Secure intra-network system

Providing integrity and secure transfer of information

The purpose of Samim’s “Secure intra-network system” is to manage file/data and information integrity between server nodes, networks or different domains, which is done with the help of a dedicated hardware infrastructure. This infrastructure also enables secure transfer of files/data and sensitive information. This solution is based on the structure of “wait and verify”. As a result, the communication infrastructure of the network will be secure.

Samim company's hardware data-diode

The input information from the user’s side is first checked in the auditing/verification process (which is embedded in the automation) by the relevant expert or AI service, and then any approved content is encrypted by the expert’s private key and after special packetizing, is directed to the hardware data-diode. Only data/information/file requests that were both approved in terms of audition and packet structure are received on the “secure network” side. As a result, these received data are inserted into the appropriate database or storage location according to their type.

Some security concerns in large organizations and institutions of the country

Low security of the registration process and file transfer to online systems
High risk of non-integrity of files between secure and insecure networks
Dependence on various technologies and tools
Lack of a comprehensive and integrated management system (files, requests, settings, etc.)
The possibility of unauthorized access to the secure network
The final storage of any file or request in the database and the final storage space and the possibility of hacking and insecurity

Our recommended solution for secure connection between networks

Software (Secure Network)

The possibility of verifying the integrity of files received from an insecure network
Ability to view and manage files and contents in secure network storage (delete, edit)
Ability to view and review each request and attached file, manually and process-oriented
Implementation of the “confirmation section” of the Wait-Verify architecture with the aim of final review of each request and final storage of information in a database or storage space
Sending the appropriate personalized response to the insecure network for authentication purposes or not confirming the received request/file

Laptop screen mockup psd on a white table

Hardware

Based on Data-Diode architecture and one-way communication from insecure to secure network side
Ability to input/output data up to 10 Gbps
Based on FPGA and other attached modules
The possibility of verifying the authenticity of network packets and removing non-authentic packets
Using asynchronous encryption mechanism
Inability to reprogram or change settings without physical access
Disconnection of data return from secure network to insecure network and only transmission of specific responses

Software (Insecure Network)

Ability to view and review all files and requests received by the expert
Implementation of the “waiting section” of the Wait-Verify architecture with the aim of checking every request and confirmation offline
The possibility of graphic and online monitoring of “contents being sent” and “sending history” of each content separately
Storing contents and requests in a temporary database
Providing different views for faster management of requests/contents (tree, linear, tabular structure)
The possibility of verifying the integrity of the approved files automatically and manually, before sending
Ability to prepare reports and advanced search on approved/unapproved/under-reviewed content and requests

Advantages and values of Samim's security solution

Using a specific (samim-based) algorithm
Hardware oriented
Reliability and availability
Unconfigurable after initial configuration
High efficiency (high speed of data transfer)
No need for additional infrastructure or topology change
Implementation in the lower layer of the network (Data Layer)
Preventing the sending of non-samim packets