CN107493292A - The information transmission system and method for isomery multichannel security isolation - Google Patents
The information transmission system and method for isomery multichannel security isolation Download PDFInfo
- Publication number
- CN107493292A CN107493292A CN201710782879.3A CN201710782879A CN107493292A CN 107493292 A CN107493292 A CN 107493292A CN 201710782879 A CN201710782879 A CN 201710782879A CN 107493292 A CN107493292 A CN 107493292A
- Authority
- CN
- China
- Prior art keywords
- data
- data processing
- passage
- processing circuit
- sequence number
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
- H04L63/067—Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention discloses a kind of information transmission system of isomery multichannel security isolation, including first network unit and the second NE, the first network host unit is provided with multiple transmission mouths, the transmission mouth of the first network host unit is correspondingly connected to the receiving port of the first data processing circuit, first data processing circuit is connected by a plurality of one-way optical fiber and transfers data to the second data processing circuit, the receiving port for sending mouth and connecting the second NE of second data processing circuit.The invention also discloses the transmission method of the information of this multichannel security isolation.The advantages of invalid data caused by the present invention has data transfer complete and can eliminate possible back door caused by physical connection and can take precautions against virus control computer exchanges.
Description
Technical field
The present invention relates to data transmission technology, and physical connection generation can be completely eliminated more particularly, to a kind of data transfer
Possibility back door and the information of isomery multichannel security isolation that exchanges of invalid data caused by virus control computer can be taken precautions against
Transmission system and method.
Background technology
The network in China and informatization achieve remarkable achievement by years development, based on information system
System construction ability significantly increases, and the application level of network and information system is substantially improved.But in the west headed by the U.S.
Science and technology power is first sent out in face of technical advantage and aggressive offensive strategy, and China's network security level and defense system are on the whole
Still it is in strategic weak tendency.Main cyberspace basic situation is shown as:Comparison of industrial basis is poor;Belong to tracking mode on the whole
Scientific research, including cyberspace fall within safely the scientific research of tracking mode, some phenomenons of village hollowing also be present;Independent development is difficult to cover
Cover whole ecological environment and control whole links of theft-resistant link chain;Cyberspace present " by it is transparent, by net processed " state.
A strategy " Jiong borders " is faced during the current Network Security Construction in China:On the one hand, it is advanced without import
Property, maturity and promptness cannot be guaranteed;But then, with the prestige for not being avoided that " poisonous to carry disease germs " component again of import
The side of body, security are difficult to ensure that.
So we face two basic safety problems that can not avoid:It is the letter under current technical capability first
The leak ceased in systematical design idea is unavoidable;Next to that for the current autonomous industry ability in China, completely
Independently controllable to be difficult to reach, " by back door " can not avoid.
Realize that the equipment that security isolation exchanges with information typically there are following several technologies now:Ferry-boat technology is (based on switch
Switching), buffering area mechanics of communication (based on switch switching) and half-duplex channel technology.Wherein ferry-boat technology and buffering area mechanics of communication
Scheme, (there may be back door as covert channel) that physically two networks are connected together, and virus can be with
By disguising oneself as, data back ferry-boat passes through security isolation and the information transmission system (invalid data exchanges), so relative is uneasy
Complete.So-called half-duplex channel, it is exactly that two links of sending and receiving of communication are completely separable, can not completes to communicate in a passage
Feedback, attack just into half-open connection, can not form hiding duplex channel (back door) and cause to divulge a secret, it is impossible to play
Effect.Sender sends data by all means, and data side receives data by all means.If only one direction, the integrality to data is that have very
Influence greatly.For example data are damaged in transmitting procedure, recipient does not notify the possibility that sender retransmits, and only abandons.It is right
For sender, data are sent by all means, whether other side is received, and whether data are available not to be known.But half-duplex channel technology
Security is ensure that on the basis of having certain infringement to data integrity.
The content of the invention
Produced to solve the above problems, completely eliminating physical connection it is an object of the invention to provide a kind of data transfer
Possibility back door and the information of isomery multichannel security isolation that exchanges of invalid data caused by virus control computer can be taken precautions against
Transmission system.
The present invention is realized by following technical measures, a kind of information transmission system of isomery multichannel security isolation, is wrapped
Include first network unit and the second NE, it is characterised in that:The first network host unit is provided with multiple transmission mouths,
The receiving port for sending mouth one first data processing circuit of corresponding connection of the first network host unit, at first data
Reason circuit is connected by a plurality of one-way optical fiber and transfers data to the second data processing circuit, second data processing circuit
Send mouth connect the second NE receiving port.
As a kind of preferred embodiment, second NE is provided with multiple transmission mouths, second NE
The receiving port of mouth the 3rd data processing circuit of corresponding connection is sent, the 3rd data processing circuit is connected by a plurality of one-way optical fiber
Connect and transfer data to the 4th data processing circuit, the transmission mouth connection first network unit of the 4th data processing circuit
Receiving port.
As a kind of preferred embodiment, connected between first data processing circuit, second data processing circuit
Port number between the number of one-way optical fiber and first network host unit, the first data processing circuit is equal and exists one a pair
The relation answered.
As a kind of preferred embodiment, connected between the 3rd data processing circuit, the 4th data processing circuit
Port number between the number of one-way optical fiber and the second NE main frame, the 3rd data processing circuit is equal and exists one a pair
The relation answered.
As a kind of preferred embodiment, the first data processing circuit and the second data processing circuit are FPGA data processing electricity
Road.
As a kind of preferred embodiment, the 3rd data processing circuit and the 4th data processing circuit are FPGA data processing electricity
Road.
The invention also discloses a kind of information transferring method of isomery multichannel security isolation, it comprises the following steps:
(11) for after system program starts, first network host unit produces one first biography random number first, and according to this
Nonce count calculates the sequence number of at least three valid data passages, and then the sequence number of valid data passage is dealt at the first data
Circuit is managed, then the second data processing circuit is dealt into by the first data processing circuit, the second data processing circuit has what is received
Preserved after imitating the sequence number of data channel, data check is made according to the sequence number of the valid data passage of preservation;
(12) first networks host unit receive external data need toward the second NE main frame send when, by number
Buffering area corresponding to each valid data passage is saved in after being encoded according to the form as corresponding to currently valid passage;
(13) data of each buffering area are dealt into corresponding significant figure by first networks host unit by asynchronous mode respectively
According to passage;
(14) after the data processing circuits of first receive the data of each valid data passage, data are dealt into again after packing
One-way optical fiber corresponding to effective passage;
(15) each passage individual reception data of the data processing circuits of second, after receiving fixed length bag, first judge significant figure
According to the quantity of passage, if it exceeds the quantity of valid data passage, directly abandons data and is incremented by error count, if mistake
Counting reaches setting value and just alarmed;If the passage for receiving data is exactly current each valid data passage, to significant figure
According to being verified after the data decoding of passage, final data is obtained by the principle that the minority is subordinate to the majority, such as each channel data not
It is identical, directly abandon data and be incremented by error count, alarmed if error count reaches setting value;
(16) final data is transferred to the second NE main frame by the data processing circuits of second.
As a kind of preferred embodiment, also comprise the following steps:
(21) for after system program starts, the second NE main frame produces one second biography random number first, and according to this
Nonce count calculates the sequence number of at least three valid data passages, and then the sequence number of valid data passage is dealt at the 3rd data
Circuit is managed, then the 4th data processing circuit is dealt into by the 3rd data processing circuit, the 4th data processing circuit has what is received
Preserved after imitating the sequence number of data channel, data check is made according to the sequence number of the valid data passage of preservation;
(22) the second NEs of main frame receives data and needs, toward during the transmission of first network host unit, data to be pressed
Form corresponding to currently valid passage is saved in buffering area corresponding to each valid data passage after being encoded;
(23) each buffer data is dealt into corresponding valid data by the second NEs of main frame by asynchronous mode respectively
Passage;
(24) after the data processing circuits of the 3rd receive the data of each valid data passage, data are dealt into again after packing
One-way optical fiber corresponding to effective passage;
(25) each passage individual reception data of the data processing circuits of the 4th, after receiving fixed length bag, first judge significant figure
According to the quantity of passage, if it exceeds the quantity of valid data passage, directly abandons data and is incremented by error count, if mistake
Counting reaches setting value and just alarmed;If the passage for receiving data is exactly current each valid data passage, to significant figure
Verified according to the data decoding of passage, final data is obtained by the principle that the minority is subordinate to the majority, such as each channel data not phase
Together, data are directly abandoned and are incremented by error count, are alarmed if error count reaches setting value;
(26) final data is transferred to first network host unit by the data processing circuits of the 4th.
As a kind of preferred embodiment, step (11) is:After system program starts, first network host unit produces first
One first passes random number, and the sequence number of at least three valid data passages is calculated according to this first biography nonce count, will then have
The sequence number of effect data channel is dealt into the first data processing circuit, then is dealt into the second data processing electricity by the first data processing circuit
Road, the second data processing circuit will preserve after the sequence number of the valid data passage received, according to the valid data passage of preservation
Sequence number makees data check;Regenerate the first biography random number again after the scheduled time, and calculated according to this first biography random number
Go out the sequence number of at least three valid data passages, the sequence number of valid data passage is then dealt into the first data processing circuit, then
Second data processing circuit, the valid data passage that the second data processing circuit will receive are dealt into by the first data processing circuit
Sequence number after preserve, data check is made according to the sequence number of the valid data passage of preservation, subsequently repeats this process..
As a kind of preferred embodiment, step (21) is:After system program starts, the second NE main frame produces first
One second passes random number, and the sequence number of at least three valid data passages is calculated according to this second biography nonce count, will then have
The sequence number of effect data channel is dealt into the 3rd data processing circuit, then is dealt into the 4th data processing electricity by the 3rd data processing circuit
Road, the 4th data processing circuit will preserve after the sequence number of the valid data passage received, according to the valid data passage of preservation
Sequence number makees data check;Regenerate the second biography random number again after the scheduled time, and calculated according to this second biography random number
Go out the sequence number of at least three valid data passages, the sequence number of valid data passage is then dealt into the 3rd data processing circuit, then
4th data processing circuit, the valid data passage that the 4th data processing circuit will receive are dealt into by the 3rd data processing circuit
Sequence number after preserve, data check is made according to the sequence number of the valid data passage of preservation, subsequently repeats this process.
The present invention between the first data processing circuit and the second data processing circuit due to using in one-way optical fiber, logical
Two links of sending and receiving of news are completely separable, the feedback of communication can not be completed in a passage, attack is just into half-open
Connection, can not form hiding duplex channel (back door) and cause to divulge a secret, and the back door of hardware aspect is just not present, unidirectional to solve
The defects of data being likely to occur in passage technology are damaged in transmitting procedure, asked using multiple one-way optical fibers to solve this
Topic, the data of multiple one-way optical fibers test mutually school and obtain final data, and its theoretical bit error rate reaches 10-28This rank, reach real
With requiring.The system uses the framework of isomery multichannel, and data, the number that only multiple passages are sent are sent using isomery multichannel
Valid data can be just considered as according to identical, with isomorphism multichannel ratio, this invalid data for having taken precautions against virus to a certain extent passes
It is defeated;While using isomery multichannel, the nonce count also constantly generated by system calculates effective passage, and system is only by effective
Data channel sends data, and when receiving terminal system verifies, the data of the only multi-channel in valid data passage unanimously just can
Valid data are obtained, and there is also during data for non-effective data passage, then it is assumed that be that illegal transmissions are attempting multichannel transmission
And the simultaneously closing passage that gives a warning;The present invention also uses the application of Data Transform (encryption) technology, and main frame leads to different
The data in road carry out format conversion (or being encrypted with different keys), when group bag verifies by hardware such as FPGA make inverse transformation (or
Person decrypts), key is present in firmware with software program, and every equipment differs, because virus can not possibly obtain this
Device keyses, thus the data sent in group bag verification by conversion (or decryption computing), then the data of each passage not phase
Together, thus can not possibly have two passages data it is identical, final data is abandoned, reached close the door effect.In main frame also
Fictitious host computer can be run, the transmission program that system is carried runs on fictitious host computer, to separate because main frame is connected to first network
Unit may be by virus control and further control system transmission program.
Brief description of the drawings
Fig. 1 is the structured flowchart of the embodiment of the present invention.
Embodiment
With reference to embodiment and compare accompanying drawing the present invention is described in further detail.
A kind of information transmission system of isomery multichannel security isolation of the present embodiment, refer to Fig. 1, and the inside has two firmly
Part passage, first passage are the data channel of the transmission data of the inside net unit of outer net unit.Article 2 passage is Intranet list
First outwards net unit sends the data channel of data.Hardware aspect, outer net main frame 1 and intranet host 1 we select Jijia Brix
5200 (I5CPU, internal memory 16G, hard disk 256G SSD), the first FPGA data process circuit 3 and the second FPGA data process circuit 5
We select Cyclone V, the concrete model 5CGXFC9C6 using ALTERA companies, and it can complete data packing and school
The operational data such as test.The connected mode of the 1 to the first FPGA data of outer net main frame process circuit 3 is 1 USB3.0 interface, two
PCIe interface and two SATA interfaces 2, two of which PCIe interface are directly connected to the first FPGA data processing electricity by outer net main frame 1
The corresponding pin on road 3, two SATA interfaces are directly connected to the corresponding pin of the first FPGA data process circuit 3 by outer net main frame 1,
USB3.0 interfaces are connected to the FX3 modules of CyPress companies by outer net main frame 1, and FX3 connects the first FPGA data by parallel port again
Pin corresponding to process circuit 3.The transmission mouth of 5 optical modules passes through 5 one-way optical fibers 4 on first FPGA data process circuit 3
Connect the receiving port of the corresponding optical module of the second FPGA data process circuit 5.Second FPGA data process circuit 5 and interior host
Machine 7 is connected to be connected by USB interface, and the hardware that Article 2 passage uses is identical with first passage, except that
Second FPGA data process circuit and the 4th data processing circuit are to the code encoding/decoding modes of the data that receive (or form inverse transformation side
Formula or decruption key and manner of decryption) it is different.
The information transferring method of this isomery multichannel security isolation, comprises the following steps:
(11) for after system program starts, outer net main frame 1 produces one first biography random number first, and according to this random number
The sequence number of multiple valid data passages is calculated, the sequence number of valid data passage is then dealt into the first FPGA data process circuit
3, then the second FPGA data process circuit 5, the second FPGA data process circuit 5 are dealt into by the first FPGA data process circuit 3
It will be preserved after the sequence number of the valid data passage received, data check made according to the sequence number of the valid data passage of preservation;When being
When system does not receive external data, said process also can be regularly repeated, ensures that valid data passage is changing always;
(12) when outer net main frame 1 receive external data need toward intranet host 7 send when,
Data form as corresponding to currently valid passage is encoded and (includes but is not limited to format conversion, encryption etc.
Mode) after be saved in buffering area corresponding to each valid data passage;
(13) data are dealt into corresponding effective data channel by outer nets main frame 1 by asynchronous mode respectively;
(14) after the first FPGA datas of process circuit 3 receives the data of each valid data passage, again by data after packing
It is dealt into one-way optical fiber 4 corresponding to effective passage;
(15) the individual reception data of each one-way optical fiber 4 of the second FPGA datas of process circuit 5, after receiving fixed length bag, first
The quantity of valid data passage is judged, if it exceeds the quantity of valid data passage, directly abandons data and pass error count
Increase, alarmed if error count reaches setting value;If the passage for receiving data is exactly current each valid data passage,
Then the data decoding (including but is not limited to format conversion or decryption) to valid data passage verifies afterwards, by the minority is subordinate to the majority
Principle obtain final data, such as each channel data differ, directly abandon data simultaneously error count is incremented by, if wrong
Miscount reaches setting value and just alarmed;
(16) final data is transferred to intranet host 7 by the second FPGA datas of process circuit 5.
In the present system, due to being used between the first FPGA data process circuit and the second FPGA data process circuit
One-way optical fiber, two links of sending and receiving communication are completely separable, and the feedback of communication, attack row can not be completed in a passage
For that just into half-open connection, hiding duplex channel (back door) can not be formed and cause to divulge a secret, the back door of hardware aspect is not just deposited
To solve the defects of data being likely to occur in half-duplex channel technology are damaged in transmitting procedure, using multiple Unidirectional lights
Fibre solves this problem, and the data of multiple one-way optical fibers test mutually school and obtain final data, its theoretical bit error rate reaches 10-28
This rank, reaches real requirement.The system uses the framework of isomery multichannel, sends data using isomery multichannel, only
The data of multiple passages transmissions are identical to be just considered as valid data, and with isomorphism multichannel ratio, this takes precautions against to a certain extent
The invalid data transmission of virus;While using isomery multichannel, the nonce count also constantly generated by system calculates effectively
Passage, system only send data by valid data passage, and when receiving terminal system verifies, only the majority in valid data passage leads to
The data in road unanimously can just obtain valid data, and there is also during data for non-effective data passage, then it is assumed that be illegal transmissions
Multichannel is being attempted to send and the simultaneously closing passage that gives a warning;The system also (includes but is not limited to lattice using data format coding
Formula converts or encryption etc.) application of technology, main frame encoded (format conversion or with different to the data of different passages
Key is encrypted), (inverse transformation or decryption) is decoded by hardware FPGA when group bag verifies, coded system or key are present in firmware
Neutralizing in software program, every equipment differs, because virus can not possibly obtain this device coding mode or key,
The data sent become (counter to change or decrypt computing) when a group bag verifies by decoding, then the data of each passage differ, thus
It can not possibly have that the data of two passages are identical, and final data is abandoned, reach the effect closed the door.Void can be also run in main frame
Intend main frame, the transmission program that system is carried runs on fictitious host computer, to separate because main frame is connected to first network unit possibility
By virus control and further control system transmission program.
By above-mentioned technology, viral illegal transmissions data reason extremely low by the probability of the system, same, intranet host
7 can also use similar scheme (simply by the way of data conversion or cipher mode or encryption key difference) to outer net main frame 1, interior
Host's machine 7 is provided with multiple transmission mouths, and transmission mouth the 3rd FPGA data process circuit 8 of corresponding connection of institute's intranet host 7 connects
Close up, the 3rd FPGA data process circuit 8 is connected by a plurality of one-way optical fiber 4 and transfers data to the 4th FPGA data
Process circuit 9, the receiving port for sending mouth connection outer net main frame 1 of the 4th FPGA data process circuit 9.Even if virus camouflage
Data by way of the operation of user enter intranet host 7 (or successfully crack data conversion and revolving door, be successfully entered in
Host's machine), and intranet host 7 is successfully controlled, become because intranet host 7 also uses different forms to outer net main frame 1
Change (or different encryption keys), virus still can not send data.Intranet host 7 needs the data of the transmission of host's machine 1 outward
When, Principle of Process is identical toward the transmission of intranet host 7 data mode with outer net main frame 1.
In the information transmission system of the isomery multichannel security isolation of an embodiment, Fig. 1 is refer to, in previous technique scheme
On the basis of can be specifically the list connected between the first FPGA data process circuit, the second FPGA data process circuit
And presence equal with the port number between outer net main frame, the first FPGA data process circuit to the number of optical fiber is one-to-one to close
System.The number of the one-way optical fiber connected between 3rd FPGA data process circuit, the 4th FPGA data process circuit with it is interior
Port number between host's machine, the 3rd FPGA data process circuit is equal and one-to-one relation be present
In the information transmission system of the isomery multichannel security isolation of an embodiment, Fig. 1 is refer to, in previous technique scheme
On the basis of can be specifically that the transmission mouth of the second FPGA data process circuit 5 passes through single channel 6 and connects the second NE 7
Receiving port, the 4th FPGA data process circuit 9 send mouth pass through single channel connect first network unit receiving port.
In the information transmission system of the isomery multichannel security isolation of an embodiment, have on the basis of previous technique scheme
Body can alarm the sound and light alarm that carries for system or to send warning message to host computer.
Above is being set forth the information transmission system of isomery multichannel security isolation of the present invention, it is used to help understand
The present invention, but embodiments of the present invention and be not restricted to the described embodiments, it is any without departing from being made under the principle of the invention
Change, modify, substitute, combine, simplify, should be equivalent substitute mode, be included in the interior of protection scope of the present invention.
Claims (10)
1. a kind of information transmission system of isomery multichannel security isolation, including first network unit and the second NE, its
It is characterised by:The first network host unit is provided with multiple transmission mouths, and the transmission mouth of the first network host unit is right
The receiving port of one first data processing circuit should be connected, first data processing circuit is connected and incited somebody to action by a plurality of one-way optical fiber
Data are transferred to the second data processing circuit, the reception for sending mouth and connecting the second NE of second data processing circuit
Mouthful.
2. the information transmission system of isomery multichannel security isolation according to claim 1, it is characterised in that:Described second
NE is provided with multiple transmission mouths, and transmission mouth the 3rd data processing circuit of corresponding connection of second NE connects
Closing up, the 3rd data processing circuit is connected by a plurality of one-way optical fiber and transfers data to the 4th data processing circuit,
The receiving port for sending mouth connection first network unit of 4th data processing circuit.
3. the information transmission system of isomery multichannel security isolation according to claim 1, it is characterised in that:Described first
The number and first network host unit of the one-way optical fiber connected between data processing circuit, second data processing circuit,
Port number between first data processing circuit is equal and one-to-one relation be present.
4. the information transmission system of isomery multichannel security isolation according to claim 2, it is characterised in that:Described 3rd
The number of the one-way optical fiber connected between data processing circuit, the 4th data processing circuit and the second NE main frame,
Port number between 3rd data processing circuit is equal and one-to-one relation be present.
5. the information transmission system of isomery multichannel security isolation according to claim 1, it is characterised in that:First data
Process circuit and the second data processing circuit are FPGA data process circuit.
6. the information transmission system of isomery multichannel security isolation according to claim 2, it is characterised in that:3rd data
Process circuit and the 4th data processing circuit are FPGA data process circuit.
7. a kind of information transferring method of isomery multichannel security isolation, it is characterised in that comprise the following steps:
(11) for after system program starts, first network host unit produces one first biography random number first, and random according to this
Number calculates the sequence number of at least three valid data passages, and the sequence number of valid data passage then is dealt into the first data processing electricity
Road, then the second data processing circuit, the significant figure that the second data processing circuit will receive are dealt into by the first data processing circuit
According to being preserved after the sequence number of passage, data check is made according to the sequence number of the valid data passage of preservation;
(12) first networks host unit receives external data and needs, toward during the transmission of the second NE main frame, data to be pressed
Form corresponding to currently valid passage is saved in buffering area corresponding to each valid data passage after being encoded;
(13) data of each buffering area are dealt into corresponding valid data by asynchronous mode respectively and led to by first networks host unit
Road;
(14) data are dealt into this again after the data processing circuits of first receive the data of each valid data passage, after packing has
Imitate one-way optical fiber corresponding to passage;
(15) each passage individual reception data of the data processing circuits of second, after receiving fixed length bag, first judge that valid data lead to
The quantity in road, if it exceeds the quantity of valid data passage, directly abandons data and be incremented by error count, if error count
Reach setting value just to alarm;If the passage for receiving data is exactly current each valid data passage, valid data are led to
Being verified after the data decoding in road, final data is obtained by the principle that the minority is subordinate to the majority, such as each channel data differs,
Directly abandon data and be incremented by error count, alarmed if error count reaches setting value;
(16) final data is transferred to the second NE main frame by the data processing circuits of second.
8. the information transferring method of isomery multichannel security isolation according to claim 7, it is characterised in that also include such as
Lower step:
(21) for after system program starts, the second NE main frame produces one second biography random number first, and random according to this
Number calculates the sequence number of at least three valid data passages, and the sequence number of valid data passage then is dealt into the 3rd data processing electricity
Road, then the 4th data processing circuit, the significant figure that the 4th data processing circuit will receive are dealt into by the 3rd data processing circuit
According to being preserved after the sequence number of passage, data check is made according to the sequence number of the valid data passage of preservation;
(22) the second NEs of main frame receives data and needs, toward during the transmission of first network host unit, data to be pressed current
Form corresponding to effective passage is saved in buffering area corresponding to each valid data passage after being encoded;
(23) each buffer data is dealt into corresponding valid data by asynchronous mode respectively and led to by the second NEs of main frame
Road;
(24) data are dealt into this again after the data processing circuits of the 3rd receive the data of each valid data passage, after packing has
Imitate one-way optical fiber corresponding to passage;
(25) each passage individual reception data of the data processing circuits of the 4th, after receiving fixed length bag, first judge that valid data lead to
The quantity in road, if it exceeds the quantity of valid data passage, directly abandons data and be incremented by error count, if error count
Reach setting value just to alarm;If the passage for receiving data is exactly current each valid data passage, valid data are led to
The data decoding in road verifies, and obtains final data by the principle that the minority is subordinate to the majority, such as each channel data differs, directly
Connect and abandon data and be incremented by error count, alarmed if error count reaches setting value;
(26) final data is transferred to first network host unit by the data processing circuits of the 4th.
9. the information transferring method of isomery multichannel security isolation according to claim 7, it is characterised in that:Step (11)
For:After system program starts, first network host unit produces one first biography random number first, and random according to this first biography
Number calculates the sequence number of at least three valid data passages, and the sequence number of valid data passage then is dealt into the first data processing electricity
Road, then the second data processing circuit, the significant figure that the second data processing circuit will receive are dealt into by the first data processing circuit
According to being preserved after the sequence number of passage, data check is made according to the sequence number of the valid data passage of preservation;Weighed again after the scheduled time
New generation first passes random number, and the sequence number of at least three valid data passages is calculated according to this first biography nonce count, then
The sequence number of valid data passage is dealt into the first data processing circuit, then is dealt into by the first data processing circuit at the second data
Circuit is managed, the second data processing circuit will be preserved after the sequence number of the valid data passage received, led to according to the valid data of preservation
The sequence number in road makees data check, subsequently repeats this process.
10. the information transferring method of isomery multichannel security isolation according to claim 8, it is characterised in that:Step
(21) it is:After system program starts, the second NE main frame produces one second biography random number first, and according to this second biography
Nonce count calculates the sequence number of at least three valid data passages, and then the sequence number of valid data passage is dealt at the 3rd data
Circuit is managed, then the 4th data processing circuit is dealt into by the 3rd data processing circuit, the 4th data processing circuit has what is received
Preserved after imitating the sequence number of data channel, data check is made according to the sequence number of the valid data passage of preservation;After the scheduled time
The second biography random number is regenerated again, and the sequence number of at least three valid data passages is calculated according to this second biography nonce count,
Then the sequence number of valid data passage is dealt into the 3rd data processing circuit, then the 4th number is dealt into by the 3rd data processing circuit
According to process circuit, the 4th data processing circuit will preserve after the sequence number of the valid data passage received, according to the significant figure of preservation
Make data check according to the sequence number of passage, subsequently repeat this process.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710782879.3A CN107493292B (en) | 2017-09-03 | 2017-09-03 | Heterogeneous multi-channel safety isolation information transmission system and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710782879.3A CN107493292B (en) | 2017-09-03 | 2017-09-03 | Heterogeneous multi-channel safety isolation information transmission system and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN107493292A true CN107493292A (en) | 2017-12-19 |
CN107493292B CN107493292B (en) | 2023-04-07 |
Family
ID=60651340
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710782879.3A Active CN107493292B (en) | 2017-09-03 | 2017-09-03 | Heterogeneous multi-channel safety isolation information transmission system and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107493292B (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108429729A (en) * | 2018-01-19 | 2018-08-21 | 昆明理工大学 | Data communication isolating system and its partition method under industrial big data acquisition environment |
CN109617908A (en) * | 2019-01-07 | 2019-04-12 | 北京航天晨信科技有限责任公司 | The classified information transmission method and system of integrated communication unit |
CN110674509A (en) * | 2019-07-30 | 2020-01-10 | 浙江华云信息科技有限公司 | System for realizing cross-network high-frequency data secure transmission and working method thereof |
CN110730170A (en) * | 2019-10-10 | 2020-01-24 | 山东超越数控电子股份有限公司 | Internal and external network isolation method and system |
CN111224931A (en) * | 2019-10-11 | 2020-06-02 | 工业互联网创新中心(上海)有限公司 | Industrial isolation communication system and method |
CN114095184A (en) * | 2020-07-15 | 2022-02-25 | 中国航发上海商用航空发动机制造有限责任公司 | Data transmission system and transmission method thereof |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1601955A (en) * | 2003-09-23 | 2005-03-30 | 北京国保金泰信息安全技术有限公司 | Data one-way transmission system based on one-way isolated hardware channel |
CN101127680A (en) * | 2007-07-20 | 2008-02-20 | 胡德勇 | Unidirectional physical separation network brake for USB optical fiber |
US20090055934A1 (en) * | 2007-08-24 | 2009-02-26 | Richard Albert Jauer | Method and apparatus for simultaneous viewing of two isolated data sources |
CN101867417A (en) * | 2010-07-01 | 2010-10-20 | 中国人民解放军国防科学技术大学 | Unidirectional transmission method based on optical fiber multi-way coupling |
CN104683352A (en) * | 2015-03-18 | 2015-06-03 | 宁波科安网信通讯科技有限公司 | Industrial communication isolation gap with double-channel ferrying function |
US20160080033A1 (en) * | 2014-09-11 | 2016-03-17 | Electronics And Telecommunications Research Institute | Physical unidirectional communication apparatus and method |
CN106850156A (en) * | 2016-11-28 | 2017-06-13 | 深圳市鑫之淼科技有限公司 | No-feedback one-way data transmission set and transmission method based on network interface |
CN106850188A (en) * | 2017-01-24 | 2017-06-13 | 中国航天系统科学与工程研究院 | A kind of data transmission system based on multichannel isomery one-way transmission path |
-
2017
- 2017-09-03 CN CN201710782879.3A patent/CN107493292B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1601955A (en) * | 2003-09-23 | 2005-03-30 | 北京国保金泰信息安全技术有限公司 | Data one-way transmission system based on one-way isolated hardware channel |
CN101127680A (en) * | 2007-07-20 | 2008-02-20 | 胡德勇 | Unidirectional physical separation network brake for USB optical fiber |
US20090055934A1 (en) * | 2007-08-24 | 2009-02-26 | Richard Albert Jauer | Method and apparatus for simultaneous viewing of two isolated data sources |
CN101867417A (en) * | 2010-07-01 | 2010-10-20 | 中国人民解放军国防科学技术大学 | Unidirectional transmission method based on optical fiber multi-way coupling |
US20160080033A1 (en) * | 2014-09-11 | 2016-03-17 | Electronics And Telecommunications Research Institute | Physical unidirectional communication apparatus and method |
CN104683352A (en) * | 2015-03-18 | 2015-06-03 | 宁波科安网信通讯科技有限公司 | Industrial communication isolation gap with double-channel ferrying function |
CN106850156A (en) * | 2016-11-28 | 2017-06-13 | 深圳市鑫之淼科技有限公司 | No-feedback one-way data transmission set and transmission method based on network interface |
CN106850188A (en) * | 2017-01-24 | 2017-06-13 | 中国航天系统科学与工程研究院 | A kind of data transmission system based on multichannel isomery one-way transmission path |
Non-Patent Citations (1)
Title |
---|
杨越: "基于多传输通道的单向传输技术研究" * |
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN108429729A (en) * | 2018-01-19 | 2018-08-21 | 昆明理工大学 | Data communication isolating system and its partition method under industrial big data acquisition environment |
CN108429729B (en) * | 2018-01-19 | 2023-07-18 | 昆明理工大学 | Data communication isolation system and isolation method in industrial big data acquisition environment |
CN109617908A (en) * | 2019-01-07 | 2019-04-12 | 北京航天晨信科技有限责任公司 | The classified information transmission method and system of integrated communication unit |
CN109617908B (en) * | 2019-01-07 | 2021-09-17 | 北京航天晨信科技有限责任公司 | Secret-related information transmission method and system of integrated communication unit |
CN110674509A (en) * | 2019-07-30 | 2020-01-10 | 浙江华云信息科技有限公司 | System for realizing cross-network high-frequency data secure transmission and working method thereof |
CN110674509B (en) * | 2019-07-30 | 2021-06-29 | 浙江华云信息科技有限公司 | System for realizing cross-network high-frequency data secure transmission and working method thereof |
CN110730170A (en) * | 2019-10-10 | 2020-01-24 | 山东超越数控电子股份有限公司 | Internal and external network isolation method and system |
CN111224931A (en) * | 2019-10-11 | 2020-06-02 | 工业互联网创新中心(上海)有限公司 | Industrial isolation communication system and method |
CN114095184A (en) * | 2020-07-15 | 2022-02-25 | 中国航发上海商用航空发动机制造有限责任公司 | Data transmission system and transmission method thereof |
Also Published As
Publication number | Publication date |
---|---|
CN107493292B (en) | 2023-04-07 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107493292A (en) | The information transmission system and method for isomery multichannel security isolation | |
Xin | A mixed encryption algorithm used in internet of things security transmission system | |
CN101789866B (en) | High-reliability safety isolation and information exchange method | |
CN102780698A (en) | User terminal safety communication method in platform of Internet of Things | |
CN100521598C (en) | Method and system of implementing secure communication between internal and external computer networks based on simplex communication principle | |
CN107026874A (en) | One kind instruction signature and verification method and system | |
CN105721443B (en) | A kind of link session cipher negotiating method and device | |
CN107065750B (en) | The industrial control network dynamic security method of interior raw safety | |
CN105207950B (en) | A kind of communication data guard method based on SDN technology | |
CN103237036A (en) | Device for realizing physical partition of internal and external networks | |
CN106549502B (en) | A kind of safe distribution of electric power protecting, monitoring system | |
CN107276753A (en) | The quantum key distribution system and method for a kind of channel multiplexing | |
CN103209191A (en) | Method for realizing physical partition of internal and external networks | |
CN109995528A (en) | Bidirectional identity authentication and half quantum safety direct communication method for resisting channel noise | |
CN111556062B (en) | Network security isolation device with one-way import function and method | |
CN206506555U (en) | The information transmission system of isomery multichannel security isolation | |
CN109302432A (en) | Network communication data combined ciphering transmission method based on network security isolation technique | |
CN103458401B (en) | A kind of voice encryption communication system and communication means | |
CN114500068B (en) | Information data exchange system based on safety isolation gatekeeper | |
Kent | Encryption-based protection for interactive user/computer communication | |
CN106203188B (en) | A kind of Unilateral Data Transferring System and its method adding MAC based on dual processors | |
CN207926637U (en) | The information transmission system of isomery multichannel security isolation | |
CN102098672A (en) | Method and system for transmitting key information, transmitting end and receiving end | |
CN1832400A (en) | Contents protection system and method | |
CN102694652B (en) | A kind of method using symmetric cryptographic algorithm to realize light-weight authentication encryption |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |