CN107493292A - The information transmission system and method for isomery multichannel security isolation - Google Patents

The information transmission system and method for isomery multichannel security isolation Download PDF

Info

Publication number
CN107493292A
CN107493292A CN201710782879.3A CN201710782879A CN107493292A CN 107493292 A CN107493292 A CN 107493292A CN 201710782879 A CN201710782879 A CN 201710782879A CN 107493292 A CN107493292 A CN 107493292A
Authority
CN
China
Prior art keywords
data
data processing
passage
processing circuit
sequence number
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201710782879.3A
Other languages
Chinese (zh)
Other versions
CN107493292B (en
Inventor
陆正中
谢正波
刘霖
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SHENZHEN ZHONGRUIYUAN TECHNOLOGY Co Ltd
Original Assignee
SHENZHEN ZHONGRUIYUAN TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SHENZHEN ZHONGRUIYUAN TECHNOLOGY Co Ltd filed Critical SHENZHEN ZHONGRUIYUAN TECHNOLOGY Co Ltd
Priority to CN201710782879.3A priority Critical patent/CN107493292B/en
Publication of CN107493292A publication Critical patent/CN107493292A/en
Application granted granted Critical
Publication of CN107493292B publication Critical patent/CN107493292B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/067Network architectures or network communication protocols for network security for supporting key management in a packet data network using one-time keys
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D30/00Reducing energy consumption in communication networks
    • Y02D30/50Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate

Abstract

The invention discloses a kind of information transmission system of isomery multichannel security isolation, including first network unit and the second NE, the first network host unit is provided with multiple transmission mouths, the transmission mouth of the first network host unit is correspondingly connected to the receiving port of the first data processing circuit, first data processing circuit is connected by a plurality of one-way optical fiber and transfers data to the second data processing circuit, the receiving port for sending mouth and connecting the second NE of second data processing circuit.The invention also discloses the transmission method of the information of this multichannel security isolation.The advantages of invalid data caused by the present invention has data transfer complete and can eliminate possible back door caused by physical connection and can take precautions against virus control computer exchanges.

Description

The information transmission system and method for isomery multichannel security isolation
Technical field
The present invention relates to data transmission technology, and physical connection generation can be completely eliminated more particularly, to a kind of data transfer Possibility back door and the information of isomery multichannel security isolation that exchanges of invalid data caused by virus control computer can be taken precautions against Transmission system and method.
Background technology
The network in China and informatization achieve remarkable achievement by years development, based on information system System construction ability significantly increases, and the application level of network and information system is substantially improved.But in the west headed by the U.S. Science and technology power is first sent out in face of technical advantage and aggressive offensive strategy, and China's network security level and defense system are on the whole Still it is in strategic weak tendency.Main cyberspace basic situation is shown as:Comparison of industrial basis is poor;Belong to tracking mode on the whole Scientific research, including cyberspace fall within safely the scientific research of tracking mode, some phenomenons of village hollowing also be present;Independent development is difficult to cover Cover whole ecological environment and control whole links of theft-resistant link chain;Cyberspace present " by it is transparent, by net processed " state.
A strategy " Jiong borders " is faced during the current Network Security Construction in China:On the one hand, it is advanced without import Property, maturity and promptness cannot be guaranteed;But then, with the prestige for not being avoided that " poisonous to carry disease germs " component again of import The side of body, security are difficult to ensure that.
So we face two basic safety problems that can not avoid:It is the letter under current technical capability first The leak ceased in systematical design idea is unavoidable;Next to that for the current autonomous industry ability in China, completely Independently controllable to be difficult to reach, " by back door " can not avoid.
Realize that the equipment that security isolation exchanges with information typically there are following several technologies now:Ferry-boat technology is (based on switch Switching), buffering area mechanics of communication (based on switch switching) and half-duplex channel technology.Wherein ferry-boat technology and buffering area mechanics of communication Scheme, (there may be back door as covert channel) that physically two networks are connected together, and virus can be with By disguising oneself as, data back ferry-boat passes through security isolation and the information transmission system (invalid data exchanges), so relative is uneasy Complete.So-called half-duplex channel, it is exactly that two links of sending and receiving of communication are completely separable, can not completes to communicate in a passage Feedback, attack just into half-open connection, can not form hiding duplex channel (back door) and cause to divulge a secret, it is impossible to play Effect.Sender sends data by all means, and data side receives data by all means.If only one direction, the integrality to data is that have very Influence greatly.For example data are damaged in transmitting procedure, recipient does not notify the possibility that sender retransmits, and only abandons.It is right For sender, data are sent by all means, whether other side is received, and whether data are available not to be known.But half-duplex channel technology Security is ensure that on the basis of having certain infringement to data integrity.
The content of the invention
Produced to solve the above problems, completely eliminating physical connection it is an object of the invention to provide a kind of data transfer Possibility back door and the information of isomery multichannel security isolation that exchanges of invalid data caused by virus control computer can be taken precautions against Transmission system.
The present invention is realized by following technical measures, a kind of information transmission system of isomery multichannel security isolation, is wrapped Include first network unit and the second NE, it is characterised in that:The first network host unit is provided with multiple transmission mouths, The receiving port for sending mouth one first data processing circuit of corresponding connection of the first network host unit, at first data Reason circuit is connected by a plurality of one-way optical fiber and transfers data to the second data processing circuit, second data processing circuit Send mouth connect the second NE receiving port.
As a kind of preferred embodiment, second NE is provided with multiple transmission mouths, second NE The receiving port of mouth the 3rd data processing circuit of corresponding connection is sent, the 3rd data processing circuit is connected by a plurality of one-way optical fiber Connect and transfer data to the 4th data processing circuit, the transmission mouth connection first network unit of the 4th data processing circuit Receiving port.
As a kind of preferred embodiment, connected between first data processing circuit, second data processing circuit Port number between the number of one-way optical fiber and first network host unit, the first data processing circuit is equal and exists one a pair The relation answered.
As a kind of preferred embodiment, connected between the 3rd data processing circuit, the 4th data processing circuit Port number between the number of one-way optical fiber and the second NE main frame, the 3rd data processing circuit is equal and exists one a pair The relation answered.
As a kind of preferred embodiment, the first data processing circuit and the second data processing circuit are FPGA data processing electricity Road.
As a kind of preferred embodiment, the 3rd data processing circuit and the 4th data processing circuit are FPGA data processing electricity Road.
The invention also discloses a kind of information transferring method of isomery multichannel security isolation, it comprises the following steps:
(11) for after system program starts, first network host unit produces one first biography random number first, and according to this Nonce count calculates the sequence number of at least three valid data passages, and then the sequence number of valid data passage is dealt at the first data Circuit is managed, then the second data processing circuit is dealt into by the first data processing circuit, the second data processing circuit has what is received Preserved after imitating the sequence number of data channel, data check is made according to the sequence number of the valid data passage of preservation;
(12) first networks host unit receive external data need toward the second NE main frame send when, by number Buffering area corresponding to each valid data passage is saved in after being encoded according to the form as corresponding to currently valid passage;
(13) data of each buffering area are dealt into corresponding significant figure by first networks host unit by asynchronous mode respectively According to passage;
(14) after the data processing circuits of first receive the data of each valid data passage, data are dealt into again after packing One-way optical fiber corresponding to effective passage;
(15) each passage individual reception data of the data processing circuits of second, after receiving fixed length bag, first judge significant figure According to the quantity of passage, if it exceeds the quantity of valid data passage, directly abandons data and is incremented by error count, if mistake Counting reaches setting value and just alarmed;If the passage for receiving data is exactly current each valid data passage, to significant figure According to being verified after the data decoding of passage, final data is obtained by the principle that the minority is subordinate to the majority, such as each channel data not It is identical, directly abandon data and be incremented by error count, alarmed if error count reaches setting value;
(16) final data is transferred to the second NE main frame by the data processing circuits of second.
As a kind of preferred embodiment, also comprise the following steps:
(21) for after system program starts, the second NE main frame produces one second biography random number first, and according to this Nonce count calculates the sequence number of at least three valid data passages, and then the sequence number of valid data passage is dealt at the 3rd data Circuit is managed, then the 4th data processing circuit is dealt into by the 3rd data processing circuit, the 4th data processing circuit has what is received Preserved after imitating the sequence number of data channel, data check is made according to the sequence number of the valid data passage of preservation;
(22) the second NEs of main frame receives data and needs, toward during the transmission of first network host unit, data to be pressed Form corresponding to currently valid passage is saved in buffering area corresponding to each valid data passage after being encoded;
(23) each buffer data is dealt into corresponding valid data by the second NEs of main frame by asynchronous mode respectively Passage;
(24) after the data processing circuits of the 3rd receive the data of each valid data passage, data are dealt into again after packing One-way optical fiber corresponding to effective passage;
(25) each passage individual reception data of the data processing circuits of the 4th, after receiving fixed length bag, first judge significant figure According to the quantity of passage, if it exceeds the quantity of valid data passage, directly abandons data and is incremented by error count, if mistake Counting reaches setting value and just alarmed;If the passage for receiving data is exactly current each valid data passage, to significant figure Verified according to the data decoding of passage, final data is obtained by the principle that the minority is subordinate to the majority, such as each channel data not phase Together, data are directly abandoned and are incremented by error count, are alarmed if error count reaches setting value;
(26) final data is transferred to first network host unit by the data processing circuits of the 4th.
As a kind of preferred embodiment, step (11) is:After system program starts, first network host unit produces first One first passes random number, and the sequence number of at least three valid data passages is calculated according to this first biography nonce count, will then have The sequence number of effect data channel is dealt into the first data processing circuit, then is dealt into the second data processing electricity by the first data processing circuit Road, the second data processing circuit will preserve after the sequence number of the valid data passage received, according to the valid data passage of preservation Sequence number makees data check;Regenerate the first biography random number again after the scheduled time, and calculated according to this first biography random number Go out the sequence number of at least three valid data passages, the sequence number of valid data passage is then dealt into the first data processing circuit, then Second data processing circuit, the valid data passage that the second data processing circuit will receive are dealt into by the first data processing circuit Sequence number after preserve, data check is made according to the sequence number of the valid data passage of preservation, subsequently repeats this process..
As a kind of preferred embodiment, step (21) is:After system program starts, the second NE main frame produces first One second passes random number, and the sequence number of at least three valid data passages is calculated according to this second biography nonce count, will then have The sequence number of effect data channel is dealt into the 3rd data processing circuit, then is dealt into the 4th data processing electricity by the 3rd data processing circuit Road, the 4th data processing circuit will preserve after the sequence number of the valid data passage received, according to the valid data passage of preservation Sequence number makees data check;Regenerate the second biography random number again after the scheduled time, and calculated according to this second biography random number Go out the sequence number of at least three valid data passages, the sequence number of valid data passage is then dealt into the 3rd data processing circuit, then 4th data processing circuit, the valid data passage that the 4th data processing circuit will receive are dealt into by the 3rd data processing circuit Sequence number after preserve, data check is made according to the sequence number of the valid data passage of preservation, subsequently repeats this process.
The present invention between the first data processing circuit and the second data processing circuit due to using in one-way optical fiber, logical Two links of sending and receiving of news are completely separable, the feedback of communication can not be completed in a passage, attack is just into half-open Connection, can not form hiding duplex channel (back door) and cause to divulge a secret, and the back door of hardware aspect is just not present, unidirectional to solve The defects of data being likely to occur in passage technology are damaged in transmitting procedure, asked using multiple one-way optical fibers to solve this Topic, the data of multiple one-way optical fibers test mutually school and obtain final data, and its theoretical bit error rate reaches 10-28This rank, reach real With requiring.The system uses the framework of isomery multichannel, and data, the number that only multiple passages are sent are sent using isomery multichannel Valid data can be just considered as according to identical, with isomorphism multichannel ratio, this invalid data for having taken precautions against virus to a certain extent passes It is defeated;While using isomery multichannel, the nonce count also constantly generated by system calculates effective passage, and system is only by effective Data channel sends data, and when receiving terminal system verifies, the data of the only multi-channel in valid data passage unanimously just can Valid data are obtained, and there is also during data for non-effective data passage, then it is assumed that be that illegal transmissions are attempting multichannel transmission And the simultaneously closing passage that gives a warning;The present invention also uses the application of Data Transform (encryption) technology, and main frame leads to different The data in road carry out format conversion (or being encrypted with different keys), when group bag verifies by hardware such as FPGA make inverse transformation (or Person decrypts), key is present in firmware with software program, and every equipment differs, because virus can not possibly obtain this Device keyses, thus the data sent in group bag verification by conversion (or decryption computing), then the data of each passage not phase Together, thus can not possibly have two passages data it is identical, final data is abandoned, reached close the door effect.In main frame also Fictitious host computer can be run, the transmission program that system is carried runs on fictitious host computer, to separate because main frame is connected to first network Unit may be by virus control and further control system transmission program.
Brief description of the drawings
Fig. 1 is the structured flowchart of the embodiment of the present invention.
Embodiment
With reference to embodiment and compare accompanying drawing the present invention is described in further detail.
A kind of information transmission system of isomery multichannel security isolation of the present embodiment, refer to Fig. 1, and the inside has two firmly Part passage, first passage are the data channel of the transmission data of the inside net unit of outer net unit.Article 2 passage is Intranet list First outwards net unit sends the data channel of data.Hardware aspect, outer net main frame 1 and intranet host 1 we select Jijia Brix 5200 (I5CPU, internal memory 16G, hard disk 256G SSD), the first FPGA data process circuit 3 and the second FPGA data process circuit 5 We select Cyclone V, the concrete model 5CGXFC9C6 using ALTERA companies, and it can complete data packing and school The operational data such as test.The connected mode of the 1 to the first FPGA data of outer net main frame process circuit 3 is 1 USB3.0 interface, two PCIe interface and two SATA interfaces 2, two of which PCIe interface are directly connected to the first FPGA data processing electricity by outer net main frame 1 The corresponding pin on road 3, two SATA interfaces are directly connected to the corresponding pin of the first FPGA data process circuit 3 by outer net main frame 1, USB3.0 interfaces are connected to the FX3 modules of CyPress companies by outer net main frame 1, and FX3 connects the first FPGA data by parallel port again Pin corresponding to process circuit 3.The transmission mouth of 5 optical modules passes through 5 one-way optical fibers 4 on first FPGA data process circuit 3 Connect the receiving port of the corresponding optical module of the second FPGA data process circuit 5.Second FPGA data process circuit 5 and interior host Machine 7 is connected to be connected by USB interface, and the hardware that Article 2 passage uses is identical with first passage, except that Second FPGA data process circuit and the 4th data processing circuit are to the code encoding/decoding modes of the data that receive (or form inverse transformation side Formula or decruption key and manner of decryption) it is different.
The information transferring method of this isomery multichannel security isolation, comprises the following steps:
(11) for after system program starts, outer net main frame 1 produces one first biography random number first, and according to this random number The sequence number of multiple valid data passages is calculated, the sequence number of valid data passage is then dealt into the first FPGA data process circuit 3, then the second FPGA data process circuit 5, the second FPGA data process circuit 5 are dealt into by the first FPGA data process circuit 3 It will be preserved after the sequence number of the valid data passage received, data check made according to the sequence number of the valid data passage of preservation;When being When system does not receive external data, said process also can be regularly repeated, ensures that valid data passage is changing always;
(12) when outer net main frame 1 receive external data need toward intranet host 7 send when,
Data form as corresponding to currently valid passage is encoded and (includes but is not limited to format conversion, encryption etc. Mode) after be saved in buffering area corresponding to each valid data passage;
(13) data are dealt into corresponding effective data channel by outer nets main frame 1 by asynchronous mode respectively;
(14) after the first FPGA datas of process circuit 3 receives the data of each valid data passage, again by data after packing It is dealt into one-way optical fiber 4 corresponding to effective passage;
(15) the individual reception data of each one-way optical fiber 4 of the second FPGA datas of process circuit 5, after receiving fixed length bag, first The quantity of valid data passage is judged, if it exceeds the quantity of valid data passage, directly abandons data and pass error count Increase, alarmed if error count reaches setting value;If the passage for receiving data is exactly current each valid data passage, Then the data decoding (including but is not limited to format conversion or decryption) to valid data passage verifies afterwards, by the minority is subordinate to the majority Principle obtain final data, such as each channel data differ, directly abandon data simultaneously error count is incremented by, if wrong Miscount reaches setting value and just alarmed;
(16) final data is transferred to intranet host 7 by the second FPGA datas of process circuit 5.
In the present system, due to being used between the first FPGA data process circuit and the second FPGA data process circuit One-way optical fiber, two links of sending and receiving communication are completely separable, and the feedback of communication, attack row can not be completed in a passage For that just into half-open connection, hiding duplex channel (back door) can not be formed and cause to divulge a secret, the back door of hardware aspect is not just deposited To solve the defects of data being likely to occur in half-duplex channel technology are damaged in transmitting procedure, using multiple Unidirectional lights Fibre solves this problem, and the data of multiple one-way optical fibers test mutually school and obtain final data, its theoretical bit error rate reaches 10-28 This rank, reaches real requirement.The system uses the framework of isomery multichannel, sends data using isomery multichannel, only The data of multiple passages transmissions are identical to be just considered as valid data, and with isomorphism multichannel ratio, this takes precautions against to a certain extent The invalid data transmission of virus;While using isomery multichannel, the nonce count also constantly generated by system calculates effectively Passage, system only send data by valid data passage, and when receiving terminal system verifies, only the majority in valid data passage leads to The data in road unanimously can just obtain valid data, and there is also during data for non-effective data passage, then it is assumed that be illegal transmissions Multichannel is being attempted to send and the simultaneously closing passage that gives a warning;The system also (includes but is not limited to lattice using data format coding Formula converts or encryption etc.) application of technology, main frame encoded (format conversion or with different to the data of different passages Key is encrypted), (inverse transformation or decryption) is decoded by hardware FPGA when group bag verifies, coded system or key are present in firmware Neutralizing in software program, every equipment differs, because virus can not possibly obtain this device coding mode or key, The data sent become (counter to change or decrypt computing) when a group bag verifies by decoding, then the data of each passage differ, thus It can not possibly have that the data of two passages are identical, and final data is abandoned, reach the effect closed the door.Void can be also run in main frame Intend main frame, the transmission program that system is carried runs on fictitious host computer, to separate because main frame is connected to first network unit possibility By virus control and further control system transmission program.
By above-mentioned technology, viral illegal transmissions data reason extremely low by the probability of the system, same, intranet host 7 can also use similar scheme (simply by the way of data conversion or cipher mode or encryption key difference) to outer net main frame 1, interior Host's machine 7 is provided with multiple transmission mouths, and transmission mouth the 3rd FPGA data process circuit 8 of corresponding connection of institute's intranet host 7 connects Close up, the 3rd FPGA data process circuit 8 is connected by a plurality of one-way optical fiber 4 and transfers data to the 4th FPGA data Process circuit 9, the receiving port for sending mouth connection outer net main frame 1 of the 4th FPGA data process circuit 9.Even if virus camouflage Data by way of the operation of user enter intranet host 7 (or successfully crack data conversion and revolving door, be successfully entered in Host's machine), and intranet host 7 is successfully controlled, become because intranet host 7 also uses different forms to outer net main frame 1 Change (or different encryption keys), virus still can not send data.Intranet host 7 needs the data of the transmission of host's machine 1 outward When, Principle of Process is identical toward the transmission of intranet host 7 data mode with outer net main frame 1.
In the information transmission system of the isomery multichannel security isolation of an embodiment, Fig. 1 is refer to, in previous technique scheme On the basis of can be specifically the list connected between the first FPGA data process circuit, the second FPGA data process circuit And presence equal with the port number between outer net main frame, the first FPGA data process circuit to the number of optical fiber is one-to-one to close System.The number of the one-way optical fiber connected between 3rd FPGA data process circuit, the 4th FPGA data process circuit with it is interior Port number between host's machine, the 3rd FPGA data process circuit is equal and one-to-one relation be present
In the information transmission system of the isomery multichannel security isolation of an embodiment, Fig. 1 is refer to, in previous technique scheme On the basis of can be specifically that the transmission mouth of the second FPGA data process circuit 5 passes through single channel 6 and connects the second NE 7 Receiving port, the 4th FPGA data process circuit 9 send mouth pass through single channel connect first network unit receiving port.
In the information transmission system of the isomery multichannel security isolation of an embodiment, have on the basis of previous technique scheme Body can alarm the sound and light alarm that carries for system or to send warning message to host computer.
Above is being set forth the information transmission system of isomery multichannel security isolation of the present invention, it is used to help understand The present invention, but embodiments of the present invention and be not restricted to the described embodiments, it is any without departing from being made under the principle of the invention Change, modify, substitute, combine, simplify, should be equivalent substitute mode, be included in the interior of protection scope of the present invention.

Claims (10)

1. a kind of information transmission system of isomery multichannel security isolation, including first network unit and the second NE, its It is characterised by:The first network host unit is provided with multiple transmission mouths, and the transmission mouth of the first network host unit is right The receiving port of one first data processing circuit should be connected, first data processing circuit is connected and incited somebody to action by a plurality of one-way optical fiber Data are transferred to the second data processing circuit, the reception for sending mouth and connecting the second NE of second data processing circuit Mouthful.
2. the information transmission system of isomery multichannel security isolation according to claim 1, it is characterised in that:Described second NE is provided with multiple transmission mouths, and transmission mouth the 3rd data processing circuit of corresponding connection of second NE connects Closing up, the 3rd data processing circuit is connected by a plurality of one-way optical fiber and transfers data to the 4th data processing circuit, The receiving port for sending mouth connection first network unit of 4th data processing circuit.
3. the information transmission system of isomery multichannel security isolation according to claim 1, it is characterised in that:Described first The number and first network host unit of the one-way optical fiber connected between data processing circuit, second data processing circuit, Port number between first data processing circuit is equal and one-to-one relation be present.
4. the information transmission system of isomery multichannel security isolation according to claim 2, it is characterised in that:Described 3rd The number of the one-way optical fiber connected between data processing circuit, the 4th data processing circuit and the second NE main frame, Port number between 3rd data processing circuit is equal and one-to-one relation be present.
5. the information transmission system of isomery multichannel security isolation according to claim 1, it is characterised in that:First data Process circuit and the second data processing circuit are FPGA data process circuit.
6. the information transmission system of isomery multichannel security isolation according to claim 2, it is characterised in that:3rd data Process circuit and the 4th data processing circuit are FPGA data process circuit.
7. a kind of information transferring method of isomery multichannel security isolation, it is characterised in that comprise the following steps:
(11) for after system program starts, first network host unit produces one first biography random number first, and random according to this Number calculates the sequence number of at least three valid data passages, and the sequence number of valid data passage then is dealt into the first data processing electricity Road, then the second data processing circuit, the significant figure that the second data processing circuit will receive are dealt into by the first data processing circuit According to being preserved after the sequence number of passage, data check is made according to the sequence number of the valid data passage of preservation;
(12) first networks host unit receives external data and needs, toward during the transmission of the second NE main frame, data to be pressed Form corresponding to currently valid passage is saved in buffering area corresponding to each valid data passage after being encoded;
(13) data of each buffering area are dealt into corresponding valid data by asynchronous mode respectively and led to by first networks host unit Road;
(14) data are dealt into this again after the data processing circuits of first receive the data of each valid data passage, after packing has Imitate one-way optical fiber corresponding to passage;
(15) each passage individual reception data of the data processing circuits of second, after receiving fixed length bag, first judge that valid data lead to The quantity in road, if it exceeds the quantity of valid data passage, directly abandons data and be incremented by error count, if error count Reach setting value just to alarm;If the passage for receiving data is exactly current each valid data passage, valid data are led to Being verified after the data decoding in road, final data is obtained by the principle that the minority is subordinate to the majority, such as each channel data differs, Directly abandon data and be incremented by error count, alarmed if error count reaches setting value;
(16) final data is transferred to the second NE main frame by the data processing circuits of second.
8. the information transferring method of isomery multichannel security isolation according to claim 7, it is characterised in that also include such as Lower step:
(21) for after system program starts, the second NE main frame produces one second biography random number first, and random according to this Number calculates the sequence number of at least three valid data passages, and the sequence number of valid data passage then is dealt into the 3rd data processing electricity Road, then the 4th data processing circuit, the significant figure that the 4th data processing circuit will receive are dealt into by the 3rd data processing circuit According to being preserved after the sequence number of passage, data check is made according to the sequence number of the valid data passage of preservation;
(22) the second NEs of main frame receives data and needs, toward during the transmission of first network host unit, data to be pressed current Form corresponding to effective passage is saved in buffering area corresponding to each valid data passage after being encoded;
(23) each buffer data is dealt into corresponding valid data by asynchronous mode respectively and led to by the second NEs of main frame Road;
(24) data are dealt into this again after the data processing circuits of the 3rd receive the data of each valid data passage, after packing has Imitate one-way optical fiber corresponding to passage;
(25) each passage individual reception data of the data processing circuits of the 4th, after receiving fixed length bag, first judge that valid data lead to The quantity in road, if it exceeds the quantity of valid data passage, directly abandons data and be incremented by error count, if error count Reach setting value just to alarm;If the passage for receiving data is exactly current each valid data passage, valid data are led to The data decoding in road verifies, and obtains final data by the principle that the minority is subordinate to the majority, such as each channel data differs, directly Connect and abandon data and be incremented by error count, alarmed if error count reaches setting value;
(26) final data is transferred to first network host unit by the data processing circuits of the 4th.
9. the information transferring method of isomery multichannel security isolation according to claim 7, it is characterised in that:Step (11) For:After system program starts, first network host unit produces one first biography random number first, and random according to this first biography Number calculates the sequence number of at least three valid data passages, and the sequence number of valid data passage then is dealt into the first data processing electricity Road, then the second data processing circuit, the significant figure that the second data processing circuit will receive are dealt into by the first data processing circuit According to being preserved after the sequence number of passage, data check is made according to the sequence number of the valid data passage of preservation;Weighed again after the scheduled time New generation first passes random number, and the sequence number of at least three valid data passages is calculated according to this first biography nonce count, then The sequence number of valid data passage is dealt into the first data processing circuit, then is dealt into by the first data processing circuit at the second data Circuit is managed, the second data processing circuit will be preserved after the sequence number of the valid data passage received, led to according to the valid data of preservation The sequence number in road makees data check, subsequently repeats this process.
10. the information transferring method of isomery multichannel security isolation according to claim 8, it is characterised in that:Step (21) it is:After system program starts, the second NE main frame produces one second biography random number first, and according to this second biography Nonce count calculates the sequence number of at least three valid data passages, and then the sequence number of valid data passage is dealt at the 3rd data Circuit is managed, then the 4th data processing circuit is dealt into by the 3rd data processing circuit, the 4th data processing circuit has what is received Preserved after imitating the sequence number of data channel, data check is made according to the sequence number of the valid data passage of preservation;After the scheduled time The second biography random number is regenerated again, and the sequence number of at least three valid data passages is calculated according to this second biography nonce count, Then the sequence number of valid data passage is dealt into the 3rd data processing circuit, then the 4th number is dealt into by the 3rd data processing circuit According to process circuit, the 4th data processing circuit will preserve after the sequence number of the valid data passage received, according to the significant figure of preservation Make data check according to the sequence number of passage, subsequently repeat this process.
CN201710782879.3A 2017-09-03 2017-09-03 Heterogeneous multi-channel safety isolation information transmission system and method Active CN107493292B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710782879.3A CN107493292B (en) 2017-09-03 2017-09-03 Heterogeneous multi-channel safety isolation information transmission system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710782879.3A CN107493292B (en) 2017-09-03 2017-09-03 Heterogeneous multi-channel safety isolation information transmission system and method

Publications (2)

Publication Number Publication Date
CN107493292A true CN107493292A (en) 2017-12-19
CN107493292B CN107493292B (en) 2023-04-07

Family

ID=60651340

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710782879.3A Active CN107493292B (en) 2017-09-03 2017-09-03 Heterogeneous multi-channel safety isolation information transmission system and method

Country Status (1)

Country Link
CN (1) CN107493292B (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108429729A (en) * 2018-01-19 2018-08-21 昆明理工大学 Data communication isolating system and its partition method under industrial big data acquisition environment
CN109617908A (en) * 2019-01-07 2019-04-12 北京航天晨信科技有限责任公司 The classified information transmission method and system of integrated communication unit
CN110674509A (en) * 2019-07-30 2020-01-10 浙江华云信息科技有限公司 System for realizing cross-network high-frequency data secure transmission and working method thereof
CN110730170A (en) * 2019-10-10 2020-01-24 山东超越数控电子股份有限公司 Internal and external network isolation method and system
CN111224931A (en) * 2019-10-11 2020-06-02 工业互联网创新中心(上海)有限公司 Industrial isolation communication system and method
CN114095184A (en) * 2020-07-15 2022-02-25 中国航发上海商用航空发动机制造有限责任公司 Data transmission system and transmission method thereof

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1601955A (en) * 2003-09-23 2005-03-30 北京国保金泰信息安全技术有限公司 Data one-way transmission system based on one-way isolated hardware channel
CN101127680A (en) * 2007-07-20 2008-02-20 胡德勇 Unidirectional physical separation network brake for USB optical fiber
US20090055934A1 (en) * 2007-08-24 2009-02-26 Richard Albert Jauer Method and apparatus for simultaneous viewing of two isolated data sources
CN101867417A (en) * 2010-07-01 2010-10-20 中国人民解放军国防科学技术大学 Unidirectional transmission method based on optical fiber multi-way coupling
CN104683352A (en) * 2015-03-18 2015-06-03 宁波科安网信通讯科技有限公司 Industrial communication isolation gap with double-channel ferrying function
US20160080033A1 (en) * 2014-09-11 2016-03-17 Electronics And Telecommunications Research Institute Physical unidirectional communication apparatus and method
CN106850156A (en) * 2016-11-28 2017-06-13 深圳市鑫之淼科技有限公司 No-feedback one-way data transmission set and transmission method based on network interface
CN106850188A (en) * 2017-01-24 2017-06-13 中国航天系统科学与工程研究院 A kind of data transmission system based on multichannel isomery one-way transmission path

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1601955A (en) * 2003-09-23 2005-03-30 北京国保金泰信息安全技术有限公司 Data one-way transmission system based on one-way isolated hardware channel
CN101127680A (en) * 2007-07-20 2008-02-20 胡德勇 Unidirectional physical separation network brake for USB optical fiber
US20090055934A1 (en) * 2007-08-24 2009-02-26 Richard Albert Jauer Method and apparatus for simultaneous viewing of two isolated data sources
CN101867417A (en) * 2010-07-01 2010-10-20 中国人民解放军国防科学技术大学 Unidirectional transmission method based on optical fiber multi-way coupling
US20160080033A1 (en) * 2014-09-11 2016-03-17 Electronics And Telecommunications Research Institute Physical unidirectional communication apparatus and method
CN104683352A (en) * 2015-03-18 2015-06-03 宁波科安网信通讯科技有限公司 Industrial communication isolation gap with double-channel ferrying function
CN106850156A (en) * 2016-11-28 2017-06-13 深圳市鑫之淼科技有限公司 No-feedback one-way data transmission set and transmission method based on network interface
CN106850188A (en) * 2017-01-24 2017-06-13 中国航天系统科学与工程研究院 A kind of data transmission system based on multichannel isomery one-way transmission path

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
杨越: "基于多传输通道的单向传输技术研究" *

Cited By (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108429729A (en) * 2018-01-19 2018-08-21 昆明理工大学 Data communication isolating system and its partition method under industrial big data acquisition environment
CN108429729B (en) * 2018-01-19 2023-07-18 昆明理工大学 Data communication isolation system and isolation method in industrial big data acquisition environment
CN109617908A (en) * 2019-01-07 2019-04-12 北京航天晨信科技有限责任公司 The classified information transmission method and system of integrated communication unit
CN109617908B (en) * 2019-01-07 2021-09-17 北京航天晨信科技有限责任公司 Secret-related information transmission method and system of integrated communication unit
CN110674509A (en) * 2019-07-30 2020-01-10 浙江华云信息科技有限公司 System for realizing cross-network high-frequency data secure transmission and working method thereof
CN110674509B (en) * 2019-07-30 2021-06-29 浙江华云信息科技有限公司 System for realizing cross-network high-frequency data secure transmission and working method thereof
CN110730170A (en) * 2019-10-10 2020-01-24 山东超越数控电子股份有限公司 Internal and external network isolation method and system
CN111224931A (en) * 2019-10-11 2020-06-02 工业互联网创新中心(上海)有限公司 Industrial isolation communication system and method
CN114095184A (en) * 2020-07-15 2022-02-25 中国航发上海商用航空发动机制造有限责任公司 Data transmission system and transmission method thereof

Also Published As

Publication number Publication date
CN107493292B (en) 2023-04-07

Similar Documents

Publication Publication Date Title
CN107493292A (en) The information transmission system and method for isomery multichannel security isolation
Xin A mixed encryption algorithm used in internet of things security transmission system
CN101789866B (en) High-reliability safety isolation and information exchange method
CN102780698A (en) User terminal safety communication method in platform of Internet of Things
CN100521598C (en) Method and system of implementing secure communication between internal and external computer networks based on simplex communication principle
CN107026874A (en) One kind instruction signature and verification method and system
CN105721443B (en) A kind of link session cipher negotiating method and device
CN107065750B (en) The industrial control network dynamic security method of interior raw safety
CN105207950B (en) A kind of communication data guard method based on SDN technology
CN103237036A (en) Device for realizing physical partition of internal and external networks
CN106549502B (en) A kind of safe distribution of electric power protecting, monitoring system
CN107276753A (en) The quantum key distribution system and method for a kind of channel multiplexing
CN103209191A (en) Method for realizing physical partition of internal and external networks
CN109995528A (en) Bidirectional identity authentication and half quantum safety direct communication method for resisting channel noise
CN111556062B (en) Network security isolation device with one-way import function and method
CN206506555U (en) The information transmission system of isomery multichannel security isolation
CN109302432A (en) Network communication data combined ciphering transmission method based on network security isolation technique
CN103458401B (en) A kind of voice encryption communication system and communication means
CN114500068B (en) Information data exchange system based on safety isolation gatekeeper
Kent Encryption-based protection for interactive user/computer communication
CN106203188B (en) A kind of Unilateral Data Transferring System and its method adding MAC based on dual processors
CN207926637U (en) The information transmission system of isomery multichannel security isolation
CN102098672A (en) Method and system for transmitting key information, transmitting end and receiving end
CN1832400A (en) Contents protection system and method
CN102694652B (en) A kind of method using symmetric cryptographic algorithm to realize light-weight authentication encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant