SYSTEMS AND METHODS FOR UTILIZING UNI-DIRECTIONAL INTER-HOST COMMUNICATION IN AN AIR GAP ENVIRONMENT

US 20160285916A1
Filed: 03/31/2016
Published: 09/29/2016
Est. Priority Date: 03/25/2013
Status: Active Grant

First Claim

Patent Images

1-28. -28. (canceled)

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A request message is generated with a trusted network entity executing trusted code on a first network layer. The request message to target a non-trusted network entity executing non-trusted code on a second network layer. The request message is transmitted from the trusted network entity to the non-trusted network entity through at least a policy enforcement entity. The policy enforcement entity applies one or more network traffic rules to enforce a unidirectional flow of traffic from the first network layer to the second network layer. A response check message is generated with the trusted network entity. The response check message to determine whether response information is available on the non-trusted network entity in response to the request message. The response check message is transmitted from the trusted network entity to the non-trusted network entity through at least the policy enforcement entity. The response check message to determine whether the response information is stored in a conceptual mailbox on the non-trusted network entity.

5 Citations

52 Claims

1-28. -28. (canceled)

29. A method comprising:
- generating a request message, with a trusted network entity executing trusted code on a first security layer, the request message to target a non-trusted network entity executing non-trusted code, on a second security layer;
  
  causing the request message to be transmitted from the trusted network entity to the non-trusted network entity through a unidirectional flow of traffic from the first security layer to the second security layer;
  
  generating a response check message with the trusted network entity, the response check message to determine whether response information is available on the non-trusted network entity in response to the request message; and
  
  causing the response check message to be transmitted from the trusted network entity to the non-trusted network entity through a unidirectional flow of traffic from the first security layer to the second security layer to determine whether the response information is stored in a conceptual mailbox on the non-trusted network entity.
- View Dependent Claims (30, 31, 32, 33, 34, 35, 36)
- - 30. The method of claim 29 wherein the trusted network entity is part of a first virtual network and the non-trusted network entity is part of a second virtual network.
  - 31. The method of claim 29 wherein the trusted network entity comprises a management server.
  - 32. The method of claim 31 wherein the non-trusted network entity comprises a compute layer server.
  - 33. The method of claim 29 wherein the trusted network entity is part of a first virtual private network (VPN), the non-trusted network entity is part of a second VPN, and the firewall is configured to communicate with both the first VPN and the second VPN.
  - 34. The method of claim 29 wherein the trusted network entity is part of a first virtual local area network (VLAN), the non-trusted network entity is part of a second VLAN, and the firewall is configured to communicate with both the first VLAN and the second VLAN.
  - 35. The method of claim 29 wherein the trusted network entity is a management server within an on demand services environment and the non-trusted network entity is a content server within the on demand services environment.
  - 36. The method of claim 35 wherein the on demand services environment comprises a multi-tenant database environment.

37. A non-transitory computer-readable medium having stored thereon instructions that, when executed by one or more processors, are configurable to cause the one or more processors to:
- generate a request message, with a trusted network entity executing trusted code on a first security layer, the request message to target a non-trusted network entity executing non-trusted code, on a second security layer;
  
  cause the request message to be transmitted from the trusted network entity to the non-trusted network entity through a unidirectional flow of traffic from the first security layer to the second security layer;
  
  generate a response check message with the trusted network entity, the response check message to determine whether response information is available on the non-trusted network entity in response to the request message; and
  
  cause the response check message to be transmitted from the trusted network entity to the non-trusted network entity through a unidirectional flow of traffic from the first security layer to the second security layer to determine whether the response information is stored in a conceptual mailbox on the non-trusted network entity.
- View Dependent Claims (38, 39, 40, 41, 42, 43, 44)
- - 38. The non-transitory computer-readable medium of claim 37 wherein the trusted network entity is part of a first virtual network and the non-trusted network entity is part of a second virtual network.
  - 39. The non-transitory computer-readable medium of claim 37 wherein the trusted network entity comprises a management server.
  - 40. The non-transitory computer-readable medium of claim 39 wherein the non-trusted network entity comprises a compute layer server.
  - 41. The non-transitory computer-readable medium of claim 37 wherein the trusted network entity is part of a first virtual private network (VPN), the non-trusted network entity is part of a second VPN, and the firewall is configured to communicate with both the first VPN and the second VPN.
  - 42. The non-transitory computer-readable medium of claim 37 wherein the trusted network entity is part of a first virtual local area network (VLAN), the non-trusted network entity is part of a second VLAN, and the firewall is configured to communicate with both the first VLAN and the second VLAN.
  - 43. The non-transitory computer-readable medium of claim 37 wherein the trusted network entity is a management server within an on demand services environment and the non-trusted network entity is a content server within the on demand services environment.
  - 44. The non-transitory computer-readable medium of claim 43 wherein the on demand services environment comprises a multi-tenant database environment.

45. A system comprising:
- at least one memory system having hardware memory devices;
  
  one or more hardware processors coupled with the at least one memory system, the one or more processors to execute instructions stored within the system to generate a request message, with a trusted network entity executing trusted code on a first security layer, the request message to target a non-trusted network entity executing non-trusted code, on a second security layer, to cause the request message to be transmitted from the trusted network entity to the non-trusted network entity through a unidirectional flow of traffic from the first security layer to the second security layer, to generate a response check message with the trusted network entity, the response check message to determine whether response information is available on the non-trusted network entity in response to the request message, and to cause the response check message to be transmitted from the trusted network entity to the non-trusted network entity through a unidirectional flow of traffic from the first security layer to the second security layer to determine whether the response information is stored in a conceptual mailbox on the non-trusted network entity.
- View Dependent Claims (46, 47, 48, 49, 50, 51, 52)
- - 46. The system of claim 45 wherein the trusted network entity is part of a first virtual network and the non-trusted network entity is part of a second virtual network.
  - 47. The system of claim 45 wherein the trusted network entity comprises a management server.
  - 48. The system of claim 47 wherein the non-trusted network entity comprises a compute layer server.
  - 49. The system of claim 45 wherein the trusted network entity is part of a first virtual private network (VPN), the non-trusted network entity is part of a second VPN, and the firewall is configured to communicate with both the first VPN and the second VPN.
  - 50. The system of claim 45 wherein the trusted network entity is part of a first virtual local area network (VLAN), the non-trusted network entity is part of a second VLAN, and the firewall is configured to communicate with both the first VLAN and the second VLAN.
  - 51. The system of claim 45 wherein the trusted network entity is a management server within an on demand services environment and the non-trusted network entity is a content server within the on demand services environment.
  - 52. The system of claim 51 wherein the on demand services environment comprises a multi-tenant database environment.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Salesforce.com, Inc.
Original Assignee
Salesforce.com, Inc.
Inventors
Fry, Benjamin, Kral, Timothy, Chen, Simon, Falko, Andrey

Granted Patent

US 10,182,075 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

H04L 63/0209   Architectural arrangements,...

H04L 63/0227   Filtering policies mail mes...

H04L 63/0272   Virtual private networks

H04L 63/105   Multiple levels of security

H04L 63/20   for managing network securi...

SYSTEMS AND METHODS FOR UTILIZING UNI-DIRECTIONAL INTER-HOST COMMUNICATION IN AN AIR GAP ENVIRONMENT

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

5 Citations

52 Claims

Specification

Solutions

Use Cases

Quick Links

SYSTEMS AND METHODS FOR UTILIZING UNI-DIRECTIONAL INTER-HOST COMMUNICATION IN AN AIR GAP ENVIRONMENT

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

5 Citations

52 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links