公开(公告)号：US09436825B2

公开(公告)日：2016-09-06

申请号：US14224127

申请日：2014-03-25

申请人： Owl Computing Technologies, Inc.

发明人： Ronald Mraz ,  Gabriel Silberman

IPC分类号： G06F12/14 ,  H04L29/06 ,  G06F11/30 ,  G06F21/56 ,  G06F17/30 ,  G06F21/62

CPC分类号： G06F21/565 ,  G06F17/30082 ,  G06F17/30371 ,  G06F21/562 ,  G06F21/567 ,  G06F21/6218 ,  G06F2221/034 ,  H04L63/0209 ,  H04L63/145

摘要： A system is disclosed for assuring the integrity of file segments. A first server has an associated file repository storing a plurality of files and transfers a file segment on an output upon request. A second server also has an associated file repository and receives and stores the file segment in the associated file repository. The second server identifies if there are additional segments of the same file in the associated file repository and processes the received file segment together with the additional identified file segments to identify the presence of malware. Finally, the second server transfers the received file segment on an output as a scanned file segment only if no malware is identified. A third server has an associated file repository and is configured to receive and store the scanned file segments in the associated file repository and to transfer a received scanned file segment to a client.

摘要翻译： 公开了一种用于确保文件段的完整性的系统。 第一服务器具有存储多个文件的相关联的文件库，并且在请求时在输出上传送文件段。 第二个服务器还具有关联的文件存储库，并将文件段接收并存储在相关联的文件存储库中。 第二个服务器识别相关文件存储库中是否存在相同文件的其他段，并处理接收到的文件段以及附加的标识文件段以识别恶意软件的存在。 最后，第二个服务器只有在没有识别到​​恶意软件的情况下，才将传输的接收文件段作为扫描文件段传输。 第三台服务器具有关联的文件存储库，并被配置为接收和存储扫描的文件段到相关联的文件存储库中，并将接收到的扫描文件段传送到客户端。

公开(公告)号：US09081520B2

公开(公告)日：2015-07-14

申请号：US12975890

申请日：2010-12-22

申请人： Ronald Mraz ,  James Hope

发明人： Ronald Mraz ,  James Hope

IPC分类号： G06F3/12 ,  H04L29/06

CPC分类号： G06F3/1203 ,  G06F3/1222 ,  G06F3/1244 ,  G06F3/126 ,  G06F3/127 ,  G06F3/1288 ,  H04L63/10

摘要： A system for printing includes one or more printers, a send platform, a print spooling platform coupled to the one or more printers, and a one-way data link enforcing unidirectional data transfer from the send platform to the print spooling platform, wherein the send platform is configured to receive a print job, convert the print job into a print file in a printable format for the one or more printers, and send the print file to the print spooling platform across the one-way data link, and the print spooling platform is configured to receive the print file from the one-way data link, control spooling of the print file for the one or more printers, and send the print file to the one or more printers, and wherein the one or more printers cannot communicate to the send platform.

摘要翻译： 一种用于打印的系统包括一个或多个打印机，发送平台，耦合到一个或多个打印机的打印假脱机平台，以及执行从发送平台到打印假脱机平台的单向数据传输的单向数据链路，其中发送 平台被配置为接收打印作业，将打印作业转换成用于一个或多个打印机的可打印格式的打印文件，并且通过单向数据链接将打印文件发送到打印假脱机平台，并且打印假脱机 平台被配置为从单向数据链接接收打印文件，控制一个或多个打印机的打印文件的假脱机，并将打印文件发送到一个或多个打印机，并且其中一个或多个打印机不能通信 到发送平台。

公开(公告)号：US08997202B2

公开(公告)日：2015-03-31

申请号：US13707082

申请日：2012-12-06

申请人： Owl Computing Technologies, Inc.

