validating the data within the data security engine; and after validating the data, transmitting the data from the data security engine to the receiving computer over a second one-way link, wherein the receiving computer has no means of sending return communications to the data security engine, wherein both the transmission from the transmitting computer to the security engine and from the security engine to the receiving computer are performed over one way links which physically can carry data in only one direction, wherein transmitting the data over the first one-way link is performed during a first time period and transmitting the data over the second one-way link is performed during a second time period subsequent to and not overlapping the first time period, and wherein the first time period is one of a sequence of time intervals, and comprising defining the sequence of time intervals in the transmitting computer and the data security engine prior to transmitting the data from the transmitting computer. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method for secure communications between a transmitting computer and a receiving computer, the method comprising:
-
transmitting data from the transmitting computer over a first one-way link to a data security engine, having no means of sending return communications to the transmitting computer; receiving and validating the data within the data security engine; after validating the data, transmitting the data from the data security engine to the receiving computer over a second one-way link, wherein the receiving computer has no means of sending return communications to the data security engine, before a first time period, operating a first switch to connect the first one-way link and operating a second switch to disconnect the second one-way link; following the first time period, operating the first switch to disconnect the first one-way link; and before a second time period, operating the second switch to connect the second one-way link, wherein both the transmission from the transmitting computer to the security engine and from the security engine to the receiving computer are performed over one way links which physically can carry data in only one direction, wherein transmitting the data over the first one-way link is performed during the first time period and transmitting the data over the second one-way link is performed during the second time period subsequent to and not overlapping the first time period, wherein operating the first and second switches comprises controlling the switches automatically using a switch controller, and wherein controlling the switches comprises defining the first and second time periods in the switch controller prior to transmitting the data from the transmitting computer.
-
-
14. Apparatus for secure communications between a transmitting computer and a receiving computer, the apparatus comprising:
-
a data security engine having a transmit port and a receive port that is configured to receive data at the receive port, to validate the data, and to output the data after being validated at the transmit port; a first one-way link, which physically can carry data in only one direction, that carries the data from the transmitting computer to the receive port of the data security engine; and a second one-way link, which physically can carry data in only one direction, that carries the data from the transmit port of the data security engine to the receiving computer, wherein the data security engine has no means of sending return communications to the transmitting computer and no means of receiving return communications from the receiving computer, wherein the data security engine is configured to transmit the data over the second one-way link during a second time period subsequent to and not overlapping a first time period during which the data was received over the first one way link, wherein the apparatus further comprises; a first switch, that connects the first one-way link before the first time period and disconnects the first one-way link following the first time period; a second switch, that disconnects the second one-way link before the first time period and connects the second one-way link before the second time period; and a switch controller configured to operate the first and second switches automatically, wherein the switch controller is configured with predefined settings defining the first and second time periods. - View Dependent Claims (15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25)
-
-
26. Apparatus for secure communications between a transmitting computer and a receiving computer, the apparatus comprising:
-
a data security engine having a transmit port and a receive port that is configured to receive data at the receive port, to validate the data, and to output the data after being validated at the transmit port; a first one-way link, which physically can carry data in only one direction, that carries the data from the transmitting computer to the receive port of the data security engine; and a second one-way link, which physically can carry data in only one direction, that carries the data from the transmit port of the data security engine to the receiving computer, wherein the data security engine has no means of sending return communications to the transmitting computer and no means of receiving return communications from the receiving computer, wherein the data security engine is configured to transmit the data over the second one-way link during a second time period subsequent to and not overlapping a first time period during which the data was received over the first one way link, wherein the first time period is one of a sequence of time intervals, and wherein settings in the transmitting computer and in the data security engine define the sequence. - View Dependent Claims (27, 28, 29)
-
Specification