Abstract: A rugged, integrated network interface appliance for ensuring secure data transfer comprising send-only network interface circuitry comprising a microprocessor, a program memory, a first host interface, and a first serial interface; receive-only network interface circuitry comprising a microprocessor, a program memory, a second host interface, and a second serial interface; a single data link connecting the first serial interface of the send-only network interface circuitry to the second serial interface of the receive-only network interface circuitry that is configured such that the send-only network interface circuitry is configured not to receive any data from said data link, and the receive-only network interface circuitry is configured not to send any data to said data link.

Abstract: A secure front-end interface for a PLC, RTU or similar device is disclosed. A first server is coupled to the PLC via a communications link and is configured to receive status information from the device and transmit the information to a second server via a one-way data link. The second server has a network interface for coupling to a network and receives the information from the first server via the one-way data link and outputs the information via the network interface based upon a user request. The front-end interface may further include a second one-way data link coupled from the second server to the first server to allow user command entry. The secure front-end interface may alternatively consist only of a single server coupled between the device and the network which requires a user to enter a password before obtaining access to the status information.

Abstract: A system for assuredly copying information from a reference database to a remote database. A send server is coupled to a first network. A receive server is coupled to a second network. A one-way data link provides unidirectional transfer of information from the send server to the receive server. A monitor application iteratively forwards update files including sequence information to the send server. An update application receives each update file and updates the remote database based therein. The update files are also sequentially stored in the send server in groups and each group is sent to the receive server and stored in memory. If an update file is not received in proper sequential order, the receive server stops sending update files in the current group and instead reads the missing update file and subsequent update files in the current group from memory and forwards such files to the update application.

Abstract: A system for assuring the integrity of information files includes a first server, a manifest transfer engine and a second server. The first server stores information files and an associated manifest file containing a manifest entry for each stored information file. The manifest transfer engine receives the manifest file and the information files from the first server on a predetermined basis. The manifest transfer engine compares an identifying characteristic of each received information file with the manifest entries in the manifest file and, when there is a match, transfers the associated information file on the output as an authenticated information file.

Abstract: A secure front-end interface for a PLC, RTU or similar device is disclosed. A first server is coupled to the PLC via a communications link and is configured to receive status information from the device and transmit the information to a second server via a one-way data link. The second server has a network interface for coupling to a network and receives the information from the first server via the one-way data link and outputs the information via the network interface based upon a user request. The front-end interface may further include a second one-way data link coupled from the second server to the first server to allow user command entry. The secure front-end interface may alternatively consist only of a single server coupled between the device and the network which requires a user to enter a password before obtaining access to the status information.

Abstract: A system is disclosed for assuring the integrity of file segments. A first server has an associated file repository storing a plurality of files and transfers a file segment on an output upon request. A second server also has an associated file repository and receives and stores the file segment in the associated file repository. The second server identifies if there are additional segments of the same file in the associated file repository and processes the received file segment together with the additional identified file segments to identify the presence of malware. Finally, the second server transfers the received file segment on an output as a scanned file segment only if no malware is identified. A third server has an associated file repository and is configured to receive and store the scanned file segments in the associated file repository and to transfer a received scanned file segment to a client.

Abstract: A secure front-end interface for a PLC, RTU or similar device is disclosed. A first server is coupled to the PLC via a communications link and is configured to receive status information from the device and transmit the information to a second server via a one-way data link. The second server has a network interface for coupling to a network and receives the information from the first server via the one-way data link and outputs the information via the network interface based upon a user request. The front-end interface may further include a second one-way data link coupled from the second server to the first server to allow user command entry. The secure front-end interface may alternatively consist only of a single server coupled between the device and the network which requires a user to enter a password before obtaining access to the status information.

Abstract: A system for transmitting OPC information from a first network in a first security domain to a second network in a second security domain. A first stand-alone server within the first security domain retrieves information via the first network from a first OPC server in the first security domain and forwards the retrieved information to a send server coupled to the first network. The send server forwards the received information received to a receive server via a one-way data link. The receive server receives the information from the send server and forwards the received information to a second stand-alone server via the second network. The second stand-alone server receives the information from the receive server and forwards the information to one or more OPC clients in the second security domain.

Abstract: A data transfer system comprising a first node, a second node, and a first one-way link for unidirectional transfer of data from the first node to the second node. The first node is configured to receive data and to allow transfer of the data to the second node via the first one-way link only if there is a match between a characteristic of the received data and an entry in a first predefined configuration file. The system may also include a second one-way link for unidirectional transfer of second data from the second node to the first node. The second node is configured to receive the second data and to allow transfer of the second data to the first node via the second one-way link only if there is a match between a characteristic of the second data and an entry in a predefined configuration file.

Abstract: A system for printing includes one or more printers, a send platform, a print spooling platform coupled to the one or more printers, and a one-way data link enforcing unidirectional data transfer from the send platform to the print spooling platform, wherein the send platform is configured to receive a print job, convert the print job into a print file in a printable format for the one or more printers, and send the print file to the print spooling platform across the one-way data link, and the print spooling platform is configured to receive the print file from the one-way data link, control spooling of the print file for the one or more printers, and send the print file to the one or more printers, and wherein the one or more printers cannot communicate to the send platform.

