CN112351066A - Information bidirectional transmission method and system based on unidirectional optical gate - Google Patents
Information bidirectional transmission method and system based on unidirectional optical gate Download PDFInfo
- Publication number
- CN112351066A CN112351066A CN202011014947.XA CN202011014947A CN112351066A CN 112351066 A CN112351066 A CN 112351066A CN 202011014947 A CN202011014947 A CN 202011014947A CN 112351066 A CN112351066 A CN 112351066A
- Authority
- CN
- China
- Prior art keywords
- network
- file
- application server
- proxy server
- client
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Abstract
The application relates to the technical field of one-way optical gate information transmission, and discloses a two-way information transmission method and system based on one-way optical gates.
Description
Technical Field
The application relates to the technical field of one-way optical gate information transmission, in particular to an information two-way transmission method and system based on a one-way optical gate.
Background
As a post enterprise for national defense security, the military industry manufacturing industry has extremely high network security for information interaction inside the military industry manufacturing enterprise due to the special properties of the military industry manufacturing industry. In order to avoid the problem of information security caused by information intersection between a confidential network and a non-confidential network, confidential data is ensured not to flow from a high-security-level network to a low-security-level network, and the requirement of the unidirectional isolation scene is usually met by adopting a unidirectional optical shutter technology inside an enterprise. However, the separation of the office network and the industrial control network causes the blocking of information circulation, an information loop cannot be formed, and file transmission cannot be initiated again actively when the file transmission fails, so that the file data transmission efficiency is low, and the production efficiency of military manufacturing enterprises is seriously influenced.
Disclosure of Invention
In order to solve the problems and the defects in the prior art, the application provides a method and a system for information bidirectional transmission based on a one-way optical gate, and a one-way closed transmission loop is formed by two independent one-way optical gates, so that reliable information transmission between two independent network systems is guaranteed.
In order to achieve the above object, the technical solution of the present application is as follows:
a bidirectional information transmission method based on a unidirectional optical gate is used for realizing information intercommunication between two completely independent network systems A and B, and specifically comprises the following steps:
s1, firstly, a user initiates a file transmission instruction at an A network client, and the A network client automatically generates an audit file with a suffix name of ". sync" while initiating the instruction;
s2, the A network client side pushes file data containing the audit file to an approver, the approver approves the content of the transmitted file, and if the approval is passed, the transmitted file data are pushed to a first A network application server; if the approval fails, the transmission file is rejected;
s3, the first network A application server identifies a verification audit file, and pushes file data to a network A sending proxy server after verification is not wrong;
s4, the network A sending proxy server performs optical gate transmission task management, examines file normalization, performs virus checking and killing on file data, pushes the transmitted file data to a first one-way optical gate and transmits the file data to a network B receiving proxy server in a one-way mode through the first one-way optical gate;
s5, after the B network receiving proxy server receives the file, identifying and verifying the audit file, and distributing the file to a first B network application server after verification is correct;
s6, the first B network application server identifies verification audit files, and the files are distributed to the B network client side without error in verification;
s7, after receiving the file, the B-network client generates a receipt file with a suffix name of 'sync', and sends the receipt file to a second B-network application server;
s8, the second B-network application server examines the receipt file in the step S8 and pushes the receipt file to a B-network sending proxy server;
s9. the B network sending proxy server performs optical gate transmission task management, performs examination and virus killing on the receipt file, then pushes the receipt file to a second one-way optical gate and transmits the receipt file to the A network receiving proxy server in a one-way mode through the second one-way optical gate;
s10. after receiving the receipt file, the A network receiving proxy server sends the receipt file to a second A network application server through examination;
s11, the second network A application server examines the receipt file and sends the receipt file to the network A client;
s12. the network client side verifies the receipt file, if the verification is correct, the file is successfully sent, the operation is finished, and the user can download, check or edit the transmitted file data at the network client side B; if the verification fails, the file transmission fails, and the A-network client resends the file.
Preferably, in the step S1, the audit file includes size information of the file, a file transmission time, and a verification code, and has a unique GUID job number.
Preferably, in step S8, the receipt file with the suffix name ". syncret" includes file reception time and reception success or failure information.
