CN112351066A - Information bidirectional transmission method and system based on unidirectional optical gate - Google Patents

Information bidirectional transmission method and system based on unidirectional optical gate Download PDF

Info

Publication number
CN112351066A
CN112351066A CN202011014947.XA CN202011014947A CN112351066A CN 112351066 A CN112351066 A CN 112351066A CN 202011014947 A CN202011014947 A CN 202011014947A CN 112351066 A CN112351066 A CN 112351066A
Authority
CN
China
Prior art keywords
network
file
application server
proxy server
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011014947.XA
Other languages
Chinese (zh)
Inventor
张敏
吴瑜
郭和平
秦艇
赵立鑫
宋智勇
汪裕杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Chengdu Aircraft Industrial Group Co Ltd
Original Assignee
Chengdu Aircraft Industrial Group Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Chengdu Aircraft Industrial Group Co Ltd filed Critical Chengdu Aircraft Industrial Group Co Ltd
Priority to CN202011014947.XA priority Critical patent/CN112351066A/en
Publication of CN112351066A publication Critical patent/CN112351066A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Abstract

The application relates to the technical field of one-way optical gate information transmission, and discloses a two-way information transmission method and system based on one-way optical gates.

Description

Information bidirectional transmission method and system based on unidirectional optical gate
Technical Field
The application relates to the technical field of one-way optical gate information transmission, in particular to an information two-way transmission method and system based on a one-way optical gate.
Background
As a post enterprise for national defense security, the military industry manufacturing industry has extremely high network security for information interaction inside the military industry manufacturing enterprise due to the special properties of the military industry manufacturing industry. In order to avoid the problem of information security caused by information intersection between a confidential network and a non-confidential network, confidential data is ensured not to flow from a high-security-level network to a low-security-level network, and the requirement of the unidirectional isolation scene is usually met by adopting a unidirectional optical shutter technology inside an enterprise. However, the separation of the office network and the industrial control network causes the blocking of information circulation, an information loop cannot be formed, and file transmission cannot be initiated again actively when the file transmission fails, so that the file data transmission efficiency is low, and the production efficiency of military manufacturing enterprises is seriously influenced.
Disclosure of Invention
In order to solve the problems and the defects in the prior art, the application provides a method and a system for information bidirectional transmission based on a one-way optical gate, and a one-way closed transmission loop is formed by two independent one-way optical gates, so that reliable information transmission between two independent network systems is guaranteed.
In order to achieve the above object, the technical solution of the present application is as follows:
a bidirectional information transmission method based on a unidirectional optical gate is used for realizing information intercommunication between two completely independent network systems A and B, and specifically comprises the following steps:
s1, firstly, a user initiates a file transmission instruction at an A network client, and the A network client automatically generates an audit file with a suffix name of ". sync" while initiating the instruction;
s2, the A network client side pushes file data containing the audit file to an approver, the approver approves the content of the transmitted file, and if the approval is passed, the transmitted file data are pushed to a first A network application server; if the approval fails, the transmission file is rejected;
s3, the first network A application server identifies a verification audit file, and pushes file data to a network A sending proxy server after verification is not wrong;
s4, the network A sending proxy server performs optical gate transmission task management, examines file normalization, performs virus checking and killing on file data, pushes the transmitted file data to a first one-way optical gate and transmits the file data to a network B receiving proxy server in a one-way mode through the first one-way optical gate;
s5, after the B network receiving proxy server receives the file, identifying and verifying the audit file, and distributing the file to a first B network application server after verification is correct;
s6, the first B network application server identifies verification audit files, and the files are distributed to the B network client side without error in verification;
s7, after receiving the file, the B-network client generates a receipt file with a suffix name of 'sync', and sends the receipt file to a second B-network application server;
s8, the second B-network application server examines the receipt file in the step S8 and pushes the receipt file to a B-network sending proxy server;
s9. the B network sending proxy server performs optical gate transmission task management, performs examination and virus killing on the receipt file, then pushes the receipt file to a second one-way optical gate and transmits the receipt file to the A network receiving proxy server in a one-way mode through the second one-way optical gate;
s10. after receiving the receipt file, the A network receiving proxy server sends the receipt file to a second A network application server through examination;
s11, the second network A application server examines the receipt file and sends the receipt file to the network A client;
