Methods and systems for accessing data from different security domains

US 9,959,415 B1
Filed: 12/17/2010
Issued: 05/01/2018
Est. Priority Date: 12/17/2010
Status: Active Grant

First Claim

Patent Images

1. A method for presenting information from a plurality of security domains, said method comprising:

receiving, by a computing device, a first request for a first communication component provided by a first server in a first security domain that is associated with a first security classification;

receiving, by the computing device, a second request for a second communication component provided by a second server in a second security domain that is associated with a second security classification comprising a restriction level that is different than the first security classification, wherein the first server is unable to access the second server and the second server is unable to access the first server due to the difference in security classifications;

determining whether the first server is authorized to access the first security domain;

determining whether the second server is authorized to access the second security domain;

based on the determination that the first server is authorized to access the first security domain and that the second server is authorized to access the second security domain, said method comprises;

forwarding the first request to the first server;

forwarding the second request to the second server;

combining, by the computing device, first data received from the first server via the first communication component and second data received from the second server via the second communication component to create combined data; and

providing, by the computing device, the combined data for presentation to a user; and

based on the determination that at least one of the first server is not authorized to access the first security domain and that the second server is not authorized to access the second security domain, returning neither the first data nor the second data.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus for use in presenting information from a plurality of security domains. A first request for first data from a first data source and a second request for second data from a second data source are transmitted by a computing device. The first data source is associated with a first security domain, and the second data source is associated with a second security domain. A bridge computing device forwards the first request and/or the second request based on determining that the requests are authorized. The first data and the second data may be received and combined by the computing device.

14 Citations

View as Search Results

20 Claims

1. A method for presenting information from a plurality of security domains, said method comprising:
- receiving, by a computing device, a first request for a first communication component provided by a first server in a first security domain that is associated with a first security classification;
  
  receiving, by the computing device, a second request for a second communication component provided by a second server in a second security domain that is associated with a second security classification comprising a restriction level that is different than the first security classification, wherein the first server is unable to access the second server and the second server is unable to access the first server due to the difference in security classifications;
  
  determining whether the first server is authorized to access the first security domain;
  
  determining whether the second server is authorized to access the second security domain;
  
  based on the determination that the first server is authorized to access the first security domain and that the second server is authorized to access the second security domain, said method comprises;
  
  forwarding the first request to the first server;
  
  forwarding the second request to the second server;
  
  combining, by the computing device, first data received from the first server via the first communication component and second data received from the second server via the second communication component to create combined data; and
  
  providing, by the computing device, the combined data for presentation to a user; and
  
  based on the determination that at least one of the first server is not authorized to access the first security domain and that the second server is not authorized to access the second security domain, returning neither the first data nor the second data.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. A method in accordance with claim 1, wherein the computing device is associated with the first security domain, said method further comprising:
    - requesting the second data from the second server via a bridge device that is coupled in communication with the first security domain and the second security domain; and
      
      receiving the second data from the second server via the bridge device.
  - 3. A method in accordance with claim 2, further comprising:
    - verifying by the bridge device that the computing device is authorized to transmit a request to the second server; and
      
      verifying by the bridge device that the computing device is authorized to receive the second data from the second server.
  - 4. A method in accordance with claim 1, wherein receiving the first communication component comprises receiving a communication component that is configured to acquire the first data from the first server, wherein the first data is associated with a data source in the first security domain.
  - 5. A method in accordance with claim 1, wherein the computing device is associated with the first security domain, said method further comprising providing by the computing device a third communication component to a remote computing device associated with the second security domain, wherein the third communication component is configured to acquire third data from a third data source in the first security domain.
  - 6. A method in accordance with claim 1, wherein combining the first data and the second data comprises creating a single graphical representation of the first data and the second data.
  - 7. A method in accordance with claim 1, wherein the first data includes first events corresponding to geographic positions, the second data includes second events corresponding to geographic positions, and combining the first data and the second data comprises creating a map depicting the first events and the second events based on the corresponding geographic positions.

8. A system for presenting information from a plurality of security domains, said system comprising:
- a first server computing device configured to;
  
  receive a request for combined data from a client computing device, wherein the combined data includes first data is provided by a first data source associated with a first security domain and second data provided by a second data source associated with a second security domain and also associated with a second server computing device, the first security domain comprising a first security classification that has a restriction level that is different than a second security classification associated with the second security domain, wherein the first server is unable to access the second server and the second server is unable to access the first server due to the difference in security classifications;
  
  transmit a first request for the first data to a bridge computing device; and
  
  transmit a second request for the second data to the bridge computing device; and
  
  a bridge computing device coupled in communication with said first server computing device and the second server computing device and configured to;
  
  receive the first request and the second request from the first server computing device;
  
  determine whether the first server computing device is authorized to access the first security domain;
  
  determine whether the second server computing device is authorized to access the second security domain;
  
  based on the determination that the first server computing device is authorized to access the first security domain and that the second server computing device is authorized to access the second security domain, said bridge computing device is configured to;
  
  forward the first request to the first data source;
  
  forward the second request to the second data source; and
  
  combine the first data retrieved from the first data source and the second data retrieved from the second data source; and
  
  based on the determination that at least one of the first server computing device is not authorized to access the first security domain and that the second server computing device is not authorized to access the second security domain, said bridge computing device is configured to return neither the first data nor the second data.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15)
- - 9. A system in accordance with claim 8, wherein said first server computing device is further configured to:
    - receive the first data from the first data source and the second data from the second data source via said bridge computing device;
      
      combine the first data and the second data to create the combined data; and
      
      transmit the combined data to the client computing device.
  - 10. A system in accordance with claim 9, wherein said first server computing device is configured to create the combined data at least in part by creating a single graphical representation of the first data and the second data.
  - 11. A system in accordance with claim 9, further comprising the client computing device, wherein the client computing device is configured to:
    - create a single graphical representation of the combined data; and
      
      display the graphical representation of the combined data.
  - 12. A system in accordance with claim 8, wherein said first server computing device is configured to:
    - retrieve the first data using a first communication component received from the first security domain via said bridge computing device; and
      
      retrieve the second data using a second communication component received from the second security domain via said bridge computing device.
  - 13. A system in accordance with claim 12, wherein the first communication component publishes the first data to a data bus, the second communication component publishes the second data to the data bus, and said first server computing device is further configured to:
    - receive from the client computing device a selection of a combination component that combines data published to the data bus by a plurality of communication components;
      
      receive from the client computing device an association of the first communication component and the second communication component with the combination component; and
      
      combine the first data and the second data at least in part by receiving the first data and the second data by the combination component via the data bus.
  - 14. A system in accordance with claim 12, wherein said first server computing device is further configured to:
    - receive from the client computing device an association of the first communication component with a transformation component that transforms data from a first form of expression to a second form of expression;
      
      transform the first data by the transformation component to create transformed first data; and
      
      combine the first data and the second data by combining the transformed first data and the second data.
  - 15. A system in accordance with claim 8, wherein said bridge computing device is further configured to:
    - receive the first data from the first data source and the second data from the second data source;
      
      forward the first data to said first server computing device based on determining that the first data source is authorized to transmit the first data to said first server computing device; and
      
      forward the second data to said first server computing device based on determining that the second data source is authorized to transmit the second data to said first server computing device.

16. One or more non-transitory computer readable media having computer-executable components, said components comprising:
- a bridge component that when executed by at least one processor unit causes the at least one processor unit to;
  
  receive a request for first data provided by a first data source that is associated with a first security domain;
  
  receive a request for second data provided by a second data source that is associated with a second security domain, the first security domain comprising a first security classification that has a restriction level that is different than a second security classification associated with the second security domain, wherein the first server is unable to access the second server and the second server is unable to access the first server due to the difference in security classifications;
  
  determine whether the first server is authorized to access the first security domain;
  
  determine whether the second server is authorized to access the second security domain;
  
  based on the determination that the first server is authorized to access the first security domain and that the second server is authorized to access the second security domain, said bridge component is configured to;
  
  forward the request for the first data to the first data source;
  
  forward the request for the second data to the second data source;
  
  receive the first data from the first data source; and
  
  receive the second data from the second data source; and
  
  a data combination component that when executed by at least one processor unit causes the at least one processor unit to combine the first data and the second data to create combined data; and
  
  based on the determination that at least one of the first server computing device is not authorized to access the first security domain and that the second server computing device is not authorized to access the second security domain, said bridge computing device is configured to return neither the first data nor the second data.
- View Dependent Claims (17, 18, 19, 20)
- - 17. One or more non-transitory computer readable media in accordance with claim 16, wherein when executed by at least one processor unit, said bridge component causes the at least one processor unit to transmit the first data to a data communication component based on determining that the computing device is authorized to access the first security domain.
  - 18. One or more non-transitory computer readable media in accordance with claim 16, wherein said bridge component includes a first communication component associated with the first data and a second communication component associated with the second data, and said bridge component further causes the at least one processor unit to:
    - receive the first communication component from the first security domain; and
      
      receive the second communication component from the second security domain.
  - 19. One or more non-transitory computer readable media in accordance with claim 16, wherein said computer-executable components further comprise a data visualization component that when executed by at least one processor causes the at least one processor unit to create a single graphical representation of the combined data.
  - 20. One or more non-transitory computer readable media in accordance with claim 16, wherein the first data and the second data include a plurality of events, each event of the plurality of events corresponds to a geographic position and a time, and said data visualization component further causes the at least one processor unit to create a map depicting the events based on the corresponding geographic positions and times.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
The Boeing Co.
Original Assignee
The Boeing Co.
Inventors
Rodriguez, Ismael, Wilson, Ross, Torres, Ricardo, Kline, Michael C., Irwin, Eric
Primary Examiner(s)
Li, Mary

Application Number

US12/971,760
Time in Patent Office

2,692 Days
Field of Search

726 27, 726 30, 726 1
US Class Current
CPC Class Codes

G06F 21/10   Protecting distributed prog...

G06F 21/41   where a single sign-on prov...

G06F 21/606   by securing the transmissio...

G06F 21/6236   between heterogeneous systems

H04L 63/10   for controlling access to d...

H04L 63/105   Multiple levels of security

H04L 63/126   the source of the received ...

Methods and systems for accessing data from different security domains

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

14 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Methods and systems for accessing data from different security domains

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

14 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links