An information bidirectional transmission system based on a unidirectional optical gate comprises two completely independent network systems A and B, and two completely independent first optical gates and two completely independent second optical gates, wherein the two network systems are connected through the first optical gates and the second optical gates to form a closed unidirectional transmission loop; the A network system comprises an A network client, a first A network application server, a second A network application server, an A network sending proxy server and an A network receiving proxy server, wherein the A network client is respectively connected with the first A network application server and the second A network application server; the B network system comprises a B network client, a first B network application server, a second B network application server, a B network sending proxy server and a B network receiving proxy server, wherein the B network client is respectively connected with the first B network application server and the second B network application server, the first B network application server is connected with the B network receiving proxy server, the second B network application server is connected with the B network sending proxy server, the B network receiving proxy server and the B network sending proxy server are respectively connected with a first optical gate and a second optical gate, and the B network receiving proxy server and the B network sending proxy server are respectively connected with the first optical gate and the second optical gate, wherein:
the A network client and the B network client are both used for realizing user identity authentication, file verification and bidirectional file transmission;
the first network A application server, the second network A application server, the first network B application server and the second network B application server are all used for verifying files and supporting complex database access;
the network A receiving proxy server and the network B receiving proxy server are used for receiving file information and have the functions of virus killing, content filtering and access control management;
the A network sending proxy server and the B network sending proxy server are used for sending file information and have the functions of virus killing, content filtering and access control management.
Preferably, the network-a client and the network-B client generate an audit file with a suffix ". sync" while sending the file, and each audit file has a unique GUID job number.
Preferably, the a-network client and the B-network client generate a receipt file with a suffix name ". synclet" while receiving the file.
The beneficial effect of this application:
(1) two completely independent network systems form closed one-way transmission return circuits through two independent one-way optical gates in this application, have realized the two-way transmission of information, have effectively promoted the production office efficiency of enterprise to can launch the retransmission instruction automatically when file transmission fails, thereby ensure that the information reliably reaches.
(2) In this application, audit file has the only GUID job number and is used for the identification verification in the transmission course, can guarantee that each link file prevents repetition and leak protection when transmitting.
Drawings
Fig. 1 is a system configuration diagram of the present application.
Detailed Description
The present application will be described in further detail with reference to examples, but the embodiments of the present application are not limited thereto.
Example 1
The embodiment discloses an information bidirectional transmission method based on a unidirectional optical gate, which is used for realizing information intercommunication between two completely independent network systems A and B, and specifically comprises the following steps:
s1, firstly, a user initiates a file transmission instruction at an A network client, such as an NC program, a measurement file, a warehouse-out instruction, a cutter measurement instruction and the like, and the A network client automatically generates an audit file with a suffix name of ". sync" while initiating the instruction;
s2, the A network client side pushes file data containing the audit file to an approver, the approver approves the content of the transmitted file, and if the approval is passed, the transmitted file data are pushed to a first A network application server; if the approval fails, the transmission file is rejected;
s3, the first network A application server identifies a verification audit file, and pushes file data to a network A sending proxy server after verification is not wrong;
s4, the network A sending proxy server performs optical gate transmission task management, examines file normalization, performs virus checking and killing on file data, and then transmits the transmitted file data to the network B receiving proxy server in a one-way mode through a first one-way optical gate;
s5, after the B network receiving proxy server receives the file, identifying and verifying the audit file, and distributing the file to a first B network application server after verification is correct;
s6, the first B network application server identifies verification audit files, and the files are distributed to the B network client side without error in verification;
s7, after receiving the file, the B-network client automatically generates a receipt file with a suffix name of 'sync', and sends the receipt file to a second B-network application server;
s8, the second B-network application server examines the receipt file in the step S8 and pushes the receipt file to a B-network sending proxy server;
s9. the B network sending proxy server performs optical gate transmission task management, performs examination and virus killing on the receipt file, then pushes the receipt file to a second one-way optical gate and transmits the receipt file to the A network receiving proxy server in a one-way mode through the second one-way optical gate;
s10. after receiving the receipt file, the A network receiving proxy server sends the receipt file to a second A network application server through examination;
s11, the second network A application server examines the receipt file and sends the receipt file to the network A client;
s12. the network client side verifies the receipt file, if the verification is correct, the file is successfully sent, the operation is finished, and the user can download, check or edit the transmitted file data at the network client side B; if the verification fails, the file transmission fails, and the A-network client resends the file.
Further, in order to better achieve the object of the present invention, the audit file automatically generated in step S1 includes size information of the file, file sending time, and a verification code, and has a unique GUID job number.
Further, in order to better achieve the object of the invention of the present application, the receipt file with suffix name ". syncret" automatically generated in said step S8 includes file reception time and reception success or failure information.
Example 2
Referring to the attached figure 1 of the specification, the embodiment discloses an information bidirectional transmission system based on a unidirectional optical gate, which comprises an a network system and a B network system which are completely independent, wherein the two network systems are connected through a first optical gate and a second optical gate to form a closed unidirectional transmission loop, and the two optical gates are also independent; specifically, the method comprises the following steps:
the A network system comprises an A network client and a multi-stage server, wherein the multi-stage server comprises a first A network application server, a second A network application server, an A network sending proxy server and an A network receiving proxy server;
the composition of the B network system is the same as that of the A network system, and the B network system comprises a B network client and a multi-stage server, wherein the multi-stage server comprises a first B network application server, a second B network application server, a B network sending proxy server and a B network receiving proxy server;
the A network client and the B network client are both used for realizing user identity authentication, file verification and bidirectional file transmission;
the first network A application server, the second network A application server, the first network B application server and the second network B application server are all used for verifying files and supporting complex database access;
the network A receiving proxy server and the network B receiving proxy server are used for receiving file information and have the functions of virus killing, content filtering and access control management;
the A network sending proxy server and the B network sending proxy server are used for sending file information and have the functions of virus killing, content filtering and access control management.
Further, in order to better achieve the purpose of the invention of the present application, the a-network client and the B-network client generate an audit file with a suffix ". sync" while sending the file, and each audit file has a unique GUID job number.
Further, in order to better achieve the object of the present invention, the a-network client and the B-network client generate a receipt file with a suffix name ". synclet" while receiving the file.
In the description of the present application, it is to be understood that the terms "center", "longitudinal", "lateral", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like indicate orientations or positional relationships based on those shown in the drawings, and are used merely for convenience in describing the present application and for simplifying the description, and do not indicate or imply that the referenced device or element must have a particular orientation, be constructed in a particular orientation, and be operated, and therefore should not be construed as limiting the scope of the present application.
In the description of the present application, it is further noted that, unless expressly stated or limited otherwise, the terms "disposed," "mounted," and "connected" are to be construed broadly, e.g., as meaning fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present application can be understood in a specific case by those of ordinary skill in the art.
The foregoing is directed to embodiments of the present invention, which are not limited thereto, and any simple modifications and equivalents thereof according to the technical spirit of the present invention may be made within the scope of the present invention.
Claims (6)
1. An information bidirectional transmission method based on a unidirectional optical gate is used for realizing information intercommunication between two completely independent A network systems and B network systems, and is characterized in that: the method specifically comprises the following steps:
s1, firstly, a user initiates a file transmission instruction at an A network client, and the A network client automatically generates an audit file with a suffix name of ". sync" while initiating the instruction;
s2, the A network client side pushes file data containing the audit file to an approver, the approver approves the content of the transmitted file, and if the approval is passed, the transmitted file data are pushed to a first A network application server; if the approval fails, the transmission file is rejected;
s3, the first network A application server identifies a verification audit file, and pushes file data to a network A sending proxy server after verification is not wrong;
s4, the network A sending proxy server performs optical gate transmission task management, examines file normalization, performs virus checking and killing on file data, pushes the transmitted file data to a first one-way optical gate and transmits the file data to a network B receiving proxy server in a one-way mode through the first one-way optical gate;
s5, after the B network receiving proxy server receives the file, identifying and verifying the audit file, and distributing the file to a first B network application server after verification is correct;
s6, the first B network application server identifies verification audit files, and the files are distributed to the B network client side without error in verification;
s7, after receiving the file, the B-network client generates a receipt file with a suffix name of 'sync', and sends the receipt file to a second B-network application server;
s8, the second B-network application server examines the receipt file in the step S8 and pushes the receipt file to a B-network sending proxy server;
s9. the B network sending proxy server performs optical gate transmission task management, performs examination and virus killing on the receipt file, then pushes the receipt file to a second one-way optical gate and transmits the receipt file to the A network receiving proxy server in a one-way mode through the second one-way optical gate;
s10. after receiving the receipt file, the A network receiving proxy server sends the receipt file to a second A network application server through examination;
s11, the second network A application server examines the receipt file and sends the receipt file to the network A client;
s12. the network client side verifies the receipt file, if the verification is correct, the file is successfully sent, the operation is finished, and the user can download, check or edit the transmitted file data at the network client side B; if the verification fails, the file transmission fails, and the A-network client resends the file.
2.A method for bidirectional transfer of information based on a unidirectional shutter as claimed in claim 1, characterized in that: in step S1, the audit file includes file size information, file transmission time, and a verification code, and has a unique GUID job number.
3. A method for bidirectional transfer of information based on a unidirectional shutter as claimed in claim 1, characterized in that: in step S8, the receipt file with the suffix name ". synclet" includes the file reception time and the reception success or failure information.
4. An information bidirectional transmission system based on a unidirectional optical gate is characterized in that: the system comprises two completely independent network systems A and B and two completely independent first and second optical gates, wherein the two network systems are connected through the first and second optical gates to form a closed unidirectional transmission loop; the A network system comprises an A network client, a first A network application server, a second A network application server, an A network sending proxy server and an A network receiving proxy server, wherein the A network client is respectively connected with the first A network application server and the second A network application server; the B network system comprises a B network client, a first B network application server, a second B network application server, a B network sending proxy server and a B network receiving proxy server, wherein the B network client is respectively connected with the first B network application server and the second B network application server, the first B network application server is connected with the B network receiving proxy server, the second B network application server is connected with the B network sending proxy server, the B network receiving proxy server and the B network sending proxy server are respectively connected with a first optical gate and a second optical gate, and the B network receiving proxy server and the B network sending proxy server are respectively connected with the first optical gate and the second optical gate, wherein:
the A network client and the B network client are both used for realizing user identity authentication, file verification and bidirectional file transmission;
the first network A application server, the second network A application server, the first network B application server and the second network B application server are all used for verifying files and supporting complex database access;
the network A receiving proxy server and the network B receiving proxy server are used for receiving file information and have the functions of virus killing, content filtering and access control management;
the A network sending proxy server and the B network sending proxy server are used for sending file information and have the functions of virus killing, content filtering and access control management.
5. A bidirectional information transfer system based on a unidirectional shutter as claimed in claim 1, wherein: and the A network client and the B network client generate an audit file with a suffix name ('. sync') while sending the file, wherein each audit file has a unique GUID job number.
6. A bidirectional information transfer system based on a unidirectional shutter as claimed in claim 1, wherein: the A-network client and the B-network client generate a receipt file with a suffix name of ". syncret" while receiving the file.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011014947.XA CN112351066A (en) | 2020-09-24 | 2020-09-24 | Information bidirectional transmission method and system based on unidirectional optical gate |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202011014947.XA CN112351066A (en) | 2020-09-24 | 2020-09-24 | Information bidirectional transmission method and system based on unidirectional optical gate |
Publications (1)
Publication Number | Publication Date |
---|---|
CN112351066A true CN112351066A (en) | 2021-02-09 |
Family
ID=74358167
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202011014947.XA Pending CN112351066A (en) | 2020-09-24 | 2020-09-24 | Information bidirectional transmission method and system based on unidirectional optical gate |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN112351066A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114039748A (en) * | 2021-10-25 | 2022-02-11 | 中广核工程有限公司 | Identity authentication method, system, computer device and storage medium |
CN114257443A (en) * | 2021-12-15 | 2022-03-29 | 北京华夏电通科技股份有限公司 | Special inter-intranet signature system, method and equipment for court |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107454094A (en) * | 2017-08-23 | 2017-12-08 | 北京明朝万达科技股份有限公司 | A kind of data interactive method and system |
CN107749840A (en) * | 2017-09-27 | 2018-03-02 | 北京机电工程研究所 | The unidirectional safe transmission of data and coprocessing system and method based on unidirectional gateway |
CN111083158A (en) * | 2019-12-26 | 2020-04-28 | 深圳市东晟数据有限公司 | Processing method and system for bidirectional message transmission through two unidirectional network gates |
US20200153624A1 (en) * | 2018-11-13 | 2020-05-14 | Ares Technologies, Inc. | Biometric scanner apparatus and methods for its use |
-
2020
- 2020-09-24 CN CN202011014947.XA patent/CN112351066A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107454094A (en) * | 2017-08-23 | 2017-12-08 | 北京明朝万达科技股份有限公司 | A kind of data interactive method and system |
CN107749840A (en) * | 2017-09-27 | 2018-03-02 | 北京机电工程研究所 | The unidirectional safe transmission of data and coprocessing system and method based on unidirectional gateway |
US20200153624A1 (en) * | 2018-11-13 | 2020-05-14 | Ares Technologies, Inc. | Biometric scanner apparatus and methods for its use |
CN111083158A (en) * | 2019-12-26 | 2020-04-28 | 深圳市东晟数据有限公司 | Processing method and system for bidirectional message transmission through two unidirectional network gates |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114039748A (en) * | 2021-10-25 | 2022-02-11 | 中广核工程有限公司 | Identity authentication method, system, computer device and storage medium |
CN114257443A (en) * | 2021-12-15 | 2022-03-29 | 北京华夏电通科技股份有限公司 | Special inter-intranet signature system, method and equipment for court |
CN114257443B (en) * | 2021-12-15 | 2023-02-28 | 北京华夏电通科技股份有限公司 | Special inter-intranet signature system, method and equipment for court |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2019036019A1 (en) | Systems and methods for implementing data communications with security tokens | |
CN112351066A (en) | Information bidirectional transmission method and system based on unidirectional optical gate | |
CN103975568B (en) | There is safety management system and the method for managing security of multiple Relay Servers | |
US11436314B2 (en) | System and method for provisioning non-enterprise client devices with access credentials | |
CN114255031A (en) | System for executing cross block chain of transaction, cross chain transaction method and equipment | |
CN103905504A (en) | Information pushing method and system | |
CN103259797A (en) | Data file transmission method and platform | |
CN111641650A (en) | Industrial data unidirectional import system and method | |
CN107332886A (en) | Method of data synchronization, device, system, electronic equipment and readable storage medium storing program for executing | |
CN108024243A (en) | A kind of eSIM is caught in Network Communication method and its system | |
CN105373891A (en) | Smart grid data management and transmission system | |
KR102228686B1 (en) | Method for providing a communication channel for secure management between a physically separated uniway data transmitting and receiving device in uniway security gateway system and uniway data transmitting and receiving device providing two uniway communication channels therefor | |
CN107580002A (en) | Double factor authentication safety management machine login system and method | |
CN104753903A (en) | Authentication method, system and device | |
CN110968899B (en) | Data blocking confirmation method, device, equipment and medium based on block chain | |
CN112055088A (en) | Optical gate-based file reliable transmission system and method thereof | |
CN116579019B (en) | Computer information safety supervision system | |
CN110012032B (en) | User authentication method and device | |
CN114095213B (en) | Network access control policy management system | |
CN109492375A (en) | SAP ERP single-node login system based on JAVA middleware intergration model | |
CN104270368A (en) | Authentication method, authentication server and authentication system | |
CN107547497A (en) | A kind of unaware PORTAL authentication methods and device | |
WO2021247402A1 (en) | Unidirectional gateway mediated multiplexing of concurrent data message streams | |
TW201236432A (en) | Automatically-triggered one time password authentication system with remote authentication dial-in user service | |
CN109246146A (en) | SAP ERP single-point logging method based on JAVA middleware intergration model |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210209 |
|
RJ01 | Rejection of invention patent application after publication |