HIGH ASSURANCE SEGREGATED GATEWAY INTERCONNECTING DIFFERENT DOMAINS

摘要

A gateway having an architecture authorizing bidirectional communication between applications located in different domains and presenting a high assurance level of protection. The gateway interconnects a first and second domain. The gateway comprises an internal protocol, first and second protocol adapters hosted within the first and second domains and configured to make a conversion between application data formatted according to an applicative protocol relative to the two domains and gateway data formatted according to the gateway internal protocol, and a security module hosted on a separate platform to communicate with the first and second protocol adapters via first and second data links according to the gateway internal protocol. The first and second protocol adapters and security module are each physically segregated and the security module comprises functional blocs configured to authorize secure bidirectional flow of gateway data along two different and separate unidirectional paths between the two protocol adapters.

主权项

1. A gateway adapted to interconnect a first domain to a second domain, comprising:
a gateway internal protocol, first and second protocol adapters configured to be hosted respectively within the first and second domains and configured to make a conversion between an application data formatted according to an applicative protocol relative to said first and second domains and a gateway data formatted according to said gateway internal protocol, and a security module hosted on a separate hosting platform and configured to communicate with the first and second protocol adapters via respectively first and second data links according to the gateway internal protocol, wherein said first protocol adapter, second protocol adapter and security module are physically segregated from each other and wherein said security module comprises a set of functional blocs configured to authorize secure bidirectional flow of gateway data along two different and separate first and second unidirectional paths between the first protocol adapter and the second protocol adapter.