New! View global litigation for patent families

WO2000008562A1 - Data transfer - Google Patents

Data transfer

Info

Publication number
WO2000008562A1
WO2000008562A1 PCT/AU1999/000604 AU9900604W WO2000008562A1 WO 2000008562 A1 WO2000008562 A1 WO 2000008562A1 AU 9900604 W AU9900604 W AU 9900604W WO 2000008562 A1 WO2000008562 A1 WO 2000008562A1
Authority
WO
Grant status
Application
Patent type
Prior art keywords
data
computer
buffer
transfer
device
Prior art date
Application number
PCT/AU1999/000604
Other languages
French (fr)
Inventor
Charles Anthony Ashcroft
Colin Robert Law
Peter Mogg
Original Assignee
Compucat Research Pty. Ltd.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6209Protecting access to data via a platform, e.g. using keys or access control rules to a single file or object, e.g. in a secure envelope, encrypted and accessed using a key, or with access control rules appended to the object itself
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRICAL DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/70Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
    • G06F21/71Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
    • G06F21/72Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in cryptographic circuits

Abstract

A method of vetting a data transfer, said method including: transferring the data from an origin computer or computer network to a buffer; quarantining the buffer and vetting the data in the buffer; and releasing the data to a destination computer or computer network after the data has been vetted.

Description

"DATA TRANSFER"

TECHNICAL FIELD

This invention relates to a method and apparatus for data transfer.

BACKGROUND ART

It is often necessary to transfer data between otherwise segregated computers or computer networks. The transfer of data between computers or computer systems can present problems both in terms of security and hygiene . With classified computer systems it is important that there be a mechanism for preventing the inadvertent transfer of classified data to a non-classified computer system.

Further, with all computer systems there is a need to ensure that viruses and the like are not inadvertently introduced with other data during a data transfer.

DISCLOSURE OF INVENTION

The invention resides broadly in a methodology or apparatus which quarantines and vets data during a data transfer. The quarantined data is vetted for security and/or hygiene prior to release to the destination computer or computer network. Representative manners in which the invention may be claimed are as follows.

According to one aspect the invention resides in apparatus for vetting data during a data transfer from a first computer or computer network to a second computer or computer network, said apparatus including: - a buffer for receiving and quarantining data from the first computer or computer network; and means for vetting the data quarantined in the buffer prior to release of the data to the second computer or computer network.

In one preferred embodiment the buffer will only receive and quarantine data in the form of displayable characters from the first computer or computer network and the means for vetting includes an output device which displays the quarantined data to the user prior to release of the data to the second computer or computer network. Preferably, the data cannot be released to the second computer or computer network unless all the quarantined data has been displayed to the user by the output device. To ensure this, in one embodiment the output device includes a cursor which must be scrolled by the user through the entirety of the quarantined data prior to the data being released from the buffer to the second computer or computer network.

In another preferred embodiment the means for vetting includes hardware or software for vetting the quarantined data and, preferably, the hardware or software identifies and flags any non-displayable data in the buffer.

In another aspect the invention resides in a work station including :- an input device selectively connectable to one of two or more computers or computer networks ; a buffer for quarantining data during transfer from a first computer or computer network to a second computer or computer network; and means for vetting the quarantined data prior to release of the quarantined data to the second computer or computer network.

The preferred embodiment of the work station includes a switch. When the switch is in a first position, data from a first computer or computer system can be transferred to the buffer. When the switch is in a second position, the data in the buffer is quarantined and the data can be vetted. When the switch is in a third position, the vetted data can be released to a second computer or computer network. In a third aspect the invention resides in a method of vetting a data transfer, said method including: - transferring the data from the origin computer or computer network to a buffer; quarantining the buffer and vetting the data in the buffer; and releasing the data to the destination computer or computer network after the data has been vetted.

BRIEF DESCRIPTION OF DRAWINGS

Reference will now be made to the accompanying Figures which illustrate preferred embodiment (s) of the invention and in which: - FIG 1 is a schematic illustration of a first embodiment of a workstation; and

FIG 2 is a schematic illustration of a second embodiment of a workstation.