s12. the network client side verifies the receipt file, if the verification is correct, the file is successfully sent, the operation is finished, and the user can download, check or edit the transmitted file data at the network client side B; if the verification fails, the file transmission fails, and the A-network client resends the file.
Preferably, in the step S1, the audit file includes size information of the file, a file transmission time, and a verification code, and has a unique GUID job number.
Preferably, in step S8, the receipt file with the suffix name ". syncret" includes file reception time and reception success or failure information.
An information bidirectional transmission system based on a unidirectional optical gate comprises two completely independent network systems A and B, and two completely independent first optical gates and two completely independent second optical gates, wherein the two network systems are connected through the first optical gates and the second optical gates to form a closed unidirectional transmission loop; the A network system comprises an A network client, a first A network application server, a second A network application server, an A network sending proxy server and an A network receiving proxy server, wherein the A network client is respectively connected with the first A network application server and the second A network application server; the B network system comprises a B network client, a first B network application server, a second B network application server, a B network sending proxy server and a B network receiving proxy server, wherein the B network client is respectively connected with the first B network application server and the second B network application server, the first B network application server is connected with the B network receiving proxy server, the second B network application server is connected with the B network sending proxy server, the B network receiving proxy server and the B network sending proxy server are respectively connected with a first optical gate and a second optical gate, and the B network receiving proxy server and the B network sending proxy server are respectively connected with the first optical gate and the second optical gate, wherein:
the A network client and the B network client are both used for realizing user identity authentication, file verification and bidirectional file transmission;
the first network A application server, the second network A application server, the first network B application server and the second network B application server are all used for verifying files and supporting complex database access;
the network A receiving proxy server and the network B receiving proxy server are used for receiving file information and have the functions of virus killing, content filtering and access control management;
the A network sending proxy server and the B network sending proxy server are used for sending file information and have the functions of virus killing, content filtering and access control management.
Preferably, the network-a client and the network-B client generate an audit file with a suffix ". sync" while sending the file, and each audit file has a unique GUID job number.
Preferably, the a-network client and the B-network client generate a receipt file with a suffix name ". synclet" while receiving the file.
The beneficial effect of this application:
(1) two completely independent network systems form closed one-way transmission return circuits through two independent one-way optical gates in this application, have realized the two-way transmission of information, have effectively promoted the production office efficiency of enterprise to can launch the retransmission instruction automatically when file transmission fails, thereby ensure that the information reliably reaches.
(2) In this application, audit file has the only GUID job number and is used for the identification verification in the transmission course, can guarantee that each link file prevents repetition and leak protection when transmitting.
Drawings
Fig. 1 is a system configuration diagram of the present application.
Detailed Description
The present application will be described in further detail with reference to examples, but the embodiments of the present application are not limited thereto.
Example 1
The embodiment discloses an information bidirectional transmission method based on a unidirectional optical gate, which is used for realizing information intercommunication between two completely independent network systems A and B, and specifically comprises the following steps:
s1, firstly, a user initiates a file transmission instruction at an A network client, such as an NC program, a measurement file, a warehouse-out instruction, a cutter measurement instruction and the like, and the A network client automatically generates an audit file with a suffix name of ". sync" while initiating the instruction;
s2, the A network client side pushes file data containing the audit file to an approver, the approver approves the content of the transmitted file, and if the approval is passed, the transmitted file data are pushed to a first A network application server; if the approval fails, the transmission file is rejected;
s3, the first network A application server identifies a verification audit file, and pushes file data to a network A sending proxy server after verification is not wrong;
s4, the network A sending proxy server performs optical gate transmission task management, examines file normalization, performs virus checking and killing on file data, and then transmits the transmitted file data to the network B receiving proxy server in a one-way mode through a first one-way optical gate;
s5, after the B network receiving proxy server receives the file, identifying and verifying the audit file, and distributing the file to a first B network application server after verification is correct;
s6, the first B network application server identifies verification audit files, and the files are distributed to the B network client side without error in verification;
s7, after receiving the file, the B-network client automatically generates a receipt file with a suffix name of 'sync', and sends the receipt file to a second B-network application server;
s8, the second B-network application server examines the receipt file in the step S8 and pushes the receipt file to a B-network sending proxy server;
s9. the B network sending proxy server performs optical gate transmission task management, performs examination and virus killing on the receipt file, then pushes the receipt file to a second one-way optical gate and transmits the receipt file to the A network receiving proxy server in a one-way mode through the second one-way optical gate;
s10. after receiving the receipt file, the A network receiving proxy server sends the receipt file to a second A network application server through examination;
s11, the second network A application server examines the receipt file and sends the receipt file to the network A client;
s12. the network client side verifies the receipt file, if the verification is correct, the file is successfully sent, the operation is finished, and the user can download, check or edit the transmitted file data at the network client side B; if the verification fails, the file transmission fails, and the A-network client resends the file.
Further, in order to better achieve the object of the present invention, the audit file automatically generated in step S1 includes size information of the file, file sending time, and a verification code, and has a unique GUID job number.
Further, in order to better achieve the object of the invention of the present application, the receipt file with suffix name ". syncret" automatically generated in said step S8 includes file reception time and reception success or failure information.
Example 2
Referring to the attached figure 1 of the specification, the embodiment discloses an information bidirectional transmission system based on a unidirectional optical gate, which comprises an a network system and a B network system which are completely independent, wherein the two network systems are connected through a first optical gate and a second optical gate to form a closed unidirectional transmission loop, and the two optical gates are also independent; specifically, the method comprises the following steps:
the A network system comprises an A network client and a multi-stage server, wherein the multi-stage server comprises a first A network application server, a second A network application server, an A network sending proxy server and an A network receiving proxy server;
the composition of the B network system is the same as that of the A network system, and the B network system comprises a B network client and a multi-stage server, wherein the multi-stage server comprises a first B network application server, a second B network application server, a B network sending proxy server and a B network receiving proxy server;
the A network client and the B network client are both used for realizing user identity authentication, file verification and bidirectional file transmission;
the first network A application server, the second network A application server, the first network B application server and the second network B application server are all used for verifying files and supporting complex database access;
the network A receiving proxy server and the network B receiving proxy server are used for receiving file information and have the functions of virus killing, content filtering and access control management;
the A network sending proxy server and the B network sending proxy server are used for sending file information and have the functions of virus killing, content filtering and access control management.
Further, in order to better achieve the purpose of the invention of the present application, the a-network client and the B-network client generate an audit file with a suffix ". sync" while sending the file, and each audit file has a unique GUID job number.
Further, in order to better achieve the object of the present invention, the a-network client and the B-network client generate a receipt file with a suffix name ". synclet" while receiving the file.
In the description of the present application, it is to be understood that the terms "center", "longitudinal", "lateral", "front", "back", "left", "right", "vertical", "horizontal", "top", "bottom", "inner", "outer", and the like indicate orientations or positional relationships based on those shown in the drawings, and are used merely for convenience in describing the present application and for simplifying the description, and do not indicate or imply that the referenced device or element must have a particular orientation, be constructed in a particular orientation, and be operated, and therefore should not be construed as limiting the scope of the present application.
In the description of the present application, it is further noted that, unless expressly stated or limited otherwise, the terms "disposed," "mounted," and "connected" are to be construed broadly, e.g., as meaning fixedly connected, detachably connected, or integrally connected; can be mechanically or electrically connected; they may be connected directly or indirectly through intervening media, or they may be interconnected between two elements. The specific meaning of the above terms in the present application can be understood in a specific case by those of ordinary skill in the art.
The foregoing is directed to embodiments of the present invention, which are not limited thereto, and any simple modifications and equivalents thereof according to the technical spirit of the present invention may be made within the scope of the present invention.

Claims (6)

1. An information bidirectional transmission method based on a unidirectional optical gate is used for realizing information intercommunication between two completely independent A network systems and B network systems, and is characterized in that: the method specifically comprises the following steps:
s1, firstly, a user initiates a file transmission instruction at an A network client, and the A network client automatically generates an audit file with a suffix name of ". sync" while initiating the instruction;
s2, the A network client side pushes file data containing the audit file to an approver, the approver approves the content of the transmitted file, and if the approval is passed, the transmitted file data are pushed to a first A network application server; if the approval fails, the transmission file is rejected;
s3, the first network A application server identifies a verification audit file, and pushes file data to a network A sending proxy server after verification is not wrong;
s4, the network A sending proxy server performs optical gate transmission task management, examines file normalization, performs virus checking and killing on file data, pushes the transmitted file data to a first one-way optical gate and transmits the file data to a network B receiving proxy server in a one-way mode through the first one-way optical gate;
s5, after the B network receiving proxy server receives the file, identifying and verifying the audit file, and distributing the file to a first B network application server after verification is correct;
s6, the first B network application server identifies verification audit files, and the files are distributed to the B network client side without error in verification;
s7, after receiving the file, the B-network client generates a receipt file with a suffix name of 'sync', and sends the receipt file to a second B-network application server;
s8, the second B-network application server examines the receipt file in the step S8 and pushes the receipt file to a B-network sending proxy server;
s9. the B network sending proxy server performs optical gate transmission task management, performs examination and virus killing on the receipt file, then pushes the receipt file to a second one-way optical gate and transmits the receipt file to the A network receiving proxy server in a one-way mode through the second one-way optical gate;
s10. after receiving the receipt file, the A network receiving proxy server sends the receipt file to a second A network application server through examination;
s11, the second network A application server examines the receipt file and sends the receipt file to the network A client;
s12. the network client side verifies the receipt file, if the verification is correct, the file is successfully sent, the operation is finished, and the user can download, check or edit the transmitted file data at the network client side B; if the verification fails, the file transmission fails, and the A-network client resends the file.
2.A method for bidirectional transfer of information based on a unidirectional shutter as claimed in claim 1, characterized in that: in step S1, the audit file includes file size information, file transmission time, and a verification code, and has a unique GUID job number.
3. A method for bidirectional transfer of information based on a unidirectional shutter as claimed in claim 1, characterized in that: in step S8, the receipt file with the suffix name ". synclet" includes the file reception time and the reception success or failure information.
4. An information bidirectional transmission system based on a unidirectional optical gate is characterized in that: the system comprises two completely independent network systems A and B and two completely independent first and second optical gates, wherein the two network systems are connected through the first and second optical gates to form a closed unidirectional transmission loop; the A network system comprises an A network client, a first A network application server, a second A network application server, an A network sending proxy server and an A network receiving proxy server, wherein the A network client is respectively connected with the first A network application server and the second A network application server; the B network system comprises a B network client, a first B network application server, a second B network application server, a B network sending proxy server and a B network receiving proxy server, wherein the B network client is respectively connected with the first B network application server and the second B network application server, the first B network application server is connected with the B network receiving proxy server, the second B network application server is connected with the B network sending proxy server, the B network receiving proxy server and the B network sending proxy server are respectively connected with a first optical gate and a second optical gate, and the B network receiving proxy server and the B network sending proxy server are respectively connected with the first optical gate and the second optical gate, wherein:
the A network client and the B network client are both used for realizing user identity authentication, file verification and bidirectional file transmission;
the first network A application server, the second network A application server, the first network B application server and the second network B application server are all used for verifying files and supporting complex database access;
the network A receiving proxy server and the network B receiving proxy server are used for receiving file information and have the functions of virus killing, content filtering and access control management;
the A network sending proxy server and the B network sending proxy server are used for sending file information and have the functions of virus killing, content filtering and access control management.
5. A bidirectional information transfer system based on a unidirectional shutter as claimed in claim 1, wherein: and the A network client and the B network client generate an audit file with a suffix name ('. sync') while sending the file, wherein each audit file has a unique GUID job number.
6. A bidirectional information transfer system based on a unidirectional shutter as claimed in claim 1, wherein: the A-network client and the B-network client generate a receipt file with a suffix name of ". syncret" while receiving the file.
CN202011014947.XA 2020-09-24 2020-09-24 Information bidirectional transmission method and system based on unidirectional optical gate Pending CN112351066A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011014947.XA CN112351066A (en) 2020-09-24 2020-09-24 Information bidirectional transmission method and system based on unidirectional optical gate

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011014947.XA CN112351066A (en) 2020-09-24 2020-09-24 Information bidirectional transmission method and system based on unidirectional optical gate

Publications (1)

Publication Number Publication Date
CN112351066A true CN112351066A (en) 2021-02-09

Family

ID=74358167

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011014947.XA Pending CN112351066A (en) 2020-09-24 2020-09-24 Information bidirectional transmission method and system based on unidirectional optical gate

Country Status (1)

Country Link
CN (1) CN112351066A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114039748A (en) * 2021-10-25 2022-02-11 中广核工程有限公司 Identity authentication method, system, computer device and storage medium
CN114257443A (en) * 2021-12-15 2022-03-29 北京华夏电通科技股份有限公司 Special inter-intranet signature system, method and equipment for court

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107454094A (en) * 2017-08-23 2017-12-08 北京明朝万达科技股份有限公司 A kind of data interactive method and system
CN107749840A (en) * 2017-09-27 2018-03-02 北京机电工程研究所 The unidirectional safe transmission of data and coprocessing system and method based on unidirectional gateway
CN111083158A (en) * 2019-12-26 2020-04-28 深圳市东晟数据有限公司 Processing method and system for bidirectional message transmission through two unidirectional network gates
US20200153624A1 (en) * 2018-11-13 2020-05-14 Ares Technologies, Inc. Biometric scanner apparatus and methods for its use

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107454094A (en) * 2017-08-23 2017-12-08 北京明朝万达科技股份有限公司 A kind of data interactive method and system
CN107749840A (en) * 2017-09-27 2018-03-02 北京机电工程研究所 The unidirectional safe transmission of data and coprocessing system and method based on unidirectional gateway
US20200153624A1 (en) * 2018-11-13 2020-05-14 Ares Technologies, Inc. Biometric scanner apparatus and methods for its use
CN111083158A (en) * 2019-12-26 2020-04-28 深圳市东晟数据有限公司 Processing method and system for bidirectional message transmission through two unidirectional network gates

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114039748A (en) * 2021-10-25 2022-02-11 中广核工程有限公司 Identity authentication method, system, computer device and storage medium
CN114257443A (en) * 2021-12-15 2022-03-29 北京华夏电通科技股份有限公司 Special inter-intranet signature system, method and equipment for court
CN114257443B (en) * 2021-12-15 2023-02-28 北京华夏电通科技股份有限公司 Special inter-intranet signature system, method and equipment for court

Similar Documents

Publication Publication Date Title
WO2019036019A1 (en) Systems and methods for implementing data communications with security tokens
CN112351066A (en) Information bidirectional transmission method and system based on unidirectional optical gate
CN103975568B (en) There is safety management system and the method for managing security of multiple Relay Servers
US11436314B2 (en) System and method for provisioning non-enterprise client devices with access credentials
CN114255031A (en) System for executing cross block chain of transaction, cross chain transaction method and equipment
CN103905504A (en) Information pushing method and system
CN103259797A (en) Data file transmission method and platform
CN111641650A (en) Industrial data unidirectional import system and method
CN107332886A (en) Method of data synchronization, device, system, electronic equipment and readable storage medium storing program for executing
CN108024243A (en) A kind of eSIM is caught in Network Communication method and its system
CN105373891A (en) Smart grid data management and transmission system
KR102228686B1 (en) Method for providing a communication channel for secure management between a physically separated uniway data transmitting and receiving device in uniway security gateway system and uniway data transmitting and receiving device providing two uniway communication channels therefor
CN107580002A (en) Double factor authentication safety management machine login system and method
CN104753903A (en) Authentication method, system and device
CN110968899B (en) Data blocking confirmation method, device, equipment and medium based on block chain
CN112055088A (en) Optical gate-based file reliable transmission system and method thereof
CN116579019B (en) Computer information safety supervision system
CN110012032B (en) User authentication method and device
CN114095213B (en) Network access control policy management system
CN109492375A (en) SAP ERP single-node login system based on JAVA middleware intergration model
CN104270368A (en) Authentication method, authentication server and authentication system
CN107547497A (en) A kind of unaware PORTAL authentication methods and device
WO2021247402A1 (en) Unidirectional gateway mediated multiplexing of concurrent data message streams
TW201236432A (en) Automatically-triggered one time password authentication system with remote authentication dial-in user service
CN109246146A (en) SAP ERP single-point logging method based on JAVA middleware intergration model

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210209

RJ01 Rejection of invention patent application after publication