CN101945116A - Method for exchanging cross-domain video data safely - Google Patents
Method for exchanging cross-domain video data safely Download PDFInfo
- Publication number
- CN101945116A CN101945116A CN2010102925418A CN201010292541A CN101945116A CN 101945116 A CN101945116 A CN 101945116A CN 2010102925418 A CN2010102925418 A CN 2010102925418A CN 201010292541 A CN201010292541 A CN 201010292541A CN 101945116 A CN101945116 A CN 101945116A
- Authority
- CN
- China
- Prior art keywords
- video
- data
- video data
- cross
- domain
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a method for exchanging cross-domain video data safely based on a physical two-channel transmission technique, which is characterized in that: an independent one-way video data transmission channel and a two-way video control signaling transmission channel are provided in single equipment; and unified management is realized on software. The one-way video data transmission channel can realize line speed transmission and layout check of the video data and is suitable for exchanging the video data safely; and the two-way video control signaling transmission channel can realize protocol format and content check of video control stream. The method prevents external network attack and effectively prevents leakage of internal sensitive information at the same time; and a video monitoring system has the characteristics that video stream flows unidirectionally, the control stream flows bidirectionally and the video stream is much greater than the control stream, so the method is particularly suitable for exchanging the cross-domain video data safely.
Description
Technical field:
The present invention relates to network safety filed, particularly a kind of cross-domain video data secure exchange method that is applicable to the high security of field of computer information security.
Background technology:
Video monitoring system is deployed in each place in city usually, and as heavy traffic highway section, urban look highway section etc., constituent parts is by private network or internet access associated video resource.But because factors such as fail safe and bandwidth, video monitoring does not generally directly insert the constituent parts Intranet.Like this, do not interconnect between video monitoring net and the Intranet, caused the inconvenience of using.For improving the service efficiency of video system, need be with the access Intranet of video monitoring system safety.
Yet when exchanging video information between intranet and extranet, Intranet is suffered artificial attack, invasion, implantation wooden horse and virus, the safety of serious threat Intranet probably.How between Intranet and video monitoring net, by believable mode, realize safety between video data source and the user, flexibly, video data exchange effectively and rapidly, this is the key issue that presses for solution at present, be to realize that video resource is integrated, video information share technique bottleneck, also will directly have influence on the service efficiency of video system.
Simultaneously, existing intranet and extranet method for interchanging data does not possess the ability of the video data of handling big flow, high real-time, is not suitable for being used for exchanging real time video data.
Summary of the invention:
Technical problem to be solved by this invention is to provide the method for the video data secure exchange between a kind of intranet and extranet safely and fast.Compare with traditional intranet and extranet method for interchanging data, guaranteeing on the basis of fail safe, be more suitable for the exchange of video data that real-time is had relatively high expectations.
In addition, the inventive method under the prerequisite of the safety that guarantees the exchange of intranet and extranet video data, has at utmost guaranteed the real-time of video according to the characteristics (being the control information transmitted in both directions, the video data one-way transmission) of video monitoring, meets consumers' demand.
Technical problem to be solved by this invention is achieved through the following technical solutions:
A kind of cross-domain video data secure exchange method is characterized in that, at first before exchanges data, check Data Source, resolve the video data agreement of being passed through, distinguish video control protocol data and video data, carry out the inspection of protocol testing and video format respectively, guarantee safety of data; Adopt then physics binary channels technology (i.e. a unidirectional optical channel and a two-way data exchange channel, wherein the direction of unidirectional optical channel is for outside to inside, transmission rate reaches linear speed, is mainly used to transmitting video data; Two-way data exchange channel is used for transmission of video control protocol data, its transmission rate is relatively low), unidirectional transmission line and transmitted in both directions passage are organically combined, utilize the fast data exchange ability of unidirectional optical channel to transmit real time video data, utilize the transmitted in both directions passage to carry out the exchange of video control data.
In the such scheme, described differentiation video control protocol data and video data are for video control protocol data, check according to protocol format; For video data, check according to video data network packet agreement.
In the such scheme, the resolving of described video data agreement is: at first packet is carried out IP and analyze, data source IP and data purpose IP are authenticated; Secondly, the bag content is resolved, as be control content,, understand the each several part content, as do not meet form and then refuse this packet and pass through then with this Context resolution; As be multi-media protocol, then analyze this packet, and search whether the feature field that belongs to this video compression standard is wherein arranged according to its tunneling.
Because the present invention has adopted physics binary channels transmission technology, the video protocols analytic technique, this video safety access method has following advantage:
At first,, reached application safety, guaranteed that the video access can not cause security threat to Intranet, can prevent that also sensitive information from leaking owing to can resolve and understand video protocols;
Secondly, owing to adopted physics binary channels transmission technology, unidirectional optical channel wherein has the high-transmission bandwidth, and characteristics such as low delay are particularly suitable for the transmission of video data, and therefore, this method can provide higher video quality.
Description of drawings:
Further specify the present invention below in conjunction with the drawings and specific embodiments.
Fig. 1 is exchanges data and safety inspection flow chart among the present invention.
Embodiment:
For technological means, creation characteristic that the present invention is realized, reach purpose and effect is easy to understand, below in conjunction with concrete diagram, further set forth the present invention.
As shown in Figure 1, a kind of cross-domain video secure exchange method of the present invention, by data checks and differentiation, and exchanges data realizes.
Wherein, the resolving for the video data agreement is: at first packet is carried out IP and analyze, data source IP and data purpose IP are authenticated; Secondly, the bag content is resolved, as be control content,, understand the each several part content, as do not meet form and then refuse this packet and pass through then with this Context resolution; As be multi-media protocol, then analyze this packet, and search whether the feature field that belongs to this video compression standard is wherein arranged according to its tunneling.
After the data difference and checking, the video control data is by the transmitted in both directions channel transfer, and video data is through unidirectional optical channel transmission.
Use cross-domain video data secure exchange method of the present invention, because the exchanges data in the physics binary channels is all undertaken by the non-routable mode, external network does not exist direct network to be connected with internal network in the whole exchange process, reached the purpose of Network Isolation, make that the exchanging safety of data is reliable, effectively guaranteed the safety of Intranet.
More than show and described basic principle of the present invention and principal character and advantage of the present invention.The technical staff of the industry should understand; the present invention is not restricted to the described embodiments; that describes in the foregoing description and the specification just illustrates principle of the present invention; without departing from the spirit and scope of the present invention; the present invention also has various changes and modifications, and these changes and improvements all fall in the claimed scope of the invention.The claimed scope of the present invention is defined by appending claims and equivalent thereof.
Claims (3)
1. cross-domain video data secure exchange method, it is characterized in that, at first before exchanges data, check Data Source, resolve the video data agreement of being passed through, distinguish video control protocol data and video data, carry out the inspection of protocol testing and video format respectively, guarantee safety of data; Adopt physics binary channels technology then, unidirectional transmission line and transmitted in both directions passage are organically combined, utilize the fast data exchange ability of unidirectional optical channel to transmit real time video data, utilize the transmitted in both directions passage to carry out the exchange of video control data.
2. according to the cross-domain video data secure exchange method of claim 1, it is characterized in that described differentiation video control protocol data and video data are for video control protocol data, check according to protocol format; For video data, check according to video data network packet agreement.
3. according to the cross-domain video data secure exchange method of claim 1, it is characterized in that the resolving of described video data agreement is: at first packet is carried out IP and analyze, data source IP and data purpose IP are authenticated; Secondly, the bag content is resolved, as be control content,, understand the each several part content, as do not meet form and then refuse this packet and pass through then with this Context resolution; As be multi-media protocol, then analyze this packet, and search whether the feature field that belongs to this video compression standard is wherein arranged according to its tunneling.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102925418A CN101945116A (en) | 2010-09-25 | 2010-09-25 | Method for exchanging cross-domain video data safely |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN2010102925418A CN101945116A (en) | 2010-09-25 | 2010-09-25 | Method for exchanging cross-domain video data safely |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101945116A true CN101945116A (en) | 2011-01-12 |
Family
ID=43436883
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN2010102925418A Pending CN101945116A (en) | 2010-09-25 | 2010-09-25 | Method for exchanging cross-domain video data safely |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101945116A (en) |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102438125A (en) * | 2011-08-22 | 2012-05-02 | 广东电网公司电力科学研究院 | Method for reversely and separately transmitting video |
| CN102497313A (en) * | 2011-12-08 | 2012-06-13 | 公安部第三研究所 | Cross-platform application system of surveillance video resources and realization method thereof |
| CN103595727A (en) * | 2013-11-22 | 2014-02-19 | 中国航天科工集团第二研究院七〇六所 | Cross-domain incremental data exchange model and method based on exchange identification |
| CN103634274A (en) * | 2012-08-21 | 2014-03-12 | 北京天行网安信息技术有限责任公司 | Safe method for video exchange and system |
| CN104092677A (en) * | 2014-07-01 | 2014-10-08 | 中国电子科技集团公司第三十研究所 | Method and device for exchanging Internet-of-Things data |
| CN106789919A (en) * | 2016-11-25 | 2017-05-31 | 上海交通大学 | A kind of self adaptation multiband Cooperative Security transmission method and device |
| CN108600003A (en) * | 2018-04-19 | 2018-09-28 | 中国科学院信息工程研究所 | A kind of intrusion detection method, the apparatus and system of facing video monitoring network |
| GB2572844A (en) * | 2018-02-15 | 2019-10-16 | The Sec Dep For Foreign And Commonwealth Affairs | Method and devices for removing unwanted data from original data |
| CN110809138A (en) * | 2019-11-19 | 2020-02-18 | 北京国保金泰信息安全技术有限公司信息安全技术研究中心 | Video one-way transmission system based on no feedback light |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201252571Y (en) * | 2008-09-05 | 2009-06-03 | 公安部第三研究所 | Automatic data exchanging device with high security |
-
2010
- 2010-09-25 CN CN2010102925418A patent/CN101945116A/en active Pending
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN201252571Y (en) * | 2008-09-05 | 2009-06-03 | 公安部第三研究所 | Automatic data exchanging device with high security |
Non-Patent Citations (2)
| Title |
|---|
| 吴旭东等: "《全国计算机安全学术交流会论文集.第二十五卷》", 17 September 2010 * |
| 李欣等: "《基于物理双通道的视频监控安全接入技术》", 《信息安全与通信保密》 * |
Cited By (16)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102438125A (en) * | 2011-08-22 | 2012-05-02 | 广东电网公司电力科学研究院 | Method for reversely and separately transmitting video |
| CN102497313A (en) * | 2011-12-08 | 2012-06-13 | 公安部第三研究所 | Cross-platform application system of surveillance video resources and realization method thereof |
| CN102497313B (en) * | 2011-12-08 | 2015-03-04 | 公安部第三研究所 | Cross-platform application system of surveillance video resources and realization method thereof |
| CN103634274B (en) * | 2012-08-21 | 2017-02-08 | 北京天行网安信息技术有限责任公司 | Safe method for video exchange and system |
| CN103634274A (en) * | 2012-08-21 | 2014-03-12 | 北京天行网安信息技术有限责任公司 | Safe method for video exchange and system |
| CN103595727A (en) * | 2013-11-22 | 2014-02-19 | 中国航天科工集团第二研究院七〇六所 | Cross-domain incremental data exchange model and method based on exchange identification |
| CN104092677B (en) * | 2014-07-01 | 2017-10-31 | 中国电子科技集团公司第三十研究所 | The exchange method and switch of Internet of Things data |
| CN104092677A (en) * | 2014-07-01 | 2014-10-08 | 中国电子科技集团公司第三十研究所 | Method and device for exchanging Internet-of-Things data |
| CN106789919A (en) * | 2016-11-25 | 2017-05-31 | 上海交通大学 | A kind of self adaptation multiband Cooperative Security transmission method and device |
| GB2572844A (en) * | 2018-02-15 | 2019-10-16 | The Sec Dep For Foreign And Commonwealth Affairs | Method and devices for removing unwanted data from original data |
| GB2572844B (en) * | 2018-02-15 | 2021-03-31 | The Sec Dep For Foreign And Commonwealth Affairs | Methods and devices for removing unwanted data from original data |
| US11526478B2 (en) | 2018-02-15 | 2022-12-13 | The Secretary Of State For Foreign And Commonwealth Affairs | Methods and devices for removing unwanted data from original data |
| CN108600003A (en) * | 2018-04-19 | 2018-09-28 | 中国科学院信息工程研究所 | A kind of intrusion detection method, the apparatus and system of facing video monitoring network |
| CN108600003B (en) * | 2018-04-19 | 2020-04-24 | 中国科学院信息工程研究所 | Intrusion detection method, device and system for video monitoring network |
| CN110809138A (en) * | 2019-11-19 | 2020-02-18 | 北京国保金泰信息安全技术有限公司信息安全技术研究中心 | Video one-way transmission system based on no feedback light |
| CN110809138B (en) * | 2019-11-19 | 2021-07-30 | 北京国保金泰信息安全技术有限公司信息安全技术研究中心 | Video one-way transmission system based on no feedback light |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101945116A (en) | Method for exchanging cross-domain video data safely | |
| Gan et al. | Internet of things security analysis | |
| CN102624706B (en) | Method for detecting DNS (domain name system) covert channels | |
| US20140075535A1 (en) | Method and apparatus for streaming video security | |
| CN101911639A (en) | The method of protection bi-directional communication channel and realize the device of this method | |
| CN103139058A (en) | Internet of things security access gateway | |
| CN101764768A (en) | Data security transmission system | |
| CN107465690B (en) | A kind of passive type abnormal real-time detection method and system based on flow analysis | |
| CN102624726A (en) | Multi-core intelligent network card platform-based ultrahigh-bandwidth network security audit method | |
| CN105204583A (en) | Physical isolation system and isolation method constructed based on embedded type system | |
| CN201878191U (en) | Security access device for video | |
| CN105141637A (en) | Transmission encryption method taking flows as granularity | |
| CN103281164A (en) | High-security combined covert channel synchronization method | |
| CN108259446A (en) | A kind of method and device based on isolation network transmission data | |
| CN102497297A (en) | System and method for realizing deep packet inspection technology based on multi-core and multi-thread | |
| CN104539600A (en) | Industrial control firewall implementing method for supporting filtering IEC 104 protocol | |
| CN109660565A (en) | A kind of isolation gap equipment and implementation method | |
| CN108449310B (en) | Domestic network security isolation and one-way import system and method | |
| CN103905467A (en) | Efficient and safe image data network one-way physical channel importing system and application thereof | |
| CN104009956B (en) | Communication method based on embedded multi-core co-processing gatekeeper system | |
| CN205647581U (en) | Cloud safe gateway and cloud safety coefficient | |
| CN204719759U (en) | A kind of computer network virus shielding system | |
| CN202979014U (en) | Network isolation device | |
| CN114268457A (en) | Multi-protocol multi-service public network security access method | |
| CN103078813A (en) | Simple network management protocol (SNMP)-based terminal security access control method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20110112 |