US Patent 11296876 Parallel cross-domain guard engines with sequential cryptographic controls

A system and method for cross-domain parallel inspection of data packets in transit between domains of differing security classification incorporating sequential cryptographic control is disclosed. In embodiments, the system includes first and second random number generators, each generating a one-time pad for transmission to both a corresponding front-end cryptographic engine and a parallel guard engine. The cryptographic engines double encrypt the data packet in sequence according to the one-time pads, storing the encrypted packet in a holding register. Each guard engine inspects the data packet in parallel, indicating approval by transmitting a release to the holding register and sending its one-time pad to a back-end cryptographic engine. When the holding register receives both releases, the double encrypted packet is sequentially decrypted by the back-end cryptographic engines in reverse order according to the one-time pads received from the guard engines. The fully decrypted data packet is transferred to the second domain.