公开(公告)号：US07675867B1

公开(公告)日：2010-03-09

申请号：US11787801

申请日：2007-04-18

申请人： Ronald Mraz ,  James Hope ,  Jeffrey Menoher ,  Dennis P. Mirante

发明人： Ronald Mraz ,  James Hope ,  Jeffrey Menoher ,  Dennis P. Mirante

IPC分类号： H04L12/28

CPC分类号： H04L63/123

摘要： Embodiments of the present invention are directed to a one-way data transfer system with built-in data verification mechanism, comprising three nodes (Send Node, Receive Node, and Feedback Node) wherein (1) the three nodes are interconnected with each other by a one-way data link, and (2) the Feedback Node is designed solely for processing and relaying data verification information from the Receive Node to the Send Node. In these embodiments, the Send Node is capable of verifying the status of data it transferred to the Receive Node over a one-way data link without sacrificing the unidirectionality of data flow in the system and thereby compromising the level of security provided by use of one-way data links.

摘要翻译： 本发明的实施例涉及一种具有内置数据验证机制的单向数据传输系统，包括三个节点（发送节点，接收节点和反馈节点），其中（1）三个节点彼此互连通过 单向数据链路，（2）反馈节点专门用于处理和中继从接收节点到发送节点的数据验证信息。 在这些实施例中，发送节点能够通过单向数据链路验证其传送到接收节点的数据的状态，而不会牺牲系统中的数据流的单向性，从而损害了使用一个数据流提供的安全级别 - 数据链路。

公开(公告)号：US20120017079A1

公开(公告)日：2012-01-19

申请号：US13183208

申请日：2011-07-14

申请人： Ronald Mraz ,  James Hope ,  Jeffrey Menoher

发明人： Ronald Mraz ,  James Hope ,  Jeffrey Menoher

IPC分类号： H04L9/00

CPC分类号： H04L9/3236 ,  H04L2209/34

摘要： An apparatus for relaying a hashed message from a first node to a second node, comprising an inlet interface for receiving a message from the first node, a hash number calculator for hashing the message from the inlet interface, an outlet interface for sending the hashed message to the second node, a first one-way data link for unidirectional transfer from the inlet interface to the hash number calculator, and a second one-way data link for unidirectional transfer from the hash number calculator to the outlet interface, is provided. While the apparatus is capable of bidirectional communications with either or both of the first and second nodes through the respective interfaces, the unidirectionality of data flow through the apparatus is strictly enforced by the hardware of the apparatus. The apparatus provides a secure mechanism and communication channel for relaying hashed acknowledgment messages from a receive node to a send node to inform the status of data transfer from the send node to the receive node across a one-way data link. The apparatus may be further implemented with the capability of comparing hashed messages from the two nodes.

摘要翻译： 一种用于将散列消息从第一节点中继到第二节点的装置，包括用于从第一节点接收消息的入口接口，用于从入口接口散列消息的散列数计算器，用于发送散列消息的出口接口 提供了用于从入口接口到散列数计算器的单向传送的第一单向数据链路，以及用于从散列数计算器到出口接口的单向传送的第二单向数据链路。 虽然该设备能够通过相应的接口与第一和第二节点中的一个或两者进行双向通信，但是通过设备的数据流的单向性被设备的硬件严格地执行。 该装置提供一种安全机制和通信信道，用于中继从接收节点到发送节点的散列确认消息，以通知通过单向数据链路从发送节点到接收节点的数据传输状态。 可以通过比较来自两个节点的散列消息的能力来进一步实现该装置。

公开(公告)号：US08732453B2

公开(公告)日：2014-05-20

申请号：US13183208

申请日：2011-07-14

申请人： Ronald Mraz ,  James Hope ,  Jeffrey Menoher

发明人： Ronald Mraz ,  James Hope ,  Jeffrey Menoher

IPC分类号： H04L29/06

CPC分类号： H04L9/3236 ,  H04L2209/34

摘要： An apparatus for relaying a hashed message from a first node to a second node, comprising an inlet interface for receiving a message from the first node, a hash number calculator for hashing the message from the inlet interface, an outlet interface for sending the hashed message to the second node, a first one-way data link for unidirectional transfer from the inlet interface to the hash number calculator, and a second one-way data link for unidirectional transfer from the hash number calculator to the outlet interface, is provided. The apparatus provides a secure mechanism and communication channel for relaying hashed acknowledgment messages from a receive node to a send node to inform the status of data transfer from the send node to the receive node across a one-way data link. The apparatus may be further implemented with the capability of comparing hashed messages from the two nodes.

摘要翻译： 一种用于将散列消息从第一节点中继到第二节点的装置，包括用于从第一节点接收消息的入口接口，用于从入口接口散列消息的散列数计算器，用于发送散列消息的出口接口 提供了用于从入口接口到散列数计算器的单向传送的第一单向数据链路，以及用于从散列数计算器到出口接口的单向传送的第二单向数据链路。 该装置提供一种安全机制和通信信道，用于中继从接收节点到发送节点的散列确认消息，以通知通过单向数据链路从发送节点到接收节点的数据传输状态。 可以通过比较来自两个节点的散列消息的能力来进一步实现该装置。

公开(公告)号：US08516580B2

公开(公告)日：2013-08-20

申请号：US13095207

申请日：2011-04-27

申请人： Jeffrey Menoher

发明人： Jeffrey Menoher

IPC分类号： H04L29/06

CPC分类号： G06F21/564

摘要： A method and system for testing a file (or packet) formed from a sequential series of information units, each information unit within a predetermined set of information units, e.g., each information unit may correspond to a character within the ASCII character set. An information unit-pair entropy density measurement is calculated for the received file using a probability matrix. The probability matrix tabulates the probabilities of occurrence for each possible sequential pair of information units of the predetermined set of information units. The computed information unit-pair entropy density measurement is compared with a threshold associated with an expected file type to determine whether the received file is of the expected file type or of an unexpected file type. The probability matrix may optionally be generated from the received file prior to calculating the density thereof. The probability matrix may optionally be predetermined based on the expected file type.

摘要翻译： 一种用于测试由顺序系列信息单元形成的文件（或分组）的方法和系统，每个信息单元在预定的一组信息单元内，例如每个信息单元可以对应于ASCII字符集中的字符。 使用概率矩阵对接收到的文件计算信息单位对熵密度测量。 概率矩阵表示预定信息单元组的每个可能的顺序对信息单元的出现概率。 将计算的信息单位对熵密度测量与与期望文件类型相关联的阈值进行比较，以确定所接收的文件是否为期望的文件类型或意外的文件类型。 在计算其密度之前，可以可选地从接收的文件生成概率矩阵。 概率矩阵可以可选地基于预期文件类型来预定。

公开(公告)号：US20120278884A1

公开(公告)日：2012-11-01

申请号：US13095207

申请日：2011-04-27

申请人： Jeffrey Menoher

发明人： Jeffrey Menoher

IPC分类号： G06F21/00

CPC分类号： G06F21/564

摘要： A method and system for testing a file (or packet) formed from a sequential series of information units, each information unit within a predetermined set of information units, e.g., each information unit may correspond to a character within the ASCII character set. An information unit-pair entropy density measurement is calculated for the received file using a probability matrix. The probability matrix tabulates the probabilities of occurrence for each possible sequential pair of information units of the predetermined set of information units. The computed information unit-pair entropy density measurement is compared with a threshold associated with an expected file type to determine whether the received file is of the expected file type or of an unexpected file type. The probability matrix may optionally be generated from the received file prior to calculating the density thereof. The probability matrix may optionally be predetermined based on the expected file type.

摘要翻译： 一种用于测试由顺序系列信息单元形成的文件（或分组）的方法和系统，每个信息单元在预定的一组信息单元内，例如每个信息单元可以对应于ASCII字符集中的字符。 使用概率矩阵对接收到的文件计算信息单位对熵密度测量。 概率矩阵表示预定信息单元组的每个可能的顺序对信息单元的出现概率。 将计算的信息单位对熵密度测量与与期望文件类型相关联的阈值进行比较，以确定所接收的文件是否为期望的文件类型或意外的文件类型。 在计算其密度之前，可以可选地从接收的文件生成概率矩阵。 概率矩阵可以可选地基于预期文件类型来预定。