Free space optical data transmission for secure computing
Inventors
Assignees
United States Department of the Air Force
Publication Number
US-9941962-B2
Publication Date
2018-04-10
Expiration Date
2036-05-31
Interested in licensing this patent?
MTEC can help explore whether this patent might be available for licensing for your application.
Abstract
An apparatus and method for computer network security based on Free-Space Optical Interconnections (FSOI) for board-to-board information transmission. The addition of a controllable, interlocked shutter system creates air-gapped isolation of the boards, allowing for increased obfuscation, and enhanced security.
Core Innovation
The invention provides an apparatus and method for computer network security based on Free-Space Optical Interconnections (FSOI) for board-to-board information transmission. This novel security architecture uses a controllable, interlocked shutter system that creates a literal air-gapped isolation between printed circuit boards, allowing for increased obfuscation and enhanced security.
The problem being solved is the need for ensuring that secure computer networks are physically isolated from unsecured networks to prevent unauthorized data transmission and exploitation via cyberspace. Traditional air gaps are often not fully literal, relying on cryptographic devices that tunnel packets over trusted networks, which can still be vulnerable. The invention addresses the deficiency in state-of-the-art methods by implementing a literal air gap for board-to-board communication, improving mission assurance and information assurance in secure computing environments.
The invention further exploits advances in free-space optical communications technology, employing bidirectional and unidirectional optical data transfer among processor components and network communications components, controlled by an interlocked shutter mechanism. This arrangement allows selective enabling or disabling of optical data transfer paths, physical isolation of vulnerable computer elements, and secure data storage and transfer, thereby enhancing the overall security posture of computer networks.
Claims Coverage
The patent includes four independent claims that collectively cover a secure computer network architecture with optical data transfer capabilities and control mechanisms. These inventive features define the architecture's components, data transfer directions, and secure data management protocols.
Secure computer network architecture with optical data transfer
An architecture comprising multiple processor components and at least one network communications component, where at least one processor component has means for bidirectional optical data transfer with the network communications component and at least one other processor component, means for unidirectional optical data transfer with the remaining processor components, and means for interrupting the bidirectional optical data transfer.
Bidirectional optical transfer control for secure data storage and transmission
Executable computer programming instructions cause a processor component to transfer data between processor components and the network communications component while verifying the enabled or disabled status of bidirectional optical data transfer, ensuring controlled data flow during storage and transmission processes.
Data transfer management among multiple processor components
Executable instructions manage data transfer from a third processor component, where data is created, to a first processor component when bidirectional optical transfer with the network component and third component is disabled, and allow data transfer from the network communications component to external networks when bidirectional optical transfer with the first processor component is enabled.
Secure repository management and periodic scrubbing
Executable instructions store registry and operating system data in a secure repository on a fourth processor component, set periodic times and delays to scrub a first processor component, verify user presence, notify users of impending scrubbing, and perform data transfer from the secure repository followed by a scrub of the first processor component.
Together, these inventive features establish a secure optical communication architecture that employs controlled bidirectional and unidirectional data transfer among processor components, interlocked shutters for physical isolation, and software-managed data transfer and system maintenance routines to enhance security and prevent unauthorized access.
Stated Advantages
The invention provides increased obfuscation and enhanced security by implementing a literal air gap through a controllable, interlocked shutter system for physical isolation of computer components.
It mitigates unwanted access and exfiltration of secure data, minimizing damage from executed malicious code by preventing unauthorized communication paths.
The architecture allows selective enabling and disabling of data transfer to control communication between network cards and various workstations, improving security during data transmission and reception.
Documented Applications
Applications include securing computers from non-secure computer networks by physically interrupting free space optical data transfer to isolate vulnerable elements of computers.
The method and apparatus can scale from desktop computer architectures to server racks, rooms, and portable electronic devices where secure data transmission and isolation are necessary.
The invention supports use cases such as internet browsing, email generation, secure data storage, and secure data transmission within isolated network architectures.
Interested in licensing this patent?