CN113194081A - One-way message transmission system and method suitable for physical isolation environment - Google Patents
One-way message transmission system and method suitable for physical isolation environment Download PDFInfo
- Publication number
- CN113194081A CN113194081A CN202110449471.0A CN202110449471A CN113194081A CN 113194081 A CN113194081 A CN 113194081A CN 202110449471 A CN202110449471 A CN 202110449471A CN 113194081 A CN113194081 A CN 113194081A
- Authority
- CN
- China
- Prior art keywords
- message
- data packet
- data
- sent
- dimensional code
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 230000005540 biological transmission Effects 0.000 title claims abstract description 82
- 238000000034 method Methods 0.000 title claims abstract description 29
- 238000002955 isolation Methods 0.000 title claims abstract description 24
- 239000000872 buffer Substances 0.000 claims description 18
- 238000001914 filtration Methods 0.000 claims description 11
- 230000008569 process Effects 0.000 claims description 8
- 238000004806 packaging method and process Methods 0.000 claims description 2
- 238000010586 diagram Methods 0.000 description 7
- 238000012545 processing Methods 0.000 description 4
- 238000004590 computer program Methods 0.000 description 3
- 230000008859 change Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 230000007547 defect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012423 maintenance Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/07—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail characterised by the inclusion of specific contents
- H04L51/18—Commands or executable codes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L65/00—Network arrangements, protocols or services for supporting real-time applications in data packet communication
- H04L65/40—Support for services or applications
- H04L65/403—Arrangements for multi-party communication, e.g. for conferences
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0618—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
- H04L9/0625—Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation with splitting of the data block into left and right halves, e.g. Feistel based algorithms, DES, FEAL, IDEA or KASUMI
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W4/00—Services specially adapted for wireless communication networks; Facilities therefor
- H04W4/12—Messaging; Mailboxes; Announcements
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Multimedia (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The invention discloses a one-way message transmission system and a method suitable for a physical isolation environment, which relate to the field of network data transmission, the system comprises at least one set of one-way message transmission equipment, the one-way message transmission equipment comprises a message outgoing host and a display which are arranged in an encryption intranet, and a camera equipment and a message receiving host which are arranged in an internal public network, the message outgoing host is used for encrypting a message to be sent and generating a two-dimensional code, and the display is used for displaying the two-dimensional code generated by the message outgoing host; the camera shooting device is used for shooting and identifying the two-dimensional code displayed by the display, and the message receiving host is used for analyzing the two-dimensional code identified by the camera shooting device to obtain a message, decrypting the obtained message and sending the decrypted message to the external network. The invention can realize the complete physical isolation of message transmission and effectively ensure the safety of data transmission.
Description
Technical Field
The invention relates to the field of network data transmission, in particular to a one-way message transmission system and a one-way message transmission method suitable for a physical isolation environment.
Background
With the continuous improvement of the informatization construction level, the daily work of workers of enterprises and governments is gradually upgraded to electronization, so that the importance of improving daily office efficiency and developing a set of information timely reminding system is gradually highlighted for ensuring the timeliness of message transmission such as various daily affair reminding and meeting notification. Since business platforms of enterprises and governments are usually deployed in an encrypted intranet and limited by security restrictions of a secret-related network, the encrypted intranet must be physically isolated from other networks, and message data cannot be transmitted from the intranet to the extranet due to the physical isolation of the intranet from the extranet.
Currently, the existing methods for data exchange by breaking through physical isolation limitations mainly use storage devices, gatekeepers and data ferry. However, the intranet data is transmitted to the extranet based on the storage device, the data needs to be manually input into the device, and the data is loaded into the external network after being safely processed, so that the problems of low information transmission speed, low efficiency, difficulty in management and the like exist; the intranet data is transmitted to the outer net based on the gatekeeper equipment, although the gatekeeper equipment has good performance, the mode does not belong to complete physical isolation, does not meet the requirement of data safety, and has high cost; data are transmitted to the outer network on the basis of data ferry, the mode is complex to operate, needs manpower and storage equipment to support, cannot update data in real time, and cannot meet the real-time requirement of message sending.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide a one-way message transmission system and a one-way message transmission method suitable for a physical isolation environment, which can realize complete physical isolation of message transmission and effectively ensure the safety of data transmission.
In order to achieve the above object, the present invention provides a one-way message transmission system suitable for physical isolation environment, which comprises at least one set of one-way message transmission device, wherein the one-way message transmission device comprises:
the message transmitting host is arranged in the encrypted intranet and used for encrypting a message to be sent and generating a two-dimensional code, and the display is used for displaying the two-dimensional code generated by the message transmitting host;
the information receiving host is used for analyzing the two-dimension code identified by the camera shooting equipment to obtain information, and decrypting the obtained information and then sending the decrypted information to the external network.
On the basis of the technical proposal, the device comprises a shell,
the message comprises a service platform reminding message and a mass-sending notification message;
the service platform reminding message is an examination and approval reminding message sent to an approver aiming at the matters needing examination and approval in daily office affairs;
the group sending notification message is a message notification sent to the participants aiming at the temporary meeting.
On the basis of the technical scheme, the receiver of the mass texting notification message is formed by taking a department as a unit or creating a group, and the mass texting notification message is sent.
On the basis of the technical proposal, the device comprises a shell,
when the length of the encrypted data content message of the message to be sent exceeds a set length, splitting the total data content message of a single message to obtain a plurality of subdata content messages, sequentially packaging the obtained subdata content messages to form a plurality of continuous data packets, and generating a two-dimensional code for each data packet;
the data packet comprises a packet head and a packet body, wherein the packet head comprises a data packet ID field, a total length field, a current length field, a starting position field and an end character field;
the total length field is used for representing the total length of a total data content message corresponding to a current data packet, the current length field is used for representing the length of the current data packet, the starting position field is used for representing the starting position of the current data packet in the total data content message, the end character field is used for representing whether a data packet exists behind the current data packet, and the packet body is a sub-data content message corresponding to the current data packet.
On the basis of the technical proposal, the device comprises a shell,
when the message receiving host analyzes the two-dimensional code and the obtained message is a data packet after being packaged, unpacking the data packet, wherein the specific process of the unpacking operation is as follows:
creating a plurality of buffers, wherein the size of each created buffer can be dynamically adjusted;
storing the data packets in buffer areas, wherein one data packet corresponds to one buffer area;
when the length of the data stored in the buffer area is equal to the packet header length of the data packet and the data length of the non-packet header data stored in the buffer area is equal to the data length of the packet body, unpacking the data packet to obtain a sub-data content message corresponding to the data packet, and decrypting the obtained sub-data content message.
On the basis of the technical scheme, the data packet IDs of all data packets of a single message are in a continuous state, and when the data packet IDs of the data packets obtained by the message receiving host are not in the continuous state, prompt information is generated.
On the basis of the technical proposal, the device comprises a shell,
before encrypting, the method further includes: performing sensitive vocabulary filtering on the content of the message to be sent based on the sensitive word bank;
after sensitive vocabulary filtering and before encrypting, the method further comprises the following steps: and adding the message to be sent to the task list to be examined, inquiring the message to be sent through the task list to be examined and approved, and examining and approving the message to be sent.
On the basis of the technical scheme, after the message is sent to the external network, the operator server of the external network sends the message to the receiver, and meanwhile, when the operator server sends the message to the receiver, the message which fails to be sent is recorded.
On the basis of the technical scheme, when any one set of unidirectional message transmission equipment in the unidirectional message transmission system fails, the unidirectional message transmission equipment is responsible for transmitting the message to other unidirectional message transmission equipment and transmitting the message by other unidirectional message transmission equipment.
The invention provides a one-way message transmission method suitable for a physical isolation environment, which is based on the one-way message transmission system and specifically comprises the following steps:
generating a message to be sent, and performing sensitive word filtering and safety approval on the generated message to be sent;
encrypting the message, and generating a two-dimensional code based on the encrypted message;
displaying the generated two-dimensional code, and setting the display updating frequency of the two-dimensional code;
identifying and analyzing the displayed two-dimensional code to obtain a message, and sending the obtained message to a message receiver;
and judging whether the message receiver receives the message, if so, ending the process, and if not, feeding back the message sending failure information to the message sender.
Compared with the prior art, the invention has the advantages that: the method has the advantages that the one-way transmission of the message from the encrypted intranet to the extranet is realized based on the two-dimensional code scanning mode, the complete physical isolation of the message transmission is realized, the safety of data transmission is effectively guaranteed, the operation is simple, the transmission efficiency is high, the transmission cost is low, the management is easy, and the real-time requirement of message sending can be guaranteed.
Drawings
In order to more clearly illustrate the technical solutions in the embodiments of the present application, the drawings needed to be used in the description of the embodiments are briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present application, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without creative efforts.
FIG. 1 is a schematic structural diagram of a one-way message transmission system suitable for a physically isolated environment according to an embodiment of the present invention;
fig. 2 is a flowchart of a one-way message transmission method suitable for a physical isolation environment according to an embodiment of the present invention.
Detailed Description
The embodiment of the invention provides a one-way message transmission system suitable for a physical isolation environment, which is used for realizing one-way transmission of messages from an encryption intranet to an extranet based on a two-dimensional code scanning mode, realizing complete physical isolation of message transmission, effectively ensuring the safety of data transmission, and has the advantages of simple operation, high transmission efficiency, low transmission cost, easy management and capability of ensuring the real-time requirement of message sending. The embodiment of the invention correspondingly provides a one-way message transmission method suitable for the physical isolation environment.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
Referring to fig. 1, a one-way message transmission system suitable for a physical isolation environment according to an embodiment of the present invention includes at least one set of one-way message transmission device, where the one-way message transmission device includes a message outgoing host and a display that are provided in an encrypted intranet, and a camera device and a message receiving host that are provided in an internal public network, the message outgoing host is configured to encrypt a message to be sent and generate a two-dimensional code, and the display is configured to display the two-dimensional code generated by the message outgoing host; the camera shooting device is used for shooting and identifying the two-dimensional code displayed by the display, and the message receiving host is used for analyzing the two-dimensional code identified by the camera shooting device to obtain a message, decrypting the obtained message and sending the decrypted message to the external network. The external network is a communication operator network, and when the message reaches the external network, an operator server in the external network sends the message to a receiver of the message.
The encryption and decryption method in the embodiment of the invention is a DES encryption and decryption method.
The encryption intranet in the embodiment of the invention is an independent secret-related network, is constructed by enterprises or governments, and is in a physical isolation state with all other networks.
In order to improve the availability and the message sending efficiency of the one-way message transmission system, the one-way message transmission system of the embodiment of the invention can be composed of a plurality of sets of one-way message transmission devices, the plurality of sets of one-way message transmission devices form a cluster, messages to be sent are positioned in a message queue, the message queue adopts a uniform database for storage, when one set of one-way message transmission device fails, other one-way message transmission devices can still ensure the normal sending of the messages, and the one-way message transmission system of the embodiment of the invention can not change the existing network architecture.
In the embodiment of the invention, the camera equipment and the message receiving host are accessed into the internal public network, the internal public network is a network used by personnel inside enterprises or inside governments, and the security and the confidentiality are lower than those of an encrypted internal network, so that the inbound rule can be configured in the firewall through the corresponding firewall setting, the message receiving host can be ensured to be only connected with an operator server in an external network, and the network security of the system is improved. Data transmission is carried out between the message transmitting host and the message receiving host in a mode that the two-dimensional code is identified by the camera, so that the complete physical isolation between the secret-related network and other networks is realized, meanwhile, the data transmission between the message transmitting host and the message receiving host adopts one-way connection, and the data can only be transmitted out of the message transmitting host and cannot be transmitted in from the outside.
Because the data is connected in a one-way mode, the message state cannot be fed back to the message outgoing host, and therefore the system cannot identify whether the generated two-dimensional code is correctly identified, analyzed and sent out, the two-dimensional code adopts a timing refreshing mechanism, the two-dimensional code can be set to be refreshed to the next two-dimensional code every 5 seconds, and the refreshing frequency can be adjusted according to the actual running condition.
And after the message reaches the operator server of the external network, the message is sent through the operator server, and the sending result can be fed back to the message receiving host and recorded.
In the embodiment of the invention, the message comprises a service platform reminding message and a group sending notification message, wherein the service platform reminding message is an examination and approval reminding message sent to an approver aiming at the items needing examination and approval in daily office affairs; the group sending notification message is a message notification sent to the participants aiming at the temporary meeting. The receiving party of the group sending notification message is formed by taking a department as a unit or creating a group mode, and the group sending notification message is sent, namely, a message sender can log in a message platform of an encrypted intranet through a browser to send the message in a group mode.
In the embodiment of the invention, when the length of the encrypted data content message of the message to be sent exceeds the set length, the total data content message of a single message is split to obtain a plurality of subdata content messages, the subdata content messages obtained by splitting are sequentially packaged to form a plurality of continuous data packets, and a two-dimensional code is generated for each data packet.
The data packet comprises a packet header and a packet body, wherein the packet header comprises a data packet ID field, a total length field, a current length field, a starting position field and an end character field. The total length field is used for representing the total length of the total data content message corresponding to the current data packet, the current length field is used for representing the length of the current data packet, the starting position field is used for representing the starting position of the current data packet in the total data content message, the end character field is used for representing whether a data packet exists behind the current data packet, and the packet body is the sub-data content message corresponding to the current data packet.
In the embodiment of the present invention, when the message receiving host analyzes the two-dimensional code and the obtained message is a data packet after being packaged, the unpacking operation is performed on the data packet, and the specific process of the unpacking operation is as follows:
creating a plurality of buffers, wherein the size of each created buffer can be dynamically adjusted;
storing the data packets in buffer areas, wherein one data packet corresponds to one buffer area;
when the length of the data stored in the buffer area is equal to the packet header length of the data packet and the data length of the non-packet header data stored in the buffer area is equal to the data length of the packet body, unpacking the data packet to obtain a sub-data content message corresponding to the data packet, and decrypting the obtained sub-data content message.
In the embodiment of the invention, the data packet IDs of all data packets of a single message are in a continuous state, and when the data packet IDs of the data packets obtained by the message receiving host are not in the continuous state, the prompt message is generated. For example, for a certain message, the message is split to obtain a plurality of data packets, each data packet contains a data packet ID, the data packet IDs of the data packets corresponding to the message are in a continuous state, two-dimensional codes are sequentially scanned, the message receiving host sequentially obtains the data packets, when the data packet IDs of the data packets obtained by the message receiving host are not in the continuous state, it is indicated that a certain data packet of the message is not successfully sent, and a missing record is generated in an internal public network if the message has the missing, and the internal public network sends the missing record to an operation and maintenance person in a message prompt manner for processing. And when the message omission exists, the message transmission of the message outgoing host is not interrupted, and the transmission of other messages is continued.
In this embodiment of the present invention, before encrypting a message to be sent, the method further includes: and performing sensitive vocabulary filtering on the content of the message to be sent based on the sensitive word bank. Sensitive word banks can be maintained by system administrators and message approvers of all departments.
After sensitive vocabulary filtering and before encrypting, the method further comprises the following steps: and adding the message to be sent to the task list to be examined, inquiring the message to be sent through the task list to be examined and approved, and sending the message only after the examination and approval is passed.
In the embodiment of the invention, after the message is sent to the external network, the operator server of the external network sends the message to the receiver, and meanwhile, when the operator server sends the message to the receiver, the message failed to send is recorded, and then the message failed to send is fed back to the internal public network, so that the message sender is reminded that the message fails to send, and a message closed loop is formed between the internal public network and the external network.
In the embodiment of the invention, when any one set of one-way message transmission equipment in the one-way message transmission system fails, the one-way message transmission equipment is responsible for transmitting the message to other one-way message transmission equipment and transmitting the message by other one-way message transmission equipment. That is, in the cluster mode, each message is automatically distributed to a single one-way message transmission device through load balancing, the zone bit of the one-way message transmission device is recorded, it is ensured that all packets after the message packetization are sent from the same one-way message transmission device, and when a fault occurs in the one-way message transmission device, the message to be sent by the one-way message transmission device is automatically transferred to other one-way message transmission devices for sending.
Setting a comprehensive service platform in an encryption intranet, enabling enterprises or government workers to access the comprehensive service platform through the encryption intranet, submitting various daily office process applications, automatically generating message contents by the comprehensive service platform according to a pre-configured message template in combination with a process approval rule, calling a message platform interface, adding the message contents to a message queue in a message platform database, and queuing and sending messages by the system according to a first-in first-out principle.
Meanwhile, a message platform is also deployed in the encryption intranet, the message platform is designed by adopting a B/S (browser/Server) architecture, and enterprises or government workers can directly use a browser to access the message platform. The message platform is mainly used for receiving messages to be sent, auditing the messages, managing sensitive words, monitoring the message sending state, exchanging two-dimensional code data and counting reports, and also provides a message group sending function. The statistical form provides the statistics of the message sending number according to the departments or units, namely the statistics of the message number according to the month, the quarter and the year, thereby realizing the function of checking the message sending number in the appointed time period of each unit or department.
The internal public network environment is provided with a message interface service, and the message interface service is mainly used for receiving message contents transmitted by the message platform through the two-dimensional code, calling the operator server to send messages and feeding back the sending results to the message platform.
In the whole message transmission process, a message outgoing host can read a message to be sent from a database at regular time, the message can be subjected to sub-packet processing after being compressed/encrypted and compiled, and then each packet is analyzed into two-dimensional codes and is sequentially put on a display. The camera equipment can scan the display in real time, the two-dimensional code is converted into encrypted information, and the information is packaged/decrypted/decompressed to obtain actually required information.
The one-way message transmission system can be flexibly deployed without changing the existing network architecture, and simultaneously solves the problem of insufficient real-time performance when information is transmitted in other modes. The system parameters such as the timing task and the like can be automatically configured to take effect in real time, and the controllability of the whole cluster is greatly improved. The system can realize the automation of the whole message transmission process by controlling hardware through software, does not need manual intervention, reduces the labor intensity of workers for transmitting information, has timeliness for information transmission, and can improve the office efficiency. The high-precision algorithm is used, the recognition rate of the two-dimensional code is close to 100%, and in the long run, the system can realize message transmission without changing the network architecture of physical isolation of the internal network and the external network, is very suitable for being used by organizations with encrypted internal networks, such as governments, enterprises and the like, and can enable the office to be more intelligent and convenient.
The one-way message transmission system of the embodiment of the invention is different from the two-way transmission of the information of the internal network and the external network to ensure that the received message feedback receipt, and the message in the system can be transmitted to the external network only from the internal network related to the secret, thereby avoiding the possibility that all external networks attack the internal network related to the secret and avoiding bringing about serious consequences; the optimized message receiving strategy is adopted to ensure the final consistency of message transmission, namely, no information is missed or lost after the whole information flow is finished; sensitive word filtering can ensure that secret-related sensitive information cannot flow out, and serious consequences are avoided; the system can adopt cluster deployment, has good expansibility, and can improve the message transmission rate by adding equipment.
Referring to fig. 2, a one-way message transmission method suitable for a physical isolation environment according to an embodiment of the present invention is implemented based on the one-way message transmission system, and specifically includes the following steps:
s1: and generating a message to be sent, and performing sensitive word filtering and safety approval on the generated message to be sent. Specifically, a message sender can log in a comprehensive service platform of an encrypted intranet through a browser to generate a message to be sent, and sensitive word filtering and safety approval of the message to be sent are carried out in the message platform. And the message after passing the approval enters a message queue to wait for sending.
S2: encrypting the message, and generating a two-dimensional code based on the encrypted message;
s3: displaying the generated two-dimensional code, and setting the display updating frequency of the two-dimensional code; and encrypting the message and generating the two-dimension code in the message platform.
S4: identifying and analyzing the displayed two-dimensional code to obtain a message, and sending the obtained message to a message receiver; and analyzing the two-dimension code in the message interface service to obtain a message, and then sending the obtained message to a message receiver by the operator server.
S5: and judging whether the message receiver receives the message, if so, ending the process, and if not, feeding back the message sending failure information to the message sender. The operator server judges whether the message receiver receives the message, and feeds back the message sending failure information to the message sender when the message sending fails.
The above description is merely exemplary of the present application and is presented to enable those skilled in the art to understand and practice the present application. Various modifications to these embodiments will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other embodiments without departing from the spirit or scope of the application. Thus, the present application is not intended to be limited to the embodiments shown herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Claims (10)
1. A one-way messaging system adapted for use in a physically isolated environment, comprising at least one set of one-way messaging devices, the one-way messaging devices comprising:
the message transmitting host is arranged in the encrypted intranet and used for encrypting a message to be sent and generating a two-dimensional code, and the display is used for displaying the two-dimensional code generated by the message transmitting host;
the information receiving host is used for analyzing the two-dimension code identified by the camera shooting equipment to obtain information, and decrypting the obtained information and then sending the decrypted information to the external network.
2. A one-way messaging system suitable for use in a physically isolated environment, as claimed in claim 1, wherein:
the message comprises a service platform reminding message and a mass-sending notification message;
the service platform reminding message is an examination and approval reminding message sent to an approver aiming at the matters needing examination and approval in daily office affairs;
the group sending notification message is a message notification sent to the participants aiming at the temporary meeting.
3. A one-way messaging system suitable for use in a physically isolated environment, as claimed in claim 2, wherein: and forming a receiver of the mass texting notification message by taking a department as a unit or creating a group mode, and sending the mass texting notification message.
4. A one-way messaging system suitable for use in a physically isolated environment, as claimed in claim 1, wherein:
when the length of the encrypted data content message of the message to be sent exceeds a set length, splitting the total data content message of a single message to obtain a plurality of subdata content messages, sequentially packaging the obtained subdata content messages to form a plurality of continuous data packets, and generating a two-dimensional code for each data packet;
the data packet comprises a packet head and a packet body, wherein the packet head comprises a data packet ID field, a total length field, a current length field, a starting position field and an end character field;
the total length field is used for representing the total length of a total data content message corresponding to a current data packet, the current length field is used for representing the length of the current data packet, the starting position field is used for representing the starting position of the current data packet in the total data content message, the end character field is used for representing whether a data packet exists behind the current data packet, and the packet body is a sub-data content message corresponding to the current data packet.
5. A one-way messaging system suitable for use in a physically isolated environment, as claimed in claim 4, wherein:
when the message receiving host analyzes the two-dimensional code and the obtained message is a data packet after being packaged, unpacking the data packet, wherein the specific process of the unpacking operation is as follows:
creating a plurality of buffers, wherein the size of each created buffer can be dynamically adjusted;
storing the data packets in buffer areas, wherein one data packet corresponds to one buffer area;
when the length of the data stored in the buffer area is equal to the packet header length of the data packet and the data length of the non-packet header data stored in the buffer area is equal to the data length of the packet body, unpacking the data packet to obtain a sub-data content message corresponding to the data packet, and decrypting the obtained sub-data content message.
6. A one-way messaging system adapted for use in a physically isolated environment, as claimed in claim 5, wherein: and when the data packet IDs of the data packets obtained by the message receiving host are not in the continuous state, generating prompt information.
7. A one-way messaging system adapted for use in a physically isolated environment, according to claim 1,
before encrypting, the method further includes: performing sensitive vocabulary filtering on the content of the message to be sent based on the sensitive word bank;
after sensitive vocabulary filtering and before encrypting, the method further comprises the following steps: and adding the message to be sent to the task list to be examined, inquiring the message to be sent through the task list to be examined and approved, and examining and approving the message to be sent.
8. The one-way message transmission system for physical isolation environment of claim 1, wherein after the message is transmitted to the external network, the message is transmitted to the recipient by an operator server of the external network, and a message of transmission failure is recorded when the operator server transmits the message to the recipient.
9. A one-way messaging system adapted for use in a physically isolated environment, as claimed in claim 1, wherein when any one of the one-way messaging devices in the one-way messaging system fails, the one-way messaging device is responsible for forwarding the message to the other one-way messaging devices for transmission by the other one-way messaging devices.
10. A one-way message transmission method suitable for a physical isolation environment, based on the one-way message transmission system of claim 1, characterized by comprising the following steps:
generating a message to be sent, and performing sensitive word filtering and safety approval on the generated message to be sent;
encrypting the message, and generating a two-dimensional code based on the encrypted message;
displaying the generated two-dimensional code, and setting the display updating frequency of the two-dimensional code;
identifying and analyzing the displayed two-dimensional code to obtain a message, and sending the obtained message to a message receiver;
and judging whether the message receiver receives the message, if so, ending the process, and if not, feeding back the message sending failure information to the message sender.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110449471.0A CN113194081A (en) | 2021-04-25 | 2021-04-25 | One-way message transmission system and method suitable for physical isolation environment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110449471.0A CN113194081A (en) | 2021-04-25 | 2021-04-25 | One-way message transmission system and method suitable for physical isolation environment |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113194081A true CN113194081A (en) | 2021-07-30 |
Family
ID=76978872
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110449471.0A Pending CN113194081A (en) | 2021-04-25 | 2021-04-25 | One-way message transmission system and method suitable for physical isolation environment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113194081A (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124867A (en) * | 2021-11-18 | 2022-03-01 | 大连九锁网络有限公司 | Group-sending instant message transmission method under two-layer and three-layer hybrid network structure |
| CN116782165A (en) * | 2023-08-18 | 2023-09-19 | 中安网脉(北京)技术股份有限公司 | System and method for transmitting cross-network short message |
| CN117596084A (en) * | 2024-01-19 | 2024-02-23 | 天津航天机电设备研究所 | Software continuous integration system and method for network information security |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7702107B1 (en) * | 2005-07-27 | 2010-04-20 | Messing John H | Server-based encrypted messaging method and apparatus |
| CN102983938A (en) * | 2012-11-13 | 2013-03-20 | 中国人民解放军72671部队 | No-feedback one-way data transmission method and device based on quick response (QR) codes |
| CN105554714A (en) * | 2015-04-13 | 2016-05-04 | 三峡大学 | Secret-involved internal network secure short message gateway based on two-dimensional code |
| CN206023836U (en) * | 2016-05-17 | 2017-03-15 | 江苏飞搏软件股份有限公司 | Data transmission system towards physical isolation network |
| CN109254955A (en) * | 2018-09-27 | 2019-01-22 | 贵州华云创谷科技有限公司 | Unidirectional file is ferried method and system between a kind of separation net based on two dimensional code |
| CN110896401A (en) * | 2019-12-05 | 2020-03-20 | 湖北信安通科技有限责任公司 | Two-dimensional code-based unidirectional data stream transmission system and method between isolated networks |
| CN112383587A (en) * | 2020-10-20 | 2021-02-19 | 珠海市大悦科技有限公司 | Data transmission method and data transmission system between networks |
-
2021
- 2021-04-25 CN CN202110449471.0A patent/CN113194081A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US7702107B1 (en) * | 2005-07-27 | 2010-04-20 | Messing John H | Server-based encrypted messaging method and apparatus |
| CN102983938A (en) * | 2012-11-13 | 2013-03-20 | 中国人民解放军72671部队 | No-feedback one-way data transmission method and device based on quick response (QR) codes |
| CN105554714A (en) * | 2015-04-13 | 2016-05-04 | 三峡大学 | Secret-involved internal network secure short message gateway based on two-dimensional code |
| CN206023836U (en) * | 2016-05-17 | 2017-03-15 | 江苏飞搏软件股份有限公司 | Data transmission system towards physical isolation network |
| CN109254955A (en) * | 2018-09-27 | 2019-01-22 | 贵州华云创谷科技有限公司 | Unidirectional file is ferried method and system between a kind of separation net based on two dimensional code |
| CN110896401A (en) * | 2019-12-05 | 2020-03-20 | 湖北信安通科技有限责任公司 | Two-dimensional code-based unidirectional data stream transmission system and method between isolated networks |
| CN112383587A (en) * | 2020-10-20 | 2021-02-19 | 珠海市大悦科技有限公司 | Data transmission method and data transmission system between networks |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114124867A (en) * | 2021-11-18 | 2022-03-01 | 大连九锁网络有限公司 | Group-sending instant message transmission method under two-layer and three-layer hybrid network structure |
| CN116782165A (en) * | 2023-08-18 | 2023-09-19 | 中安网脉(北京)技术股份有限公司 | System and method for transmitting cross-network short message |
| CN116782165B (en) * | 2023-08-18 | 2023-12-05 | 中安网脉(北京)技术股份有限公司 | System and method for transmitting cross-network short message |
| CN117596084A (en) * | 2024-01-19 | 2024-02-23 | 天津航天机电设备研究所 | Software continuous integration system and method for network information security |
| CN117596084B (en) * | 2024-01-19 | 2024-04-16 | 天津航天机电设备研究所 | Software continuous integration system and method for network information security |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113194081A (en) | One-way message transmission system and method suitable for physical isolation environment | |
| US8972512B2 (en) | Message delivery systems and methods | |
| US6940870B2 (en) | System and method for communicating data | |
| US7095829B2 (en) | Data message mirroring and redirection | |
| USRE45348E1 (en) | Method and apparatus for intercepting events in a communication system | |
| CN106209606B (en) | A kind of method, terminal and system for using WEB mail safely | |
| KR20060095946A (en) | Data message mirroring and redirection | |
| WO2020186672A1 (en) | Blockchain-based mail transmission and reception system | |
| CN103530932B (en) | A kind of system and method for the true and false of real-time verification invoice | |
| JPH0946330A (en) | Electronic mail ciphering device and electronic mail transferring device | |
| CN101667999B (en) | Method and system for transmitting peer-to-peer broadcast stream, data signature device and client | |
| CN111510474A (en) | Data transmission method based on message middleware and related equipment | |
| CN104202736A (en) | Mobile terminal short message end-to-end encryption method oriented to Android system | |
| CN109450777A (en) | Session information extracting method, device, equipment and medium | |
| CN102984120A (en) | Instant communication method and system for achieving file safe transfer | |
| CN107579903A (en) | A kind of image information safe transmission method and system based on mobile device | |
| CN111711689B (en) | Method, system, equipment and storage medium for live image-text of consultation system | |
| JP3420002B2 (en) | Communication audit device and communication audit method | |
| CN103685137A (en) | Method for preventing instant chat tool information from being stolen based on encryption | |
| CN106131091B (en) | One kind being based on STARTTLS/SSL/TLS mail protocol Mail Contents also original system and content reduction method | |
| CN113991870B (en) | Push system and method for warning information of external network in electric power enterprise | |
| CN113407931A (en) | Password management method and device and input terminal | |
| CN105099896A (en) | Mail transmission method and equipment used for mail transmission | |
| Sánchez et al. | Security Enhancement through Effective Encrypted Communication using ELK | |
| JP2005326933A (en) | Electronic mail transmission/reception method and electronic mail transmission/reception system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20210730 |