BEST MODE

With reference to FIG 1 there is schematically illustrated a first embodiment of a workstation according to the invention. The workstation includes an input device, an output device and a secure transfer buffer which are selectively connectable via switches to either computer A or computer B.

It will be understood that computer A and computer B may be individual computers or networks of computers.

The three switches are ganged together for synchronised movement and each switch has three positions. In practice, the user manipulates a single actuator which simultaneously actuates all three switches.

In FIG 1 the switch is shown in the intermediate position. It will be understood that when the switches are actuated to the left-most position, the input device, output device and secure transfer buffer are all connected to computer A. In this configuration, the user can manipulate and view data in computer A.

Similarly, when the switches are all actuated to the right-most position, the input device, output device and secure transfer buffer are all connected to computer B.

In this configuration, the user can manipulate and view data in computer B .

In the intermediate position illustrated in FIG 1, the input device is isolated, and the secure transfer buffer and output device are connected together but are isolated from both computer A and computer B.

Operation of this system is as follows and assumes that it is desired to transfer data from computer A to computer B.

The process starts with the switches in the leftmost position. As discussed, in this position the input device, output device and secure transfer buffer are all connected to computer A. The input device is used to select data from computer A and send the data to the secure transfer buffer.

Once the selected data has been transferred to the secure transfer buffer, the switch is moved to the intermediate position illustrated in FIG 1 in which the data in the secure transfer buffer is quarantined from the destination computer B.

Whilst the data is quarantined in the secure transfer buffer, it can be viewed via the output device or vetted by other means. In a preferred embodiment the secure transfer buffer is configured such that the quarantined data must be fully viewed before it can be released. One way of ensuring this occurs is to insist that a cursor under the control of the user must be scrolled through the entirety of the quarantined data before the data can be released to the destination computer.

In one embodiment, the secure transfer buffer is configured so that it can only receive displayable characters. Thus, it is ensured that the viewer of the output device is able to review all data quarantined in the secure transfer buffer. In other embodiments, this secure transfer buffer may be capable of receiving non- displayable characters in which case it will be necessary for hardware or software to screen the quarantined data to ensure that there is no hidden data, viruses or the like.

Once the quarantined data has been satisfactorily vetted either by software, hardware or by viewing on the part of the user, the switch can then be actuated to the right -most position at which the data can be released to the destination computer B. Once the data has been released by the buffer, the buffer is cleared. Again, it is emphasised that the data can only be released to computer B once the data has been vetted to an acceptable security and/or hygiene level .

It should also be noted that the act of switching causes a re-set or deletion of any data held in the input device or output device thereby ensuring that only data which has been quarantined and vetted can pass to computer B.

Referring now to FIG 2 there is shown a second embodiment which is largely identical to the first embodiment with the exception of the inclusion of a second output device which is dedicated to the secure transfer buffer.

Operation of this second embodiment is similar to the first embodiment however it will be explained again below to ensure clarity.

Again, it is assumed that it is desired to transfer data from computer A to computer B.

The process starts with all three switches in the left-most position in which input device, output device and secure transfer buffer are all connected to computer A.

Data to be transferred is sent from computer A to secure transfer buffer. The switch is then moved to the intermediate position in which the secure transfer buffer is quarantined from all devices except for its dedicated output device . The dedicated output device has some» means for scrolling through the data displayed on the output device.

As previously, in a preferred embodiment, the secure transfer buffer is only capable of receiving displayable characters from computer A. Thus, it can be ensured that all data in the secure transfer buffer can be viewed via the dedicated output device. Again, there may be some mechanism to ensure that the user views and vets all of the data which is quarantined in the secure transfer buffer. This may be done, for example, by insisting that a cursor be scrolled through the entirety of the data prior to release of the quarantine data being enabled.

It is again mentioned that, in other embodiments, vetting of the data quarantined in the secure transfer buffer may be conducted by hardware or software or the like rather than by viewing on the part of the user. In the embodiment shown in FIG 2, once the user is satisfied that the data quarantined in the secure transfer buffer has been scrutinised to an acceptable level, then the switch can be actuated to the right-most position in which the input device, output device and secure transfer buffer are all connected to computer B. The vetted data can then be released to computer B.

