GB2540381A - System and method for unidirectional and secure file transfer - Google Patents

System and method for unidirectional and secure file transfer Download PDF

Info

Publication number
GB2540381A
GB2540381A GB1512324.3A GB201512324A GB2540381A GB 2540381 A GB2540381 A GB 2540381A GB 201512324 A GB201512324 A GB 201512324A GB 2540381 A GB2540381 A GB 2540381A
Authority
GB
United Kingdom
Prior art keywords
data
unidirectional
data transfer
application processor
secure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
GB1512324.3A
Other versions
GB201512324D0 (en
Inventor
Bar-Lev Doron
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Cyberoptics Ltd
Original Assignee
Cyberoptics Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Cyberoptics Ltd filed Critical Cyberoptics Ltd
Priority to GB1512324.3A priority Critical patent/GB2540381A/en
Publication of GB201512324D0 publication Critical patent/GB201512324D0/en
Publication of GB2540381A publication Critical patent/GB2540381A/en
Withdrawn legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/606Protecting data by securing the transmission between two devices or processes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/105Multiple levels of security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/56Provisioning of proxy services
    • H04L67/565Conversion or adaptation of application format or content
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/60Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources
    • H04L67/61Scheduling or organising the servicing of application requests, e.g. requests for application data transmissions using the analysis and optimisation of the required network resources taking into account QoS or priority requirements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/60Context-dependent security
    • H04W12/69Identity-dependent
    • H04W12/77Graphical identity

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computing Systems (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)

Abstract

Data is loaded into a queue and a data list generated by transmitter application processor 102a. The list is periodically displayed 104 by transmitter according to synchronization master clock. An image of the display is captured by first image capturing device 106a, e.g. a camera. The display and image capturing device are separated by air gap 108a. From the data list, a list of a set of data to be transferred is prioritised and synchronization tags associated with the list generated. The data transfer list is forwarded to the transmitter processor via an auxiliary, arbitrary unidirectional channel by control processor 102b associated with the image capturing device. Images of the data to be transferred are generated by the transmitter application and displayed according to the tags. Shutter 110 is activated, configured by the control processor according to the tags, to enable an image transfer channel between the display and second image capturing device 106b. Graphical data is captured, according to the master clock, by the second image capturing device. The display and second image capturing device are separated by second air gap 108b. The graphical data is converted into a required format and sent securely to an end user.

Description

SYSTEM AND METHOD FOR UNIDIRECTIONAL AND SECURE FILE TRANSFER FIELD OF THE INVENTION
The present invention relates to systems and methods for a computer for unidirectional and secure file transfer in computer and communications networks and systems incorporating the same.
BACKGROUND OF THE INVENTION
Protection of a computer or data network from undesired and unauthorized data disclosure, interception or alteration has been a perennial concern in the field of computer and network security. For example, firewall and anti-spyware software have been developed to address security concerns for computers and networks connected to the Internet and to protect them from possible cyber-attacks such as Trojan horse-type viruses or worms that may trigger undesired and unauthorized data disclosure by these computers and networks. However, for high security computer networks such as those used by commercial, governmental and industrial applications, conventional network security devices such as firewalls may not provide sufficiently reliable protection from undesired data disclosure.
Alternative network security methods and devices based on unidirectional data transfer have been devised to address the network security concern. For example, U.S. Pat. No. 5,703,562 to Nilsen (“the '562 patent”), the content of which is hereby incorporated by reference in its entirety, provides an alternative way to address the network security concern. The '562 patent discloses a method of transferring data from an unsecured computer to a secured computer over a one-way optical data link comprising an optical transmitter on the sending side and an optical receiver on the receiving side. By providing such an inherently unidirectional data link to a computer/data network to be protected, one can eliminate any possibility of unintended data leakage out of the computer/data network over the same link.
Any data link that strictly enforces the unidirectionality of data flow is called one-way link or one-way data link. In other words, it is physically impossible to send information or data of any kind through a one-way data link in the reverse direction. One-way data link may be hardware-based, software-based, or based on some combination of hardware and software.
One-way data transfer systems based on such one-way data links provide network security to data networks by isolating the networks from potential security breaches (i.e., undesired and unauthorized data flow out of the secure network) while still allowing them to import data from the external source in a controlled fashion. One-way data transfer systems based on a one-way data link are designed to transfer data or information in only one direction, making it physically impossible to transfer any kind of data, such as handshaking protocols, error messages, or busy signals, in the reverse direction. Such physically imposed unidirectionality in data flow cannot be hacked by a programmer, as is often done with firewalls, where unidirectional rules are software-protected (e.g., password authentication, etc.). Accordingly, the one-way data transfer system based on a one-way data link ensures that data residing on the isolated destination secure computer or network is maximally protected from any undesired and unauthorized disclosure. Alternatively, the source network is isolated from any malware contained in the destination network.
High resilience networks frequently have requirements for exchange of information with networks of low assurance, including networks of unknown threat level such as the public Internet. Traditionally, the approach to solving this problem is an air-gap between the two domains, with information exchanged between them on an external drive. However this approach is both time-consuming and potentially risky.
There are innumerable, unsecure or low security systems with which security conscious networks must communicate, such as the news, weather, electronic library, route planning, and other public information networks.
There is therefore a requirement to transfer information between such low classification systems to higher classification systems that require higher assurance and a greater degree of resilience. In such a context, public Internet-connected systems are inevitably considered a high threat. Strict controls must be placed at the boundaries between these systems to prevent both the introduction of malicious content from the low system into the high system and the leakage of high data to the low system. Lower assurance arises due to the higher (or unknown) threat level, and in general is likely to lead to lower levels of resilience in applications.
Historically, the security separation problem has been solved by total electronic separation between the low and high networks. Such separation is sometimes referred to as an “air gap”. But experience has shown that a genuine air gap is not always practical, since the low classification information may have high value in the high system—for example, weather data, news, collaborative planning information between organizations, and information from public agencies. U.S. Pat. No. 8875273 to Phillip John Sobolewski et al. discloses a method for achieving code domain isolation. A first set of data is received in a first domain format. The first set of data is changed to a second domain format. The first set of data in the second domain format is captured. The first set of data in the second domain format is changed to a third domain format. The first set of data in the third domain format is prepared for receipt by a user computer system. Said method employs bidirectional data transfer channel, lacking a centralized independent control configuration of data monitoring, validation and authorization of the secure communication channel between the network and the device. Additionally, said method employs overlaying a graphical data with a hypertext markup language image map, used in web-based system environments. U.S. Pat. No. 5,940,591, entitled “APPARATUS AND METHOD FOR PROVIDING NETWORK SECURITY,” discloses a method of performing security functions on a non-secure network. The method uses a multi-level secure network architecture to support services to many domains from one, offering communications services (video, audio, others) over a trusted security protocol, which exists at the security perimeter created by the secure network interface units. The guard is a session manager to an external set of networks. This method requires the selection of portions that do not require the same level of trust. Although the system checks access control, individual files are not verified for malicious code. U.S. Pat. No. 6,584,508, entitled “ADVANCED DATA GUARD HAVING INDEPENDENTLY WRAPPED COMPONENTS,” discloses a method of increasing the security of a data guard. The data guard is configurable, for items such as HTTP traffic, SMTP traffic, etc. A set of proxy servers sits between an “internal” network and an “external” network and examines traffic. The first proxy server communicates with the internal computer network, and the second proxy server communicates with the external network. Protocol specific operations are converted to protocol independent data. Administrators define security policies that affect the information going between the proxy servers, deciding which information to pass. The system uses two-way communications that provide an adversary with information regarding the security protocols used. U S. Pat. No. 6,826,694, entitled “HIGH RESOLUTION ACCESS CONTROL,” discloses a method for performing security functions at a firewall. After a packet is received at a firewall, the header is checked. A rule specific to the header information is applied to analyze the content of the packet at the firewall. Changing the packet header to a benign file type is relatively simple. Malicious code may then pass through the firewall.
The above described protections against malware affection, either apply conventional scanning and pattern matching techniques to detect viruses, lack security, flexibility and robustness coupled with efficient file-directed management or directed to web surfing as a practice by businesses in order to conduct their daily business and not as an internal secure file application within commercial and/or industrial organizations.
Therefore, there is a long felt and unmet need for a system and method that overcomes the problems associated with the prior art. The present system and method provide a real time unidirectional secure communication file transfer channel in computer and communications networks and systems, facilitating a fully integrated unidirectional protocol that copes with synchronization and file buildup issues, employing transfer of raw images, while limiting data to its inherent minimal amount for end-user usage and buildup of the files from the images captured in the secure network. Thus, the present invention also discloses a solution where malicious content can be prevented with no defined characterization of the type of the malware.
SUMMARY
The present invention provides a method for unidirectional and secure data transfer, comprising steps of: loading a set of data into a data transfer queue and generating a data list by a first transmitter application processor; displaying said data list periodically according to a synchronization master clock by a display associated with said first transmitter application processor; capturing an image of said display for displaying said data list by said first image capturing device; separating said display and said first image capturing device by a first air gap; automatically and/or manually prioritizing set of data to be transferred from said data list, generating synchronization tags associated with said data list and forwarding said data to be transferred list to said first transmitter application processor via an auxiliary arbitrary unidirectional channel by said second control processor associated with said first image capturing device; generating images of said data to be transferred and displaying said images according to said synchronization tags by first transmitter application; activating a shutter configured by said second control processor according to the preset synchronization tags to enable the image transfer channel between said display and a second image capturing device; capturing said graphical data according to said synchronization master clock by said second image capturing device; separating said display and said second image capturing device by a second air gap and said shutter; and converting said graphical data into a required format data and sending said required format data over to a secure network end user by a third receiver processor associated with said second image capturing device.
It is another object of the current invention to disclose a method for unidirectional and secure data transfer, comprising the steps of: loading a set of data into a data transfer queue and generating a data list by a first transmitter application processor; automatically and/or manually prioritizing said set of data to be transferred auxiliary arbitrary by said first application processor; generating images of said data to be transferred by said first application processor ; displaying said data sequentially and periodically by a display associated with said first transmitter application processor; capturing an image of said display for displaying said data list by said image capturing device; separating said display and said image capturing device by an air gap; and ad hoc converting said graphical data into a required format data and sending said required format data over to a secure network end user by a second receiver processor associated with said image capturing device.
It is another object of the current invention to disclose a method for controlling unidirectional and secure data transfer, comprising the steps of: synchronizing unidirectional and secure data transfer channel between a first application processor and a third receiver processor by a second control processor; generating at least one set of transfer rules applicable to a data list by said second control processor; enabling unidirectional and secure data transfer channel and communication between said first application processor and said third receiver processor independently by said second control processor; generating at least one set of timing and prioritizing rules applicable to said data list for timed and secure data transfer; monitoring, validating and authenticating said unidirectional and secure data transfer channel between said first application processor and said third receiver processor by said second control processor; and if secure communication is compromised, collapsing said unidirectional and secure data transfer channel between a first application processor and a third receiver processor by a second control processor.
It is another object of the current invention to disclose means for loading a set of data into a data transfer queue and generating a data list by a first transmitter application processor; means for displaying said data list periodically according to a synchronization master clock by a display associated with said first transmitter application processor; means for capturing an image of said display for displaying said data list by a first image capturing device; means for separating said display and said first image capturing device by a first air gap; means for automatically and/or manually prioritizing said set of data to be transferred from said data list, generating synchronization tags associated with said data list and forwarding said data to be transferred list to said first transmitter application processor via an auxiliary arbitrary unidirectional channel by a second control processor associated with said first image capturing device; means for generating images of said data to be transferred by said first transmitter application and displaying said images according to said synchronization tags in said display; means for activating a shutter configured by said second control processor according to the preset synchronization tags to enable the image transfer channel between said display and a second image capturing device; means for capturing a graphical data according to said synchronization master clock by said second image capturing device; means for separating said display and said second image capturing device by a second air gap and said shutter; and means for converting said graphical data into a required format data and sending said required format data over to a secure network end user by a third receiver processor associated with a second image capturing device.
