Abstract: A secure one-way network gateway for transmitting data from a source network to a destination network is disclosed. An input circuit is for coupling to a source network and an output circuit is for coupling to an output network. A memory stores configuration data. Either a single field-programmable device or a pair of field-programmable devices coupled via a one-way link are inserted between the input circuit and the output circuit. The configuration data is loaded into the device(s) to program the device(s) to pass data from the input circuit to the output circuit, to optionally filter the data, and to prevent any data from passing from the output circuit to the input circuit. A processor is coupled to only the memory and a separate management interface. The processor receives updated configuration data via the management interface and replaces the configuration data in the memory with the updated configuration memory.

Abstract: A secure one-way network gateway for transmitting data from a source network to a destination network is disclosed. An input circuit is for coupling to a source network and an output circuit is for coupling to an output network. A memory stores configuration data. Either a single field-programmable device or a pair of field-programmable devices coupled via a one-way link are inserted between the input circuit and the output circuit. The configuration data is loaded into the device(s) to program the device(s) to pass data from the input circuit to the output circuit, to optionally filter the data, and to prevent any data from passing from the output circuit to the input circuit. A processor is coupled to only the memory and a separate management interface. The processor receives updated configuration data via the management interface and replaces the configuration data in the memory with the updated configuration memory.

Abstract: A secure one-way network gateway for transmitting data from a source network to a destination network is disclosed. An input circuit is for coupling to a source network and an output circuit is for coupling to an output network. A memory stores configuration data. Either a single field-programmable device or a pair of field-programmable devices coupled via a one-way link are inserted between the input circuit and the output circuit. The configuration data is loaded into the device(s) to program the device(s) to pass data from the input circuit to the output circuit, to optionally filter the data, and to prevent any data from passing from the output circuit to the input circuit. A processor is coupled to only the memory and a separate management interface. The processor receives updated configuration data via the management interface and replaces the configuration data in the memory with the updated configuration memory.

Abstract: A system and method for transferring files from a source file server in one network domain to a destination file server in a second separate network domain. A first hardware server computer monitors the source file server for the presence of a new manifest file, downloads the new manifest file, downloads each file identified in the new manifest file; and forwards each downloaded file on an output coupled to an input of a one-way link. The one-way link transfers files only from the input to an output thereof and prevents any signal from passing from the output to the input. A second hardware server is connected to the output of the one-way link and receives each file output from the one-way link and forwards each received file to a file location on the destination file server corresponding to an original file location of that file on the source file server.

Abstract: Three embodiments of one-way cross-domain systems for transferring information from a client in a first security domain to a server in a second separate security domain are disclosed. In addition, three embodiments of bilateral cross-domain systems for transferring first information from a client in a first security domain to a server in a second separate security domain and second information from the server in the second separate security domain to the client in the first security domain are also disclosed. Each of the one-way and bilateral cross-domain systems is based upon a single computer server which employs a number of virtual machines to implement send and receive servers. The single computer server also implements one (for the one-way cross-domain systems) or two (for the bilateral cross-domain systems) virtual one-way data links in either virtual machines or within the hypervisor portion of the operating system.

Abstract: Two embodiments of a one-way network interface card are disclosed, a transmit-only version and a receive-only version. A network controller mounted on the circuit card is coupled to the host computer via a host computer interface. A first processor is coupled to a network interface of the network controller. A second processor has a separate network interface for communicating with a remote computer. A one-way link is coupled between the first processor and the second processor. For the transmit-only embodiment, the one-way link only allows information to be transferred from the first processor to the second processor, and thus information may only pass from the host computer to the remote computer. For the receive-only embodiment, the one-way link only allows information to be transferred from the second processor to the first processor, and thus information may only pass from the remote computer to the host computer.

Abstract: Two embodiments of a one-way network interface card are disclosed, a transmit-only version and a receive-only version. A network controller mounted on the circuit card is coupled to the host computer via a host computer interface. A first processor is coupled to a network interface of the network controller. A second processor has a separate network interface for communicating with a remote computer. A one-way link is coupled between the first processor and the second processor. For the transmit-only embodiment, the one-way link only allows information to be transferred from the first processor to the second processor, and thus information may only pass from the host computer to the remote computer. For the receive-only embodiment, the one-way link only allows information to be transferred from the second processor to the first processor, and thus information may only pass from the remote computer to the host computer.

Abstract: Three embodiments of one-way cross-domain systems for transferring information from a client in a first security domain to a server in a second separate security domain are disclosed. In addition, three embodiments of bilateral cross-domain systems for transferring first information from a client in a first security domain to a server in a second separate security domain and second information from the server in the second separate security domain to the client in the first security domain are also disclosed. Each of the one-way and bilateral cross-domain systems is based upon a single computer server which employs a number of virtual machines to implement send and receive servers. The single computer server also implements one (for the one-way cross-domain systems) or two (for the bilateral cross-domain systems) virtual one-way data links in either virtual machines or within the hypervisor portion of the operating system.

Abstract: A rugged, integrated network interface appliance for ensuring secure data transfer comprising send-only network interface circuitry comprising a microprocessor, a program memory, a first host interface, and a first serial interface; receive-only network interface circuitry comprising a microprocessor, a program memory, a second host interface, and a second serial interface; a single data link connecting the first serial interface of the send-only network interface circuitry to the second serial interface of the receive-only network interface circuitry that is configured such that the send-only network interface circuitry is configured not to receive any data from said data link, and the receive-only network interface circuitry is configured not to send any data to said data link.

Abstract: A communications device for ensuring secure data transfer provided having an interface device for controlling data transfer, an integrated circuit coupled to the interface device and having a processor, a non-volatile memory for storing at least program code for the processor, a volatile memory, an input pin and an output pin; and an electrical conductor which electrically connects the input pin and the output pin. The electrical conductor passes through an external portion of the enclosure, e.g., a slot, which allows a user to easily sever the electrical conductor. In operation, a portion of the program code detects when the electrical conductor is severed and causes the program code in the non-volatile memory to be erased, data transfer via the interface device to be disabled, and power to the integrated circuit cut off to ensure that all information in volatile memory is erased.

Abstract: A communications device for ensuring secure data transfer provided having an interface device for controlling data transfer, an integrated circuit coupled to the interface device and having a processor, a non-volatile memory for storing at least program code for the processor, a volatile memory, an input pin and an output pin; and an electrical conductor which electrically connects the input pin and the output pin. The electrical conductor passes through an external portion of the enclosure, e.g., a slot, which allows a user to easily sever the electrical conductor. In operation, a portion of the program code detects when the electrical conductor is severed and causes the program code in the non-volatile memory to be erased, data transfer via the interface device to be disabled, and power to the integrated circuit cut off to ensure that all information in volatile memory is erased.

Abstract: A rugged, integrated network interface appliance for ensuring secure data transfer comprising send-only network interface circuitry comprising a microprocessor, a program memory, a first host interface, and a first serial interface; receive-only network interface circuitry comprising a microprocessor, a program memory, a second host interface, and a second serial interface; a single data link connecting the first serial interface of the send-only network interface circuitry to the second serial interface of the receive-only network interface circuitry that is configured such that the send-only network interface circuitry is configured not to receive any data from said data link, and the receive-only network interface circuitry is configured not to send any data to said data link.