Once the data has been released by the buffer, the buffer and dedicated output device are cleared.

Again, it is mentioned that the act of switching causes a re-set or deletion of any data retained by the input device and non-dedicated output device, thereby ensuring that the only quarantined and vetted data can be released to the destination computer.

In conclusion, the invention provides a methodology and apparatus for transferring data between computers or computer networks in which the data is vetted prior to release to the destination computer or computer network. By this mechanism, both security and hygiene issues can be addressed.

In one embodiment, the vetting of the data is the responsibility of the user who is obliged to view the quarantine data prior to releasing the data to the destination system. In other arrangements, the vetting of the data could be done by hardware or software. However, in either case, the data cannot be released to the destination system until it has been vetted.

Furthermore, the system is designed such that data cannot pass by any other channel to the destination system thereby ensuring that only vetted data is released to the destination system.

It will, of course, be realised that the above has been given by way of illustrative example (s) of the invention. Any variations, modifications, or omissions, as would be apparent to persons skilled in the art, are deemed to fall within the broad scope of this invention.

Claims

THE CLAIMS DEFINING THE INVENTION ARE AS FOLLOWS : -
1. Apparatus for vetting data during a data transfer from a first computer or computer network to a second computer or computer network, said apparatus including :- a buffer for receiving and quarantining data from the first computer or computer network; and means for vetting the data quarantined in the buffer prior to release of the data to the second computer or computer network.
2. Apparatus as claimed in claim 1, wherein the buffer will only receive and quarantine data in the form of displayable characters from the first computer or computer network and wherein the means for vetting includes an output device which displays the quarantined data to the user prior to release of the data to the second computer or computer network.
3. Apparatus as claimed in claim 2, wherein the quarantined data cannot be released to the second computer or computer network unless all the quarantined data has been displayed to the user by the output device.
4. Apparatus as claimed in claim 3, wherein the output device includes a cursor which must be scrolled by the user through the entirety of the quarantined data prior to the data being released from the buffer to the second computer or computer network.
5. Apparatus as claimed in claim 1, wherein the means for vetting includes hardware or software for vetting the quarantined data.
6. Apparatus as claimed in claim 5, wherein the hardware or software identifies and flags any non-displayable data in the buffer.
7. A work station including :- an input device selectively connectable to one of two or more computers or computer networks ; a buffer for quarantining data during transfer from a first computer or computer network to a second computer or computer network; and means for vetting the quarantined data prior to release of the quarantined data to the second computer or computer network.
8. A work station as claimed in claim 7 and further including a switch, wherein when the switch is in a first position data from a first computer or computer system can be transferred to the buffer, when the switch is in a second position the data in the buffer is quarantined and the data can be vetted, and when the switch is in a third position the data can be released to a second computer or computer network.
9. A method of vetting a data transfer, said method including : - transferring the data from a origin computer or computer network to a buffer; quarantining the buffer and vetting the data in the buffer; and releasing the data to a destination computer or computer network after the data has been vetted.
10. A method as claimed in claim 9, wherein the buffer is only capable of receiving and quarantining data in the form of displayable characters and the vetting process involves displaying the quarantined data to the user.
11. A method as claimed in claim 10, wherein all of the data quarantined in the buffer must be displayed to the user before the data can be released to the destination computer or computer network.
PCT/AU1999/000604 1998-08-07 1999-07-27 Data transfer WO2000008562A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
AUPP514198 1998-08-07
AUPP5141 1998-08-07

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
EP19990932563 EP1151381A1 (en) 1998-08-07 1999-07-27 Data transfer
CA 2339373 CA2339373A1 (en) 1998-08-07 1999-07-27 Data transfer

Publications (1)

Publication Number Publication Date
WO2000008562A1 true true WO2000008562A1 (en) 2000-02-17

Family

ID=3809373

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/AU1999/000604 WO2000008562A1 (en) 1998-08-07 1999-07-27 Data transfer

Country Status (3)