BRIEF DESCRIPTION OF THE FIGURES
In the following detailed description of the preferred embodiments, reference is made to the accompanying drawings that form a part thereof, and in which are shown by way of illustration specific embodiments in which the invention may be practiced. It is understood that other embodiments may be utilized and structural changes may be made without departing from the scope of the present invention. The present invention may be practiced according to the claims without some or all of these specific details. For the purpose of clarity, technical material that is known in the technical fields related to the invention has not been described in detail so that the present invention is not unnecessarily obscured. FIG. 1 schematically presents a system environment operating with the second control processor according to the present invention; FIG. 2 is a flow diagram illustrating a method for unidirectional and secure file transfer in computer and communications networks and systems incorporating the same; FIG. 3 schematically presents a system environment operating without the second control processor according to the present invention; FIG. 4 is a flow diagram illustrating a method for unidirectional and secure file transfer in computer and communications networks and systems incorporating the same operating without the second control processor. FIG. 5 is a flow diagram presenting a method for independently controlling unidirectional and secure data transfer.
DETAILED DESCRIPTION OF THE INVENTION
In the following detailed description of the preferred embodiments, reference is made to the accompanying drawings that form a part hereof, and in which are shown by way of illustration specific embodiments in which the invention may be practiced. It is understood that other embodiments may be utilized and structural changes may be made without departing from the scope of the present invention. The present invention may be practiced according to the claims without some or all of these specific details. For the purpose of clarity, technical material that is known in the technical fields related to the invention has not been described in detail so that the present invention is not unnecessarily obscured.
Reference throughout this specification to “one embodiment” or “an embodiment” means that a particular feature, structure, or characteristic described in connection with the embodiment is included in at least one embodiment of the present invention. Thus, the appearances of the phrases “in one embodiment” or “in an embodiment” in various places throughout this specification are not necessarily all referring to the same embodiment. Furthermore, the particular features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
As used herein, the term “data” refers to any distinct transferred file and/or document information that is formatted in any format, e.g. documents, presentations, tables, video, audio and any combinations thereof. Data can be used in a variety of forms, like text on paper or bytes stored in electronic memory.
As used herein, the term “synchronization” refers to any synchronization of processes, and/or synchronization of data based on an external master clock and/or on internal manually aligned clocks that can be refined in every step of the file/data transfer.
As used herein, the term “tag” refers to any command inserted in a document that specifies how the document, or a portion of the document, should be formatted or identified, for example the tag can include image and/or page number, file number, date and any combinations thereof.
As used herein, the term “data list” refers to any files list which is periodically displayed by the first transmitter application processor, and is a graphical representation of general information about the files and/or data (names, type, number of pages, date and any combinations thereof). It does not contain the file data ("one or more images per page"). It may be represented as a single image. The data list is configurable to build a data list in the second control unit, upon which the automatic selection rules can work/from which the user may select the files to be transferred. Reference is made to FIG. 1, presenting a schematic and generalized presentation of the present invention environment operating with the second control processor where said system 10 comprising: a first transmitter application processor 102 a, said processor is configured to load a set of data into a data transfer queue and generate a data list; a display 104 associated with said first transmitter application processor for displaying said data list periodically according to a synchronization master clock; a first image capturing device 106 a for capturing an image of said display for displaying said data list; a first air gap 108 a for separating said display 104 and said first image capturing device 106 a; a second control processor 102 b associated with said first image capturing device, said processor is configured to automatically and/or manually prioritize a set of data to be transferred from said data list, generate synchronization tags associated with said data list and forward said data to be transferred list to said first transmitter application processor via an auxiliary arbitrary unidirectional channel, said second control processor is configured to facilitate the display as both security and integrity rules; a third receiver application processor 102 c associated with a second image capturing device 106 b, a shutter 110 controlled by said second control processor, wherein said second image capturing device 106 b is configured to capture a graphical data according to said synchronization master clock when the shutter 110 is activated by the said second control processor and the first transmitter application sends files to be transferred images according to the said synchronization tags, following, said third receiver application converts said graphical data into a required format data and sends said required format data over to a secure network end user; and a second air gap 108 b for separating said display 104 and said second image capturing device 106 b. In the current embodiment, the shutter 110 is configured to apply a security rule applied by the said second control processor, to enable the link between the said first transmitter processor 102 a and said third receiver application processor 102 c to limited and/or predefined and/or controlled periods.
