CN105656902A - One-way reliable transmission and control system based on light transmission - Google Patents
One-way reliable transmission and control system based on light transmission Download PDFInfo
- Publication number
- CN105656902A CN105656902A CN201610027760.0A CN201610027760A CN105656902A CN 105656902 A CN105656902 A CN 105656902A CN 201610027760 A CN201610027760 A CN 201610027760A CN 105656902 A CN105656902 A CN 105656902A
- Authority
- CN
- China
- Prior art keywords
- files
- blocks
- end server
- intranet
- outer net
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
- H04L63/123—Applying verification of the received information received data contents, e.g. message integrity
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention discloses a one-way reliable transmission and control system based on light transmission. The one-way reliable transmission and control system based on light transmission comprises an un-trusted end server, a trusted end server and a master-slave one-way transmission device, wherein one end of the un-trusted end server is connected with an un-trusted network, and the other end of the un-trusted end server is connected with the master-slave one-way transmission device; one end of the trusted end server is connected with a trusted network, and the other end of the trusted end server is connected with the master-slave one-way transmission device; one end of the master-slave one-way transmission device is connected with the un-trusted end server, and the other end of the master-slave one-way transmission device is connected with the trusted end server, the master-slave one-way transmission device comprises an extranet light emitter data caching device, a master extranet light emitter, a master intranet light receiver, an intranet light receiver data caching device, a slave extranet light emitter and a slave intranet light receiver. The one-way reliable transmission and control system based on light transmission can implement high-speed one-way reliable transmission of files and meets requirements of safe physical isolation and interconnection between a secret-associated network and a secret-unassociated network.
Description
Technical field
The invention belongs to network security and information security field, be specifically related to a kind of unidirectional transmitting based on optical transport and control system.
Background technology
The Internet develop rapidly the every field changing social life. Along with the whole world increase of netizen's quantity and being on the increase of equipment for surfing the net, network attack, information leakage, Internet-related crimes emerge in an endless stream, and network security situation is day by day serious. The Generally Recognized as safe demand of informatization can only be met, it is difficult to solve the protection problem of the critical network such as government department and Information System Security with the network boundary defense system that fire wall, anti-virus and Intrusion Detection Protection System are core. But therefore the construction of E-Government can not stop and slowing down, and the network of government affairs department can not cut off information switching channel, becomes isolated island. Safety requirements for government department's the Internet transmission, it is possible to realizing physically-isolated information unidirectional transmission equipment (being commonly called as gateway) becomes the primary solutions realizing the non-classified network of low level security and the transmission of high safe level classified network data.
Nearly ten years, physics isolation net gap obtains very big application in security information exchange, it plays the role of a kind of similar " Information ferry " when transmitting data between concerning security matters network (so-called Intranet or trustable network) and public internet (so-called outer net or unreliable network), the control of " ship lock " is realized by on-off control system. Traditional switching control techniques mainly has two kinds: electrical switch and storage medium read-write control switch. Electrical switch is by device restriction itself, and switching speed is low, and data transmission exists relatively larger time delay, and therefore the performance of network is subject to extreme influence. Storage medium read-write control switch is by the restriction of bus standard, and speed does not reach requirement, thus seriously constrains the performance of gateway. The more important thing is, both switching control techniques are all based on electrical interface, physically it is difficult to avoid that the use of feedback control channel, therefore still be there is, by the unidirectional write of programme controlled data, unidirectional reading, the possibility artificially distorted in theory, thus causing unidirectional isolated failure, produce catastrophic consequence.
Summary of the invention
Real secured physical in order to realize trustable network and unreliable network is isolated and interconnection, improve reliability and the efficiency of transmission of data transmission, for the problems referred to above, the present invention utilizes the unipolarity of optical transport, ensureing on the basis of the absolute unidirectional high rate data transmission of data, adopt active and standby two set single-shot lists to receive optical fiber network interface card, coordinate the treatment technology such as file block, transmission priority design, it is achieved that a kind of unidirectional transmitting based on optical transport and control system (abbreviation one-way optical gate).
A kind of unidirectional transmitting based on optical transport of present invention proposition and control system, including: insincere end server, credible end server and standby usage one-way transmission apparatus, wherein:
Described insincere end server is for providing service for the internet, applications based on the publicly-owned agreement of TCP/IP, and its one end is connected with unreliable network, and the other end is connected with standby usage one-way transmission apparatus;
Described credible end server side is connected with trustable network, and the other end is connected with standby usage one-way transmission apparatus;
Described standby usage one-way transmission apparatus one end is connected with described insincere end server, the other end is connected with credible end server, it includes outer net optical transmitting set data buffer storage device, primary outer net optical transmitting set, primary Intranet optical receiver, Intranet optical receiver data buffer storage device, standby outer net optical transmitting set, standby Intranet optical receiver, wherein, being connected by one-way transmission fibre between outer net optical transmitting set and Intranet optical receiver, described insincere end server is connected with primary outer net optical transmitting set and standby outer net optical transmitting set; Described credible end server is connected with primary Intranet optical receiver and standby Intranet optical receiver.
