CN115277149B - Security domain communication method and device, electronic equipment and storage medium - Google Patents

Security domain communication method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN115277149B
CN115277149B CN202210864616.8A CN202210864616A CN115277149B CN 115277149 B CN115277149 B CN 115277149B CN 202210864616 A CN202210864616 A CN 202210864616A CN 115277149 B CN115277149 B CN 115277149B
Authority
CN
China
Prior art keywords
security domain
random value
random
message
random number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210864616.8A
Other languages
Chinese (zh)
Other versions
CN115277149A (en
Inventor
李仁江
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Original Assignee
Beijing Topsec Technology Co Ltd
Beijing Topsec Network Security Technology Co Ltd
Beijing Topsec Software Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Topsec Technology Co Ltd, Beijing Topsec Network Security Technology Co Ltd, Beijing Topsec Software Co Ltd filed Critical Beijing Topsec Technology Co Ltd
Priority to CN202210864616.8A priority Critical patent/CN115277149B/en
Publication of CN115277149A publication Critical patent/CN115277149A/en
Application granted granted Critical
Publication of CN115277149B publication Critical patent/CN115277149B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/12Applying verification of the received information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The application provides a security domain communication method, a device, electronic equipment and a storage medium, wherein the method comprises the following steps: acquiring a transmission message unidirectionally transmitted from a first security domain to a second security domain, wherein the security level of the first security domain is lower than that of the second security domain; analyzing a random value from a transmission message; judging whether the random number is generated in the second security domain; if yes, the random value is unidirectionally transmitted from the second security domain to the first security domain, so that the first security domain confirms that the transmission message does not need to be retransmitted according to the random value. Under the condition that the random value is generated in the second security domain, the random value is unidirectionally transmitted from the second security domain to the first security domain, so that the first security domain determines that the transmission message does not need to be retransmitted according to the random value, the problem that the feedback efficiency is lower due to the fact that the manual feedback confirms the file which does not need to be retransmitted is avoided, and the communication efficiency between networks with different security levels is improved.