Reference is now made to FIG. 2, presenting a flow diagram illustrating a method for unidirectional and secure file transfer in computer and communications networks and systems incorporating the same 20. Said method comprises, for a number of repetitions, steps of providing a system for unidirectional and secure data transfer 10, the method comprising steps of: loading a set of data into a data transfer queue and generating a data list by a first transmitter application processor 202; displaying said data list periodically according to a synchronization master clock by a display associated with said first transmitter application processor 204; capturing an image of said display for displaying said data list by a first image capturing device 206; separating said display and said first image capturing device by a first air gap 208; automatically and/or manually prioritizing a set of data to be transferred from said data list, generating synchronization tags associated with said data list and forwarding said data transfer list to said first transmitter application processor via an auxiliary arbitrary unidirectional channel by a second control processor associated with said first image capturing device 210; generating images of the data to be transferred and display them according to the synchronization tags by first transmitter application and said display 212; open said shutter by second control processor according to the synchronization tags by said second control processor 214; capturing a graphical data according to said synchronization master clock, converting said graphical data into a required format data and sending said required format data over to a secure network end user by a third receiver application processor associated with a second image capturing device 216; separating said display and said second image capturing device by a second air gap 218; capturing said image/s of the display by said first image capturing device and second control processor for monitoring and data transfer validation 220; closing said shutter according to the communication end tag by said second control processor 222; clearing the data transfer queue from the transferred files by first transmitter application 224; and creating monitoring logs in said processors 226. Alternatively, the shutter can be omitted and/or controlled by the first processor and/or controlled by the third processor.
Reference is now made to FIG. 3, presenting a schematic and generalized presentation of the present invention environment operating without the second control processor where said system 30 comprising: a first transmitter application processor 302 a, said processor is configured to load a set of data into a data transfer queue and generate images to be displayed; a display 304 associated with said first transmitter application processor; an image capturing device 306 for capturing an image of said display; an air gap 308 for separating said display 304 and said image capturing device 306; a second receiver application processor 302 c associated with said image capturing device 306; and a shutter 310 associated with said second receiver processor. In the present embodiment, said data to be transferred list/selection is managed in the transmitter application processor 302 a and/or by the end user 302 b, the first processor is operable to display said data as images ("one or more images per page") periodically. The shutter 310 is controlled separately by the second receiver application processor 302 c. The second processor 302 c is configured to open the shutter independently of first transmitter application processor while the image capture device 306 that is connected to it captures the images and the second processor builds up the files. Alternatively, the shutter 310 can be controlled by the first processor 302a. The shutter 310 is configured to apply a security rule, to enable the link between a first transmitter application processor 302 a and second receiver application processor 302 c to limited and/or predefined and/or controlled periods. The files transfer queue is cleared according to a predefined automatic rules and/or manual selection by the user.
Reference is now made to FIG. 4, presenting a flow diagram illustrating a method for unidirectional and secure file transfer in computer and communications networks and systems incorporating the same operating without the second control processor 40. Said method comprises, for a number of repetitions, steps of providing a system for unidirectional and secure data transfer 30, the method comprising steps of: managing list/selection of files to be transferred in the first transmitter application processor and/or by the end user 402; displaying said data as images ("one or more images per page") periodically by the first transmitter application processor 404; controlling a shutter separately by the second receiver application processor 406; opening the shutter while the image capture device that is connected to it captures the images and building up the files according to the tags that each image includes by the second receiver application processor, as were introduced to the images by the first processor 408; applying a security rule, to enable the link between a first transmitter application processor and second receiver application processor to limited and/or predefined and/or controlled periods 410; clearing the files transfer queue according to a predefined automatic rules and/or manual selection by the user 412; creating data transfer logs by said processors 414.
Reference is now made to FIG. 5, presenting a flow diagram illustrating a method for controlling unidirectional and secure data transfer in computer and communications networks and systems incorporating the same 50. Said method comprises, for a number of repetitions, steps of providing a system for unidirectional and secure data transfer, the method comprising steps of: synchronizing unidirectional and secure data transfer channel between a first application processor and a third receiver processor by a second control processor 502; generating at least one set of transfer rules applicable to a data list by said second control processor 504; enabling unidirectional and secure data transfer channel and communication between said first application processor and said third receiver processor independently by said second control processor 506; generating at least one set of timing and prioritizing rules applicable to said data list for timed and secure data transfer 508; monitoring, validating and authenticating said unidirectional and secure data transfer channel between said first application processor and said third receiver processor by said second control processor 510; and if secure communication is compromised, collapsing said unidirectional and secure data transfer channel between said first application processor and said third receiver processor by said second control processor 512.

Claims (28)

CLAIMS What is claimed is:
1. A method for unidirectional and secure data transfer, comprising the steps of: a. loading a set of data into a data transfer queue and generating a data list by a first transmitter application processor; b. displaying said data list periodically according to a synchronization master clock by a display associated with said first transmitter application processor; c. capturing an image of said display for displaying said data list by a first image capturing device; d. separating said display and said first image capturing device by a first air gap; e. automatically and/or manually prioritizing a set of data to be transferred from said data list, generating synchronization tags associated with said data list and forwarding said data transfer list to said first transmitter application processor via an auxiliary arbitrary unidirectional channel by said first application processor associated with said first image capturing device; f. generating images of said data to be transferred by said first transmitter application processor and displaying said images according to said synchronization tags by said display; g. capturing a graphical data according to said synchronization master clock by a second image capturing device; h. converting said graphical data into a required format data and sending said required format data over to a secure network end user by a third receiver processor associated with said second image capturing device; and i. separating said display and said second image capturing device by a second air gap.
2. The method for unidirectional and secure data transfer of claim 1, wherein said method further comprises a step of opening a shutter based on predefined communication initialization timing by said second control processor.
3. The method for unidirectional and secure data transfer of claim 2, wherein said method further comprises a step of closing said shutter according to a communication end tag by said second control processor.
4. The method for unidirectional and secure data transfer of claim 1, wherein said method further comprises a step of receiving said data to be transferred list and generating correlated graphical data, said data comprising data validation information by said first transmitter application processor.
5. The method for unidirectional and secure data transfer of claim 1, wherein said method further comprises a step of said displaying said graphical data associated with said synchronization tags via said second air gap for separating said display and said third receiver application processor by second control processor.
6. The method for unidirectional and secure data transfer of claim 1, wherein said method further comprises a step of clearing a data transfer queue by said first transmitter application processor.
7. The method for unidirectional and secure data transfer of claim 1, wherein said method further comprises a step of monitoring communication via said first image capturing device by said second control processor.
8. The method for unidirectional and secure data transfer of claim 7, wherein said method further comprises a step of collapsing said unidirectional and secure data transfer channel between said first application processor and said third receiver application processor by a second control processor, if secure communication is compromised.
9. The method for unidirectional and secure data transfer of claim 7, wherein said method further comprises a step of generating a first data transfer log file report for an operator based on communication monitoring via said first image capturing device by said second control processor.
10. The method for unidirectional and secure data transfer of claim 1, wherein said method further comprises a step of generating a data transfer log file report for said secure network end user by said third receiver application processor associated with said second image capturing device.
11. The method for unidirectional and secure data transfer of claim 1, wherein said method further comprises a step of generating a data transfer log file report for said secure network end user by said first transmitter application processor associated.
12. The method for unidirectional and secure data transfer of claim 7, wherein said method further comprises a step of performing data validation and authentication of said data transfer based on the data to be transferred list and synchronization tags by said second control processor.
13. The method for unidirectional and secure data transfer of claim 1, wherein said method further comprises a step of identifying said open shutter before receiving said graphical data by said third receiver application processor associated with said second image capturing device.
14. The method for unidirectional and secure data transfer of claim 1, wherein said method further comprises a step of transforming said graphical data via a file buildup module by said third control processor associated with said second image capturing device.
15. The method for unidirectional and secure data transfer of claim 4, wherein said step does not include overlaying said graphical data with a hypertext markup language image map.
16. A method for unidirectional and secure data transfer, comprising the steps of: a. loading a set of data into a data transfer queue and generating a data list by a first transmitter application processor; b. automatically and/or manually prioritizing a set of data to be transferred auxiliary arbitrary from said data list by said first application processor; c. generating images of said data to be transferred by said first transmitter application processor;; d. displaying said data sequentially and periodically by a display associated with said first transmitter application processor; e. capturing an image of said display for displaying said data to be transferred by said image capturing device; f. separating said display and said image capturing device by an air gap; and g. ad hoc converting said graphical data into a required format data and sending said required format data over to a secure network end user by a second receiver processor associated with said image capturing device.
17. The method for unidirectional and secure data transfer of claim 16, wherein said method further comprises a step of receiving said data to be transferred list and generating correlated graphical data, said data comprising data validation information by said first transmitter application processor.
18. The method for unidirectional and secure data transfer of claim 17, wherein said method further comprises a step of displaying, via said display associated with said first transmitter application processor, said graphical data by said first transmitter application processor.
19. The method for unidirectional and secure data transfer of claim 16, wherein said method further comprises a step of clearing a data transfer queue according to a file termination rule/operator selection by said first transmitter application processor.
20. The method for unidirectional and secure data transfer of claim 16, wherein said method further comprises a step of monitoring communication via said image capturing device by said second receiver processor.
21. The method for unidirectional and secure data transfer of claim 16, wherein said method further comprises a step of generating a data transfer log file report for an operator based on communication monitoring via said image capturing device by said second receiver application processor.
22. The method for unidirectional and secure data transfer of claim 17, wherein said method further comprises a step of performing data monitoring, validation and authentication of said data transfer based on said data to be transferred list and correlated graphical data by said second receiver processor.
23. The method for unidirectional and secure data transfer of claim 22, wherein said method further comprises a step of collapsing said unidirectional and secure data transfer channel between said first application processor and said second receiver application processor by a second receiver application processor if secure communication is compromised;
24. The method for unidirectional and secure data transfer of claim 16, wherein said method further comprises a step of opening a shutter independently of said first transmitter application processor, based on predefined communication initialization rules by said second receiver application processor.
25. The method for unidirectional and secure data transfer of claim 24, wherein said method further comprises a step of closing said shutter according to a communication end tag by said second receiver application processor.
26. The method for unidirectional and secure data transfer of claim 17, wherein said step does not include overlaying said graphical data with a hypertext markup language image map.
27. A method for controlling unidirectional and secure data transfer, comprising the steps of: a. synchronizing unidirectional and secure data transfer channel between a first application processor and a third receiver processor by a second control processor; b. forming data to be transferred list by generating at least one set of transfer rules applicable to a data list by said second control processor; c. enabling unidirectional and secure data transfer channel and communication between said first application processor and said third receiver processor independently by said second control processor; d. generating at least one set of timing and prioritizing rules applicable to said data to be transferred list for timed and secure data transfer; e. monitoring, validating and authenticating said unidirectional and secure data transfer channel between said first application processor and said third receiver processor by said second control processor; and f. if secure communication is compromised, collapsing said unidirectional and secure data transfer channel between a first application processor and a third receiver processor by a second control processor.
28. A system for unidirectional and secure data transfer, said system comprising: a. means for loading a set of data into a data transfer queue and generating a data list by a first transmitter application processor; b. means for displaying said data list periodically according to a synchronization master clock by a display associated with said first transmitter application processor; c. means for capturing an image of said display for displaying said data list by said first image capturing device; d. means for separating said display and said first image capturing device by a first air gap; e. means for automatically and/or manually prioritizing a set of data to be transferred from said data list, generating synchronization tags associated with said data list and forwarding said data to be transferred list to said first transmitter application processor via an auxiliary arbitrary unidirectional channel by said second control processor associated with said first image capturing device; f. means for generating images of said data to be transferred and displaying said images according to said synchronization tags by first transmitter application processor; g. means for capturing a graphical data according to said synchronization master clock by a second image capturing device; h. means for separating said display and said second image capturing device by a second air gap. i. means for converting said graphical data into a required format data and sending said required format data over to a secure network end user by a third receiver processor associated with said second image capturing device; and j. means for enabling and collapsing the communication channel between first transmitter application processor and third receiver application processor by second control processor.
GB1512324.3A 2015-07-14 2015-07-14 System and method for unidirectional and secure file transfer Withdrawn GB2540381A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
GB1512324.3A GB2540381A (en) 2015-07-14 2015-07-14 System and method for unidirectional and secure file transfer

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
GB1512324.3A GB2540381A (en) 2015-07-14 2015-07-14 System and method for unidirectional and secure file transfer

Publications (2)

Publication Number Publication Date
GB201512324D0 GB201512324D0 (en) 2015-08-19
GB2540381A true GB2540381A (en) 2017-01-18

Family

ID=54013946

Family Applications (1)

Application Number Title Priority Date Filing Date
GB1512324.3A Withdrawn GB2540381A (en) 2015-07-14 2015-07-14 System and method for unidirectional and secure file transfer

Country Status (1)

Country Link
GB (1) GB2540381A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106973050A (en) * 2017-03-23 2017-07-21 山东中创软件商用中间件股份有限公司 A kind of method and device of inter-network lock information sharing
CN112073442A (en) * 2020-11-11 2020-12-11 杭州云嘉云计算有限公司 Data transmission method and monitoring system based on double one-way protocol mutual conversion channel

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202178780U (en) * 2011-08-31 2012-03-28 公安部第三研究所 Internal-and-external network safety isolation system based on one-way transmission
CN102831163A (en) * 2012-07-20 2012-12-19 江苏缨思贝睿物联网科技有限公司 Data transfer method and data transfer system
CN103684997A (en) * 2013-12-31 2014-03-26 厦门市美亚柏科信息股份有限公司 One-way instantaneous transmission method of complete physical isolation data and system for achieving same
CN104038739A (en) * 2014-06-05 2014-09-10 国家电网公司 Method and device for utilizing video scanning two-dimensional code to achieve unidirectional data transmission under network physical isolation state
US8875273B2 (en) * 2010-12-17 2014-10-28 Isolated Technologies, Inc. Code domain isolation

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8875273B2 (en) * 2010-12-17 2014-10-28 Isolated Technologies, Inc. Code domain isolation
CN202178780U (en) * 2011-08-31 2012-03-28 公安部第三研究所 Internal-and-external network safety isolation system based on one-way transmission
CN102831163A (en) * 2012-07-20 2012-12-19 江苏缨思贝睿物联网科技有限公司 Data transfer method and data transfer system
CN103684997A (en) * 2013-12-31 2014-03-26 厦门市美亚柏科信息股份有限公司 One-way instantaneous transmission method of complete physical isolation data and system for achieving same
CN104038739A (en) * 2014-06-05 2014-09-10 国家电网公司 Method and device for utilizing video scanning two-dimensional code to achieve unidirectional data transmission under network physical isolation state

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106973050A (en) * 2017-03-23 2017-07-21 山东中创软件商用中间件股份有限公司 A kind of method and device of inter-network lock information sharing
CN112073442A (en) * 2020-11-11 2020-12-11 杭州云嘉云计算有限公司 Data transmission method and monitoring system based on double one-way protocol mutual conversion channel

Also Published As

Publication number Publication date
GB201512324D0 (en) 2015-08-19

Similar Documents

Publication Publication Date Title
AU2021209277B2 (en) Efficient packet capture for cyber threat analysis
US11063909B1 (en) Methods and systems for efficient cyber protections of mobile devices
US7490353B2 (en) Data transfer security
US11316905B2 (en) Systems and methods for providing network security using a secure digital device
KR102136039B1 (en) Security in software defined network
US6351810B2 (en) Self-contained and secured access to remote servers
US7624444B2 (en) Method and apparatus for detecting intrusions on a computer system
CN112602301B (en) Method and system for efficient network protection
US20130145437A1 (en) Protection against malware on web resources utilizing scripts for content scanning
Müller et al. Sok: Exploiting network printers
US20240007437A1 (en) Cyber Protections of Remote Networks Via Selective Policy Enforcement at a Central Network
US8082583B1 (en) Delegation of content filtering services between a gateway and trusted clients in a computer network
US7774847B2 (en) Tracking computer infections
Anand et al. PARVP: Passively assessing risk of vulnerable passwords for HTTP authentication in networked cameras
GB2540381A (en) System and method for unidirectional and secure file transfer
WO2022226202A1 (en) Synthetic request injection to retrieve object metadata for cloud policy enforcement
US20110154468A1 (en) Methods, systems, and computer program products for access control services using a transparent firewall in conjunction with an authentication server
Khondoker et al. Addressing industry 4.0 security by software-defined networking
US11960944B2 (en) Interprocessor procedure calls
US11171919B1 (en) Web attack detecting and blocking system and method thereof
Wickes CCTV: an open door into enterprise and national infrastructure
Frank Securing Smart Homes with OpenFlow: Feasibility, Implementation, and Performance
WO2023154122A1 (en) Cyber protections of remote networks via selective policy enforcement at a central network
WO2022226198A1 (en) Synthetic request injection to generate metadata for cloud security enforcement
WO2022226210A1 (en) Synthetic request injection for cloud policy enforcement

Legal Events

Date Code Title Description
WAP Application withdrawn, taken to be withdrawn or refused ** after publication under section 16(1)