Country Link
EP (1) EP1151381A1 (en)
CA (1) CA2339373A1 (en)
WO (1) WO2000008562A1 (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2428911A3 (en) * 2010-09-09 2013-03-06 Honeywell International, Inc. High assurance authorization device

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5319776A (en) * 1990-04-19 1994-06-07 Hilgraeve Corporation In transit detection of computer virus with safeguard
WO1995033237A1 (en) * 1994-06-01 1995-12-07 Quantum Leap Innovations Inc. Computer virus trap
JPH10307776A (en) * 1997-05-06 1998-11-17 Nec Niigata Ltd Computer virus reception monitor device and its system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5319776A (en) * 1990-04-19 1994-06-07 Hilgraeve Corporation In transit detection of computer virus with safeguard
WO1995033237A1 (en) * 1994-06-01 1995-12-07 Quantum Leap Innovations Inc. Computer virus trap
JPH10307776A (en) * 1997-05-06 1998-11-17 Nec Niigata Ltd Computer virus reception monitor device and its system

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
EP2428911A3 (en) * 2010-09-09 2013-03-06 Honeywell International, Inc. High assurance authorization device
US9426652B2 (en) 2010-09-09 2016-08-23 Joseph Nutaro High assurance authorization device

Also Published As

Publication number Publication date Type
CA2339373A1 (en) 2000-02-17 application
EP1151381A1 (en) 2001-11-07 application

Similar Documents

Publication Publication Date Title
US5689637A (en) Console simulator, multi-console management system and console management distribution system
US6842795B2 (en) Methods and apparatus for shifting focus between multiple devices
US6799197B1 (en) Secure method and system for using a public network or email to administer to software on a plurality of client computers
US6108709A (en) System for sending an e-mail message to a first type of terminal based upon content thereof and selected conditions and selectively forwarding it to a second type of terminal
US20050024345A1 (en) Data Processing
US6148328A (en) Method and system for signaling presence of users in a networked environment
US20040181579A1 (en) Control unit operations in a real-time collaboration server
US6064554A (en) Overcurrent protection circuit and method for universal serial bus hub unit
EP1022664B1 (en) Method and system for sharing between browsers
US6574095B2 (en) Input device having keyboard and touch pad
US20030227423A1 (en) Multi-display control system and image display apparatus
US4525779A (en) Conversational video system
US20050141715A1 (en) Method and apparatus for scheduling the processing of commands for execution by cryptographic algorithm cores in a programmable network processor
US6438605B1 (en) Communication equipment, communication route selection method, and computer program product in memory for selecting a communication route
US5319632A (en) Transmission network in which a communication path is automatically restored in accordance with occurrence of a failure in a distributed way
US7143092B1 (en) Data synchronization system and method of operation
US6839403B1 (en) Generation and distribution of annotation overlays of digital X-ray images for security systems
US20040098621A1 (en) System and method for selectively isolating a computer from a computer network
US20020091969A1 (en) Computer-based switch for testing network servers
US5694541A (en) System console terminal for fault tolerant computer system
US6108787A (en) Method and means for interconnecting different security level networks
US5117225A (en) Computer display screen monitoring system
US6625117B1 (en) Method and apparatus for switching messages from a primary message channel to a secondary message channel in a message queuing system
US20030028827A1 (en) Method and apparatus for monitoring a computing device
JP2003534685A (en) Keyboard video mouse switching system by the network

Legal Events

Date Code Title Description
AK Designated states

Kind code of ref document: A1

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG US UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A1

Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
121 Ep: the epo has been informed by wipo that ep was designated in this application
WWE Wipo information: entry into national phase

Ref document number: 1999932563

Country of ref document: EP

ENP Entry into the national phase in:

Ref country code: CA

Ref document number: 2339373

Kind code of ref document: A

Format of ref document f/p: F

Ref document number: 2339373

Country of ref document: CA

WWE Wipo information: entry into national phase

Ref document number: 48909/99

Country of ref document: AU

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWE Wipo information: entry into national phase

Ref document number: 09744187

Country of ref document: US

WWP Wipo information: published in national office

Ref document number: 1999932563

Country of ref document: EP

WWW Wipo information: withdrawn in national office

Ref document number: 1999932563

Country of ref document: EP