Description

Security domain communication method and device, electronic equipment and storage medium
Technical Field
The present application relates to the technical field of unidirectional communication, communication data security and network security, and in particular, to a security domain communication method, device, electronic apparatus and storage medium.
Background
By unidirectional transmission device is meant providing a device that allows only unidirectional transmission of data, i.e. only unidirectional transmission of data from device a to device B, but not from device B to device a via the unidirectional transmission device. The unidirectional transmission device provides a unidirectional channel, such as: unidirectional shutters (also known as unidirectional screens) and the like provide unidirectional optical fibers as unidirectional channels.
At present, most of the files are unidirectionally transmitted from a low-security domain to a high-security domain through unidirectional transmission equipment between networks with different security levels, and the files received by the high-security domain cannot be used due to environmental interference and other reasons in the transmission process, so that normally, the workers in the high-security domain can record the names of the received files on an optical disc. And then, manually transporting the file name to the hands of a worker in the low-security domain, and finally, reversely pushing out the file name which is not received by the worker in the low-security domain through the file on the optical disc, and retransmitting the file corresponding to the file name which is not received. In a specific practical process, the problem that the feedback efficiency is low due to the fact that the file which is confirmed by manual feedback and does not need to be retransmitted is found, and the communication efficiency between networks with different security levels is low.
Disclosure of Invention
An embodiment of the application aims to provide a security domain communication method, a security domain communication device, electronic equipment and a storage medium, which are used for solving the problem of low communication efficiency between networks with different security levels.
The embodiment of the application provides a security domain communication method, which comprises the following steps: acquiring a transmission message unidirectionally transmitted from a first security domain to a second security domain, wherein the security level of the first security domain is lower than that of the second security domain; analyzing a random value from a transmission message; judging whether the random number is generated in the second security domain; if yes, the random value is unidirectionally transmitted from the second security domain to the first security domain, so that the first security domain confirms that the transmission message does not need to be retransmitted according to the random value. In the implementation process of the scheme, the random value is analyzed from the transmission message unidirectionally transmitted from the first security domain with low security level to the second security domain with high security level, and the random value is unidirectionally transmitted from the second security domain to the first security domain under the condition that the random value is generated in the second security domain, so that the first security domain determines that the transmission message is not required to be retransmitted according to the random value, the problem that the feedback efficiency is lower due to the fact that the manual feedback confirms the file which is not required to be retransmitted is avoided, and the communication efficiency between networks with different security levels is improved.
Optionally, in an embodiment of the present application, the parsing the random value from the transmission packet includes: judging whether the transmission message meets preset conditions or not, wherein the preset conditions comprise: the content is correct and the format is correct; if yes, analyzing a random value from the transmission message.
In the implementation process of the scheme, the random value is analyzed from the transmission message under the condition that whether the transmission message meets the preset condition of correct content and correct format is judged, so that the problem of communication error caused by the fact that the random value is still analyzed under the condition that the transmission message is modified is avoided, and the communication accuracy between networks with different security levels is effectively improved.
Optionally, in an embodiment of the present application, determining whether the random number is generated in the second security domain includes: judging whether a random value is inquired in a value cache table, wherein the value cache table stores a pre-generated random value; if so, determining that the random value is generated within the second secure domain, otherwise, determining that the random value is not generated within the second secure domain.
In the implementation process of the scheme, the random value is determined to be generated in the second security domain by inquiring the random value in the value cache table, so that the problem of communication errors caused by the fact that the random value is still analyzed under the condition that the transmission message is modified is avoided, and the communication accuracy between networks with different security levels is effectively improved.
Optionally, in an embodiment of the present application, transmitting the random value unidirectionally from the second security domain to the first security domain includes: resolving a safe random number from the transmission message, wherein the safe random number is obtained by encrypting the random number by using a prestored private key; decrypting the secure random number by using a public key corresponding to the private key to obtain a decrypted random number; judging whether the decrypted random number is the same as the random number or not; if so, the random number is unidirectionally transmitted from the second security domain to the first security domain.
In the implementation process of the scheme, the random number is unidirectionally transmitted from the second security domain to the first security domain only when the decrypted random number is the same as the random number, so that the security problem that the random number is unidirectionally transmitted from the second security domain to the first security domain when a transmission message is modified is avoided, and the communication security among networks with different security levels is effectively improved.
Optionally, in an embodiment of the present application, after determining whether the decrypted random number is the same as the random number, the method further includes: if the decrypted random number is different from the random number, the unidirectional transmission of the random number is blocked.
In the implementation process of the scheme, the unidirectional transmission of the random number is blocked under the condition that the decrypted random number is different from the random number, so that the security problem that the random number is unidirectionally transmitted from the second security domain to the first security domain under the condition that a transmission message is modified is avoided, and the communication security among networks with different security levels is effectively improved.
Optionally, in an embodiment of the present application, the method further includes: resolving a digital signature from the transmission message, wherein the digital signature is obtained by encrypting a hash value of the secure random number by using a private key of a sending device of the transmission message; decrypting the digital signature by using a public key corresponding to the private key of the sending equipment of the transmission message to obtain a decrypted hash value; judging whether the decrypted hash value is the same as the hash value of the secure random number; if not, the unidirectional transmission of the random number is blocked.
In the implementation process of the scheme, under the condition that the decrypted hash value is different from the hash value of the secure random number, the unidirectional transmission of the random number is blocked, so that the security problem that the random number is unidirectionally transmitted from the second secure domain to the first secure domain under the condition that a transmission message is modified is avoided, and the communication security among networks with different security levels is effectively improved.
The embodiment of the application also provides a security domain communication method, which is applied to the electronic equipment of the first security domain and comprises the following steps: receiving a random number unidirectionally transmitted by a second security domain, wherein the security level of the first security domain is lower than that of the second security domain; judging whether a first message sequence corresponding to the random value is found in the random sequence table, wherein the corresponding relation between the random value and the message sequence is stored in the random sequence table; if yes, confirming that the transmission message of the first message sequence does not need to be retransmitted, and deleting the random number and the first message sequence corresponding to the random number from the random sequence table; if not, the transmission message of the second message sequence is unidirectionally transmitted from the first security domain to the second security domain according to the random value, and the transmission message of the first message sequence and the transmission message of the second message sequence are different messages.
In the implementation process of the scheme, under the condition that the first message sequence corresponding to the random value is not found in the random sequence table, the transmission message of the second message sequence is unidirectionally transmitted from the first security domain to the second security domain according to the random value, so that the problem of security of the transmission message sequence or service data and the like in the fed-back data is avoided, and the communication security among networks with different security levels is effectively improved.
Optionally, in an embodiment of the present application, unidirectionally transmitting the transmission message of the second message sequence from the first security domain to the second security domain according to the random value includes: judging whether the second message sequence meets retransmission conditions or not, wherein the retransmission conditions comprise: the value of the second message sequence is smaller than that of the first message sequence, or the storage duration of the second message sequence exceeds the preset duration; if yes, packaging the random value and the transmission message of the second message sequence into a retransmission message, and unidirectionally transmitting the retransmission message from the first security domain to the second security domain.
In the implementation process of the scheme, when the value of the second message sequence is smaller than that of the first message sequence, or the storage time of the second message sequence exceeds the preset time, the random value and the transmission message of the second message sequence are packaged into the retransmission message, and the retransmission message is unidirectionally transmitted from the first security domain to the second security domain, so that the problem of missing the transmission message which is not received correctly is avoided, and the communication security among networks with different security levels is effectively improved.
Optionally, in an embodiment of the present application, obtaining a transmission packet transmitted unidirectionally from a first security domain to a second security domain includes: acquiring a transmission message unidirectionally transmitted from a first security domain to a second security domain through a first unidirectional channel; unidirectionally transmitting a random number from a second security domain to a first security domain, comprising: the random number is unidirectionally transmitted from the second security domain to the first security domain through a second unidirectional channel, the first unidirectional channel being opposite in direction and physically isolated from the second unidirectional channel.
In the implementation process of the scheme, the transmission process between the security domains is completed through different unidirectional channels which are opposite in direction and physically isolated, so that the problem that an attacker attacks through physically similar unidirectional channels is avoided, and the communication security between networks with different security levels is effectively improved.
The embodiment of the application also provides a security domain communication device, which comprises: the transmission message acquisition module is used for acquiring a transmission message which is unidirectionally transmitted from a first security domain to a second security domain, wherein the security level of the first security domain is lower than that of the second security domain; the random value analysis module is used for analyzing random values from the transmission message; the random value judging module is used for judging whether the random value is generated in the second safety domain or not; and the random value transmission module is used for unidirectionally transmitting the random value from the second security domain to the first security domain if the random value is generated in the second security domain, so that the first security domain confirms that the transmission message does not need to be retransmitted according to the random value.
Optionally, in an embodiment of the present application, the random numerical analysis module includes: the transmission message judging sub-module is used for judging whether the transmission message meets preset conditions, wherein the preset conditions comprise: the content is correct and the format is correct; and the random value analysis sub-module is used for analyzing the random value from the transmission message if the transmission message meets the preset condition.
Optionally, in an embodiment of the present application, the random number judgment module includes: the random value inquiry module is used for judging whether a random value is inquired in a value cache table, wherein the value cache table stores a pre-generated random value; and the value generation determining module is used for determining that the random value is generated in the second safety domain if the random value is queried in the value cache table, and otherwise, determining that the random value is not generated in the second safety domain.
Optionally, in an embodiment of the present application, the random number transmission module includes: the transmission message Wen Jiexi submodule is used for resolving a safe random number from the transmission message, and the safe random number is obtained by encrypting the random number by using a prestored private key; the secure random decryption sub-module is used for decrypting the secure random number by using the public key corresponding to the private key to obtain the decrypted random number; the random number judgment sub-module is used for judging whether the decrypted random number is the same as the random number or not; and the numerical value unidirectional transmission sub-module is used for unidirectional transmission of the random numerical value from the second security domain to the first security domain if the decrypted random number is identical to the random numerical value.
Optionally, in an embodiment of the present application, the random number transmission module further includes: and the numerical value unidirectional blocking sub-module is used for blocking unidirectional transmission of the random numerical value if the decrypted random number is different from the random numerical value.
Optionally, in an embodiment of the present application, the secure domain communication apparatus further includes: the digital signature analysis module is used for analyzing a digital signature from the transmission message, and the digital signature is obtained by encrypting the hash value of the security random number by using a private key of a sending device of the transmission message; the digital signature decryption module is used for decrypting the digital signature by using the public key corresponding to the private key of the sending equipment of the transmission message to obtain a decrypted hash value; the decryption hash judging module is used for judging whether the decrypted hash value is the same as the hash value of the secure random number; and the unidirectional transmission blocking module is used for blocking unidirectional transmission of the random number if the decrypted hash value is different from the hash value of the secure random number.
Optionally, in an embodiment of the present application, the secure domain communication apparatus further includes: the first unidirectional transmission module is used for acquiring a transmission message which is transmitted unidirectionally from the first security domain to the second security domain through a first unidirectional channel; and the second unidirectional transmission module is used for unidirectional transmission of the random value from the second security domain to the first security domain through a second unidirectional channel, and the first unidirectional channel and the second unidirectional channel are opposite in direction and are physically isolated.
The embodiment of the application also provides electronic equipment, which comprises: a processor and a memory storing machine-readable instructions executable by the processor to perform the method as described above when executed by the processor.
Embodiments of the present application also provide a computer readable storage medium having stored thereon a computer program which, when executed by a processor, performs a method as described above.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments of the present application will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present application, and therefore should not be considered as limiting the scope, and other related drawings can be obtained according to these drawings without inventive effort to those of ordinary skill in the art.
Fig. 1 is a schematic diagram of a security domain communication system according to an embodiment of the present application;
fig. 2 is a schematic flow chart of a security domain communication method executed on a second security domain device according to an embodiment of the present application;
Fig. 3 is a schematic flow chart of a security domain communication method executed on a first security domain device according to an embodiment of the present application;
fig. 4 is a schematic structural diagram of a security domain communication device according to an embodiment of the present application;
fig. 5 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The following description of the technical solutions in the embodiments of the present application will be made clearly and completely with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are only some embodiments, but not all embodiments of the present application. The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations. Accordingly, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the claimed embodiments of the application, but is merely representative of selected ones of the embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to fall within the scope of the embodiments of the application.
It will be appreciated that "first" and "second" in embodiments of the application are used to distinguish similar objects. It will be appreciated by those of skill in the art that the words "first," "second," and the like do not limit the amount and order of execution, and that the words "first," "second," and the like do not necessarily differ.
Before introducing the security domain communication method provided by the embodiment of the present application, some concepts related in the embodiment of the present application are introduced:
a Unidirectional (Unidirectional) gatekeeper, also known as a Unidirectional shutter, refers to a device deployed between networks of different security classes (e.g., a first security domain of a low security class is Unidirectional to a second security domain of a high security class). The unidirectional network gate can realize the physical environment of unidirectional feedback-free transmission through the unidirectional isolation card formed by unidirectional optical fibers, thereby completing the function of unidirectional transmission of the data message from the first security domain with low security level to the second security domain with high security level.
Please refer to fig. 1, which illustrates a schematic diagram of a security domain communication system provided by an embodiment of the present application; the security domain communication system may include: a first security domain device and a second security domain device, wherein the security level of the first security domain is lower than the security level of the second security domain, i.e. the security level of the second security domain is higher than the security level of the first security domain. The first security domain device may include: a transmitting device (A1) and a receiving device (B2) of a first security domain, the second security domain device may include: the transmitting device (B1) and the receiving device (A2) of the second security domain, the transmitting device (A1) of the first security domain can only transmit the transmission message (the transmission message may include traffic data, random value and/or value signature, etc.) to the receiving device (A2) of the second security domain, and the transmitting device (B1) of the second security domain can only transmit non-traffic data (e.g. random value and/or value signature, etc.) to the receiving device (B2) of the first security domain, the Unidirectional transmission process can use a Unidirectional (universal) gateway to transmit, that is, the transmitting device of the first security domain transmits the transmission message including the traffic data to the receiving device of the second security domain through the Unidirectional gateway, and the transmitting device of the second security domain transmits the non-traffic data to the receiving device of the first security domain through the Unidirectional gateway.
The normal transmission procedure of the transmission message will be described. The terminal equipment firstly acquires the transmission message to be transmitted, and then transmits the transmission message to the transmitting equipment (A1) of the first security domain. After receiving the transmission message sent by the terminal device, the sending device (A1) of the first security domain unidirectionally transmits the transmission message to the receiving device (A2) of the second security domain. The receiving device (A2) of the second security domain, after receiving the transmission message sent by the sending device (A1) of the first security domain, sends the transmission message to the server.
Then, a procedure for determining whether to retransmit the transmission message according to the random value is described. The receiving device (A2) in the second security domain may further send a transmission message sent by the sending device (A1) in the first security domain to the sending device (B1) in the second security domain after receiving the transmission message. The transmitting device (B1) of the second security domain parses the random value or generates the random value from the transmission message (this procedure will be described in detail below), and then the transmitting device (B1) of the second security domain unidirectionally transmits the random value to the receiving device (B2) of the first security domain. The receiving device (B2) of the first security domain, after receiving the random value transmitted by the transmitting device (B1) of the second security domain, transmits the random value to the transmitting device (A1) of the first security domain. The transmitting device (A1) of the first security domain, after receiving the random value transmitted by the receiving device (B2) of the first security domain, determines whether to retransmit the transmission message based on the random value (this procedure will be described in detail below).
For security reasons, the receiving device (B2) of the first security domain and the transmitting device (B1) of the second security domain may not transmit any standard network protocol, and the receiving device (B2) of the first security domain directly communicates with the transmitting device (A1) of the first security domain through a network port, and the transmitting device (B1) of the second security domain directly communicates with the receiving device (A2) of the second security domain through a network port, and may actively block any standard network protocol data, and may not communicate with any other network, or may not connect with any network device. Further, in order to prevent the above-mentioned B1 and B2 from being attacked by the network, the management (control) port and the serial port may not be connected to any line and device, the above-mentioned B1 and B2 may be managed in such a manner that only the offline serial port is supported, and the content of the management may set restrictions, for example: it may be only set whether to start the limited operation mode, where the limited operation mode refers to that no standard network protocol is transmitted, and only non-service data with limited acknowledgement is transmitted, whether to retransmit the message.
For more secure data in the communication process, the transmitting device (A1) of the first security domain may have a first digital certificate A1 installed in advance, where the first digital certificate includes: similarly, the transmitting device (B1) of the second security domain may be previously installed with a second digital certificate B1, which includes: b1 public key and B1 private key. In order to make the communication between the transmitting device (A1) of the first security domain and the transmitting device (B1) of the second security domain more secure, the transmitting device (A1) of the first security domain may store a B1 private key in advance, and similarly, the transmitting device (B1) of the second security domain may store an A1 public key in advance.
It should be noted that, the secure domain communication method provided in the embodiment of the present application may be executed by an electronic device, where the electronic device refers to a device that has a function of executing a computer program, for example, the first secure domain device or the second secure domain device, and specifically, the secure domain communication method may be executed by the sending device (A1) of the first secure domain, or the secure domain communication method may be executed by the sending device (B1) of the second secure domain.
Application scenarios to which the secure domain communication method is applicable are described below, where the application scenarios include, but are not limited to: when transmitting message data between networks of different security levels (for example, a first security domain of a low security level is unidirectionally transmitted to a second security domain of a high security level), the security domain communication method can be used for improving the reliability of unidirectional transmission of the data message, improving the communication efficiency between networks of different security levels, and the like.
Please refer to fig. 2, which is a schematic flow chart of a security domain communication method executed on a second security domain device according to an embodiment of the present application; the embodiment of the application provides a security domain communication method, which comprises the following steps:
step S110: a transmission message unidirectionally transmitted from a first security domain to a second security domain is acquired, the security level of the first security domain being lower than the security level of the second security domain.
Transmitting a message, which refers to a message that is transmitted from a first security domain to a second security domain in one direction, as mentioned above, the first security domain device may include: a transmitting device (A1) and a receiving device (B2) of a first security domain, the second security domain device may include: a transmitting device (B1) and a receiving device (A2) of the second security domain. Thus, a transmission message here may refer to a transmission message that is unidirectionally transmitted by a transmitting device (A1) of a first security domain to a receiving device (A2) of a second security domain. The protocol for transmitting the message can be a custom protocol, or an existing protocol such as hypertext transfer protocol (Hyper Text Transfer Protocol, HTTP). The protocol of the transmission message may be set according to a specific situation, and here, a custom protocol is illustrated as an example, and fields in the protocol of the transmission message may include: data (data load of service data) and seq (message sequence for identifying transmission message), of course, in a specific practical process, the method may further include: len (message length for checking the size of data), msg (message type for confirming whether data is unidirectionally transmitted) or randnum (random number for confirming whether retransmission is performed), the protocol of the transmission message may further include further fields as will be described below.
The embodiment of step S110 described above is, for example: the transmitting device (A1) of the first security domain transmits a transmission message sent by the terminal device to the receiving device (A2) of the second security domain after receiving the transmission message. The receiving device (A2) in the second security domain may further send a transmission message sent by the sending device (A1) in the first security domain to the sending device (B1) in the second security domain after receiving the transmission message. Wherein the security level of the first security domain is lower than the security level of the second security domain.
Step S120: and analyzing a random value from the transmission message.
A random number, which refers to a number randomly generated in the first security domain, may be set according to circumstances, for example, to 20 or 40, etc., and the number of bits of the random number may be set longer for security.
The embodiment of step S120 described above is, for example: the sending device (B1) in the second security domain may further determine, after receiving the transmission packet sent by the receiving device (A2) in the second security domain, whether the transmission packet meets a preset condition, where the preset condition includes: the content is correct and the format is correct. If the transmission message meets the preset condition, a random value is analyzed from the transmission message. If the transmission message does not meet the preset condition (such as content error or format error), the transmission message is discarded.
Step S130: it is determined whether the random number is generated within the second security domain.
Step S140: if the random number is generated in the second security domain, the random number is unidirectionally transmitted from the second security domain to the first security domain, so that the first security domain confirms that the transmission message does not need to be retransmitted according to the random number.
The method may comprise determining, by the transmitting device (B1) of the second security domain, whether the random value is generated within the second security domain, and after confirming that the random value is generated within the second security domain, unidirectionally transmitting the random value from the second security domain to the receiving device (B2) of the first security domain, and forwarding, by the receiving device, to the transmitting device (A1) of the first security domain, such that the transmitting device (A1) of the first security domain confirms that the transmission message does not need to be retransmitted based on the random value.
In the implementation process of the scheme, the random value is analyzed from the transmission message unidirectionally transmitted from the first security domain with low security level to the second security domain with high security level, and the random value is unidirectionally transmitted from the second security domain to the first security domain under the condition that the random value is generated in the second security domain, so that the first security domain determines that the transmission message is not required to be retransmitted according to the random value, the problem that the feedback efficiency is lower due to the fact that the manual feedback confirms the file which is not required to be retransmitted is avoided, and the communication efficiency between networks with different security levels is improved.
As an alternative embodiment of the above step S130, determining whether the random number is generated in the second security domain may include:
step S131: judging whether a random value is inquired in a value cache table, wherein the value cache table stores a pre-generated random value.
The embodiment of step S131 described above is, for example: after the sending device (B1) in the second security domain obtains the random value in the transmission packet, it may also query the value cache table for the random value, and determine whether the value cache table is queried for the random value. It will be appreciated that in the event that the network or device is not attacked, the random value can be queried in the value cache table in the event that the network device is not attacked, since the sending device (B1) of the second security domain, after sending the random value to the receiving device (B2) of the first security domain, stores the random value in the value cache table. The modified random value cannot be queried in the value cache table unless the network device (e.g., router) or intermediate device (e.g., B2) has modified the random value after being attacked. It is of course also possible for the modified random value to be looked up in the value cache table, but in the case of a sufficiently long bit design of the random value, the probability of this occurrence is relatively small and is therefore temporarily disregarded.
Step S132: if the random value is queried in the value cache table, determining that the random value is generated in a second security domain.
Step S133: if the random value is not queried in the value cache table, determining that the random value is not generated in the second security domain.
The embodiments of the above steps S132 to S133 are, for example: if the sending device (B1) of the second security domain queries the value cache table for the random value, it is stated that the random value is generated in the second security domain. If the sending device (B1) of the second security domain does not look up the random value in the value cache table, it is stated that the random value is not generated in the second security domain. After discarding the transmission message, a random number may also be generated, which will be described in more detail below.
As the above embodiment of step S140, there are various embodiments, including but not limited to the following:
the first embodiment may directly unidirectional transmit the random value, and the embodiment may include: after parsing the random value from the transmission message, the transmitting device (B1) of the second security domain may determine whether the random value is generated within the second security domain, specifically for example: the transmitting device (B1) of the second security domain records in the random number table each time a random number is generated and transmitted, and can determine whether the parsed random number is found out of the random numbers recorded in the random number table, if the parsed random number is found out of the random numbers recorded in the random number table, the transmitting device determines that the random number is generated in the second security domain, and similarly, if the parsed random number is not found out of the random numbers recorded in the random number table, the transmitting device determines that the random number is not generated in the second security domain. If the transmitting device (B1) of the second security domain determines that the random value was generated within the second security domain, the transmitting device (B1) of the second security domain may unidirectionally transmit the random value from the second security domain to the first security domain to cause an electronic device within the first security domain (e.g., the transmitting device of the first security domain) to acknowledge retransmission of the transmitted message based on the random value (this process is described in more detail below). Similarly, if the transmitting device (B1) of the second security domain determines that the random value is not generated within the second security domain, the transmitting device (B1) of the second security domain may re-randomly generate a random value, unidirectionally transmit the randomly generated random value from the transmitting device (B1) of the second security domain to the receiving device (B2) of the first security domain, so that the receiving device (B2) of the first security domain forwards the random value to the transmitting device (A1) of the first security domain, and the transmitting device (A1) of the first security domain may encapsulate the random value, the message sequence, and the traffic data into a transmission message, unidirectionally transmit the transmission message from the first security domain to the receiving device of the second security domain, and sequentially circulate.
In a second embodiment, the protocol for transmitting a message may further include a field of a secure random number, and then the random number may be unidirectionally transmitted after the secure random number passes the decryption verification, where the embodiment may include:
step S141: and analyzing the secure random number from the transmission message, wherein the secure random number is obtained by encrypting the random number by using a prestored private key.
Step S142: and decrypting the secure random number by using a public key corresponding to the private key to obtain the decrypted random number.
The embodiment of the above steps S141 to S142 is, for example: because the secure random number in the transmission message is obtained by encrypting the random number by using a prestored private key, the secure random number can be analyzed from the transmission message under the condition that the transmission message and the secure random number in the transmission message are not modified, and the secure random number is decrypted by using a public key corresponding to the private key, so that the decrypted random number is obtained.
Step S143: and if the decrypted random number is the same as the random number, unidirectionally transmitting the random number from the second security domain to the first security domain.
Step S144: if the decrypted random number is different from the random number, blocking unidirectional transmission of the decrypted random number.
The embodiment of step S143 to step S144 described above is, for example: judging whether the decrypted random number is the same as the random number in the random number table; if the decrypted random number is the same as the random number in the random number table, the random number is unidirectionally transmitted from the transmitting device (B1) of the second security domain to the receiving device (B2) of the first security domain, and the random number is deleted from the random number table, so that the random number is prevented from being utilized by other attackers. If the decrypted random number is different from the random number, the unidirectional transmission of the decrypted random number is blocked, and the transmission message corresponding to the decrypted random number can be discarded (because the decrypted random number is not transmitted to the first security domain for confirmation, the transmission message corresponding to the decrypted random number can be retransmitted to the second security domain after overtime), or the transmission message corresponding to the decrypted random number can be omitted.
In a third embodiment, the protocol for transmitting a message may further include a field of a digital signature, and after the digital signature passes verification, the random number may be transmitted in a unidirectional manner, where the embodiment may include:
step S145: and resolving a digital signature from the transmission message, wherein the digital signature is obtained by encrypting the hash value of the secure random number by using a private key of a sending device of the transmission message.
Step S146: and decrypting the digital signature by using a public key corresponding to the private key of the sending equipment of the transmission message to obtain a decrypted hash value.
The embodiments of the above steps S145 to S146 are, for example: because the digital signature in the transmission message is obtained by encrypting the hash value of the secure random number by using the private key of the sending device of the transmission message, the digital signature can be analyzed from the transmission message under the condition that the transmission message and the digital signature in the transmission message are not modified, and the digital signature is decrypted by using the public key corresponding to the private key of the sending device of the transmission message, so that the decrypted hash value is obtained.
Step S147: and judging whether the decrypted hash value is the same as the hash value of the secure random number.
Step S148: if the decrypted hash value is different from the hash value of the secure random number, the unidirectional transmission of the random number is blocked.
The embodiment of step S147 to step S148 described above is, for example: judging whether the decrypted hash value is the same as the hash value of the secure random number; if the decrypted hash value is different from the hash value of the secure random number, the unidirectional transmission of the random number is blocked, a new random number is regenerated, and the generated new random number is unidirectionally transmitted from the transmitting device (B1) of the second secure domain to the receiving device (B2) of the first secure domain. If the decrypted hash value is the same as the hash value of the secure random number, the random number is unidirectionally transmitted from the transmitting device (B1) of the second security domain to the receiving device (B2) of the first security domain, so that the first security domain confirms that the transmission message does not need to be retransmitted according to the random number (this procedure will be described in detail later).
In the fourth embodiment, the protocol for transmitting a message may also include fields of a secure random number and a digital signature, and then the random number may be transmitted unidirectionally after the secure random number is decrypted and verified and the digital signature is verified, which is similar to the second and third embodiments above, and thus will not be repeated herein.
As an alternative implementation manner of the above-mentioned secure domain communication method, different unidirectional channels may be used to transmit the message, and this implementation manner may include:
step S151: and acquiring a transmission message which is unidirectionally transmitted from the first security domain to the second security domain through the first unidirectional channel.
The embodiment of step S151 described above is, for example: the receiving device (A2) of the second security domain receives the transmission message sent by the sending device (A1) of the first security domain through the first unidirectional channel (for example, the unidirectional channel formed by the first unidirectional gatekeeper), so as to obtain the transmission message unidirectionally transmitted from the first security domain to the second security domain. After receiving the transmission message, the receiving device (A2) of the second security domain may perform step S120 described above, i.e. parse the random value from the transmission message, and then send the random value to the sending device (B1) of the second security domain.
Step S152: the random number is unidirectionally transmitted from the second security domain to the first security domain through the second unidirectional channel, the first unidirectional channel being opposite in direction to the second unidirectional channel and physically isolated.
The embodiment of step S152 is, for example: after the random value is obtained, the sending device (B1) of the second security domain sends the random value to the receiving device (B2) of the first security domain through a second unidirectional channel (for example, a unidirectional channel formed by a second unidirectional gatekeeper), so as to complete the process of unidirectional transmission of the random value from the second security domain to the first security domain, wherein the direction of the first unidirectional channel is opposite to that of the second unidirectional channel, and the first unidirectional channel is physically isolated.
Please refer to fig. 3, which is a schematic flow chart of a security domain communication method executed on a first security domain device according to an embodiment of the present application; the embodiment of the application provides a secure domain communication method, which can be applied to electronic equipment of a first secure domain (such as receiving equipment and transmitting equipment of the first secure domain), and the embodiment can comprise the following steps:
step S210: a random number unidirectionally transmitted by the second security domain is received, the security level of the first security domain being lower than the security level of the second security domain.
The embodiment of step S210 described above is, for example: if the electronic device in the first security domain (for example, the receiving device in the first security domain) receives the security random number unidirectionally transmitted in the second security domain, the security random number is obtained by encrypting the random number by using a private key stored in advance by the sending device in the second security domain (B1), then the public key corresponding to the private key can be used to decrypt the security random number at this time, so as to obtain the random number unidirectionally transmitted in the second security domain, wherein the public key corresponding to the private key can be stored in advance on the electronic device in the first security domain (for example, the receiving device in the first security domain). The receiving device (B2) of the first security domain may transmit the secure random number to the transmitting device (A1) of the first security domain after receiving the secure random number transmitted by the transmitting device (B1) of the second security domain.
Step S220: judging whether a first message sequence corresponding to the random value is found in the random sequence table, wherein the corresponding relation between the random value and the message sequence is stored in the random sequence table.
The embodiment of step S220 described above is, for example: the electronic device in the first security domain (for example, the sending device in the first security domain) receives the random value transmitted in one direction by the sending device (B1) in the second security domain, and uses an executable program compiled or interpreted by a preset programming language to determine whether a first message sequence corresponding to the random value is found in the random sequence table, where the corresponding relationship between the random value and the message sequence is stored. Among these, programming languages that can be used are, for example: C. c++, java, BASIC, javaScript, LISP, shell, perl, ruby, python, PHP, etc.
Step S230: if the first message sequence corresponding to the random value is found in the random sequence table, confirming that the transmission message of the first message sequence does not need to be retransmitted, and deleting the random value and the first message sequence corresponding to the random value from the random sequence table.
The embodiment of step S230 described above is, for example: if the first message sequence corresponding to the random value is found in the random sequence table, the fact that the transmission message is correctly received by the receiving equipment in the second security domain is indicated, and the content is correct and the format is correct, so that the second security domain can confirm that the transmission message of the first message sequence does not need to be retransmitted, and delete the random value and the first message sequence corresponding to the random value from the random sequence table. In a specific implementation, the random sequence table may employ an in-memory database, specifically, an in-memory database that may be used, for example: memcached and Redis, etc.
Step S240: if the first message sequence corresponding to the random number is not found in the random sequence table, the transmission message of the second message sequence is unidirectionally transmitted from the first security domain to the second security domain according to the random number, and the transmission message of the first message sequence and the transmission message of the second message sequence are different messages.
It can be understood that if the first message sequence corresponding to the random value is not found in the random sequence table, it indicates that the random value is modified in the propagation process, or the transmission message is discarded when a content error or a format error occurs, so the random value found here is a random value regenerated in the second security domain.
As an alternative implementation manner of the step S240, unidirectional transmission of the transmission message of the second message sequence from the first security domain to the second security domain according to the random value may include:
step S241: judging whether the second message sequence meets retransmission conditions or not, wherein the retransmission conditions comprise: the value of the second message sequence is smaller than that of the first message sequence, or the storage duration of the second message sequence exceeds the preset duration.
Step S242: and if the second message sequence meets the retransmission condition, packaging the random value and the transmission message of the second message sequence into a retransmission message, and unidirectionally transmitting the retransmission message from the first security domain to the second security domain.
The embodiments of the steps S241 to S242 include: in a first embodiment, when the smaller message sequence is not confirmed, the transmission message corresponding to the smaller message sequence is directly retransmitted. And if the value of the second message sequence is smaller than that of the first message sequence, packaging the random value and the transmission message of the second message sequence into a retransmission message, and unidirectionally transmitting the retransmission message from the first security domain to the second security domain. Or, in the second embodiment, whether the message sequence which is not confirmed exists is checked regularly, if the message sequence which is not confirmed is found regularly, the transmission message corresponding to the message sequence is directly retransmitted, and this embodiment specifically includes: and if the storage time length of the second message sequence exceeds the preset time length, packaging the random value and the transmission message of the second message sequence into a retransmission message, and unidirectionally transmitting the retransmission message from the first security domain to the second security domain. The preset time period here may be set according to circumstances, for example, to 2 minutes, 10 minutes, 40 minutes, or the like.
Please refer to fig. 4, which illustrates a schematic structural diagram of a security domain communication device according to an embodiment of the present application; the embodiment of the application provides a secure domain communication device 300, which comprises:
the transmission message obtaining module 310 is configured to obtain a transmission message that is unidirectionally transmitted from a first security domain to a second security domain, where the security level of the first security domain is lower than the security level of the second security domain.
The random value parsing module 320 is configured to parse a random value from the transmission packet.
The random value determining module 330 is configured to determine whether the random value is generated in the second security domain.
The random number transmission module 340 is configured to unidirectionally transmit the random number from the second security domain to the first security domain if the random number is generated in the second security domain, so that the first security domain confirms that the transmission message does not need to be retransmitted according to the random number.
Optionally, in an embodiment of the present application, the random numerical analysis module includes:
the transmission message judging sub-module is used for judging whether the transmission message meets preset conditions, wherein the preset conditions comprise: the content is correct and the format is correct.
And the random value analysis sub-module is used for analyzing the random value from the transmission message if the transmission message meets the preset condition.
Optionally, in an embodiment of the present application, the random number judgment module includes:
and the random value query module is used for judging whether the random value is queried in the value cache table, and the value cache table stores the pre-generated random value.
And the value generation determining module is used for determining that the random value is generated in the second safety domain if the random value is queried in the value cache table, and otherwise, determining that the random value is not generated in the second safety domain.
Optionally, in an embodiment of the present application, the random number transmission module includes:
the transmission message Wen Jiexi submodule is used for resolving a secure random number from the transmission message, and the secure random number is obtained by encrypting the random number by using a prestored private key.
And the secure random decryption sub-module is used for decrypting the secure random number by using the public key corresponding to the private key to obtain the decrypted random number.
And the random number judging sub-module is used for judging whether the decrypted random number is the same as the random number or not.
And the numerical value unidirectional transmission sub-module is used for unidirectional transmission of the random numerical value from the second security domain to the first security domain if the decrypted random number is identical to the random numerical value.
Optionally, in an embodiment of the present application, the random number transmission module further includes:
and the numerical value unidirectional blocking sub-module is used for blocking unidirectional transmission of the random numerical value if the decrypted random number is different from the random numerical value.
Optionally, in an embodiment of the present application, the secure domain communication apparatus further includes:
the digital signature analysis module is used for analyzing the digital signature from the transmission message, and the digital signature is obtained by encrypting the hash value of the security random number by using the private key of the sending equipment of the transmission message.
And the digital signature decryption module is used for decrypting the digital signature by using the public key corresponding to the private key of the sending equipment of the transmission message to obtain a decrypted hash value.
And the decryption hash judging module is used for judging whether the decrypted hash value is the same as the hash value of the secure random number.
And the unidirectional transmission blocking module is used for blocking unidirectional transmission of the random number if the decrypted hash value is different from the hash value of the secure random number.
Optionally, in an embodiment of the present application, the secure domain communication apparatus may further include:
the first unidirectional transmission module is used for acquiring a transmission message which is transmitted unidirectionally from the first security domain to the second security domain through the first unidirectional channel.
And the second unidirectional transmission module is used for unidirectional transmission of the random value from the second security domain to the first security domain through a second unidirectional channel, and the first unidirectional channel and the second unidirectional channel are opposite in direction and are physically isolated.
It should be understood that, corresponding to the above-mentioned embodiments of the method of secure domain communication, the apparatus is capable of executing the steps involved in the above-mentioned embodiments of the method, and specific functions of the apparatus may be referred to in the above description, and detailed descriptions thereof are omitted herein as appropriate to avoid redundancy. The device includes at least one software functional module that can be stored in memory in the form of software or firmware (firmware) or cured in an Operating System (OS) of the device.
Please refer to fig. 5, which illustrates a schematic structural diagram of an electronic device according to an embodiment of the present application. An electronic device 400 provided in an embodiment of the present application includes: a processor 410 and a memory 420, the memory 420 storing machine-readable instructions executable by the processor 410, which when executed by the processor 410 perform the method as described above.
The embodiment of the present application also provides a computer readable storage medium 430, on which computer readable storage medium 430 a computer program is stored which, when executed by the processor 410, performs a method as above.
The computer-readable storage medium 430 may be implemented by any type or combination of volatile or nonvolatile Memory devices, such as static random access Memory (Static Random Access Memory, SRAM for short), electrically erasable programmable Read-Only Memory (Electrically Erasable Programmable Read-Only Memory, EEPROM for short), erasable programmable Read-Only Memory (Erasable Programmable Read Only Memory, EPROM for short), programmable Read-Only Memory (Programmable Read-Only Memory, PROM for short), read-Only Memory (ROM for short), magnetic Memory, flash Memory, magnetic disk, or optical disk.
It should be noted that, in the present specification, each embodiment is described in a progressive manner, and each embodiment is mainly described as different from other embodiments, and identical and similar parts between the embodiments are all enough to be referred to each other. For the apparatus class embodiments, the description is relatively simple as it is substantially similar to the method embodiments, and reference is made to the description of the method embodiments for relevant points.
In the embodiments of the present application, it should be understood that the disclosed apparatus and method may be implemented in other manners. The apparatus embodiments described above are merely illustrative, for example, of the flowcharts and block diagrams in the figures that illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved.
In addition, the functional modules of the embodiments of the present application may be integrated together to form a single part, or the modules may exist separately, or two or more modules may be integrated to form a single part. Furthermore, in the description herein, reference to the terms "one embodiment," "some embodiments," "examples," "specific examples," or "some examples," etc., means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the embodiments of the application. In this specification, schematic representations of the above terms are not necessarily directed to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, the different embodiments or examples described in this specification and the features of the different embodiments or examples may be combined and combined by those skilled in the art without contradiction.
In this document, relational terms such as first and second, and the like may be used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
The foregoing description is merely an optional implementation of the embodiment of the present application, but the scope of the embodiment of the present application is not limited thereto, and any person skilled in the art may easily think about changes or substitutions within the technical scope of the embodiment of the present application, and the changes or substitutions are covered by the scope of the embodiment of the present application.

Claims (10)

1. A method of secure domain communication, comprising:
acquiring a transmission message unidirectionally transmitted from a first security domain to a second security domain, wherein the security level of the first security domain is lower than that of the second security domain;
analyzing a random value from the transmission message;
determining whether the random number is generated within the second secure domain;
and if so, unidirectionally transmitting the random value from the second security domain to the first security domain, so that the first security domain confirms that the transmission message does not need to be retransmitted according to the random value.
2. The method of claim 1, wherein said determining whether said random value is generated within said second security domain comprises:
judging whether the random value is inquired in a value cache table, wherein the value cache table stores a pre-generated random value;
If so, determining that the random value is generated in the second security domain, otherwise, determining that the random value is not generated in the second security domain.
3. The method of claim 1, wherein the unidirectionally transmitting the random value from the second security domain to the first security domain comprises:
resolving a secure random number from the transmission message, wherein the secure random number is obtained by encrypting the random number by using a prestored private key;
decrypting the secure random number by using a public key corresponding to the private key to obtain a decrypted random number;
judging whether the decrypted random number is the same as the random number or not;
if so, the random number is unidirectionally transmitted from the second security domain to the first security domain.
4. A method according to claim 3, further comprising:
analyzing a digital signature from the transmission message, wherein the digital signature is obtained by encrypting the hash value of the secure random number by using a private key of a sending device of the transmission message;
decrypting the digital signature by using a public key corresponding to the private key of the sending equipment of the transmission message to obtain a decrypted hash value;
Judging whether the decrypted hash value is the same as the hash value of the secure random number;
if not, blocking the unidirectional transmission of the random value.
5. A method of secure domain communication, applied to an electronic device of a first secure domain, comprising:
receiving a random value unidirectionally transmitted by a second security domain, wherein the security level of the first security domain is lower than that of the second security domain, the random value is analyzed from a transmission message unidirectionally transmitted by the first security domain to the second security domain, and determining that the random value is unidirectionally transmitted by the second security domain to the first security domain under the condition of generation in the second security domain;
judging whether a first message sequence corresponding to the random value is found in a random sequence table, wherein the corresponding relation between the random value and the message sequence is stored in the random sequence table;
if yes, confirming that the transmission message of the first message sequence does not need to be retransmitted, and deleting the random value and the first message sequence corresponding to the random value from the random sequence table.
6. The method of claim 5, further comprising, after said determining whether the first message sequence corresponding to the random number is found in the random sequence table:
And if the first message sequence corresponding to the random number is not found in the random sequence table, unidirectionally transmitting the transmission message of the second message sequence from the first security domain to the second security domain according to the random number, wherein the transmission message of the first message sequence and the transmission message of the second message sequence are different messages.
7. The method of claim 6, wherein unidirectionally transmitting the transmission message of the second sequence of messages from the first security domain to the second security domain according to the random value, comprising:
judging whether the second message sequence meets retransmission conditions or not, wherein the retransmission conditions comprise: the value of the second message sequence is smaller than that of the first message sequence, or the storage duration of the second message sequence exceeds a preset duration;
if yes, the random value and the transmission message of the second message sequence are packaged into a retransmission message, and the retransmission message is transmitted to the second security domain in a unidirectional mode from the first security domain.
8. A security domain communication device, comprising:
the transmission message acquisition module is used for acquiring a transmission message which is unidirectionally transmitted from a first security domain to a second security domain, wherein the security level of the first security domain is lower than that of the second security domain;
The random value analysis module is used for analyzing random values from the transmission message;
a random value judging module, configured to judge whether the random value is generated in the second security domain;
and the random value transmission module is used for unidirectionally transmitting the random value from the second security domain to the first security domain if the random value is generated in the second security domain, so that the first security domain confirms that the transmission message does not need to be retransmitted according to the random value.
9. An electronic device, comprising: a processor and a memory storing machine-readable instructions executable by the processor to perform the method of any one of claims 1 to 7 when executed by the processor.
10. A computer-readable storage medium, characterized in that it has stored thereon a computer program which, when executed by a processor, performs the method according to any of claims 1 to 7.
CN202210864616.8A 2022-07-21 2022-07-21 Security domain communication method and device, electronic equipment and storage medium Active CN115277149B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210864616.8A CN115277149B (en) 2022-07-21 2022-07-21 Security domain communication method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210864616.8A CN115277149B (en) 2022-07-21 2022-07-21 Security domain communication method and device, electronic equipment and storage medium

Publications (2)

Publication Number Publication Date
CN115277149A CN115277149A (en) 2022-11-01
CN115277149B true CN115277149B (en) 2023-09-26

Family

ID=83766768

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210864616.8A Active CN115277149B (en) 2022-07-21 2022-07-21 Security domain communication method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN115277149B (en)

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101382982A (en) * 2008-10-06 2009-03-11 谢翔 Physical one-way transmission apparatus
WO2013054065A1 (en) * 2011-10-14 2013-04-18 France Telecom Method of transferring the control of a security module from a first entity to a second entity
CN108881158A (en) * 2018-05-04 2018-11-23 北京明朝万达科技股份有限公司 Data interaction system and method
CN110213024A (en) * 2018-04-26 2019-09-06 腾讯科技(深圳)有限公司 Data package retransmission method, device and equipment
CN111641650A (en) * 2020-05-29 2020-09-08 中京天裕科技(北京)有限公司 Industrial data unidirectional import system and method
CN112436998A (en) * 2020-11-12 2021-03-02 北京天融信网络安全技术有限公司 Data transmission method and electronic equipment
CN113489750A (en) * 2021-09-06 2021-10-08 网御安全技术(深圳)有限公司 Data transmission method, data processing method and related equipment

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7881477B2 (en) * 1999-02-05 2011-02-01 Avaya Inc. Method for key distribution in a hierarchical multicast traffic security system for an internetwork
US8024788B2 (en) * 2007-05-31 2011-09-20 The Boeing Company Method and apparatus for reliable, high speed data transfers in a high assurance multiple level secure environment
US9880869B2 (en) * 2015-01-13 2018-01-30 Owl Cyber Defense Solutions, Llc Single computer-based virtual cross-domain solutions

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101382982A (en) * 2008-10-06 2009-03-11 谢翔 Physical one-way transmission apparatus
WO2013054065A1 (en) * 2011-10-14 2013-04-18 France Telecom Method of transferring the control of a security module from a first entity to a second entity
CN110213024A (en) * 2018-04-26 2019-09-06 腾讯科技(深圳)有限公司 Data package retransmission method, device and equipment
CN108881158A (en) * 2018-05-04 2018-11-23 北京明朝万达科技股份有限公司 Data interaction system and method
CN111641650A (en) * 2020-05-29 2020-09-08 中京天裕科技(北京)有限公司 Industrial data unidirectional import system and method
CN112436998A (en) * 2020-11-12 2021-03-02 北京天融信网络安全技术有限公司 Data transmission method and electronic equipment
CN113489750A (en) * 2021-09-06 2021-10-08 网御安全技术(深圳)有限公司 Data transmission method, data processing method and related equipment

Also Published As

Publication number Publication date
CN115277149A (en) 2022-11-01

Similar Documents

Publication Publication Date Title
KR101966626B1 (en) Method and apparatus for updating software of electronic devices in a vehicle
CN108353015B (en) Relay device
EP2779524A1 (en) Secure data transmission method, device and system
KR20120092114A (en) System and method for automatically verifying storage of redundant contents into communication equipments by data comparison
CN102474724A (en) Method for securely broadcasting sensitive data in a wireless network
US10462140B2 (en) Data transmission authentication and self-destruction
KR102177411B1 (en) Method for managing industrial control systems via physical one-way encryption remote monitoring
CN111245934A (en) Feedback method, device and equipment for file transmission and storage medium
US11128588B2 (en) Apparatus, method and computer-readable recording medium storing computer program for restricting electronic file viewing utilizing antivirus software
US20170041297A1 (en) Unified source user checking of tcp data packets for network data leakage prevention
Wu Analysis of the WireGuard protocol
JP2006352500A (en) Processor and method for automatic key replacement processing
CN115277149B (en) Security domain communication method and device, electronic equipment and storage medium
Holst-Christensen et al. Security issues in SMTP-based email systems
CN113162885B (en) Safety protection method and device for industrial control system
US9038155B2 (en) Auditable multiclaim security token
CN111869160B (en) Method and apparatus for secure transmission of a message from a transmitting device to a receiving device
Yuksel Analysis of the PKMv2 protocol in IEEE 802.16 e-2005 using static analysis
KR20180028648A (en) Apparatus for one-way data transmission, apparatus for one-way data reception, and one-way data transmission method for using the same
EP3022865B1 (en) Selective revocation of certificates
KR102547705B1 (en) System for linking bidirectional data based on one way link and method therefor
CN113794563B (en) Communication network security control method and system
EP1838038A1 (en) Method for transfering network event protocol messages
KR100913691B1 (en) Railway communication method in open transmission-based systems
KR101692670B1 (en) System and method for transmitting one-way data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant