The background description includes information that may be useful in understanding the present invention. It is not an admission that any of the information provided herein is prior art or relevant to the presently claimed invention, or that any publication specifically or implicitly referenced is prior art.
Providing network security for networking fabrics continues to be an ever increasing problem. Current networks continue to suffer from attacks by external threats. In more private settings, in the military or government for example, fabrics still can suffer from internal threats because the fabrics lack proper isolation. The issue is so severe that the military has gone so far as to implement multiple, duplicative, distinct, and physically isolated networks on war ships. For example, a public network is physically distinct from a secret network, which is further distinct from a top secret network. Unfortunately, while such an approach does indeed secure each network relative to each other, the approach requires three times the hardware, three times the cabling, and three times the maintenance. The overhead can be quite costly.
Physically isolating one network from another is often referred to as “air gapping”, or isolating the networks via an “air gap”. U.S. Pat. No. 8,468,244 to Redlich et al. titled, “Digital Information Infrastructure and Method for Security Designated Data and with Granular Data Stores”, filed Apr. 29, 2009, describes various uses for air gapped systems and their deficiencies. One of the most critical issues is how, when the need arises, to transfer data from one isolated network to another.
One approach taken in the past to provide for communication between two isolated networks is to leverage an external, trusted entity to broker such data exchanges. Some references refer to this approach as a “virtual air gap”. For example, U.S. patent application publication 2010/0318785 to Ozgit titled, “Virtual Air Gap—VAG System”, filed internationally on Aug. 15, 2009, seeks to provide communication between isolated networks via a shared memory. In a somewhat similar vein, U.S. patent application publication 2002/0053032 to Dowling et al. titled, “System and Method for Secure Data Transmission”, filed May 18, 2001, seeks to maintain a virtual air gap between resource requesters and providers via a trusted session sub-layer. In these examples, the concept of an air gap is violated by allowing communication between the systems to exist in the first place.
Thus, there remains a need for the ability to configure isolated fabrics in a manner that creates communication isolation via a true virtual air gap, while also leveraging a single set of networking nodes.
All publications identified herein are incorporated by reference to the same extent as if each individual publication or patent application were specifically and individually indicated to be incorporated by reference. Where a definition or use of a term in an incorporated reference is inconsistent or contrary to the definition of that term provided herein, the definition of that term provided herein applies and the definition of that term in the reference does not apply.
The following description includes information that may be useful in understanding the present invention. It is not an admission that any of the information provided herein is prior art or relevant to the presently claimed invention, or that any publication specifically or implicitly referenced is prior art.
In some embodiments, the numbers expressing quantities of ingredients, properties such as concentration, reaction conditions, and so forth, used to describe and claim certain embodiments of the invention are to be understood as being modified in some instances by the term “about.” Accordingly, in some embodiments, the numerical parameters set forth in the written description and attached claims are approximations that can vary depending upon the desired properties sought to be obtained by a particular embodiment. In some embodiments, the numerical parameters should be construed in light of the number of reported significant digits and by applying ordinary rounding techniques. Notwithstanding that the numerical ranges and parameters setting forth the broad scope of some embodiments of the invention are approximations, the numerical values set forth in the specific examples are reported as precisely as practicable. The numerical values presented in some embodiments of the invention may contain certain errors necessarily resulting from the standard deviation found in their respective testing measurements.
Unless the context dictates the contrary, all ranges set forth herein should be interpreted as being inclusive of their endpoints and open-ended ranges should be interpreted to include only commercially practical values. Similarly, all lists of values should be considered as inclusive of intermediate values unless the context indicates the contrary.
As used in the description herein and throughout the claims that follow, the meaning of “a,” “an,” and “the” includes plural reference unless the context clearly dictates otherwise. Also, as used in the description herein, the meaning of “in” includes “in” and “on” unless the context clearly dictates otherwise.
The recitation of ranges of values herein is merely intended to serve as a shorthand method of referring individually to each separate value falling within the range. Unless otherwise indicated herein, each individual value is incorporated into the specification as if it were individually recited herein. All methods described herein can be performed in any suitable order unless otherwise indicated herein or otherwise clearly contradicted by context. The use of any and all examples, or exemplary language (e.g. “such as”) provided with respect to certain embodiments herein is intended merely to better illuminate the invention and does not pose a limitation on the scope of the invention otherwise claimed. No language in the specification should be construed as indicating any non-claimed element essential to the practice of the invention.
Groupings of alternative elements or embodiments of the invention disclosed herein are not to be construed as limitations. Each group member can be referred to and claimed individually or in any combination with other members of the group or other elements found herein. One or more members of a group can be included in, or deleted from, a group for reasons of convenience and/or patentability. When any such inclusion or deletion occurs, the specification is herein deemed to contain the group as modified thus fulfilling the written description of all Markush groups used in the appended claims.