发明人： John Curry ,  Ronald Mraz

IPC分类号： G06F9/00 ,  H04L29/06

CPC分类号： H04L63/0281 ,  H04L63/0209

摘要： A system for securely transferring information from an industrial control system network, including, within the secure domain, one or more remote terminal units coupled by a first network, one or more client computers coupled by a second network, and a send server coupled to the first and second networks. The send server acts as a proxy for communications between the client computers and the remote terminals and transmits first information from such communications on an output. The send server also transmits a poll request to a remote terminal unit via the first network and transmits second information received in response to the poll on the output. The system also includes, outside the secure domain, a receive server having an input coupled to the output of the send server via a one-way data link. The receive server receives and stores the first and second information provided via the input.

摘要翻译： 一种用于从工业控制系统网络安全地传输信息的系统，包括在安全域内，由第一网络耦合的一个或多个远程终端单元，由第二网络耦合的一个或多个客户端计算机以及耦合到第二网络的发送服务器 第一和第二网络。 发送服务器用作客户端计算机和远程终端之间的通信的代理，并在输出上从这种通信中发送第一信息。 发送服务器还经由第一网络向远程终端单元发送轮询请求，并且发送响应于输出上的轮询而接收到的第二信息。 该系统还包括在安全域外的具有通过单向数据链路耦合到发送服务器的输出的输入的接收服务器。 接收服务器接收并存储经由输入提供的第一和第二信息。

公开(公告)号：US20140337410A1

公开(公告)日：2014-11-13

申请号：US14018085

申请日：2013-09-04

申请人： Owl Computing Technologies, Inc.

发明人： Ronald Mraz ,  James Hope

IPC分类号： H04L29/06

CPC分类号： H04L63/02 ,  H04L63/20 ,  H04L67/06 ,  H04L67/28 ,  H04L69/14

摘要： A cross-domain system for transferring files from a client to a server. A first server in the first network domain receives and stores files from the client via the first network. The received files are processed based on predetermined instructions stored in an associated file. The processed received files are transmitted to a second server via a one-way data link. The second server in the second network domain receives and stores the processed received files. The received files are further processed based on predetermined instructions stored in an associated file. The further processed received files are transmitted to the server via the second network. The two associated files are stored in permanent memory with security policies which prevent the files from disrupting operation of the first and second servers, respectively. The security policies allow the associated files to be overwritten to update the processing performed by the associated server.

摘要翻译： 用于将文件从客户端传输到服务器的跨域系统。 第一个网络域中的第一台服务器通过第一个网络从客户端接收和存储文件。 接收到的文件根据存储在相关文件中的预定指令进行处理。 经处理的接收到的文件经由单向数据链路传送到第二服务器。 第二个网络域中的第二个服务器接收并存储已处理的接收到的文件。 基于存储在相关文件中的预定指令进一步处理所接收的文件。 进一步处理的接收文件经由第二网络被发送到服务器。 两个相关联的文件存储在具有安全策略的永久存储器中，防止文件分别中断第一和第二服务器的操作。 安全策略允许覆盖相关文件以更新由相关联的服务器执行的处理。

公开(公告)号：US08887276B2

公开(公告)日：2014-11-11

申请号：US13683111

申请日：2012-11-21

申请人： OWL Computing Technologies, Inc.

发明人： Ronald Mraz ,  Jeffrey Menoher ,  Andrew Holmes

IPC分类号： H04N7/16 ,  H04N7/01

CPC分类号： H04L63/1408 ,  G06F3/0481 ,  H04L63/02 ,  H04L63/0236 ,  H04L65/601 ,  H04N7/01 ,  H04N21/4122 ,  H04N21/43615 ,  H04N21/43635

摘要： A system for providing a secure video display using a one-way data link. An input interface for receives a video stream signal. The one-way data link has an input node coupled to receive the input video stream signal and an output node. A processing system is coupled to the output node of the one-way data link and is configured to run a predetermined operating system. In an embodiment, a video display software program operates within the predetermined operating system to process the video stream signal received from the output node of the one-way data link and to provide an output signal for viewing on a display coupled to the processing system. Optionally, the video display program operates within a virtual operating system running within the predetermined operating system. In other embodiments, the video display program may process a video stream signal containing a plurality of different video programs.

摘要翻译： 一种用于使用单向数据链路提供安全视频显示的系统。 用于接收视频流信号的输入接口。 单向数据链路具有耦合以接收输入视频流信号的输入节点和输出节点。 处理系统耦合到单向数据链路的输出节点，并被配置为运行预定的操作系统。 在一个实施例中，视频显示软件程序在预定操作系统内操作以处理从单向数据链路的输出节点接收的视频流信号，并提供用于在耦合到处理系统的显示器上观看的输出信号。 可选地，视频显示程序在预定操作系统内运行的虚拟操作系统内操作。 在其他实施例中，视频显示程序可以处理包含多个不同视频节目的视频流信号。

公开(公告)号：US20140089388A1

公开(公告)日：2014-03-27

申请号：US13742902

申请日：2013-01-16

申请人： OWL COMPUTING TECHNOLOGIES, INC.

发明人： John Curry ,  Ronald Mraz

IPC分类号： H04L29/06

CPC分类号： H04L67/42 ,  G06F3/1423 ,  G09G5/14 ,  G09G2370/022 ,  G09G2370/10 ,  H04L67/38

摘要： A system for virtual screen view service, comprising a monitored computer platform, a monitoring computer platform, a server installed on the monitored computer platform, a client installed on the monitoring computer platform, and a one-way data link for unidirectional data transfer from the server to the client, wherein the server is configured to periodically collect screen image data from the monitored computer platform and send it to the client via the one-way data link, and the client is configured to process the image data received from the server via the one-way data link and cause it to be displayed on the monitoring computer platform. An alternative configuration is also disclosed for allowing a remote client to securely monitor the screen of a locally monitored computer platform via an intermediary server.

摘要翻译： 一种用于虚拟屏幕视图服务的系统，包括被监视的计算机平台，监视计算机平台，安装在被监视的计算机平台上的服务器，安装在监控计算机平台上的客户机，以及用于从所述监视计算机平台单向数据传输的单向数据链路 服务器，其中所述服务器被配置为周期性地从所监视的计算机平台收集屏幕图像数据，并且经由所述单向数据链路将其发送到所述客户端，并且所述客户端被配置为处理从所述服务器接收的图像数据经由 单向数据链接，并使其显示在监控计算机平台上。 还公开了一种替代配置，用于允许远程客户端通过中间服务器安全地监视本地监视的计算机平台的屏幕。

公开(公告)号：US08646094B2

公开(公告)日：2014-02-04

申请号：US13314167

申请日：2011-12-07

申请人： Steven Staubly

发明人： Steven Staubly

IPC分类号： G06F7/04 ,  G06F17/30 ,  G06F1/26 ,  G06F11/00 ,  H04N7/16 ,  G08B13/00 ,  G08B21/00 ,  G08B29/00

CPC分类号： G06F21/79 ,  G06F21/86 ,  G06F2221/2143

摘要： A communications device for ensuring secure data transfer provided having an interface device for controlling data transfer, an integrated circuit coupled to the interface device and having a processor, a non-volatile memory for storing at least program code for the processor, a volatile memory, an input pin and an output pin; and an electrical conductor which electrically connects the input pin and the output pin. The electrical conductor passes through an external portion of the enclosure, e.g., a slot, which allows a user to easily sever the electrical conductor. In operation, a portion of the program code detects when the electrical conductor is severed and causes the program code in the non-volatile memory to be erased, data transfer via the interface device to be disabled, and power to the integrated circuit cut off to ensure that all information in volatile memory is erased.

摘要翻译： 一种用于确保安全数据传输的通信设备，具有用于控制数据传输的接口设备，耦合到接口设备并具有处理器的集成电路，用于至少存储用于处理器的程序代码的非易失性存储器，易失性存储器， 输入引脚和输出引脚; 以及将输入引脚和输出引脚电连接的电导体。 电导体穿过外壳的外部部分，例如插槽，这允许用户容易地断开电导体。 在操作中，程序代码的一部分检测电导体何时被切断并且导致非易失性存储器中的程序代码被擦除，经由接口设备的数据传输被禁用，并且将集成电路的电源切断 确保易失性存储器中的所有信息都被擦除。

公开(公告)号：US08565237B2

公开(公告)日：2013-10-22

申请号：US13369065

申请日：2012-02-08

申请人： Ronald Mraz ,  James Hope

发明人： Ronald Mraz ,  James Hope

IPC分类号： H04L12/56

CPC分类号： H04L63/105

摘要： A data transfer application for concurrent transfer of data streams based on two or more transport layer protocols via a single one-way data link. The present invention provides a great degree of routing flexibility by providing seamless network connectivity under a plurality of transport layer protocols, such as TCP and UDP, between multiple source and destination platforms over a single one-way data link.

