Processing

Please wait...

Settings

Settings

Goto Application

1. WO2021061248 - UNI-DIRECTIONAL AND BI-DIRECTIONAL CROSS-DOMAIN (SECURE EXCHANGE GATEWAY) DESIGN

Publication Number WO/2021/061248
Publication Date 01.04.2021
International Application No. PCT/US2020/040065
International Filing Date 29.06.2020
IPC
H04L 29/06 2006.01
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
29Arrangements, apparatus, circuits or systems, not covered by a single one of groups H04L1/-H04L27/136
02Communication control; Communication processing
06characterised by a protocol
CPC
H04L 63/0236
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
02for separating internal from external traffic, e.g. firewalls
0227Filtering policies
0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
H04L 63/10
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
H04L 63/101
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
101Access control lists [ACL]
H04L 63/105
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
10for controlling access to network resources
105Multiple levels of security
H04L 63/1408
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1408by monitoring network traffic
H04L 63/1416
HELECTRICITY
04ELECTRIC COMMUNICATION TECHNIQUE
LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
63Network architectures or network communication protocols for network security
14for detecting or protecting against malicious traffic
1408by monitoring network traffic
1416Event detection, e.g. attack signature detection
Applicants
  • SAUDI ARABIAN OIL COMPANY [SA]/[SA]
  • ARAMCO SERVICES COMPANY [US]/[US] (US)
Inventors
  • AL AMER, Mostafa
  • UJAIMI, Mohammed K.
  • HARBI, Eid S.
Agents
  • LEASON, David
  • ELLIS, Edward
  • METJAHIC, Safet
  • GABATHULER, Henry
  • WERTS, Jarryd
Priority Data
16/454,92627.06.2019US
Publication Language English (EN)
Filing Language English (EN)
Designated States
Title
(EN) UNI-DIRECTIONAL AND BI-DIRECTIONAL CROSS-DOMAIN (SECURE EXCHANGE GATEWAY) DESIGN
(FR) CONCEPTION UNIDIRECTIONNELLE ET BIDIRECTIONNELLE INTER-DOMAINES (PASSERELLE D'ÉCHANGE SÉCURISÉE)
Abstract
(EN)
A system for enabling secure bidirectional communications on a network is provided, wherein a first server having a first security rating is connected to a second server having a second security rating by a first data channel configured to establish one-way communication from the first server to the second server. A second data channel incorporating a third server is configured to establish one-way communication from the second server back to the first server. The third server has a power switch that controls third server on and off states. The second data channel is enabled when the power switch is turned on. The third server arbitrates the flow of message traffic from the second server back to the first server by applying an on-board security module-s encoded set of rules to determine whether the message is permitted to proceed to the first server.
(FR)
La présente invention concerne un système permettant des communications bidirectionnelles sécurisées sur un réseau, un premier serveur ayant une première cote de sécurité étant connecté à un deuxième serveur ayant une seconde cote de sécurité par un premier canal de données conçu pour établir une communication unidirectionnelle entre le premier serveur et le deuxième serveur. Un second canal de données incorporant un troisième serveur est conçu pour établir une communication unidirectionnelle du deuxième serveur au premier serveur. Le troisième serveur possède un commutateur de puissance qui commande des états d'activation et de désactivation du troisième serveur. Le second canal de données est activé lorsque le commutateur de puissance est sous tension. Le troisième serveur arbitre le flux de trafic de messages du deuxième serveur au premier serveur en appliquant un ensemble codé de modules de sécurité embarqués pour déterminer si le message est autorisé à progresser vers le premier serveur.
Also published as
Latest bibliographic data on file with the International Bureau