Abstract: A system for virtual screen view service, comprising a monitored computer platform, a monitoring computer platform, a server installed on the monitored computer platform, a client installed on the monitoring computer platform, and a one-way data link for unidirectional data transfer from the server to the client, wherein the server is configured to periodically collect screen image data from the monitored computer platform and send it to the client via the one-way data link, and the client is configured to process the image data received from the server via the one-way data link and cause it to be displayed on the monitoring computer platform. An alternative configuration is also disclosed for allowing a remote client to securely monitor the screen of a locally monitored computer platform via an intermediary server.

Abstract: A system for securely transferring information from an industrial control system network, including, within the secure domain, one or more remote terminal units coupled by a first network, one or more client computers coupled by a second network, and a send server coupled to the first and second networks. The send server acts as a proxy for communications between the client computers and the remote terminals and transmits first information from such communications on an output. The send server also transmits a poll request to a remote terminal unit via the first network and transmits second information received in response to the poll on the output. The system also includes, outside the secure domain, a receive server having an input coupled to the output of the send server via a one-way data link. The receive server receives and stores the first and second information provided via the input.

Abstract: A system for transmitting ArchestrA information from a first network in a first security domain to a second network in a second security domain. A first stand-alone server within the first security domain retrieves information via the first network from a first ArchestrA Galaxy and/or from a first historian in the first security domain and forwards the retrieved information to a send server coupled to the first network. The send server forwards the received information received to a receive server via a one-way data link. The receive server receives the information from the send server and forwards the received information to a second stand-alone server via the second network. The second stand-alone server receives the information from the receive server and forwards the information to a second ArchestrA Galaxy and/or to a second historian in the second security domain.

Abstract: A system for bilaterally transferring information between a client and a remote server. The client is coupled with a server proxy running on a second receive server via a first network and communicates thereon. Processed first information is passed to a first send server via a dedicated network connection. The first send server causes the first information to be transmitted to the remote server, via a first one-way data link, a first receive server, a second dedicated network connection and a client proxy running on a second send server. The remote server is coupled to the client proxy via a second network. The client proxy forwards information received from the server to the client via a second one-way link, the server proxy running on the second receive server, and the first network.

Abstract: A system for transmitting OPC information from a first network in a first security domain to a second network in a second security domain. A first stand-alone server within the first security domain retrieves information via the first network from a first OPC server in the first security domain and forwards the retrieved information to a send server coupled to the first network. The send server forwards the received information received to a receive server via a one-way data link. The receive server receives the information from the send server and forwards the received information to a second stand-alone server via the second network. The second stand-alone server receives the information from the receive server and forwards the information to one or more OPC clients in the second security domain.

Abstract: A system for providing a secure video display using a one-way data link. An input interface for receives a video stream signal. The one-way data link has an input node coupled to receive the input video stream signal and an output node. A processing system is coupled to the output node of the one-way data link and is configured to run a predetermined operating system. In an embodiment, a video display software program operates within the predetermined operating system to process the video stream signal received from the output node of the one-way data link and to provide an output signal for viewing on a display coupled to the processing system. Optionally, the video display program operates within a virtual operating system running within the predetermined operating system. In other embodiments, the video display program may process a video stream signal containing a plurality of different video programs.

Abstract: A system for filtering a digital signal transmitted in a protocol featuring multi-level packetization from a first server to a second server. The first server is coupled to the second server via a one-way data link. The system includes a filter having an input for receiving the digital signal and an output. The filter is configured to analyze the digital video signal and determine whether the digital signal violates one or more predetermined criteria. The filter may be within the first server, or alternatively, within the second server. The predetermined criteria may be unauthorized security level information included within metadata transmitted with the digital video signal. The predetermined criteria may also be format information that, when not conformed to, indicates potential malware or other bad content included within the digital video signal. The filter provides low data transfer latency and/or decoupling of data filter latency from data transfer latency.

Abstract: A system for transferring information from a first PI server coupled to a first network to a second PI server coupled to a second network. The system includes a source platform coupled to the first network and in communication with the first PI server, a receive platform coupled to the second network and in communication with the second PI server, and a one-way data link coupling the source platform to the receive platform. The source platform is configured to read transfer configuration information from the first PI server and to dynamically modify the transfer parameters based thereon. The receive platform is configured to, if there is changed database record configuration information, continually store a current predefined portion of the historical information in memory without transferring such information to the second PI server until a user, via a user interface, authorizes the release of such information to the second PI server.

Abstract: A system is disclosed for monitoring the status of a website operating on a host and for remedying any identified problems. A first platform is coupled to the host for monitoring the website and periodically transmits status information about the website. A second platform is coupled to the first platform for periodically receiving the status information about the at least one feature. The second platform is configured to compare the received status information with a copy of the website and based thereon determine if the website has been compromised. The second platform is further configured to output an alert signal after determining that the website has been compromised. A third platform is coupled to the second platform and separately coupled to the host computer. The third platform is configured to receive the alert signal from the second platform and to forward the alert signal to the host computer.

Abstract: A system for bilaterally transferring information between a client and an NFS server. The client is coupled with an NFS server proxy running on a second receive server via a first network and communicates thereon. The processed first information is passed to a first send server via a dedicated network connection. The first send server causes the first information to be transmitted to the NFS server, via a first one-way data link, a first receive server, a second dedicated network connection and an NFS client proxy running on a second send server. The NFS server is coupled to the NFS client proxy via a second network. The NFS client proxy forwards information received from the NFS server to the client via a second one-way link, the NFS server proxy running on the second receive server and the first network.