Abstract: A secure one-way network gateway for transmitting data from a source network to a destination network is disclosed. An input circuit is for coupling to a source network and an output circuit is for coupling to an output network. A memory stores configuration data. Either a single field-programmable device or a pair of field-programmable devices coupled via a one-way link are inserted between the input circuit and the output circuit. The configuration data is loaded into the device(s) to program the device(s) to pass data from the input circuit to the output circuit, to optionally filter the data, and to prevent any data from passing from the output circuit to the input circuit. A processor is coupled to only the memory and a separate management interface. The processor receives updated configuration data via the management interface and replaces the configuration data in the memory with the updated configuration memory.

Abstract: A system is disclosed for monitoring a channel passing information which includes an identifying designation. A channel monitor is coupled to the channel and configured to provide on an output all information passing on the channel. A manifest engine is coupled to the channel monitor to receive the information passing on the channel and to an operator console to receive an information manifest table. The information manifest table contains at least one identifying designation. The manifest engine compares the information received with the information in the information manifest table and only provides on the output that information having an identifying designation that matches an identifying designation included within the information manifest table. A storage server is coupled to the manifest engine and configured to receive and store the information provided from the manifest engine.

Abstract: A configurable packet filtering system includes a packet filter configured to receive packets or groups of packets on an input. The packet filter compares predetermined portions of the received packets with information or criteria stored in a filter configuration file, and, if the information at the predetermined portions of the packets or groups of packets matches the information or criteria stored in the filter configuration file, forwards the packets or groups of packets on an output. The configurable packet filtering system also includes a filter configuration interface which is configured to receive a file on an input, to verify that the received file conforms to a predetermined specification, and, if the received file conforms to the predetermined specification, to replace the filter configuration file with the received file.

Abstract: A secure interface for a mobile communications device has output communications circuitry operable to communicate with an external network, private network communications circuitry operable to communicate with a mobile communications device, and an input/output filter connected between the output communications circuitry and the private network communications circuitry. The input/output filter separately filters, based on programmed stored criteria, externally-received information packets from the external network via the output communications circuitry and internally-received information packets from the mobile communications device via the private network communications circuitry.

Abstract: A system for providing a secure video display using a one-way data link. An input interface for receives a video stream signal. The one-way data link has an input node coupled to receive the input video stream signal and an output node. A processing system is coupled to the output node of the one-way data link and is configured to run a predetermined operating system. In an embodiment, a video display software program operates within the predetermined operating system to process the video stream signal received from the output node of the one-way data link and to provide an output signal for viewing on a display coupled to the processing system. Optionally, the video display program operates within a virtual operating system running within the predetermined operating system. In other embodiments, the video display program may process a video stream signal containing a plurality of different video programs.

Abstract: Three embodiments of one-way cross-domain systems for transferring information from a client in a first security domain to a server in a second separate security domain are disclosed. In addition, three embodiments of bilateral cross-domain systems for transferring first information from a client in a first security domain to a server in a second separate security domain and second information from the server in the second separate security domain to the client in the first security domain are also disclosed. Each of the one-way and bilateral cross-domain systems is based upon a single computer server which employs a number of virtual machines to implement send and receive servers. The single computer server also implements one (for the one-way cross-domain systems) or two (for the bilateral cross-domain systems) virtual one-way data links in either virtual machines or within the hypervisor portion of the operating system.

Abstract: Two embodiments of a one-way network interface card are disclosed, a transmit-only version and a receive-only version. A network controller mounted on the circuit card is coupled to the host computer via a host computer interface. A first processor is coupled to a network interface of the network controller. A second processor has a separate network interface for communicating with a remote computer. A one-way link is coupled between the first processor and the second processor. For the transmit-only embodiment, the one-way link only allows information to be transferred from the first processor to the second processor, and thus information may only pass from the host computer to the remote computer. For the receive-only embodiment, the one-way link only allows information to be transferred from the second processor to the first processor, and thus information may only pass from the remote computer to the host computer.

Abstract: A manifest transfer engine for a one-way file transfer system is disclosed. The manifest transfer engine comprises a send side, a receive side, and a one-way data link enforcing unidirectional data flow from the send side to the receive side. The send side receives and stores a file manifest table from an administrator server. The send side also receives a file from a user and compares it with the file manifest table. Transfer of the file to the receive side via the one-way data link is allowed only when there is a match between the file and the file manifest table. In an alternative embodiment, the receive side instead receives and stores the file manifest table from the administrator server and compares it with the file received from the send side via the one-way data link to determine whether to allow transfer of the file.