摘要翻译： 一种用于经由单个单向数据链路基于两个或多个传输层协议并发传输数据流的数据传输应用。 本发明通过在单个单向数据链路上在多个源和目的地平台之间的多个传输层协议（例如TCP和UDP）下提供无缝网络连接来提供很大的路由灵活性。

公开(公告)号：US08516580B2

公开(公告)日：2013-08-20

申请号：US13095207

申请日：2011-04-27

申请人： Jeffrey Menoher

发明人： Jeffrey Menoher

IPC分类号： H04L29/06

CPC分类号： G06F21/564

摘要： A method and system for testing a file (or packet) formed from a sequential series of information units, each information unit within a predetermined set of information units, e.g., each information unit may correspond to a character within the ASCII character set. An information unit-pair entropy density measurement is calculated for the received file using a probability matrix. The probability matrix tabulates the probabilities of occurrence for each possible sequential pair of information units of the predetermined set of information units. The computed information unit-pair entropy density measurement is compared with a threshold associated with an expected file type to determine whether the received file is of the expected file type or of an unexpected file type. The probability matrix may optionally be generated from the received file prior to calculating the density thereof. The probability matrix may optionally be predetermined based on the expected file type.

摘要翻译： 一种用于测试由顺序系列信息单元形成的文件（或分组）的方法和系统，每个信息单元在预定的一组信息单元内，例如每个信息单元可以对应于ASCII字符集中的字符。 使用概率矩阵对接收到的文件计算信息单位对熵密度测量。 概率矩阵表示预定信息单元组的每个可能的顺序对信息单元的出现概率。 将计算的信息单位对熵密度测量与与期望文件类型相关联的阈值进行比较，以确定所接收的文件是否为期望的文件类型或意外的文件类型。 在计算其密度之前，可以可选地从接收的文件生成概率矩阵。 概率矩阵可以可选地基于预期文件类型来预定。

公开(公告)号：US20120331097A1

公开(公告)日：2012-12-27

申请号：US13488028

申请日：2012-06-04

申请人： Jeffrey Charles Menoher ,  James Hope ,  Ronald Mraz

发明人： Jeffrey Charles Menoher ,  James Hope ,  Ronald Mraz

IPC分类号： G06F15/16

CPC分类号： H04L67/00 ,  H04L63/0209 ,  H04L63/0227 ,  H04L63/105 ,  H04L67/34 ,  H04L67/38

摘要： A bilateral data transfer system comprising a first node, a second node, a first one-way link for unidirectional transfer of first data from the first node to the second node, and a second one-way link for unidirectional transfer of second data from the second node to the first node, wherein the unidirectional transfer of the first data across the first one-way link and the unidirectional transfer of the second data across the second one-way link are independently administered by the bilateral data transfer system. Under such bilateral data transfer system, each of the one-way data links may be subject to separately administered security restrictions and data filtering processes. Hence, it enables secure bilateral communications across different network security domains.

摘要翻译： 一种双向数据传输系统，包括第一节点，第二节点，用于将第一数据从第一节点单向传输到第二节点的第一单向链路，以及用于从第一节点单向传输第二数据的第二单向链路 第二节点到第一节点，其中通过第一单向链路的第一数据的单向传输和跨第二单向链路的第二数据的单向传送由双向数据传输系统独立地管理。 在这种双边数据传输系统下，每个单向数据链路都可能受到单独管理的安全限制和数据过滤处理。 因此，它可以实现跨不同网络安全域的安全双向通信。