Secure intra-network system

Based on Data Diode architecture,
to supply Security and integrity of sensitive data and information

راهکار ارتبـاط امـن بیـن شبکـه ای

Providing integrity and secure transfer of information

The purpose of Samim’s “Secure intra-network system” is to manage file/data and information integrity between server nodes, networks or different domains, which is done with the help of a dedicated hardware infrastructure. This infrastructure also enables secure transfer of files/data and sensitive information. This solution is based on the structure of “wait and verify”. As a result, the communication infrastructure of the network will be secure.

Samim company's hardware data-diode

The input information from the user’s side is first checked in the auditing/verification process (which is embedded in the automation) by the relevant expert or AI service, and then any approved content is encrypted by the expert’s private key and after special packetizing, is directed to the hardware data-diode. Only data/information/file requests that were both approved in terms of audition and packet structure are received on the “secure network” side. As a result, these received data are inserted into the appropriate database or storage location according to their type.

Some security concerns in large organizations and institutions of the country

  • Low security of the registration process and file transfer to online systems
  • High risk of non-integrity of files between secure and insecure networks
  • Dependence on various technologies and tools
  • Lack of a comprehensive and integrated management system (files, requests, settings, etc.)
  • The possibility of unauthorized access to the secure network
  • The final storage of any file or request in the database and the final storage space and the possibility of hacking and insecurity

Our recommended solution for secure connection between networks

  • The possibility of verifying the integrity of files received from an insecure network
  • Ability to view and manage files and contents in secure network storage (delete, edit)
  • Ability to view and review each request and attached file, manually and process-oriented
  • Implementation of the “confirmation section” of the Wait-Verify architecture with the aim of final review of each request and final storage of information in a database or storage space
  • Sending the appropriate personalized response to the insecure network for authentication purposes or not confirming the received request/file
  • Based on Data-Diode architecture and one-way communication from insecure to secure network side
  • Ability to input/output data up to 10 Gbps
  • Based on FPGA and other attached modules
  • The possibility of verifying the authenticity of network packets and removing non-authentic packets
  • Using asynchronous encryption mechanism
  • Inability to reprogram or change settings without physical access
  • Disconnection of data return from secure network to insecure network and only transmission of specific responses
  • Ability to view and review all files and requests received by the expert
  • Implementation of the “waiting section” of the Wait-Verify architecture with the aim of checking every request and confirmation offline
  • The possibility of graphic and online monitoring of “contents being sent” and “sending history” of each content separately
  • Storing contents and requests in a temporary database
  • Providing different views for faster management of requests/contents (tree, linear, tabular structure)
  • The possibility of verifying the integrity of the approved files automatically and manually, before sending
  • Ability to prepare reports and advanced search on approved/unapproved/under-reviewed content and requests

Advantages and values of Samim's security solution

مزیت ها و ارزش های راهکار امنیتی
  • Using a specific (samim-based) algorithm
  • Hardware oriented
  • Reliability and availability
  • Unconfigurable after initial configuration
  • High efficiency (high speed of data transfer)
  • No need for additional infrastructure or topology change
  • Implementation in the lower layer of the network (Data Layer)
  • Preventing the sending of non-samim packets