Alternatively, described insincere end server adopts file block transmission strategy, and the file after piecemeal is initially transmitted in described outer net optical transmitting set data buffer storage device to carry out buffer memory, then blocks of files is transmitted separately in outer net optical transmitting set.
Alternatively, each blocks of files is provided with build, and described build at least includes one or more information in the eigenvalue of file belonging to file block number, blocks of files, blocks of files sequence number, blocks of files transmission priority, blocks of files length and blocks of files.
Alternatively, if a certain blocks of files error of transmission, then this document block is again transmitted according to file block number, to reduce retransmission data amount.
Alternatively, when described blocks of files is transmitted in standby usage one-way transmission apparatus:
Standby usage outer net optical transmitting set reads the blocks of files in outer net optical transmitting set data buffer storage device simultaneously, and is sent to corresponding Intranet optical receiver by respective optical-fibre channel;
The each blocks of files received is done eigenvalue computing by primary Intranet optical receiver, and is compared with the eigenvalue in the blocks of files build received by this document block eigenvalue obtained;
If eigenvalue is identical, illustrating that the transmission of this document block is correct, blocks of files is sent to Intranet optical receiver data buffer storage device, notice outer net optical transmitting set data buffer storage device abandons the blocks of files of corresponding transmission success simultaneously;
If eigenvalue is different, notify that each blocks of files received is done eigenvalue computing by standby Intranet optical receiver, and the eigenvalue of the eigenvalue obtained with the blocks of files build received is compared, if eigenvalue is identical, the blocks of files that standby Intranet optical receiver is received is sent to Intranet optical receiver data buffer storage device, if eigenvalue is different, generate the file bust this record belonging to this document block, start and report to the police and retransmission operation.
Alternatively, described outer net optical transmitting set data buffer storage device is provided with the sub-device of multiple data buffering, the transmission that described insincere end server is file or blocks of files arranges extra urgent, urgent, urgent and common four kinds of priority, and according to the corresponding data of priority transmission, wherein, every kind of corresponding data buffer sublayer device of priority.
Alternatively, the primary outer net optical transmitting set in described standby usage one-way transmission apparatus sends identical data block to Intranet with standby outer net optical transmitting set simultaneously, to carry out error correction.
Alternatively, described credible end server, insincere end server support the breakpoint transmission based on blocks of files.
Alternatively, described system also includes hard disk and uses alarm device and Network Abnormal alarm device, and wherein said hard disk uses alarm device monitor in real time hard disk utilization rate, when hard disk utilization rate reaches a certain predetermined threshold, starts operation of reporting to the police; Described Network Abnormal alarm device starts operation of reporting to the police when detecting that network is abnormal.
Alternatively, described system also includes multiple power supply, independently-powered for described credible end server, insincere end server and standby usage one-way transmission apparatus.
The present invention adopts active and standby two set single-shot lists to receive optical fiber network interface cards based on unidirectional transmitting and the control system of optical transport, coordinates the treatment technology such as file block, transmission priority design, constitutes the Unilateral Data Transferring System of a kind of feedback-less channel. The present invention is capable of the unidirectional transmitting of two-forty of file, meets the secured physical isolation of concerning security matters network and non-concerning security matters network and interconnects requirement.
Accompanying drawing explanation
Fig. 1 is that the present invention is based on the unidirectional transmitting of optical transport and the structural representation controlling system;
Fig. 2 is according to one embodiment of the invention blocks of files transmission control flow chart in one-way transmission apparatus.
Detailed description of the invention
For making the object, technical solutions and advantages of the present invention clearly understand, below in conjunction with specific embodiment, and with reference to accompanying drawing, the present invention is described in more detail.
One-way data transfer that the present invention realizes based on light unidirectional transmission property and control system are as it is shown in figure 1, this system includes insincere end server, credible end server and standby usage one-way transmission apparatus, wherein:
Described insincere end server side is connected with unreliable network, one end is connected with standby usage one-way transmission apparatus, specifically, described insincere end server is by PCI-E bus and two outer net optical transmitting sets in standby usage one-way transmission apparatus, and namely primary outer net optical transmitting set and standby outer net optical transmitting set connect;
Described credible end server side is connected with trustable network, one end is connected with standby usage one-way transmission apparatus, specifically, described credible end server is by PCI-E bus and two Intranet optical receivers in standby usage one-way transmission apparatus, and namely primary Intranet optical receiver and standby Intranet optical receiver connect;
Described standby usage one-way transmission apparatus one end is connected with described insincere end server, the other end is connected with credible end server, it includes outer net optical transmitting set data buffer storage device, primary outer net optical transmitting set, primary Intranet optical receiver, Intranet optical receiver data buffer storage device, standby outer net optical transmitting set, standby Intranet optical receiver, wherein, connected by the optical fiber of one-way transmission between outer net optical transmitting set and Intranet optical receiver.
Below the function of building block each in described system is described:
Described insincere end server services based on the internet, applications offer of the publicly-owned agreement of TCP/IP for FTP, HTTP and SMABA etc., realizes the conversion to self-defined proprietary protocol of the publicly-owned ICP/IP protocol by operations such as the session stop of file, protocal analysis, digital signature, deblocking and priority processing. said process is mainly completed by the importing program on insincere end server, importing program adopts file block transmission strategy, namely insincere end server being there is a need to the file importing one-way transmission apparatus according to every fixed size, the size of such as 100KB is divided into multiple blocks of files (file less than 100KB individually takies a blocks of files), each blocks of files arranges a build, build comprises file block number, file belonging to blocks of files, blocks of files sequence number, blocks of files transmission priority, one or more self-defining proprietary protocol information in the eigenvalue of blocks of files length and blocks of files etc., file after piecemeal is transferred to buffer memory in the outer net optical transmitting set data buffer storage device of one-way transmission apparatus by PCI-E EBI, then transmit again to outer net optical transmitting set.In self-defined proprietary protocol, the implication of major parameter is as follows:
A) file block number: insincere end server imports the independent numbering that program is each blocks of files one 1-99999999 of distribution, and this numbering is unique.
B) file belonging to blocks of files: the filename of file belonging to this document block, namely includes the filename full name of file path.
C) blocks of files sequence number: insincere end server imports program and file is split by the size of 100KB, this sequence number represents that presents block is which segmentation block of some file.
D) transmission priority of blocks of files: the concept of priority is described below.
E) blocks of files length: the length of the piecemeal that presents block comprises.
F) eigenvalue of blocks of files: insincere end server imports program and all data of presents block are done eigenvalue computing, such as a MD5 computing, obtains the eigenvalue of presents block.
In an embodiment of the present invention, described outer net optical transmitting set data buffer storage device is additionally provided with the sub-device of multiple data buffering. Difference in order to meet file transmits demand, and insincere end server is that file transmission is provided with extra urgent, urgent, urgent and common four kinds of priority, every kind of corresponding data buffer sublayer device of priority. Importing program is put into the blocks of files after packet in the sub-device of corresponding data buffering according to transmission priority, and the blocks of files that the blocks of files that such as extra urgent file is corresponding puts into extra urgent buffer sublayer device, urgent file is corresponding puts into urgent buffer sublayer device, the like. File transmitting policy and file transmission priority are crossed WEB configurator by system manager Netcom outside and are arranged.
When insincere end server importing program imports one-way transmission apparatus according to priority blocks of files, specific practice is: be first directed to the data of extra urgent buffer sublayer device, next to that the data of urgent buffer sublayer device and urgent buffer sublayer device, it is finally the data of the sub-device of ordinary buffer. Simultaneously, system provides priority sensitivity and arranges, namely in data transmission procedure, importing program scans the catalogue data in external network server at set intervals, if there being the file newly increased in catalogue, new file division is become blocks of files by system, is then placed in buffer sublayer device corresponding with its catalogue priority level, import the transmitting procedure that program stopped is original, restart transmission data from four buffer sublayer devices extra urgent, urgent, urgent, common according to priority level.
Described one-way transmission apparatus adopts FPGA to realize the ferry-boat of high speed information, Single-Input Single-Output optical fiber network interface card and optical fiber is adopted to realize the no-feedback one-way transmission of data, concrete operations are: the data on insincere end server are imported to outer net optical transmitting set data buffer storage device, data in outer net optical transmitting set data buffer storage device are sent to Intranet optical receiver data buffer storage device by optical fiber, and the data in Intranet optical receiver data buffer storage device import to credible end server by PCI-E bus. In one-way transmission apparatus, in order to ensure the safety that data are transmitted, data in outer net optical transmitting set data buffer storage device such as can also be encrypted at the safety operation by outer net optical transmitting set, on a 50-50 basis, Intranet optical receiver completes the deciphering of data and data is delivered to Intranet optical receiver data buffer storage device.
One-way transmission apparatus is based on optical physics unidirectional transmission property, use the optical fiber physical channel as one-way data transfer of closing, ensure that the safety that data are transmitted, but it is because there is no feedback signal, system cannot know whether data exist mistake in transmitting procedure, also data mistake occur cannot be corrected (re-transmission), for solving these problems, the present invention overlaps one-way transmission apparatus by standby usage two and sends identical data block to Intranet simultaneously, can correct with another blocks of data block time a blocks of data block makes a mistake wherein, to reduce the error rate of overall data transmission, ensure the reliability of data transmission.Blocks of files transmission control flow in one-way transmission apparatus is as follows:
1) standby usage outer net optical transmitting set reads the blocks of files in outer net optical transmitting set data buffer storage device simultaneously, and it is sent to corresponding Intranet optical receiver (primary outer net optical transmitting set sends data to primary Intranet optical receiver, and standby outer net optical transmitting set sends data to standby Intranet optical receiver) by respective optical-fibre channel.
2) each blocks of files received is done MD5 computing by primary Intranet optical receiver, and is compared by the eigenvalue of this document block eigenvalue obtained with the blocks of files build received.
3) if eigenvalue is identical, illustrate that the transmission of this document block is correct, blocks of files is sent to Intranet optical receiver data buffer storage device, wait that credible end server imports program and data importing intranet server is made subsequent treatment; Notice outer net optical transmitting set data buffer storage device abandons the blocks of files of the transmission success of correspondence simultaneously.
4) if eigenvalue is different, notify that each blocks of files received is done MD5 computing by standby Intranet optical receiver, and the eigenvalue of the eigenvalue obtained with the blocks of files build received is compared.
5) if eigenvalue is identical, the blocks of files that standby Intranet optical receiver is received is sent to Intranet optical receiver data buffer storage device, waits that intranet server processes.
6) if eigenvalue is different, generate the file bust this record belonging to this document block, the setting according to user, reported to the police to manager by sound, mail or note, in order to manager transmits this document again. (remarks: be built-in with the monitoring programme checking file transmission situation in intranet server, this program can show the situations such as each file time of advent, whether transmission success, it is also possible to individually checks the blocks of files information of bust this)
Described credible end server reads the data in Intranet optical receiver data buffer storage device by PCI-E interface, the operation that file is made by the importing program on credible end server insincere end server substantially imports the inverse operation of program, blocks of files is carried out data verification, data recombination, generation FTP, HTTP and SMABA file session by it, blocks of files is spliced into complete file, and puts in corresponding catalogue.
Credible end server achieves the proprietary protocol conversion to publicly-owned ICP/IP protocol.
In order to effectively reduce retransmission data amount, insincere end server is provided with a caching system, according to setting, caching system is all blocks of files information being transferred to Intranet within can preserving 10 minutes to 1 hour, coordinate the repeater system of importing program, the blocks of files specified can be sent selectively. When manager finds, by monitoring programme, the data block having bust this, repeater system can be logged in, the file block number that input to be retransmitted, import system can resend this document block to Intranet, with it, when transmitting big file, send unsuccessfully if running into individual data, just need not again transmit whole file, only need to send blocks of files belonging to error data just. The method, while improving data transmission credibility, effectively reduces retransmission data amount.
The present invention is realizing on the basis of the unidirectional transmitting of file based on the unidirectional transmitting of file and the control system of optical transport, also has following function:
1. ensureing the seriality of file transmission: when transmitting big file, big file can be carried out piecemeal process by system itself, and namely big file can be divided into the data block of formed objects and continuously transmit, until transferring this big file. If there being multiple big file, then continuously transmit file from high to low successively according to transmission priority set in advance.
2. support concurrently to connect: credible end server, insincere end server can configure multiple task, concurrent connection number can be different according to concrete hardware configuration, according to existing needs, maximum concurrent connection number could be arranged to the arbitrary value in 100000��200000.
3. automatically clear data, disk is avoided to overflow: described system also includes hard disk and uses alarm device, with monitor in real time hard disk utilization rate, when hard disk utilization rate reaches a certain predetermined threshold, start operation of reporting to the police, specifically, when described hard disk utilization rate reaches the first predetermined threshold, start the first warning operation, when described hard disk utilization rate reaches the second predetermined threshold, starting the second warning operation, wherein, described second predetermined threshold is more than the first predetermined threshold. In an embodiment of the present invention, because equipment itself needs to store the file that need to transmit and log recording, so hard-disc storage space can be taken, described system meeting monitor in real time hard disk utilization rate, when hard disk utilization rate reaches 80%, system can be reported to the police by the mode of mail or buzzer, notifies that the file in hard disk and log recording are done respective handling (such as manual deletion) by manager; When hard disk utilization rate reaches 85%, file in the certain time that system then can dispose oldest stored sequentially in time automatically or log recording, make hard disk be in upstate, it is ensured that system properly functioning.
4. power down protection: described system also includes multiple power supply; independently-powered for described credible end server, insincere end server and standby usage one-way transmission apparatus; wherein; credible end server, insincere end server use independent power supply to power; optical receiver and optical transmitting set use same set of power supply to power; therefore, described system possesses perfect power down protection measure. Corresponding power down protection measure is as follows:
A) power down when system is properly functioning, is damaged from system file, and re-powers after power down after power down, equipment can restart according to normal booting procedure;
B) transmitting power down during file, system has completed the file block number of transmission before remembering power down, when system recovers normal operating conditions again, then automatically from the next blocks of files transmission completing transmission reference number of a document;
C) configuring power down during system file, after system re-powers startup, configuration file is the configuration file of up-to-date preservation before returning to power down;
D) system is doing power down during upgrading processing, and the system before returning to upgrading when system restarts normally starts;
5. suspension recovers: described system also includes Network Abnormal alarm device, to start operation of reporting to the police when detecting that network is abnormal. First, described system has Network Abnormal warning function (liquid crystal display screen or buzzer warning), reminds management personnel to have Network Abnormal to process Network Abnormal problem as early as possible; Secondly, credible end server, insincere end server have completed the latest document block number of transmission before recording suspension, after network to be restored, then continue transmission file from the next reference number of a document blocks of files completing transmission reference number of a document, recover the related service before suspension.
6. breakpoint transmission: credible end server, insincere end server have completed the latest document block number of transmission before recording suspension or artificial interrupt task, after network to be restored, then continue transmission file from the next reference number of a document blocks of files completing transmission reference number of a document, form the breakpoint transmission function based on blocks of files.
7. system status monitoring: credible end server, insincere end server can distinguish monitor in real time oneself state, wherein insincere server mainly monitors the CPU of self, internal memory, disk state, and real time status information, synchrodata information, heartbeat message etc. are sent to inner server; Inner server is except monitoring the real-time status of self CPU, internal memory, hard disk, also need to monitor insincere server and pass to the real-time status such as the CPU of oneself, internal memory, hard disk, and trusted servers also needs to judge according to the heart beat status that insincere server sends the communication state of unreliable network system;Credible end server, insincere end server, according to the system mode monitored, show relevant information on administration interface, if CPU/ internal memory/hard disk utilization rate is below 60%, then shown in green; Utilization rate 60%��80%, is then shown as yellow; Utilization rate is more than 80%, then shown in red, and carries out mail or SMS alarm; Inner server is except the relevant information of supervisory control system running state, also can be arranged as required to relative alarm strategy, reach some when inner server receives file error just can carry out reporting to the police or occur in certain time period that mistake sends the same file of warning message, outer end system retransmission and reaches certain number of times and send warning message etc. as arranged.
8. equipment control: equipment can be managed by way to manages such as WEB mode that https logs in, SSH, serial ports. Wherein manager's feasible system manager, security policy manager person, log audit manager's separation of the three powers; Manager's beaching accommodation needs the authentication mode of user name+password+USBKey or IP+MAC; Manager attempt certain number of times (such as 5 times) beaching accommodation but because of the reason such as user name or password bad can not beaching accommodation time, then lock IP or the MAC Address of this user name or beaching accommodation, unlock voluntarily after a period of time (manager can according to practical situation sets itself); Log in abnormal information will be recorded in the middle of system journal, in order to auditor audits; When beaching accommodation is managed, if not carrying out any operation within a certain period of time, then system can automatically exit from administration interface, now as equipment to be operated needing re-authentication to log in by manager again; Reveal for preventing manager or user from logging in relevant information, system has formulated strict safety precautions, as beaching accommodation is unsuccessful, will not show that, owing to what reason causes that certification is unsuccessful, system leaves over any validated user logon information without at log-in interface; Equipment has strict Access control strategy, except the user name+cipher authentication of client, also can take the mode of IP+MAC certification, is effectively increased the safety of data transmission.
9. log audit function: equipment has very powerful log audit function, audit log includes each manager to the configuration management operation of equipment, the debarkation authentication of client, file transmission daily record etc., and the information such as itemized record user name, IP, MAC, time, greatly improve the security protection ability of equipment. For convenience of log audit person's management to audit log, equipment also supports importing/derivation and the deletion action of daily record, and MySQL and Syslog is supported in daily record.
Particular embodiments described above; the purpose of the present invention, technical scheme and beneficial effect have been further described; it is it should be understood that; the foregoing is only specific embodiments of the invention; it is not limited to the present invention; all within the spirit and principles in the present invention, any amendment of making, equivalent replacement, improvement etc., should be included within protection scope of the present invention.
Claims (10)
1. the unidirectional transmitting based on optical transport and control system, it is characterised in that described system includes: insincere end server, credible end server and standby usage one-way transmission apparatus, wherein:
Described insincere end server is for providing service for the internet, applications based on the publicly-owned agreement of TCP/IP, and its one end is connected with unreliable network, and the other end is connected with standby usage one-way transmission apparatus;
Described credible end server side is connected with trustable network, and the other end is connected with standby usage one-way transmission apparatus;
Described standby usage one-way transmission apparatus one end is connected with described insincere end server, the other end is connected with credible end server, it includes outer net optical transmitting set data buffer storage device, primary outer net optical transmitting set, primary Intranet optical receiver, Intranet optical receiver data buffer storage device, standby outer net optical transmitting set, standby Intranet optical receiver, wherein, being connected by one-way transmission fibre between outer net optical transmitting set and Intranet optical receiver, described insincere end server is connected with primary outer net optical transmitting set and standby outer net optical transmitting set; Described credible end server is connected with primary Intranet optical receiver and standby Intranet optical receiver.
2. the system as claimed in claim 1, it is characterized in that, described insincere end server adopts file block transmission strategy, and the file after piecemeal is initially transmitted in described outer net optical transmitting set data buffer storage device to carry out buffer memory, then blocks of files is transmitted separately in outer net optical transmitting set.
3. system as claimed in claim 2, it is characterized in that, each blocks of files is provided with build, and described build at least includes one or more information in the eigenvalue of file belonging to file block number, blocks of files, blocks of files sequence number, blocks of files transmission priority, blocks of files length and blocks of files.
4. system as claimed in claim 3, it is characterised in that if a certain blocks of files error of transmission, then again transmit this document block according to file block number, to reduce retransmission data amount.
5. system as claimed in claim 3, it is characterised in that when described blocks of files is transmitted in standby usage one-way transmission apparatus:
Standby usage outer net optical transmitting set reads the blocks of files in outer net optical transmitting set data buffer storage device simultaneously, and is sent to corresponding Intranet optical receiver by respective optical-fibre channel;
The each blocks of files received is done eigenvalue computing by primary Intranet optical receiver, and is compared with the eigenvalue in the blocks of files build received by this document block eigenvalue obtained;
If eigenvalue is identical, illustrating that the transmission of this document block is correct, blocks of files is sent to Intranet optical receiver data buffer storage device, notice outer net optical transmitting set data buffer storage device abandons the blocks of files of corresponding transmission success simultaneously;
If eigenvalue is different, notify that each blocks of files received is done eigenvalue computing by standby Intranet optical receiver, and the eigenvalue of the eigenvalue obtained with the blocks of files build received is compared, if eigenvalue is identical, the blocks of files that standby Intranet optical receiver is received is sent to Intranet optical receiver data buffer storage device, if eigenvalue is different, generate the file bust this record belonging to this document block, start and report to the police and retransmission operation.
6. the system as claimed in claim 1, it is characterized in that, described outer net optical transmitting set data buffer storage device is provided with the sub-device of multiple data buffering, the transmission that described insincere end server is file or blocks of files arranges extra urgent, urgent, urgent and common four kinds of priority, and according to the corresponding data of priority transmission, wherein, every kind of corresponding data buffer sublayer device of priority.
7. the system as claimed in claim 1, it is characterised in that the primary outer net optical transmitting set in described standby usage one-way transmission apparatus sends identical data block to Intranet with standby outer net optical transmitting set simultaneously, to carry out error correction.
8. the system as claimed in claim 1, it is characterised in that described credible end server, insincere end server support the breakpoint transmission based on blocks of files.
9. the system as claimed in claim 1, it is characterized in that, described system also includes hard disk and uses alarm device and Network Abnormal alarm device, and wherein said hard disk uses alarm device monitor in real time hard disk utilization rate, when hard disk utilization rate reaches a certain predetermined threshold, start operation of reporting to the police; Described Network Abnormal alarm device starts operation of reporting to the police when detecting that network is abnormal.
10. the system as claimed in claim 1, it is characterised in that described system also includes multiple power supply, independently-powered for described credible end server, insincere end server and standby usage one-way transmission apparatus.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610027760.0A CN105656902B (en) | 2016-01-15 | 2016-01-15 | A kind of unidirectional transmitting and control system based on optical transport |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610027760.0A CN105656902B (en) | 2016-01-15 | 2016-01-15 | A kind of unidirectional transmitting and control system based on optical transport |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105656902A true CN105656902A (en) | 2016-06-08 |
| CN105656902B CN105656902B (en) | 2018-08-14 |
Family
ID=56487373
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610027760.0A Active CN105656902B (en) | 2016-01-15 | 2016-01-15 | A kind of unidirectional transmitting and control system based on optical transport |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105656902B (en) |
Cited By (19)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106973050A (en) * | 2017-03-23 | 2017-07-21 | 山东中创软件商用中间件股份有限公司 | A kind of method and device of inter-network lock information sharing |
| CN106982160A (en) * | 2017-03-10 | 2017-07-25 | 深圳市利谱信息技术有限公司 | Link asymmetry gateway Dual-Computer Hot-Standby System and main/standby switching method |
| CN109391644A (en) * | 2017-08-03 | 2019-02-26 | 蓝盾信息安全技术有限公司 | It is a kind of based on singly lead equipment intelligent file upload, downloading and administrative skill |
| CN109639708A (en) * | 2018-12-28 | 2019-04-16 | 东莞见达信息技术有限公司 | Deep learning data access control method and device |
| CN110460599A (en) * | 2019-08-13 | 2019-11-15 | 常州华龙通信科技股份有限公司 | Unidirectional transmission method is realized based on multi-level buffer and active and standby mechanism |
| CN110809138A (en) * | 2019-11-19 | 2020-02-18 | 北京国保金泰信息安全技术有限公司信息安全技术研究中心 | Video one-way transmission system based on no feedback light |
| CN111641650A (en) * | 2020-05-29 | 2020-09-08 | 中京天裕科技(北京)有限公司 | Industrial data unidirectional import system and method |
| CN111741022A (en) * | 2020-08-03 | 2020-10-02 | 南京科讯次元信息科技有限公司 | Ultra-large file return based on one-way data import equipment |
| CN111831998A (en) * | 2020-07-28 | 2020-10-27 | 武汉市测绘研究院 | Identity verification method for BS application service binding hardware code in offline state |
| CN111865969A (en) * | 2020-07-17 | 2020-10-30 | 江苏润易联信息技术有限公司 | Secure transmission method and system suitable for financial information |
| CN112383612A (en) * | 2020-11-11 | 2021-02-19 | 成都卫士通信息产业股份有限公司 | File transmission method, device, equipment and readable storage medium |
| CN112685803A (en) * | 2020-12-30 | 2021-04-20 | 北京天融信网络安全技术有限公司 | Hot standby state switching method, device, equipment and storage medium |
| CN112787888A (en) * | 2021-01-16 | 2021-05-11 | 鸣飞伟业技术有限公司 | System based on non-feedback data one-way transmission sharing switching technology |
| CN113067800A (en) * | 2021-03-03 | 2021-07-02 | 江苏仕邦信息安全有限公司 | One-way isolation optical gate device |
| CN113141372A (en) * | 2021-04-30 | 2021-07-20 | 平安国际智慧城市科技股份有限公司 | Request calling method, device, equipment and storage medium based on one-way optical gate |
| CN113381811A (en) * | 2021-04-14 | 2021-09-10 | 西安理工大学 | Method for safely transmitting information by adopting wireless laser |
| CN113783939A (en) * | 2021-08-20 | 2021-12-10 | 奇安信科技集团股份有限公司 | File transmission method and device, electronic equipment and storage medium |
| CN114598418A (en) * | 2020-12-07 | 2022-06-07 | 山东新松工业软件研究院股份有限公司 | Method, device and system applied to encoder data transmission |
| CN116684206A (en) * | 2023-08-03 | 2023-09-01 | 中科信安(深圳)信息技术有限公司 | Double unidirectional data transmission system and method based on optical transmission |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127680A (en) * | 2007-07-20 | 2008-02-20 | 胡德勇 | Unidirectional physical separation network brake for USB optical fiber |
| CN101764768A (en) * | 2010-01-19 | 2010-06-30 | 北京锐安科技有限公司 | Data security transmission system |
| CN101986638A (en) * | 2010-09-16 | 2011-03-16 | 珠海市鸿瑞软件技术有限公司 | Gigabit one-way network isolation device |
| CN105204583A (en) * | 2015-10-16 | 2015-12-30 | 杭州中威电子股份有限公司 | Physical isolation system and isolation method constructed based on embedded type system |
-
2016
- 2016-01-15 CN CN201610027760.0A patent/CN105656902B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127680A (en) * | 2007-07-20 | 2008-02-20 | 胡德勇 | Unidirectional physical separation network brake for USB optical fiber |
| CN101764768A (en) * | 2010-01-19 | 2010-06-30 | 北京锐安科技有限公司 | Data security transmission system |
| CN101986638A (en) * | 2010-09-16 | 2011-03-16 | 珠海市鸿瑞软件技术有限公司 | Gigabit one-way network isolation device |
| CN105204583A (en) * | 2015-10-16 | 2015-12-30 | 杭州中威电子股份有限公司 | Physical isolation system and isolation method constructed based on embedded type system |
Non-Patent Citations (1)
| Title |
|---|
| 丁慧丽等: "网络信息安全单向传输系统的设计与实现", 《计算机安全》 * |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106982160A (en) * | 2017-03-10 | 2017-07-25 | 深圳市利谱信息技术有限公司 | Link asymmetry gateway Dual-Computer Hot-Standby System and main/standby switching method |
| CN106982160B (en) * | 2017-03-10 | 2019-07-19 | 深圳市利谱信息技术有限公司 | Link asymmetry gateway Dual-Computer Hot-Standby System and main/standby switching method |
| CN106973050A (en) * | 2017-03-23 | 2017-07-21 | 山东中创软件商用中间件股份有限公司 | A kind of method and device of inter-network lock information sharing |
| CN109391644A (en) * | 2017-08-03 | 2019-02-26 | 蓝盾信息安全技术有限公司 | It is a kind of based on singly lead equipment intelligent file upload, downloading and administrative skill |
| CN109639708A (en) * | 2018-12-28 | 2019-04-16 | 东莞见达信息技术有限公司 | Deep learning data access control method and device |
| CN110460599A (en) * | 2019-08-13 | 2019-11-15 | 常州华龙通信科技股份有限公司 | Unidirectional transmission method is realized based on multi-level buffer and active and standby mechanism |
| CN110460599B (en) * | 2019-08-13 | 2021-11-09 | 常州华龙通信科技股份有限公司 | Method for realizing one-way transmission based on multi-level cache and main/standby mechanism |
| CN110809138A (en) * | 2019-11-19 | 2020-02-18 | 北京国保金泰信息安全技术有限公司信息安全技术研究中心 | Video one-way transmission system based on no feedback light |
| CN111641650A (en) * | 2020-05-29 | 2020-09-08 | 中京天裕科技(北京)有限公司 | Industrial data unidirectional import system and method |
| CN111865969A (en) * | 2020-07-17 | 2020-10-30 | 江苏润易联信息技术有限公司 | Secure transmission method and system suitable for financial information |
| CN111831998A (en) * | 2020-07-28 | 2020-10-27 | 武汉市测绘研究院 | Identity verification method for BS application service binding hardware code in offline state |
| CN111741022A (en) * | 2020-08-03 | 2020-10-02 | 南京科讯次元信息科技有限公司 | Ultra-large file return based on one-way data import equipment |
| CN112383612A (en) * | 2020-11-11 | 2021-02-19 | 成都卫士通信息产业股份有限公司 | File transmission method, device, equipment and readable storage medium |
| CN112383612B (en) * | 2020-11-11 | 2022-06-14 | 成都卫士通信息产业股份有限公司 | File transmission method, device, equipment and readable storage medium |
| CN114598418A (en) * | 2020-12-07 | 2022-06-07 | 山东新松工业软件研究院股份有限公司 | Method, device and system applied to encoder data transmission |
| CN112685803A (en) * | 2020-12-30 | 2021-04-20 | 北京天融信网络安全技术有限公司 | Hot standby state switching method, device, equipment and storage medium |
| CN112787888A (en) * | 2021-01-16 | 2021-05-11 | 鸣飞伟业技术有限公司 | System based on non-feedback data one-way transmission sharing switching technology |
| CN113067800A (en) * | 2021-03-03 | 2021-07-02 | 江苏仕邦信息安全有限公司 | One-way isolation optical gate device |
| CN113381811A (en) * | 2021-04-14 | 2021-09-10 | 西安理工大学 | Method for safely transmitting information by adopting wireless laser |
| CN113141372A (en) * | 2021-04-30 | 2021-07-20 | 平安国际智慧城市科技股份有限公司 | Request calling method, device, equipment and storage medium based on one-way optical gate |
| CN113783939A (en) * | 2021-08-20 | 2021-12-10 | 奇安信科技集团股份有限公司 | File transmission method and device, electronic equipment and storage medium |
| CN113783939B (en) * | 2021-08-20 | 2024-09-03 | 奇安信科技集团股份有限公司 | File transmission method and device, electronic equipment and storage medium |
| CN116684206A (en) * | 2023-08-03 | 2023-09-01 | 中科信安(深圳)信息技术有限公司 | Double unidirectional data transmission system and method based on optical transmission |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105656902B (en) | 2018-08-14 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105656902A (en) | One-way reliable transmission and control system based on light transmission | |
| US10015176B2 (en) | Network protection | |
| CN110557251A (en) | Industrial data safety isolation acquisition system and internal and external network data one-way transmission method | |
| CN101820383B (en) | Method and device for restricting remote access of switcher | |
| CN116055254B (en) | Safe and trusted gateway system, control method, medium, equipment and terminal | |
| Mishra et al. | Software defined internet of things security: properties, state of the art, and future research | |
| US9130906B1 (en) | Method and apparatus for automated secure one-way data transmission | |
| US11386240B2 (en) | Data transmission system and method in physical network separation environment | |
| Abouzakhar | Critical infrastructure cybersecurity: A review of recent threats and violations | |
| WO2022179304A1 (en) | Secure communication method, apparatus, and system for dc interconnection | |
| CN104168126B (en) | A kind of unattended intelligent device self-maintenance management system and method | |
| CN101888284B (en) | Method and device used for one-way transmission of data | |
| CN112653664A (en) | High-safety and reliable data exchange system and method between networks | |
| CN111083049B (en) | User table item recovery method and device, electronic equipment and storage medium | |
| WO2012097628A1 (en) | Fault handling and recovery method and system for bbu, rru and ring networking | |
| CN105049238A (en) | Redundancy backup method and equipment for LTE (Long Term Evolution) gateway equipment exchange subsystem | |
| CN115333994A (en) | Method and device for realizing VPN route rapid convergence and electronic equipment | |
| CN105245530B (en) | A kind of safe information transmission agency plant | |
| JP5152539B2 (en) | User authentication system | |
| CN206962849U (en) | CHINA RFTCOM Co Ltd security isolation transmission equipment | |
| KR20110070658A (en) | Auto recovery apparatus and method for flight data | |
| CN112600757B (en) | Safety maintenance method based on asymmetric data transmission speed limiter | |
| CN220067442U (en) | Data security ferrying system based on optical isolation | |
| CN116541212B (en) | Device, method and system for realizing disaster recovery of big data center | |
| Ding et al. | Research on Network Security Measures in Electric Power Communication Network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |