CN113542240A - One-way transmission system and method for physical isolation data of mechanical NOT gate - Google Patents
One-way transmission system and method for physical isolation data of mechanical NOT gate Download PDFInfo
- Publication number
- CN113542240A CN113542240A CN202110734794.4A CN202110734794A CN113542240A CN 113542240 A CN113542240 A CN 113542240A CN 202110734794 A CN202110734794 A CN 202110734794A CN 113542240 A CN113542240 A CN 113542240A
- Authority
- CN
- China
- Prior art keywords
- optical
- gate
- signal
- ferry
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000002955 isolation Methods 0.000 title claims abstract description 81
- 230000005540 biological transmission Effects 0.000 title claims abstract description 79
- 238000000034 method Methods 0.000 title claims abstract description 16
- 230000003287 optical effect Effects 0.000 claims abstract description 173
- 238000006243 chemical reaction Methods 0.000 claims description 15
- 241000700605 Viruses Species 0.000 claims description 4
- 239000000126 substance Substances 0.000 claims description 2
- 230000011664 signaling Effects 0.000 claims 1
- 238000004891 communication Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 2
- 230000002457 bidirectional effect Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000002427 irreversible effect Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000007847 structural defect Effects 0.000 description 1
- 230000001360 synchronised effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/12—Details relating to cryptographic hardware or logic circuitry
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Optical Communication System (AREA)
Abstract
The embodiment of the invention provides a one-way transmission system and a one-way transmission method for physical isolation data of a mechanical NOT gate; the method comprises the following steps: the system comprises a sending end, a ferry end, a receiving end and an isolating device; the sending end receives data sent by first network equipment and then transmits the data to the ferry end; after the data transmission of the sending end is finished, the ferrying end controls the first light gate to be closed, meanwhile, the second light gate is opened, and a one-way light channel between the ferrying equipment and the receiver is automatically communicated; the ferrying end transmits data to the receiving end; after the data transmission is finished, the ferrying end controls the second optical gate to be closed, and meanwhile, the first optical gate is opened; and the receiving end sends the received data to the second network equipment. The invention can realize the mechanical non-door physical isolation of the internal network and the external network, ensure the safety of the internal network information in the high-safety industry, automatically operate each component, do not need manual intervention and save manpower.
Description
Technical Field
Embodiments of the present invention relate generally to the field of information transfer technology, and more particularly, to a system and method for unidirectional transfer of mechanically non-gated physically isolated data.
Background
The rapid development of information communication technology and internet technology changes our lives and working modes, improves our working efficiency, but also brings many security problems, such as network information leakage and viruses. These problems seriously threaten the information security of each enterprise and public institution. The traditional information security protection technology only detects and controls data transmission at a software layer and cannot meet the requirement of physical isolation between a secret-related network and an external insecure network.
The physical isolation means that the internal network cannot be directly or indirectly connected with the public network to avoid the attack of hackers from the external network on the internal network information, so that a clear security boundary is defined for the internal network, the management is convenient, the controllability is stronger, and the data communication between the two physically isolated networks is more reliable and safer by adopting a one-way transmission communication mode.
In actual work, data output between network information systems is in need, and the unidirectional optical gate has the following risks in the scene: the optical gate sending end must actively send a bottom layer synchronous frame and an upper layer heartbeat packet to become a carrier for constructing a time-type covert channel for coding and transmitting sensitive information; the risk of information leakage due to passive escape cannot trust that the inner end of the optical gate can logically identify and filter all the data packets which are transmitted in a concealed mode based on a security policy (otherwise, the one-way optical gate does not need to exist per se). These passively escaped packets may themselves be highly sensitive information; the risk of the safety bypass of the structural defect is that the inner terminal of the one-way optical gate can reach the intranet, and an attacker can possibly destroy the safety strategy of the inner terminal to cause the safety protection mechanism to be bypassed.
Disclosure of Invention
According to the embodiment of the invention, the system and the method for one-way transmission of the physical isolation data of the mechanical NOT gate are provided, and through the logical control of the mechanical action of the ferry end, the defects that the transmission of the data between two physically isolated networks is manual operation, so that the time and the labor are consumed, the efficiency is low, the frequent operation of personnel is required, and the reliability is low are overcome, so that the automatic operation of each part is realized, the manual intervention is not needed, and the labor is saved.
In a first aspect of the present invention, there is provided a mechanical not-door physical isolation data unidirectional transmission system, comprising: a sending end 200, a ferry end 300, a receiving end 400 and an isolating device; wherein the content of the first and second substances,
the sending end 200 receives an electrical signal sent by a first network device, and after the electrical signal is converted into an optical signal by an electro-optical conversion module, the optical signal is forwarded to the ferry end 300 by a sender;
the ferry terminal 300 receives the optical signal sent by the sending terminal 200, converts the optical signal into an electrical signal through the electro-optical conversion module, controls the isolation device to be turned on and off, converts the electrical signal into an optical signal through the electro-optical conversion module, and forwards the optical signal to the receiving terminal 400;
in the receiving end 400, the receiver 410 receives the optical signal sent by the ferry end 300, and after the optical signal is converted into an electrical signal by the electro-optical conversion module, the transmitter forwards the electrical signal to the second network device;
the isolation device is provided with a first optical gate 110 and a second optical gate 120 with an opening and closing relationship of 'NOT'; the first optical gate 110 is disposed on the transmission path of the transmitting end 200 and the ferry end 300; the second optical gate 120 is disposed on the transmission path between the ferry end 300 and the receiving end 400.
Further, data transmission is performed between the sending end 200 and the ferry end 300 through an optical channel, where the optical channel is a bidirectional optical channel, and is used to detect whether the first optical gate 110 is in an open state before data transmission, when the first optical gate 110 is in a closed state, the sending end 200 suspends data transmission, and when the first optical gate 110 is in an open state, data is transmitted to the ferry end 300, so as to complete data transmission; data transmission is performed between the ferry end 300 and the receiving end 400 through a unidirectional optical channel.
Further, the ferry end 300 is provided with a ferry device 310 and an isolation controller 320;
the ferrying device 310 comprises an electro-optical conversion module and a unidirectional laser transmitter, and is configured to receive an optical signal sent by a sending end 200, send the optical signal to the receiving end 400, and send a control instruction electrical signal to the isolation controller 320; the isolation controller 320 receives the control command electrical signal and controls the first optical gate 110 and the second optical gate 120 to open and close through an included not gate driving circuit 330.
Further, the controlling the first optical gate 110 and the second optical gate 120 by the not gate driving circuit 330 after the isolation controller 320 receives the control command electrical signal includes: when the control command is a high level signal, after passing through the not gate driving circuit 330, the signal received by the first optical gate 110 is a low level signal and is turned on, and the signal received by the second optical gate 120 is a high level signal and is turned off; when the control command is a low level signal, after passing through the not gate driving circuit 330, the signal received by the first optical gate 110 is a high level signal and is turned off, and the signal received by the second optical gate 120 is a low level signal and is turned on. This relation can prevent effectively that when having the condition of continuous task, ferry device and receiver are still when connected state, and first light door and second light door are all opened, cause the risk of intranet and extranet intercommunication, further promote data transmission's security.
Further, the ferry device 310 is an electronic disk with a storage function, or a computing device with virus killing, content format checking, and the like.
In a second aspect of the invention, a method for unidirectional transmission of physically isolated data of a mechanical inverter is provided. The method comprises the following steps:
the sending end 200 receives data sent by a first network device and then transmits the data to the ferry end 300; after the data transmission of the sending end 200 is completed, the ferrying end 300 controls the first optical gate 110 to close, the optical channels of the sender 210 and the ferrying device 310 are automatically disconnected, meanwhile, the second optical gate 120 is opened, and the unidirectional optical channel between the ferrying device 310 and the receiver 410 is automatically connected; the ferry end 300 transmits data to the receiving end 400;
after the data transmission is finished, the ferrying end 300 controls the second optical gate 120 to close, and at the same time, the first optical gate 110 is opened;
the receiving end 400 sends the received data to the second network device.
Further, the first network device sends a data transmission application to the sending end 200, and after receiving feedback information of receiving the application, which is fed back by the sending end 200, sends data to the sending end 200.
Further, the controlling the opening and closing of the first and second lightgates 110 and 120 by the ferry end 300 further includes:
after the isolation controller 320 receives the high-level electrical signal and passes through the not gate driving circuit 330, the signal received by the first optical gate 110 is a low-level signal and is turned on, and the signal received by the second optical gate 120 is a high-level signal and is turned off; after the isolation controller 320 receives the low-level electrical signal and passes through the not gate driving circuit 330, the signal received by the first optical gate 110 is a high-level signal and is turned off, and the signal received by the second optical gate 120 is a low-level signal and is turned on. This relation can prevent effectively that when having the condition of continuous task, ferry device and receiver are still when connected state, and first light door and second light door are all opened, cause the risk of intranet and extranet intercommunication, further promote data transmission's security.
According to the unidirectional transmission system and method for the mechanical NOT gate physical isolation data, provided by the invention, the mechanical NOT gate physical isolation of an internal network and an external network is realized through the isolation device, the isolation device is controlled through the ferry-ferry, and a unidirectional optical channel is arranged between the ferry-ferry device and the receiver for unidirectional transmission of data, so that unidirectional safe transmission of data from only a first network device to a second network device is realized, the safety of intranet information in high-safety industry can be ensured, a clear safety boundary is defined, the management is convenient, and the controllability is stronger.
It should be understood that the statements herein reciting aspects are not intended to limit the critical or essential features of any embodiment of the invention, nor are they intended to limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of various embodiments of the present invention will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, like or similar reference characters designate like or similar elements, and wherein:
FIG. 1 shows a connection schematic of a mechanical NOT gate physically isolated data unidirectional transmission system according to an embodiment of the invention;
FIG. 2 illustrates a logical schematic diagram of a NOT gate drive circuit of a mechanical NOT gate physically isolated data unidirectional transmission system according to an embodiment of the invention;
fig. 3 shows a flow chart of a method for unidirectional transmission of mechanical not gate physical isolation data according to an embodiment of the invention.
Wherein, the correspondence between the reference numbers and the component names in fig. 1 to 3 is:
110 a first optical gate, 120 a second optical gate, 130 a first isolation plate, 140 a second isolation plate, 200 a transmitting end, 210 a transmitter, 300 a ferry end, 310 a ferry device, 320 an isolation controller, 330 a not gate drive circuit, 400 a receiving end, and 410 a receiver.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
Example 1
A mechanical not-door physical isolation data unidirectional transmission system of the present embodiment is described below with reference to fig. 1 and 2, and includes: the device comprises a sending end 200, a ferry end 300, a receiving end 400 and an isolating device.
The sending end 200 receives an electrical signal sent by a first network device, and after the electrical signal is converted into an optical signal by the electro-optical conversion module, the optical signal is forwarded to the ferry end 300 by the sender;
the ferry terminal 300 receives an optical signal sent by the sending terminal 200, converts the optical signal into an electrical signal through the electro-optical conversion module, controls the isolation device to be turned on and off, converts the electrical signal into an optical signal through the electro-optical conversion module, and forwards the optical signal to the receiving terminal 400;
in the receiving end 400, the receiver 410 receives the optical signal sent by the ferry end 300, and after the optical signal is converted into an electrical signal by the electro-optical conversion module, the transmitter forwards the electrical signal to the second network device;
the isolation device is provided with a first optical gate 110 and a second optical gate 120 with an opening and closing relationship of 'not'; the first optical gate 110 is disposed on the transmission path between the transmitting end 200 and the ferry end 300 for physical isolation of the optical signal, and the second optical gate 120 is disposed on the transmission path between the ferry end 300 and the receiving end 400 for physical isolation of the optical signal.
In this embodiment, the first network may be an intranet and the second network may be an extranet.
In this embodiment, data transmission is performed between the sending end 200 and the ferry end 300 through an optical channel, where the optical channel is a bidirectional optical channel, and is used to detect whether the first optical gate 110 is in an open state before data transmission, when the first optical gate 110 is in a closed state, the sending end 200 suspends data transmission, and when the first optical gate 110 is in an open state, data is transmitted to the ferry end 300, so as to complete data transmission; data transmission is performed between the ferry end 300 and the receiving end 400 through a unidirectional optical channel, and the optical signal has unidirectional transmission and irreversible characteristics, so that complete unidirectional transmission of data can be ensured.
In this embodiment, the ferry end 300 is provided with a ferry device 310, an isolation controller 320, and a not gate drive circuit 330;
the ferrying equipment 310 comprises an electro-optical conversion module and a one-way laser transmitter; for receiving the optical signal sent by the sending end 200 and sending the optical signal to the receiving end 400; ferry device 310 is further configured to send a control command electrical signal to isolation controller 320; the isolation controller 320 receives the control command electrical signal and controls the first optical gate 110 and the second optical gate 120 to open and close through an included not gate driving circuit 330.
The isolation controller 320, after receiving the control command electrical signal, controls the first optical gate 110 and the second optical gate 120 through the not gate driving circuit 330, including: when the control command is a high level signal, after passing through the not gate driving circuit 330, the signal received by the first optical gate 110 is a low level signal and is turned on, and the signal received by the second optical gate 120 is a high level signal and is turned off; when the control command is a low level signal, after passing through the not gate driving circuit 330, the signal received by the first optical gate 110 is a high level signal and is turned off, and the signal received by the second optical gate 120 is a low level signal and is turned on. This relation can prevent effectively that when having the condition of continuous task, ferry device and receiver are still when connected state, and first light door and second light door are all opened, cause the risk of intranet and extranet intercommunication, further promote data transmission's security.
In this embodiment, the ferry device 310 may be an electronic disk with a storage function, or may be a computing device with functions of virus killing, content format checking, and the like.
In this embodiment, the isolation device is further provided with a first isolation plate 130 and a second isolation plate 140, the first isolation plate 130 isolates the sending end 200 and the ferry end 300, a round hole is formed in a transmission path between the first isolation plate 130 and the ferry device 310, the first isolation plate 130 corresponds to the round hole, and the first optical door 110 is arranged on one side of the ferry end 300 of the first isolation plate 130, which corresponds to the round hole, so that when the first optical door 110 is opened, the sending machine 210 communicates with the ferry device 310, and the sending machine 210 and the ferry device 310 are in a data transmission state; the second isolation plate 140 isolates the ferry end 300 from the receiving end 400, a round hole is formed in the transmission path of the second isolation plate 140 corresponding to the ferry device 310 and the receiver 410, and the second optical door 120 is arranged on one side of the second isolation plate 140 corresponding to the ferry end 300 of the round hole, so that when the second optical door 120 is opened, the ferry device 310 is communicated with the receiver 410, and the ferry device 310 and the receiver 410 are in a data transmission state. The first and second photogates 110 and 120 have a "not" relationship by the control of the not gate driving circuit 330, that is, the first photogate 110 is opened and the second photogate 120 is necessarily closed; the first light gate 110 is closed and the second light gate 120 is necessarily opened. In a normal state, the second optical gate 120 is closed, the circular hole is shielded by the second optical gate 120, and the transmitter 210 and the ferry device 310 are in a physical isolation state from the receiver 410.
In this embodiment, the isolation device is further provided with a first and a second lightgate driving motors, which are connected to the isolation controller 320 to drive the first and the second lightgates 110 and 120, respectively.
In this embodiment, since only one control signal is sent by the isolation controller 320 at the same time, the signals received by the first and second photogates 110 and 120 at the same time are opposite after passing through the not gate driving circuit 330. Therefore, when the ferry end 300 and the receiving end 400 receive a transmission task, the isolation controller 320 sends a low level signal, the first optical gate 110 is closed after receiving the high level signal through the not gate driving circuit 330, and the second optical gate 120 is opened after receiving the low level signal through the not gate driving circuit 330, at this time, the transmitting end 200 and the ferry end 300 are in a disconnected state, and the ferry end 300 and the receiving end 400 are in a connected state; when the transmission task of the ferry end 300 and the receiving end 400 is completed, the isolation controller 320 sends out a high level signal, the first optical gate 110 is opened after receiving the low level signal through the not gate driving circuit 330, the second optical gate 120 is closed after receiving the high level signal through the not gate driving circuit 330, the sending end 200 and the ferry end 300 are in a connected state, and the ferry end 300 and the receiving end 400 are in a disconnected state to receive the next data transmission;
in the embodiment, the isolation device is arranged to realize physical isolation of the mechanical NOT gate, so that the safety of data transmission is further improved. In a normal state, the second optical gate 120 is closed, the first optical gate 110 is opened, the transmitter 210, the ferry device 310 and the receiver 410 are in a physical isolation state, and in a data transmission state, the sequence of actions of the first optical gate 110 and the second optical gate 120 is as follows: and data transmission, namely closing the first optical door 110, opening the second optical door 120, performing data transmission, closing the second optical door 120, opening the first optical door 110, and performing data transmission in a normal state. The data transmission is carried out by connecting the transmitter 210 and the receiver 310 through the ferry device 310 at the same time, and the ferry device 310 is connected with the receiver 410 through a one-way optical channel, so that the internal network and the external network of the system are in a physical isolation state at any time, and the one-way safe transmission of data is ensured. The isolation controller 320 controls the first optical gate 110 and the second optical gate 120 to realize the automatic opening and closing of the first optical gate 110 and the second optical gate 120, so that the labor is saved.
In this embodiment, in the mechanical non-portal physical isolation data unidirectional transmission system, the isolation device is configured to maintain physical isolation between the first network device and the second network device at any time, so as to define a clear security boundary, further ensure the security of data transmission, and prevent the first network device serving as a data sender from being attacked by an external network. The mechanical NOT gate is physically isolated, so that management is facilitated, controllability is higher, and a one-way transmission communication mode is more reliable and safer.
Example 2
This embodiment provides a method for unidirectional data transmission by using physical isolation of a mechanical not gate in the system of embodiment 1, as shown in fig. 3, including the following steps:
s1, the first network device sends a data transmission application to the sender 210, and after the sender 210 receives the application and feeds back feedback information of receiving the application to the first network device, the first network device sends the data to the sender 210.
S2, the first light gate 110 is normally in an open state, and correspondingly the second light gate 120 is in a closed state, and the light channels of the transmitter 210 and the ferry device 310 are in a communication state; transmitter 210 transmits the data to ferry device 310.
In this embodiment, if the optical channels of the transmitter 210 and the ferry device 310 are not successfully connected, it can be determined that the first optical gate 110 is in the closed state and the corresponding second optical gate 120 is in the open state, and at this time, the ferry device 310 and the receiver 410 are in the connected state and have transmission tasks. The risk that the internal and external networks are communicated due to the fact that the first light door 110 is opened when the ferry device 310 and the receiver 410 are still in a connected state can be effectively prevented when continuous tasks exist, and the safety of data transmission is improved.
In this embodiment, the ferry device 310 sends an open command of the first optical gate 110 to the isolation controller 320, the isolation controller 320 controls the first optical gate driving motor through the not gate driving circuit 330 to drive the first optical gate 110 to open, and at the same time, the second optical gate driving motor drives the second optical gate 120 to close, the transmitter 210 is automatically communicated with the optical channel of the ferry device 310, and at this time, data is transmitted from the transmitter 210 to the ferry device 310.
S3, after the data transmission is completed, the ferry device 310 controls the first optical gate 110 to close, and at the same time, the second optical gate 120 is opened, the optical channels of the transmitter 210 and the ferry device 310 are automatically disconnected, and the unidirectional optical channel between the ferry device 310 and the receiver 410 is automatically connected.
In this embodiment, the first optical gate 110 and the second optical gate 120 controlled by the isolation controller 320 have a "not" relationship through the not gate driving circuit 330, that is, if the first optical gate 110 is opened, the second optical gate 120 is necessarily closed; on the contrary, if the first optical door 110 is closed, the second optical door 120 must be opened. When the first light gate 110 is closed, the light channel between the transmitter 210 and the ferry device 310 is disconnected and is in a physically isolated state.
S4, after the unidirectional optical channel between the ferry device 310 and the receiver 410 is automatically communicated, the ferry device 310 transmits data to the receiver 410;
in this embodiment, in the continuous task, the priority of data transmission is that after the ferry end 300 finishes sending data to the receiving end 400, the second optical gate 120 is closed, and at the same time, the first optical gate 110 is opened, so that the optical channel between the transmitter 210 and the ferry device 310 will be connected and the next data is sent.
S5, after the data transmission of the ferry device 310 is completed, a closing instruction of the second optical gate 120 is sent to the isolation controller 320, and the isolation controller 320 controls the second optical gate 120 to close, and at the same time, the first optical gate 110 is opened.
In this embodiment, the isolation controller 320 controls the first and second lightgate driving motors to drive the first and second lightgates 110 and 120 to open and close through the not-gate driving circuit 330.
S6, the receiver 410 sends the received data to the second network device.
In this embodiment, by disposing the first optical gate 110 on the first isolation board 130 and disposing the second optical gate 120 on the second isolation board 140, in a normal state, the second optical gate 120 is closed, the first optical gate 110 is opened, the transmitter 210, the ferry device 310 and the receiver 410 are in a physical isolation state, and in a data transmission state, after data transmission of the transmitter 210 is completed, the first optical gate 110 is closed, and the second optical gate 120 is opened. After the data transmission is finished, the second optical gate 120 is closed again, and the first optical gate 110 is opened, which is in a normal state. And the isolation controller 320 controls the first and second optical gates 110 and 120 to realize the automatic opening and closing of the first and second optical gates 110 and 120.
By the mechanical non-door physical isolation data one-way transmission method, physical isolation of the internal network and the external network is achieved, and safety of internal network information of high-safety industry is guaranteed. The defects that the transmission of data between two physically isolated networks is manually operated, time and labor are consumed, the efficiency is low, the frequent operation of personnel is needed, and the reliability is low are overcome through the logic control of each part.
It should be noted that, for simplicity of description, the above-mentioned method embodiments are described as a series of acts or combination of acts, but those skilled in the art will recognize that the present invention is not limited by the order of acts, as some steps may occur in other orders or concurrently in accordance with the invention. Further, those skilled in the art should also appreciate that the embodiments described in the specification are exemplary embodiments and that the acts and modules illustrated are not necessarily required to practice the invention.
In the description of the present application, the description of the terms "one embodiment," "some embodiments," etc. means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (8)
1. A one-way transmission system of mechanical not-door physical isolation data, comprising: the system comprises a sending end (200), a ferry end (300), a receiving end (400) and an isolating device; wherein the content of the first and second substances,
the sending end (200) receives an electric signal sent by first network equipment, the electric signal is converted into an optical signal through the electro-optical conversion module, and then the optical signal is forwarded to the ferry end (300) through the sender;
the ferrying end (300) receives the optical signal sent by the sending end (200), converts the optical signal into an electrical signal through the electro-optical conversion module, controls the isolation device to be turned on and off, converts the electrical signal into an optical signal through the electro-optical conversion module, and forwards the optical signal to the receiving end (400);
in the receiving end (400), the receiver (410) receives the optical signal sent by the ferry end (300), the electro-optical conversion module converts the optical signal into an electrical signal, and the transmitter forwards the electrical signal to second network equipment;
the isolation device is provided with a first optical gate (110) and a second optical gate (120) which have opening and closing relations of 'not'; the first optical gate (110) is arranged on the transmission paths of the transmitting end (200) and the ferry end (300); the second optical gate (120) is arranged on a transmission path between the ferry end (300) and the receiving end (400).
2. The system of claim 1, further comprising:
data transmission is carried out between the sending end (200) and the ferry end (300) through an optical channel; and data transmission is carried out between the ferrying end (300) and the receiving end (400) through a one-way optical channel.
3. The system of claim 1, wherein the ferry end (300) is provided with a ferry device (310), an isolation controller (320);
the ferry device (310) comprises an electro-optical conversion module and a one-way laser transmitter;
the unidirectional laser transmitter transmits an optical signal to the receiving end (400);
the ferry device (310) is further used for sending a control command electric signal to the isolation controller (320); and after receiving the control command electric signal, the isolation controller (320) controls the opening and closing of the first optical gate (110) and the second optical gate (120) through a NOT gate drive circuit (330) contained in the isolation controller.
4. The system of claim 1, wherein the isolation controller (320) receiving the control command electrical signal and controlling the first optical gate (110) and the second optical gate (120) through the not gate driving circuit (330) comprises: when the control command is a high level signal, after the control command passes through the not gate driving circuit (330), the signal received by the first optical gate (110) is a low level signal and is opened, and the signal received by the second optical gate (120) is a high level signal and is closed; when the control command is a low level signal, after the control command passes through the not gate driving circuit (330), the signal received by the first optical gate (110) is a high level signal and is closed, and the signal received by the second optical gate (120) is a low level signal and is opened.
5. The system according to claim 1, wherein the ferry device (310) is an electronic disk with a storage function or a computing device with a virus checking and killing function and a content format checking function.
6. A one-way transmission method of mechanical NOT gate physical isolation data based on the system of any one of claims 1 to 5, comprising:
the sending end (200) receives data sent by first network equipment and then transmits the data to the ferry end (300); after the data transmission of the sending end (200) is finished, the ferrying end (300) controls the first optical gate (110) to close, the optical channel between the sender (210) and the ferrying equipment (310) is automatically disconnected, meanwhile, the second optical gate (120) is opened, and the one-way optical channel between the ferrying equipment (310) and the receiver (410) is automatically connected; the ferry end (300) transmits data to the receiving end (400);
after the data transmission is finished, the ferrying end (300) controls the second optical gate (120) to be closed, and simultaneously, the first optical gate (110) is opened;
the receiving end (400) sends the received data to a second network device.
7. The method according to claim 6, wherein a first network device sends a data transmission request to the sending end (200), and after receiving feedback information of receiving the request fed back by the sending end (200), sends data to the sending end (200).
8. The method of claim 6, wherein the ferry end (300) controlling the opening and closing of the first and second lightgates (110, 120) further comprises:
after the isolation controller (320) receives a high-level electric signal and passes through the not gate driving circuit (330), a signal received by the first optical gate (110) is a low-level signal and is opened, and a signal received by the second optical gate (120) is a high-level signal and is closed; after the isolation controller (320) receives the low-level electric signal and passes through the not gate driving circuit (330), the signal received by the first optical gate (110) is a high-level signal and is closed, and the signal received by the second optical gate (120) is a low-level signal and is opened.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110734794.4A CN113542240B (en) | 2021-06-30 | 2021-06-30 | Mechanical NOT gate physical isolation data unidirectional transmission system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110734794.4A CN113542240B (en) | 2021-06-30 | 2021-06-30 | Mechanical NOT gate physical isolation data unidirectional transmission system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113542240A true CN113542240A (en) | 2021-10-22 |
| CN113542240B CN113542240B (en) | 2023-05-16 |
Family
ID=78097317
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110734794.4A Active CN113542240B (en) | 2021-06-30 | 2021-06-30 | Mechanical NOT gate physical isolation data unidirectional transmission system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113542240B (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114024753A (en) * | 2021-11-08 | 2022-02-08 | 中铁信安(北京)信息安全技术有限公司 | Data communication bidirectional ferry isolation device and method |
| CN114205159A (en) * | 2021-12-10 | 2022-03-18 | 北京睿云信安科技有限公司 | Cross-network optical rotary disc isolation ferrying machine and cross-network automatic data ferrying method |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2011041175A (en) * | 2009-08-18 | 2011-02-24 | Nippon Telegr & Teleph Corp <Ntt> | Optical transmission system, device and method |
| CN102938761A (en) * | 2012-10-22 | 2013-02-20 | 苏州互盟信息存储技术有限公司 | One-way data exchange device and method for physical isolation among networks at different security levels |
| CN103929417A (en) * | 2014-03-27 | 2014-07-16 | 中国科学院长春光学精密机械与物理研究所 | Security data interaction structure and method based on optical isolation technology |
| CN106761143A (en) * | 2016-12-29 | 2017-05-31 | 中铁信安(北京)信息安全技术有限公司 | A kind of data are unidirectionally ferried system and method |
| CN110474681A (en) * | 2019-07-15 | 2019-11-19 | 安徽继远软件有限公司 | A kind of across a network security isolation transmission and management system and its transmission method |
| CN112468496A (en) * | 2020-11-26 | 2021-03-09 | 中铁信安(北京)信息安全技术有限公司 | Double physical isolation data one-way transmission system and method |
-
2021
- 2021-06-30 CN CN202110734794.4A patent/CN113542240B/en active Active
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| JP2011041175A (en) * | 2009-08-18 | 2011-02-24 | Nippon Telegr & Teleph Corp <Ntt> | Optical transmission system, device and method |
| CN102938761A (en) * | 2012-10-22 | 2013-02-20 | 苏州互盟信息存储技术有限公司 | One-way data exchange device and method for physical isolation among networks at different security levels |
| CN103929417A (en) * | 2014-03-27 | 2014-07-16 | 中国科学院长春光学精密机械与物理研究所 | Security data interaction structure and method based on optical isolation technology |
| CN106761143A (en) * | 2016-12-29 | 2017-05-31 | 中铁信安(北京)信息安全技术有限公司 | A kind of data are unidirectionally ferried system and method |
| CN110474681A (en) * | 2019-07-15 | 2019-11-19 | 安徽继远软件有限公司 | A kind of across a network security isolation transmission and management system and its transmission method |
| CN112468496A (en) * | 2020-11-26 | 2021-03-09 | 中铁信安(北京)信息安全技术有限公司 | Double physical isolation data one-way transmission system and method |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114024753A (en) * | 2021-11-08 | 2022-02-08 | 中铁信安(北京)信息安全技术有限公司 | Data communication bidirectional ferry isolation device and method |
| CN114205159A (en) * | 2021-12-10 | 2022-03-18 | 北京睿云信安科技有限公司 | Cross-network optical rotary disc isolation ferrying machine and cross-network automatic data ferrying method |
| CN114205159B (en) * | 2021-12-10 | 2024-04-16 | 北京睿云信安科技有限公司 | Cross-network optical turntable isolation ferrying machine and cross-network automatic data ferrying method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113542240B (en) | 2023-05-16 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113542240B (en) | Mechanical NOT gate physical isolation data unidirectional transmission system and method | |
| CN112468496B (en) | Double physical isolation data one-way transmission system and method | |
| US6493752B1 (en) | Device and method for graphically displaying data movement in a secured network | |
| US20220345527A1 (en) | Linkage control system and method, storage medium, and electronic device | |
| KR20040038034A (en) | Alert transmission apparatus and method for policy-based intrusion detection & response | |
| CN108055244B (en) | SRIO interface technology-based network security isolation method for dual-processing system | |
| CN101984693A (en) | Monitoring method and monitoring device for access of terminal to local area network (LAN) | |
| CN102404158A (en) | Method, device and system for processing network failures | |
| CN215495024U (en) | One-way transmission system for physical isolation data of mechanical NOT gate | |
| CN113271301A (en) | Network gate system communication method based on embedded multi-core processing mode | |
| US11964582B2 (en) | System for diagnosing in-cable control box of electric vehicle and method for controlling the same | |
| CN213342277U (en) | Double physical isolation data one-way transmission system | |
| CN101136767A (en) | Assets safety management method, system and network element equipment of telecom network | |
| CN114710360B (en) | Audit-based inside-to-outside data security transmission method and system and electronic equipment | |
| CN101159713B (en) | Method, system and device of limiting instant communication application | |
| KR20180028742A (en) | 2-way communication apparatus capable of changing communication mode and method thereof | |
| KR100362643B1 (en) | Remote control apparatus based on web and method thereof | |
| EP1811731A1 (en) | Data amount monitoring control system of channels | |
| CN114006732A (en) | One-way transmission system and method for image transmission physical isolation data | |
| US11095649B2 (en) | Uni-directional and bi-directional cross-domain (secure exchange gateway) design | |
| EP0112221B1 (en) | Switching arrangement to select a modulator from two of these, and for connecting it to a transmitter | |
| CN105374175B (en) | Fiber cable cross connection box management system and method based on communications monitoring | |
| CN114407020B (en) | Mining robot methane locking control device and control method | |
| CN110303935A (en) | A method of charging pile working condition is managed based on independent additional communication network | |
| CN109555410A (en) | A kind of warehouse automatic door remote monitoring system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address | ||
| CP03 | Change of name, title or address |
Address after: Room 514, 5th Floor, Building 1, No. 138 Malianwa North Road, Haidian District, Beijing, 100193 Patentee after: ZHONGTIE XINAN (BEIJING) INFORMATION SECURITY TECHNOLOGY Co.,Ltd. Country or region after: China Address before: 100193 room 708-710, building 22, Shouti South Road, Haidian District, Beijing Patentee before: ZHONGTIE XINAN (BEIJING) INFORMATION SECURITY TECHNOLOGY Co.,Ltd. Country or region before: China |