The invention relates to a secure system for transferring information between two items of equipment (arbitrarily named A and B). The system is monodirectional in the direction ‘from A to B’ and thus ensures the non-transmission (intentional or unintentional) of physical and/or logical information ‘from B to A’.
The secure system is, for example, used between two items of equipment having different confidentiality levels so as to allow transfers in one direction while preventing any information leaks in the opposite direction.
A possible but nonlimiting application of the invention is its integration within a cable intended to interconnect two computers in a monodirectional manner.
It applies in any system where one wishes to restrict the flow or the transmission of information in one direction.
The processing of sensitive information sometimes requires that systems be partitioned. In a practical manner, these partitionings raise problems when information exchange between these systems is involved.
It is however sometimes tolerable for information exchanges to be performed in a specific direction although the exchanges in the other direction are prohibited.
For example, in the field of defense, the flow of information from an item of equipment with low security level to an item of equipment having a higher security level is tolerated although exchanges in the opposite direction are prohibited.
In another case of application, a company wishes to be able to make resources available to users via the Internet while avoiding any risk of attacks to the company network, emanating from the Internet (for example the dissemination of viruses).
Devices carrying out protocol conversions (for example, converters from USB to Ethernet, RJ 12, RS232, IR, Bluetooth, SCSI, DB 15) also exist in the business sector.
Cables for interconnecting computer equipment also exist, constituting a link between such equipment allowing the bidirectional dissemination of data.
Numerous software solutions which make it possible to filter transfers of information, such as firewall software, are also found. However, these solutions do not ensure physical monodirectionality and risk the possibility of the protection being overriden.
Although they may be effective, the solutions of the prior art present drawbacks, some of which are presented hereinafter.
The monodirectional transfer solutions based on Ethernet interfaces are designed to interconnect networks. For this purpose, they generally require the setting up of a certain amount of equipment such as servers (responsible for supporting the significant software burden which arises when services are made available to all users of a network); this renders these solutions bulky and expensive.
Each application using its own protocol, it is necessary to manage the monodirectional adaptation of each of them in particular.
In a more general manner, their bulk, their cost and their complexity make these solutions an answer that is ill-suited to a link between two stations only. Moreover, during their normal operation, these solutions are connected, on each side, at the network level and not at the station level. In the case where these solutions are implemented for a monodirectional link to the station, the latter's often single Ethernet interface is used. It is then no longer possible to be connected at one and the same time to the local network and to the solution.
The invention is based, notably, on a protocol adaptation within the link between the two items of equipment. Starting with for example a bidirectional protocol, such as the USB protocol or any other protocol, allowing data transfer, this protocol is adapted into a monodirectional protocol, the desired one.
Any protocol used in the field of information transmissions can be used.