Interface Device and Method for Exchanging User Data
US-2016056905-A1 · Feb 25, 2016 · US
High assurance segregated gateway interconnecting different domains
US10609029B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10609029-B2 |
| Application number | US-201615254279-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 1, 2016 |
| Priority date | Sep 4, 2015 |
| Publication date | Mar 31, 2020 |
| Grant date | Mar 31, 2020 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A gateway having an architecture authorizing bidirectional communication between applications located in different domains and presenting a high assurance level of protection. The gateway interconnects a first and second domain. The gateway comprises an internal protocol, first and second protocol adapters hosted within the first and second domains and configured to make a conversion between application data formatted according to an applicative protocol relative to the two domains and gateway data formatted according to the gateway internal protocol, and a security module hosted on a separate platform to communicate with the first and second protocol adapters via first and second data links according to the gateway internal protocol. The first and second protocol adapters and security module are each physically segregated and the security module comprises functional blocs configured to authorize secure bidirectional flow of gateway data along two different and separate unidirectional paths between the two protocol adapters.
First claim
Opening claim text (preview).
The invention claimed is: 1. A gateway adapted to interconnect a first domain to a second domain, comprising: memory, first and second protocol adapter code hosted respectively within the first and second domains and configured to make a conversion between an application data formatted according to an applicative protocol relative to said first and second domains and a gateway data formatted according to a gateway internal protocol, and a hosting platform that is a virtualization platform, the hosting platform being physically segregated from said first domain and connected to said first domain by a first data link and physically segregated from said second domain and connected to said second domain by a second data link, said hosting platform comprising: a first network interface coupled to the first domain for communicating with the first data link; a second network interface coupled to the second domain for communicating with the second data link; a first set of one or more partitions hosted on the virtualization platform comprising a first set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive gateway data from, but not send the gateway data to, the first data link along a first secure unidirectional path; a second set of one or more partitions hosted on the virtualization platform comprising a second set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the first set of one or more partitions along the first secure unidirectional path, and to analyze the received gateway data according to a series of security rules at the gateway internal protocol level; a third set of one or more partitions hosted on the virtualization platform comprising a third set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the second set of one or more partitions along the first secure unidirectional path and to forward the gateway data to, but not receive the gateway data from, the second data link along the first secure unidirectional path; a fourth set of one or more partitions hosted on the virtualization platform comprising a fourth set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive gateway data from, but not send the gateway data to, the second data link along a second secure unidirectional path; a fifth set of one or more partitions hosted on the virtualization platform comprising a fifth set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the fourth set of one or more partitions along the second secure unidirectional path, and to filter the received gateway data according to a series of application-level security rules; a sixth set of one or more partitions hosted on the virtualization platform comprising a sixth set of one or more components of code being executable by the virtualization platform to cause the virtualization platform to receive the gateway data from, but not send the gateway data to, the fifth set of one or more partitions along the second secure unidirectional path and to forward the gateway data to, but not receive the gateway data from, the first data link along the second secure unidirectional path; wherein said second set of one or more partitions further causes the virtualization platform to gather information on gateway data flowing along said first unidirectional path; wherein said fifth set of one or more partitions causes the virtualization platform to implement a first series of application-level security rules before allowing or disallowing the flow of gateway data from the second protocol adapter towards the first protocol adapter along the second unidirectional path, said first series of application-level security rules comprising first consulting rules intended to consult the information gathered by said second set of one or more partitions; and wherein first and second protocol adapters hosted respectively within the first and second domains and configured to make a conversion between an application data formatted according to an applicative protocol relative to said first and second domains and a gateway data formatted according to a gateway internal protocol, wherein said first and second protocol adapter code comprise seventh and eighth sets of one or more components of code decomposed into a plurality of subsets of elementary components of code and being executable by the first and second domains, respectively. 2. The gateway according to claim 1 , wherein each of the first, second, third, fourth, fifth, and sixth sets of one or more partitions are decomposed into a plurality of subsets of predefined elementary components of code, each comprising a plurality of lines of code having a code complexity sufficiently small as to be analyzable at a desired level of assurance, wherein each elementary component has a specified function and is adapted to communicate with other predefined elementary components. 3. The gateway according to claim 1 , wherein said gateway internal protocol is configured to have a minimum communication protocol based on a query and a response exchange mechanism and wherein each frame of an exchanged gateway data is decomposed into predefined fields of a fixed length. 4. The gateway according to claim 3 wherein the gateway internal protocol is of the type RPC (Remote Procedure Call). 5. The gateway according to claim 1 , wherein said seventh and eighth sets of one or more components of code are executable by the first and second domains, respectively, to cause the first and second domains, respectively, to: manage authorized applicative protocols relative to applications belonging to the first and second domains, respectively, construct a gateway data out of a corresponding application data by adapting the application data from an applicative protocol format into said gateway internal protocol format before sending said gateway data to the first and second data links, respectively, and reconstruct an application data according to the applicative protocol format out of a corresponding gateway data formatted according to the internal gateway protocol. 6. The gateway according to claim 1 , wherein said fifth set of one more partitions causes the virtualization platform to implement the series of security rules at the gateway internal protocol level on the gateway data flowing along the second unidirectional path to ensure that no malicious or unauthorized gateway data is flowing along the second unidirectional path. 7. The gateway according to claim 1 , wherein said fifth set of one or more partitions further causes the virtualization platform to gather information on gateway data flowing along said first unidirectional path and to transmit it to the fifth set of one or more partitions, and in that said second set of one or more partition further causes the virtualization platform to implement a second series of application-level security rules comprising second consulting rules intended to consult the information stored in said associated set of stateful context components. 8. An embedded infrastructure comprising a gateway adapted to interconnect a first domain to a second domain, the gateway comprising: memory, first and second protocol adapter code hosted respectively within the first and second domains and configured to make a conversion
Assignees
Inventors
Classifications
Details regarding a bus interface enhancer · CPC title
Integration of transport layer protocols, e.g. TCP and UDP · CPC title
for separating internal from external traffic, e.g. firewalls · CPC title
wherein the security policies are location-dependent, e.g. entities privileges depend on current location or allowing specific operations only from locally connected terminals · CPC title
based on web technology, e.g. hypertext transfer protocol [HTTP] · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10609029B2 cover?
- A gateway having an architecture authorizing bidirectional communication between applications located in different domains and presenting a high assurance level of protection. The gateway interconnects a first and second domain. The gateway comprises an internal protocol, first and second protocol adapters hosted within the first and second domains and configured to make a conversion between ap…
- Who is the assignee on this patent?
- Airbus Operations Sas
- What technology area does this patent fall under?
- Primary CPC classification H04L12/4625. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 31 2020 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 3 related publications on this page (citations in our corpus or others sharing the same primary CPC).