CN109254955A - Unidirectional file is ferried method and system between a kind of separation net based on two dimensional code - Google Patents
Unidirectional file is ferried method and system between a kind of separation net based on two dimensional code Download PDFInfo
- Publication number
- CN109254955A CN109254955A CN201811130649.XA CN201811130649A CN109254955A CN 109254955 A CN109254955 A CN 109254955A CN 201811130649 A CN201811130649 A CN 201811130649A CN 109254955 A CN109254955 A CN 109254955A
- Authority
- CN
- China
- Prior art keywords
- dimensional code
- data
- file
- network
- separation net
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/602—Providing cryptographic facilities or services
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/64—Protecting data integrity, e.g. using checksums, certificates or signatures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06K—GRAPHICAL DATA READING; PRESENTATION OF DATA; RECORD CARRIERS; HANDLING RECORD CARRIERS
- G06K17/00—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations
- G06K17/0022—Methods or arrangements for effecting co-operative working between equipments covered by two or more of main groups G06K1/00 - G06K15/00, e.g. automatic card files incorporating conveying and reading operations arrangements or provisious for transferring data to distant stations, e.g. from a sensing device
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Security & Cryptography (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Software Systems (AREA)
- Databases & Information Systems (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the present invention provides unidirectional file ferry-boat method and system between a kind of separation net based on two dimensional code, method is applied to the network A and network B different by physically-isolated two security levels in one-way isolation channel, this method comprises: file data to be sent is carried out two dimensional code coded treatment by the transmission end main frame connecting with network A, two dimensional code is generated;By being arranged in one-way isolation channel, and the display equipment two-dimensional code display being connected with network A;By being arranged in one-way isolation channel, and the two dimensional code that the image recognition apparatus being connected with network B shows display equipment carries out identification acquisition;The two dimensional code that identification obtains is sent to the reception end main frame connecting with network B;Two dimensional code is decoded with releasing document data using end main frame is received, thus unidirectional file ferry-boat between completing separation net.The embodiment of the present invention realizes pure physical isolation between two nets, provides a kind of automation, safe and reliable solution for exchange between grids data.
Description
Technical field
The invention belongs between information security and network data exchange field more particularly to a kind of separation net based on two dimensional code
Unidirectional file ferry-boat method and system.
Background technique
" the computer information system Internet security management regulation " of national secrecy regulation issuing and implementation is to national machine
Want department to provide as follows using internet: " be related to the computer information system of state secret, must not be direct or indirect with the world
Internet or the link of other public information networks, it is necessary to carry out ' physical isolation '." so-called " physical isolation " refer to internal lan
If all there is no could obtain with the direct physical connection of external networks, the internal network securities such as internets at any time
To real protection.
Therefore, at present some computer networks are required with relatively high field, such as military project, scientific research, Corporation R & D etc.
Mechanism can all establish a dedicated internal network, pass through physically-isolated side to guarantee the safety of internal lan information
Formula and external network are isolated.In this way, although the safety for internal network is greatly improved, for intranet and extranet
Information exchange brings many inconvenience.And data interaction, information sharing are essential, therefore at present in relevant neck
Domain mostly uses imprinting CD-ROM, and the transmitting of information is carried out using the mode of safe U disc.But above-mentioned solution party
Case still makes the presence of certain " physics company between internal network and external network by CD or USB flash disk to a certain extent
Connect ", become the growth soil of use " ferry-boat attack technology " virus, huge threat is constituted to the safety of internal network, and
The problems such as such as interaction cycle is long, low efficiency, and log audit is complicated is brought inevitably to some extent.
Summary of the invention
The present invention provides a kind of unidirectional file ferry-boat method between the separation net based on two dimensional code, realizes pure object between two nets
Reason isolation provides a kind of automation, safe and reliable solution for exchange between grids data.
On the one hand, the embodiment of the invention provides a kind of file unidirectional between separation net based on two dimensional code ferry-boat method, institutes
It states method and is applied to the network A and network B different by physically-isolated two security levels in one-way isolation channel, this method packet
It includes:
File data to be sent is carried out two dimensional code coded treatment by the transmission end main frame connecting with the network A, is generated
Two dimensional code;
By being arranged in the one-way isolation channel, and the display equipment being connected with the network A shows the two dimension
Code;
By being arranged in the one-way isolation channel, and the image recognition apparatus being connected with the network B is to described aobvious
The two dimensional code for showing that equipment is shown carries out identification acquisition;
The two dimensional code that identification obtains is sent to the reception end main frame connecting with the network B;
The two dimensional code is decoded with releasing document data using the reception end main frame, thus between completing separation net
Unidirectional file ferry-boat.
On the other hand, the embodiment of the invention provides file unidirectional between a kind of separation net based on two dimensional code ferry system,
The system comprises:
Pass through physically-isolated two security levels in one-way isolation channel different network A and network B;
Coding processing unit is arranged in the transmission end main frame connecting with the network A, by file data to be sent into
Row two dimensional code coded treatment generates two dimensional code;
Display unit, setting are connected in the one-way isolation channel, and with the network A, the display of the display unit
Equipment shows the two dimensional code;
Image identification unit, setting are connected in the one-way isolation channel, and with the network B, image identification unit
Image recognition apparatus identification acquisition is carried out to the two dimensional code that shows of display equipment;
Codec processing unit is arranged in the reception end main frame, is decoded the two dimensional code with releasing document number
According to thus unidirectional file ferry-boat between completing separation net.
Above-mentioned technical proposal has the following beneficial effects: using advanced encoding and decoding technique, is set using simulation eye recognition
It is standby to carry out data Autonomic Migration Framework, realize two net physical isolations, for exchange between grids data provide a kind of automation, securely and reliably
Solution.Manual operation bring uncontrollable factor is avoided, the insecurity factor of existing gateway is solved, realizes extranets
The physical isolation of network and concerning security matters network ensure that the data in concerning security matters network cannot flow to external network, but in external network
Data can flow to concerning security matters network, thoroughly solve the problems, such as the data exchange of external network Yu concerning security matters network, realize file data
One-way transmission.
Detailed description of the invention
In order to more clearly explain the embodiment of the invention or the technical proposal in the existing technology, to embodiment or will show below
There is attached drawing needed in technical description to be briefly described, it should be apparent that, the accompanying drawings in the following description is only this
Some embodiments of invention for those of ordinary skill in the art without creative efforts, can be with
It obtains other drawings based on these drawings.
Fig. 1 is the flow chart of the embodiment of the method for the present invention;
Fig. 2 is the structural block diagram of the system embodiment of the present invention;
Fig. 3 is the structural block diagram of coding processing unit in the embodiment of the present invention;
Fig. 4 is the structural block diagram of codec processing unit in the embodiment of the present invention.
Specific embodiment
Following will be combined with the drawings in the embodiments of the present invention, and technical solution in the embodiment of the present invention carries out clear, complete
Site preparation description, it is clear that described embodiments are only a part of the embodiments of the present invention, instead of all the embodiments.It is based on
Embodiment in the present invention, it is obtained by those of ordinary skill in the art without making creative efforts every other
Embodiment shall fall within the protection scope of the present invention.
As shown in Figure 1, the flow chart for the embodiment of the present invention based on file unidirectional between the separation net of two dimensional code ferry-boat method,
The method is applied to the network A and network B different by physically-isolated two security levels in one-way isolation channel, the side
Method includes:
101, file data to be sent is carried out two dimensional code coded treatment by the transmission end main frame connecting with the network A,
Generate two dimensional code;
102, by being arranged in the one-way isolation channel, and described in the display equipment being connected with the network A shows
Two dimensional code;
103, by being arranged in the one-way isolation channel, and the image recognition apparatus being connected with the network B is to institute
It states the two dimensional code that display equipment is shown and carries out identification acquisition;
104, the two dimensional code that identification obtains is sent to the reception end main frame connecting with the network B;
105, the two dimensional code is decoded with releasing document data using the reception end main frame, to complete to be isolated
Unidirectional file ferry-boat between net.
Preferably, file data to be sent is carried out two dimensional code volume by the transmission end main frame connecting with the network A
Code processing, generates two dimensional code, comprising:
Fountain coding is carried out to transmitting terminal file data using the data reconstruction method of fountain coding, redundant data is added,
Improve data recovery capabilities of the decoding end in the case where losing data cases;
The file data after fountain coding is verified and compressed with the data compression method that compression algorithm encodes again, is obtained
Obtain compressed file data;
Compressed file data is encoded using the fault-tolerance approach that fast reaction two dimensional code encodes, generates two dimension
Code.
Preferably, by being arranged in the one-way isolation channel, and the indicator screen being connected with the network A is shown
The two dimensional code.
Preferably, by being arranged in the one-way isolation channel, and the indicator screen being connected with the network A is shown
The two dimensional code.
Preferably, described that the two dimensional code is decoded with releasing document data using the reception end main frame, thus
Unidirectional file is ferried between completing separation net, comprising:
The two dimensional code is decoded using the fault-tolerance approach that fast reaction two dimensional code encodes, obtains decoded file
Data;
Decoded file data is verified and decompressed with the data compression method that compression algorithm encodes again, is obtained
File data after decompression;Then, whether the file data after judging decompression is lost,
If it is determined that the file after decompression has loss, then using the data reconstruction method of fountain coding to the number of files after decompression
According to being restored, to obtain original file data, file is ferried between completing one-way isolation net;
If it is determined that the file after decompression is not lost, then end operation, completes file ferry-boat between one-way isolation net.
As shown in Fig. 2, the unidirectional file ferry-boat system between a kind of separation net based on two dimensional code of further embodiment of this invention
Structural block diagram, the system comprises:
Pass through physically-isolated two security levels in one-way isolation channel different network A and network B;
Coding processing unit 21 is arranged in the transmission end main frame connecting with the network A, by file data to be sent
Two dimensional code coded treatment is carried out, two dimensional code is generated;
Display unit 22, setting are connected in the one-way isolation channel, and with the network A, which shows
Show that equipment shows the two dimensional code;
Image identification unit 23, setting are connected in the one-way isolation channel, and with the network B, image recognition list
The two dimensional code that the image recognition apparatus of member shows the display equipment carries out identification acquisition;
Codec processing unit 24 is arranged in the reception end main frame, is decoded the two dimensional code with releasing document
Data, thus unidirectional file ferry-boat between completing separation net.
Preferably, as shown in figure 3, being the structural block diagram of coding processing unit in further embodiment of this invention, shown coding
Processing unit includes:
Backup module 211 carries out fountain coding to transmitting terminal file data using the data reconstruction method of fountain coding, adds
Enter redundant data, improves data recovery capabilities of the decoding end in the case where losing data cases;
Compression module 212 carries out the file data after fountain coding using the data compression method of compression algorithm coding
It verifies and compresses, obtain compressed file data;
Coding module 213 compiles compressed file data using the fault-tolerance approach that fast reaction two dimensional code encodes
Code generates two dimensional code.
Preferably, the display equipment is set as indicator screen.
Preferably, described image identification equipment is set as video camera.
Preferably, as shown in figure 4, being the structural block diagram of codec processing unit in further embodiment of this invention, shown decoding
Processing unit includes:
Decoder module 241 is decoded two dimensional code using the fault-tolerance approach that fast reaction two dimensional code encodes, is decoded
File data afterwards;
The data compression method of decompression module 242, compression algorithm coding verifies simultaneously decoded file data
Decompression, the file data after being decompressed;
Recovery module 243, when determining file data loss, using the data reconstruction method of fountain coding to decompression
File data afterwards is restored.
In the above method, it is this that one-way isolation channel, which is realized by the two dimensional code channel isolation of independent development,
The core of method.Coded treatment list is established in the uni-directional physical channel isolation transmitting terminal host system being connected with network A
Member, coding processing device, network interface;Solution is established in the uni-directional physical channel isolation receiving end host system being connected with network B
Code processing unit, decoding processor, network interface.Eye recognition equipment is simulated by display screen and camera and sends end main frame system
System, receiving end host system composition.Display screen is connected with transmitting terminal host system, and video camera is connected with receiving end host system,
After data are carried out two dimensional code coding by transmitting terminal host system, shows, after video camera grabs two dimensional code, will count on a display screen
According to the decoding of receiving end host system is sent to, receiving end host system again goes out data forwarding.Do not appoint in one-way isolation channel
The connection of what physics, this guarantees physical isolations and blocking that data are transmitted between intranet and extranet.Meanwhile one-way isolation channel limits
It has made receiving end host system and has sent data without normal direction transmitting terminal host system, thus reduced transmission end main frame to greatest extent
A possibility that system is under attack.
The transmitting terminal host system, receiving end host system are two sets of independent system boards, be respectively owned by from
Oneself CPU, operating system, memory and bus, between two systems other than one-way isolation channel and there is no any straight
It connects or indirectly contacts.Coding side receive file send client send data, by two dimensional code coding module to data into
Row coding, and by the image after coding channel isolation display screen display.Decoding end is caught by the video camera of channel isolation
Image in 2 D code is caught, image data decoding is verified, after being reduced into initial data, sends data to file reception server.
Above-mentioned unidirectional transmission property is that coding side can only send data by display screen, and decoding end can only pass through camera shooting
Machine receives data, and centre only has channel isolation.One-way isolation channel is complete physical isolation, intermediate no any line, one
Aspect ensure that the one-way of transmission, on the other hand ensure that the mode of data transmission can only be transmitted by way of two dimensional code.
The fault tolerant mechanism of QR (fast reaction) the two dimensional code coding carries out QR coding in transmitting terminal host system, raw
At image in 2 D code not only contained initial data but also contain fault tolerant data, decoding end is not only able to find wrong symbol, and
And error correction can be carried out to wrong symbol.
The time data recovery mechanism of the fountain coding carries out fountain coding to initial data in transmitting terminal host system,
Redundant data is added, improves data recovery capabilities of the decoding end in the case where losing data cases.
The data compression scheme of lz4 (compression algorithm) coding, lz4 Compress softwares speed with higher can be very
Good support multi-thread environment, compressed data can save the bandwidth of network, improve efficiency of transmission, and can verify to data.
It is as follows corresponding to the above method embodiment of the present invention:
Step shown in the flowchart of the accompanying drawings can be in a computer system such as a set of computer executable instructions
It executes.Also, although logical order is shown in flow charts, and it in some cases, can be to be different from herein suitable
Sequence executes shown or described step.
By taking dedicated network is ferried to the unidirectional file of Internet as an example, this method is mainly taken with importing front end processor, importing
Being engaged in, device system support is dedicated, and the unidirectional introduction channel of composition data realizes unidirectional no feedback of the data between different security level network
Safe transmission.
File in dedicated network is uploaded to by application server to be imported in front end processor, and file is isolated logical through uni-directional physical
Road one-way synchronization imports server and receives after file active upload to Internet application server to importing in server
On, complete the one-way transmission of file.
The FTP Server service for importing front end processor is enabled by configuring, and imports the FTP Client clothes of server
Business.Disposing application program server is used to upper transmitting file to importing front end processor, in Internet to user in the private network
Deployment ftp server imports the next file of server active upload to receive.
The front end processor is generally relatively more in bank, stock trader, telecom operators' field application.Above-mentioned field has very much
Backstage core processing system externally provides various interface services.If there is certain business interface needs the backstage with above-mentioned field
System is come into contacts with, if being absolute prohibition in above-mentioned field from their background system of visiting from outside.At this point, above-mentioned
Field requires outside access person itself to provide a kind of safe program, operates in their Intranet, then passes through special line or physics
Computer equipment in the dedicated network for running the program is connected to the computer equipment that outside access person uses by isolation technology
On.So, the computer of the program is run, functionally referred to as front end processor.And its specific implementation belongs to those skilled in the art
Conventional techniques, which is not described herein again.
It should be understood that the particular order or level of the step of during disclosed are the examples of illustrative methods.Based on setting
Count preference, it should be appreciated that in the process the step of particular order or level can be in the feelings for the protection scope for not departing from the disclosure
It is rearranged under condition.Appended claim to a method is not illustratively sequentially to give the element of various steps, and not
It is to be limited to the particular order or level.
In above-mentioned detailed description, various features are combined together in single embodiment, to simplify the disclosure.No
This published method should be construed to reflect such intention, that is, the embodiment of theme claimed needs to compare
The more features of the feature clearly stated in each claim.On the contrary, as appended claims is reflected
Like that, the present invention is in the state fewer than whole features of disclosed single embodiment.Therefore, appended claims
It is hereby expressly incorporated into detailed description, wherein each claim is used as alone the individual preferred embodiment of the present invention.
For can be realized any technical staff in the art or using the present invention, above to disclosed embodiment into
Description is gone.To those skilled in the art;The various modifications mode of these embodiments will be apparent from, and this
The General Principle of text definition can also be suitable for other embodiments on the basis of not departing from the spirit and scope of the disclosure.
Therefore, the disclosure is not limited to embodiments set forth herein, but most wide with principle disclosed in the present application and novel features
Range is consistent.
Description above includes the citing of one or more embodiments.Certainly, in order to describe above-described embodiment and description portion
The all possible combination of part or method is impossible, but it will be appreciated by one of ordinary skill in the art that each implementation
Example can do further combinations and permutations.Therefore, embodiment described herein is intended to cover fall into the appended claims
Protection scope in all such changes, modifications and variations.In addition, with regard to term used in specification or claims
The mode that covers of "comprising", the word is similar to term " includes ", just as " including " solved in the claims as transitional word
As releasing.In addition, the use of any one of specification in claims term "or" being to indicate " non-exclusionism
Or ".
Those skilled in the art will also be appreciated that the various illustrative components, blocks that the embodiment of the present invention is listed
(illustrative logical block), unit and step can by electronic hardware, computer software, or both knot
Conjunction is realized.For the replaceability (interchangeability) for clearly showing that hardware and software, above-mentioned various explanations
Property component (illustrative components), unit and step universally describe their function.Such function
It can be that the design requirement for depending on specific application and whole system is realized by hardware or software.Those skilled in the art
Can be can be used by various methods and realize the function, but this realization is understood not to for every kind of specific application
Range beyond protection of the embodiment of the present invention.
Various illustrative logical blocks or unit described in the embodiment of the present invention can by general processor,
Digital signal processor, specific integrated circuit (ASIC), field programmable gate array or other programmable logic devices, discrete gate
Or transistor logic, discrete hardware components or above-mentioned any combination of design carry out implementation or operation described function.General place
Managing device can be microprocessor, and optionally, which may be any traditional processor, controller, microcontroller
Device or state machine.Processor can also be realized by the combination of computing device, such as digital signal processor and microprocessor,
Multi-microprocessor, one or more microprocessors combine a digital signal processor core or any other like configuration
To realize.
The step of method described in the embodiment of the present invention or algorithm can be directly embedded into hardware, processor execute it is soft
The combination of part module or the two.Software module can store in RAM memory, flash memory, ROM memory, EPROM storage
Other any form of storaging mediums in device, eeprom memory, register, hard disk, moveable magnetic disc, CD-ROM or this field
In.Illustratively, storaging medium can be connect with processor, so that processor can read information from storaging medium, and
It can be to storaging medium stored and written information.Optionally, storaging medium can also be integrated into the processor.Processor and storaging medium can
To be set in asic, ASIC be can be set in user terminal.Optionally, processor and storaging medium also can be set in
In different components in the terminal of family.
In one or more exemplary designs, above-mentioned function described in the embodiment of the present invention can be in hardware, soft
Part, firmware or any combination of this three are realized.If realized in software, these functions be can store and computer-readable
On medium, or it is transferred on a computer readable medium in the form of one or more instructions or code forms.Computer readable medium includes electricity
Brain storaging medium and convenient for so that computer program is allowed to be transferred to from a place telecommunication media in other places.Storaging medium can be with
It is that any general or special computer can be with the useable medium of access.For example, such computer readable media may include but
It is not limited to RAM, ROM, EEPROM, CD-ROM or other optical disc storages, disk storage or other magnetic storage devices or other
What can be used for carry or store with instruct or data structure and it is other can be by general or special computer or general or specially treated
The medium of the program code of device reading form.In addition, any connection can be properly termed computer readable medium, example
Such as, if software is to pass through a coaxial cable, fiber optic cables, double from a web-site, server or other remote resources
Twisted wire, Digital Subscriber Line (DSL) are defined with being also contained in for the wireless way for transmitting such as example infrared, wireless and microwave
In computer readable medium.The disk (disk) and disk (disc) includes compress disk, radium-shine disk, CD, DVD, floppy disk
And Blu-ray Disc, disk is usually with magnetic replicate data, and disk usually carries out optically replicated data with laser.Combinations of the above
Also it may be embodied in computer readable medium.
Above-described specific embodiment has carried out further the purpose of the present invention, technical scheme and beneficial effects
It is described in detail, it should be understood that being not intended to limit the present invention the foregoing is merely a specific embodiment of the invention
Protection scope, all within the spirits and principles of the present invention, any modification, equivalent substitution, improvement and etc. done should all include
Within protection scope of the present invention.
Claims (10)
1. a kind of unidirectional file ferry-boat method between separation net based on two dimensional code, which is characterized in that the method is applied to pass through
Physically-isolated two security levels in one-way isolation channel different network A and network B, this method comprises:
File data to be sent is carried out two dimensional code coded treatment by the transmission end main frame connecting with the network A, generates two dimension
Code;
By being arranged in the one-way isolation channel, and the display equipment being connected with the network A shows the two dimensional code;
By being arranged in the one-way isolation channel, and the image recognition apparatus being connected with the network B sets the display
The two dimensional code of standby display carries out identification acquisition;
The two dimensional code that identification obtains is sent to the reception end main frame connecting with the network B;
The two dimensional code is decoded with releasing document data using the reception end main frame, thus unidirectional between completing separation net
File ferry-boat.
2. unidirectional file ferry-boat method between the separation net according to claim 1 based on two dimensional code, which is characterized in that described
File data to be sent is carried out two dimensional code coded treatment by the transmission end main frame connecting with the network A, generates two dimensional code, packet
It includes:
Fountain coding is carried out to transmitting terminal file data using the data reconstruction method of fountain coding, redundant data is added, improves
Data recovery capabilities of the decoding end in the case where losing data cases;
The file data after fountain coding is verified and compressed with the data compression method that compression algorithm encodes again, is pressed
File data after contracting;
Compressed file data is encoded using the fault-tolerance approach that fast reaction two dimensional code encodes, generates two dimensional code.
3. unidirectional file ferry-boat method between the separation net according to claim 1 based on two dimensional code, which is characterized in that described
By being arranged in the one-way isolation channel, and the display equipment being connected with the network A shows the two dimensional code, comprising:
By being arranged in the one-way isolation channel, and the indicator screen being connected with the network A shows the two dimensional code.
4. unidirectional file ferry-boat method between the separation net according to claim 1 based on two dimensional code, which is characterized in that described
By being arranged in the one-way isolation channel, and the image recognition apparatus being connected with the network B is aobvious to the display equipment
The two dimensional code shown carries out identification acquisition, comprising:
By being arranged in the one-way isolation channel, and the video camera being connected with the network B shows the display equipment
The two dimensional code carry out identification acquisition.
5. unidirectional file ferry-boat method between the separation net according to claim 1 based on two dimensional code, which is characterized in that described
The two dimensional code is decoded with releasing document data using the reception end main frame, thus unidirectional file between completing separation net
Ferry-boat, comprising:
The two dimensional code is decoded using the fault-tolerance approach that fast reaction two dimensional code encodes, obtains decoded number of files
According to;
Decoded file data is verified and decompressed with the data compression method that compression algorithm encodes again, is decompressed
File data afterwards;Then, whether the file data after judging decompression is lost,
If it is determined that decompression after file have loss, then using fountain coding data reconstruction method to the file data after decompression into
Row restores, and to obtain original file data, file is ferried between completing one-way isolation net;
If it is determined that the file after decompression is not lost, then end operation, completes file ferry-boat between one-way isolation net.
6. unidirectional file ferry-boat system between a kind of separation net based on two dimensional code, which is characterized in that the system comprises:
Pass through physically-isolated two security levels in one-way isolation channel different network A and network B;
Coding processing unit is arranged in the transmission end main frame connecting with the network A, and file data to be sent is carried out two
Code coded treatment is tieed up, two dimensional code is generated;
Display unit, setting are connected in the one-way isolation channel, and with the network A, the display equipment of the display unit
Show the two dimensional code;
Image identification unit, setting are connected in the one-way isolation channel, and with the network B, the figure of image identification unit
As the two dimensional code that identification equipment shows the display equipment carries out identification acquisition;
Codec processing unit is arranged in the reception end main frame, is decoded the two dimensional code with releasing document data, from
And complete unidirectional file ferry-boat between separation net.
7. unidirectional file ferry-boat system between the separation net according to claim 6 based on two dimensional code, which is characterized in that described
Coding processing unit includes:
Backup module carries out fountain coding to transmitting terminal file data using the data reconstruction method of fountain coding, redundancy is added
Data improve data recovery capabilities of the decoding end in the case where losing data cases;
Compression module is verified and is pressed to the file data after fountain coding using the data compression method that compression algorithm encodes
Contracting, obtains compressed file data;
Coding module encodes compressed file data using the fault-tolerance approach that fast reaction two dimensional code encodes, and generates
Two dimensional code.
8. unidirectional file ferry-boat system between the separation net according to claim 6 based on two dimensional code, which is characterized in that described
Display equipment is set as indicator screen.
9. unidirectional file ferry-boat system between the separation net according to claim 6 based on two dimensional code, which is characterized in that described
Image recognition apparatus is set as video camera.
10. unidirectional file ferry-boat system between the separation net according to claim 6 based on two dimensional code, which is characterized in that institute
Stating codec processing unit includes:
Decoder module is decoded two dimensional code using the fault-tolerance approach that fast reaction two dimensional code encodes, obtains decoded text
Number of packages evidence;
The data compression method of decompression module, compression algorithm coding is verified and is decompressed to decoded file data,
File data after being decompressed;
Recovery module, when determining file data loss, using the data reconstruction method of fountain coding to the text after decompression
Number of packages is according to being restored.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811130649.XA CN109254955A (en) | 2018-09-27 | 2018-09-27 | Unidirectional file is ferried method and system between a kind of separation net based on two dimensional code |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201811130649.XA CN109254955A (en) | 2018-09-27 | 2018-09-27 | Unidirectional file is ferried method and system between a kind of separation net based on two dimensional code |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN109254955A true CN109254955A (en) | 2019-01-22 |
Family
ID=65048157
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201811130649.XA Pending CN109254955A (en) | 2018-09-27 | 2018-09-27 | Unidirectional file is ferried method and system between a kind of separation net based on two dimensional code |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN109254955A (en) |
Cited By (17)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109818831A (en) * | 2019-03-05 | 2019-05-28 | 山东浪潮通软信息科技有限公司 | A kind of system data dynamic monitoring device and method across private network based on DMZ |
| CN110188855A (en) * | 2019-05-16 | 2019-08-30 | 浩云科技股份有限公司 | Data transmission method and system under a kind of isolation network |
| CN110351256A (en) * | 2019-06-26 | 2019-10-18 | 国能日新科技股份有限公司 | Data back method and system |
| CN110417720A (en) * | 2019-02-27 | 2019-11-05 | 国家电网公司东北分部 | A method of carrying out information transmission in the case where physical isolation |
| CN110896401A (en) * | 2019-12-05 | 2020-03-20 | 湖北信安通科技有限责任公司 | Two-dimensional code-based unidirectional data stream transmission system and method between isolated networks |
| CN110995391A (en) * | 2019-11-18 | 2020-04-10 | 国能日新科技股份有限公司 | Data transmission method in isolated network, server and terminal |
| CN111049624A (en) * | 2019-12-24 | 2020-04-21 | 普世(南京)智能科技有限公司 | High-fault-tolerance feedback-free link image transmission method and system based on sliding window |
| CN111222145A (en) * | 2019-10-15 | 2020-06-02 | 中国直升机设计研究所 | Data one-way input system and method |
| CN111416820A (en) * | 2020-03-18 | 2020-07-14 | 浩云科技股份有限公司 | Decoding arrangement method of two-dimensional code ferrying host |
| CN111835804A (en) * | 2019-04-19 | 2020-10-27 | 阿里巴巴集团控股有限公司 | Method, device and system for data transmission between internal network and external network |
| CN112039876A (en) * | 2020-08-28 | 2020-12-04 | 中国建设银行股份有限公司 | Data ferrying method, device, equipment and medium |
| CN112416642A (en) * | 2020-11-25 | 2021-02-26 | 国能日新科技股份有限公司 | Remote operation and maintenance method and device |
| CN112468262A (en) * | 2020-09-30 | 2021-03-09 | 苏州健联医疗信息技术有限公司 | Data one-way transmission method and system and two-dimensional code data generation method and device |
| CN112583851A (en) * | 2020-12-28 | 2021-03-30 | 中科天御(苏州)科技有限公司 | Network information one-way transmission method and device based on artificial intelligence |
| CN112994233A (en) * | 2021-02-06 | 2021-06-18 | 西安热工研究院有限公司 | One-way graph gate system and device suitable for power monitoring system |
| CN113194081A (en) * | 2021-04-25 | 2021-07-30 | 武汉烽火信息集成技术有限公司 | One-way message transmission system and method suitable for physical isolation environment |
| CN114244475A (en) * | 2021-12-22 | 2022-03-25 | 中国人民解放军海军潜艇学院 | Data transmission method, device and computer readable storage medium |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102831163A (en) * | 2012-07-20 | 2012-12-19 | 江苏缨思贝睿物联网科技有限公司 | Data transfer method and data transfer system |
| CN103716652A (en) * | 2014-01-10 | 2014-04-09 | 厦门市美亚柏科信息股份有限公司 | Data transmission method, data transmission device and data transmission system |
| CN104484695A (en) * | 2014-11-24 | 2015-04-01 | 贺州市公安局 | Two-dimensional code data cross-network transmitting platform |
| CN105554714A (en) * | 2015-04-13 | 2016-05-04 | 三峡大学 | Secret-involved internal network secure short message gateway based on two-dimensional code |
| CN106686005A (en) * | 2017-03-01 | 2017-05-17 | 北京博众益友科技有限公司 | Safety protection system and safety protection method for industrial control system |
| CN107209713A (en) * | 2015-01-26 | 2017-09-26 | 华为技术有限公司 | The method and system that file is repaired on demand |
-
2018
- 2018-09-27 CN CN201811130649.XA patent/CN109254955A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102831163A (en) * | 2012-07-20 | 2012-12-19 | 江苏缨思贝睿物联网科技有限公司 | Data transfer method and data transfer system |
| CN103716652A (en) * | 2014-01-10 | 2014-04-09 | 厦门市美亚柏科信息股份有限公司 | Data transmission method, data transmission device and data transmission system |
| CN104484695A (en) * | 2014-11-24 | 2015-04-01 | 贺州市公安局 | Two-dimensional code data cross-network transmitting platform |
| CN107209713A (en) * | 2015-01-26 | 2017-09-26 | 华为技术有限公司 | The method and system that file is repaired on demand |
| CN105554714A (en) * | 2015-04-13 | 2016-05-04 | 三峡大学 | Secret-involved internal network secure short message gateway based on two-dimensional code |
| CN106686005A (en) * | 2017-03-01 | 2017-05-17 | 北京博众益友科技有限公司 | Safety protection system and safety protection method for industrial control system |
Non-Patent Citations (3)
| Title |
|---|
| 崔恒香等: "基于隔离网闸的异构数据库同步技术研究与实现", 《软件工程》 * |
| 徐晓宇等: "基于感兴趣区域和RS编码机制的QR码美化算法", 《计算机应用》 * |
| 韩林等: "基于二维码的内外网物理隔离环境下的数据交换", 《计算机科学》 * |
Cited By (20)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN110417720A (en) * | 2019-02-27 | 2019-11-05 | 国家电网公司东北分部 | A method of carrying out information transmission in the case where physical isolation |
| CN109818831A (en) * | 2019-03-05 | 2019-05-28 | 山东浪潮通软信息科技有限公司 | A kind of system data dynamic monitoring device and method across private network based on DMZ |
| CN111835804A (en) * | 2019-04-19 | 2020-10-27 | 阿里巴巴集团控股有限公司 | Method, device and system for data transmission between internal network and external network |
| CN110188855A (en) * | 2019-05-16 | 2019-08-30 | 浩云科技股份有限公司 | Data transmission method and system under a kind of isolation network |
| CN110351256A (en) * | 2019-06-26 | 2019-10-18 | 国能日新科技股份有限公司 | Data back method and system |
| CN111222145B (en) * | 2019-10-15 | 2023-06-27 | 中国直升机设计研究所 | Data unidirectional input system and method |
| CN111222145A (en) * | 2019-10-15 | 2020-06-02 | 中国直升机设计研究所 | Data one-way input system and method |
| CN110995391A (en) * | 2019-11-18 | 2020-04-10 | 国能日新科技股份有限公司 | Data transmission method in isolated network, server and terminal |
| CN110896401A (en) * | 2019-12-05 | 2020-03-20 | 湖北信安通科技有限责任公司 | Two-dimensional code-based unidirectional data stream transmission system and method between isolated networks |
| CN111049624A (en) * | 2019-12-24 | 2020-04-21 | 普世(南京)智能科技有限公司 | High-fault-tolerance feedback-free link image transmission method and system based on sliding window |
| CN111049624B (en) * | 2019-12-24 | 2024-04-26 | 普世(南京)智能科技有限公司 | High fault tolerance feedback-free link image transmission method and system based on sliding window |
| CN111416820A (en) * | 2020-03-18 | 2020-07-14 | 浩云科技股份有限公司 | Decoding arrangement method of two-dimensional code ferrying host |
| CN112039876A (en) * | 2020-08-28 | 2020-12-04 | 中国建设银行股份有限公司 | Data ferrying method, device, equipment and medium |
| CN112468262B (en) * | 2020-09-30 | 2022-05-27 | 苏州健联医疗信息技术有限公司 | Data one-way transmission method and system and two-dimensional code data generation method and device |
| CN112468262A (en) * | 2020-09-30 | 2021-03-09 | 苏州健联医疗信息技术有限公司 | Data one-way transmission method and system and two-dimensional code data generation method and device |
| CN112416642A (en) * | 2020-11-25 | 2021-02-26 | 国能日新科技股份有限公司 | Remote operation and maintenance method and device |
| CN112583851A (en) * | 2020-12-28 | 2021-03-30 | 中科天御(苏州)科技有限公司 | Network information one-way transmission method and device based on artificial intelligence |
| CN112994233A (en) * | 2021-02-06 | 2021-06-18 | 西安热工研究院有限公司 | One-way graph gate system and device suitable for power monitoring system |
| CN113194081A (en) * | 2021-04-25 | 2021-07-30 | 武汉烽火信息集成技术有限公司 | One-way message transmission system and method suitable for physical isolation environment |
| CN114244475A (en) * | 2021-12-22 | 2022-03-25 | 中国人民解放军海军潜艇学院 | Data transmission method, device and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN109254955A (en) | Unidirectional file is ferried method and system between a kind of separation net based on two dimensional code | |
| CN109254950A (en) | A kind of separation net spatial database ferry-boat method and system based on two dimensional code | |
| US10613776B2 (en) | Appyling multiple hash functions to generate multiple masked keys in a secure slice implementation | |
| US20170286224A1 (en) | Optimal slice encoding strategies within a dispersed storage unit | |
| US10073652B2 (en) | Performance optimized storage vaults in a dispersed storage network | |
| CN102937967A (en) | Data redundancy realization method and device | |
| US10693640B2 (en) | Use of key metadata during write and read operations in a dispersed storage network memory | |
| CN104363207B (en) | Multiple-factor strengthens safely authorization and identification method | |
| CN109714325A (en) | A kind of one-way optical gate data transmission method, system, electronic equipment and medium | |
| CN105656902A (en) | One-way reliable transmission and control system based on light transmission | |
| CN107483812A (en) | A kind of multi-platform parallel live method and device | |
| CN107493292B (en) | Heterogeneous multi-channel safety isolation information transmission system and method | |
| US11188665B2 (en) | Using internal sensors to detect adverse interference and take defensive actions | |
| CN108965427A (en) | A kind of method and device of offline inspection data processing | |
| CN112035081A (en) | Screen projection method and device, computer equipment and storage medium | |
| KR101621752B1 (en) | Distributed Storage Apparatus using Locally Repairable Fractional Repetition Codes and Method thereof | |
| US20170060481A1 (en) | Accounting for data whose rebuilding is deferred | |
| CN113965381A (en) | Method, device, processor and computer readable storage medium for realizing security encryption function of monitoring video | |
| CN110557224A (en) | Unidirectional transmission device and system for power network | |
| CN104935381B (en) | A kind of multichannel Ethernet power port turns optical port one-way transmission apparatus | |
| Ma et al. | A novel approach for improving security and storage efficiency on HDFS | |
| US20210021622A1 (en) | Network traffic monitoring device | |
| Bieniasz et al. | SocialStegDisc: Application of steganography in social networks to create a file system | |
| CN112242878B (en) | Erasure code data segmentation security method and device | |
| CN109787719A (en) | A kind of polarization secure coding method of probability relaying auxiliary |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190122 |
|
| RJ01 | Rejection of invention patent application after publication |