CN113630388B - Unidirectional transmission method, unidirectional transmission device, computer equipment and readable storage medium - Google Patents
Unidirectional transmission method, unidirectional transmission device, computer equipment and readable storage medium Download PDFInfo
- Publication number
- CN113630388B CN113630388B CN202110828667.0A CN202110828667A CN113630388B CN 113630388 B CN113630388 B CN 113630388B CN 202110828667 A CN202110828667 A CN 202110828667A CN 113630388 B CN113630388 B CN 113630388B
- Authority
- CN
- China
- Prior art keywords
- data
- network
- transmission
- isolated
- optical fiber
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/08—Access security
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of network space security, in particular to a unidirectional transmission method, a unidirectional transmission device, computer equipment and a readable storage medium; the method includes receiving and storing data transmitted by an external network; unidirectionally transmitting data meeting a first preset condition to an isolated storage area through an optical fiber network; transmitting the data of the isolated storage area to an isolated host through a USB interface; the first preset condition includes that the received data meets a second preset condition or/and the received data meets a third preset condition. The invention utilizes the unidirectional propagation of the optical fiber network, avoids the situation of disclosure caused by simple interconnection when the network security is different, and simultaneously uses the USB interface to transmit data, thereby ensuring that the safety of the intranet network is not affected by dangerous data and ensuring the communication safety of the intranet more effectively.
Description
Technical Field
The invention relates to the technical field of network space security, in particular to a unidirectional transmission method, a unidirectional transmission device, computer equipment and a readable storage medium.
Background
In recent years, many industries both domestic and foreign begin to pay attention to the security problem of an intranet, such as a banking system, a tax system and the like, and an external network. Therefore, the unidirectional transmission mode is used in many occasions, and various methods ensure that data can only flow from the low-security-level network to the high-security-level network, and data in the high-security-level network cannot flow to the low-security-level network.
The network unidirectional transmission method is a quite common intranet protection method in the network security field, and unidirectional data flow can be realized through unidirectional data transmission, namely, a data sending end can only send data and cannot receive the data. By adopting the network unidirectional transmission method, the internal network can be ensured not to transmit sensitive data to the external network due to attack of hackers, thereby ensuring the network security of the internal network.
At present, a plurality of different unidirectional network transmission technologies exist, for example, some unidirectional transmission technologies are realized by arranging a firewall, and because the method shields the attack of an external network through software instead of a physical isolation mode, if a malicious attacker breaks the firewall, the internal network may be paralyzed. Some unidirectional transmission technologies logically isolate data by using a gatekeeper, but at this time, the intranet can still interact with the external network through the gatekeeper, which still has a risk of data leakage. The existing unidirectional network transmission technology only focuses on unidirectional flow of data, only focuses on privacy of high-security-level network data, and ignores security problems of data received by the high-security-level network. Besides, the existing unidirectional transmission technology often connects the network card with the router of the intranet, if a malicious attacker controls the router through a malicious program, the intranet may be paralyzed, in addition, some malicious attackers may affect the logic of the data isolation transmission system, and a backdoor is left for the subsequent transmission of malicious data, so that the safety of the traditional unidirectional network transmission technology still needs to be improved.
Disclosure of Invention
Based on the above, the invention provides a unidirectional transmission method, a unidirectional transmission device, a computer device and a readable storage medium, which are necessary to solve the problem that the security of an intranet is threatened due to incoming dangerous data in the current unidirectional isolation transmission method.
In a first aspect of the present invention, the present invention provides a unidirectional transmission method, including:
receiving and storing data transmitted by an external network;
unidirectionally transmitting data meeting a first preset condition to an isolated storage area through an optical fiber network;
transmitting the data of the isolated storage area to an isolated host through a USB interface;
the first preset condition includes that the received data meets a second preset condition or/and the received data meets a third preset condition.
Preferably, the present invention further sets a priority to the external network, receives and reads data of the corresponding external network according to the priority order, and stores the data of the corresponding external network according to the priority order.
Preferably, the received data meets a second preset condition, that is, the destination address of the received data is an isolated storage area; the received data satisfying a third preset condition is that the source address of the received data is a white list address.
Preferably, before the data meeting the first preset condition is unidirectionally transmitted to the isolated storage area through the optical fiber network, the method further includes:
processing the transmission process of the data according to the relation between the transmission data quantity of the external network and the residual bandwidth of the optical fiber transmission:
under the condition that the transmission data amount of the external network is higher than the residual bandwidth of the optical fiber transmission, temporarily storing the data transmitted by the external network, and waiting for the optical fiber to be idle; and/or waiting for data to be transmitted through the optical fiber after the number of the data packets reaches a first threshold value under the condition that the transmission data volume of the external network is lower than the residual bandwidth of the optical fiber transmission.
In a second aspect of the present invention, the present invention also provides a unidirectional transmission apparatus, comprising:
an external network receiving module: the method comprises the steps of receiving data transmitted by an external network;
the isolated data unidirectional transmission module is used for unidirectional transmission of data meeting a first preset condition to the isolated storage area through the optical fiber network;
and the isolated data output module is used for transmitting the data processed by the isolated data unidirectional transmission module to the isolated host through the USB interface.
Preferably, the unidirectional transmission device of the present invention further includes:
The non-isolated data unidirectional transmission module is used for unidirectional transmission of data which does not meet a first preset condition to a non-isolated storage area through an optical fiber network;
and the non-isolated data output module is used for sending the data processed by the non-isolated data unidirectional transmission module to the next network node.
Preferably, the unidirectional transmission apparatus further includes:
and the data transmission processing module is used for processing data transmitted by different external networks and adjusting the transmission and output time of the data.
Further, the data transmission processing module may further include:
processing the transmission process of the data according to the relation between the transmission data quantity of the external network and the residual bandwidth of the optical fiber transmission:
under the condition that the transmission data amount of the external network is higher than the residual bandwidth of the optical fiber transmission, temporarily storing the data transmitted by the external network, and waiting for the optical fiber to be idle; and/or waiting for data to be transmitted through the optical fiber after the number of the data packets reaches a first threshold value under the condition that the transmission data volume of the external network is lower than the residual bandwidth of the optical fiber transmission.
In a third aspect of the present invention, there is also provided a computer device comprising a processor, a memory and a program or instructions stored on the memory and executable on the processor, which when executed by the processor implements the steps of a unidirectional transmission method as described in the first aspect of the present invention.
In a fourth aspect of the present invention, there is also provided a readable storage medium having stored thereon a program or instructions which when executed by a processor implement the steps of a unidirectional transmission method as described in the first aspect of the present invention.
The invention has the beneficial effects that:
according to the unidirectional transmission method, the unidirectional transmission device, the computer equipment and the readable storage medium, the unidirectional transmission of the optical fiber network is utilized, the situation that the secret is leaked due to the fact that the network secret classes are different and the network secret classes are simply interconnected is avoided, meanwhile, the USB interface is used for transmitting data, the safety of an intranet network is guaranteed not to be affected by dangerous data, and the communication safety of the intranet is guaranteed more effectively.
Drawings
FIG. 1 is a flow chart of an embodiment of a unidirectional transmission method according to the present invention;
fig. 2 is a flow chart of an implementation of a unidirectional transmission method according to a preferred embodiment of the present invention;
fig. 3 is a schematic structural diagram of a unidirectional transmission device according to an embodiment of the present invention;
fig. 4 is a schematic structural diagram of a unidirectional transmission device according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of a unidirectional transmission terminal in one embodiment;
fig. 6 is a block diagram of a computer device in an embodiment of the invention.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
For the purposes of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the embodiments of the present application will be described in further detail below with reference to the accompanying drawings.
The terms "first," "second," "third," and the like, as used herein, may be used to describe various concepts, but are not limited by these terms unless otherwise specified. These terms are only used to distinguish one concept from another. For example, the second preset condition may be referred to as a third preset condition, and similarly, the third preset condition may be referred to as a second preset condition, without departing from the scope of the present application.
The terms "plurality," "each," "any," and "a plurality," as used herein, include two or more, and each refers to each of the corresponding plurality, and any refers to any of the plurality. For example, the plurality of elements includes 3 elements, and each refers to each of the 3 elements, and any one refers to any one of the 3 elements, which may be the first, the second, or the third.
Fig. 1 is a flowchart of an implementation of a unidirectional transmission method in an embodiment of the present invention, where the method may be applied to a terminal, as shown in fig. 1:
102. receiving and storing data transmitted by an external network;
in some embodiments, wherein the external network is a network outside of the isolated storage area and the non-isolated storage area, the external network comprises a wired network or/and a wireless network; the wired network may be a network connected by a wired manner such as a coaxial cable, a twisted pair wire, and an optical fiber, and the wireless network may be a network capable of realizing interconnection of various communication devices in a wireless manner without wiring. Each external network can be accessed by a special interface, for example, a wired network can be accessed by a wired network interface, wherein the wired network interface can comprise a BNC connector for connecting an RG58 coaxial cable, an RJ-45 connector for connecting a UTP cable, an AUI connector for connecting an AUI cable, and the like; the access mode in the wireless network is determined according to a specific network, wherein the WiFi signal is accessed by a wireless network card, the cellular communication signal is accessed by a baseband chip, and the Bluetooth signal is accessed by a Bluetooth chip.
In the embodiment of the invention, the external network can refer to a single wired network or a plurality of wired network fusion, can refer to a single wireless network or a plurality of wireless network fusion, and can also refer to a composite network in which a single or a plurality of wired networks are fused with a single or a plurality of wireless networks; for example, the external network may be a combination of a wireless network and a wired network such as a coaxial cable access network, a WiFi network, a cellular communication network, a ZigBee network, and a bluetooth network, or may be a network including only one medium.
It should be appreciated that embodiments of the present application may be applied to various communication systems, such as: global system for mobile communications (globalsystem of mobile communication, GSM), code division multiple access (code division multipleaccess, CDMA) system, wideband code division multiple access (wideband code division multiple access, WCDMA) system, general packet radio service (general packet radio service, GPRS), long term evolution (long termevolution, LTE) system, long term evolution advanced (advanced long term evolution, LTE-a) system, universal mobile telecommunications system (universal mobile telecommunication system, UMTS), wireless local area network (wireless local area networks, WLAN), wireless fidelity (wireless fidelity, wiFi) or next generation communication system, etc., where the next generation communication system may include, for example, fifth generation (5G), sixth generation (six-generation, 6G) communication system.
It may be understood that, in the communication system applied in the embodiment of the present invention, communication hardware such as a network card and a router may be configured devices, or may perform communication control through corresponding software.
In some embodiments, the data transmitted by the external network may be related to information, files, packets, and data packets sent by the external network, where when the external network uses multiple media networks, the data transmitted by different media networks may be received simultaneously, that is, the data transmitted from different network interfaces may be received simultaneously at the same time.
In some embodiments, for the data transmitted from different network interfaces, the embodiment may read the data transmitted according to a predetermined sequence, and store the read data in a corresponding database or other storage device according to the predetermined sequence, for example, the data transmitted by the external network may be added to a receive queue, and then sequentially read and store the data from the receive queue, where the receive queue is a data structure of "first in first out".
It will be appreciated that for data received first will be queued before the queue and thus read first, data will be dequeued after it is read, and for data added later will be queued in sequence after the previously received data, and data received first will be dequeued before it is read.
In other embodiments, for the data transmitted from different network interfaces, different priorities may be set for different network accesses, and the data transmitted by the network with the higher priority may be read and stored preferentially, for example, when the data is received, the data transmitted by the network with the higher priority is read and stored first. For example, when receiving data transmitted by a network with a lower priority, if there is data transmitted by a network with a higher priority, the data being received may be temporarily interrupted and stored, and then the interruption position may be recorded, and after receiving and storing the data transmitted by the network with a higher priority, the data interrupted before being read and stored may be continued.
Wherein the priorities may be assigned in accordance with a data security level, and in one embodiment, higher transmission priorities are assigned to data of a higher security level. For example, the data density level may be classified into A, B, C, D four levels, and their data density level and data transmission priority level are sequentially reduced, that is, the data density level of level a is the highest and the data transmission priority level is the highest; the data security level of the level D is the lowest, and the priority of data transmission is the lowest. For data with a source address which is transmitted into a higher data security level network, such as data from a higher department network, a class A data security level is distributed; b-stage data security class is distributed to data transmitted by the network with the same data security class as the source address, such as data from the network of the same level department; distributing a C-level data security level for data transmitted by a lower data security level network with a source address, such as data from a lower department network; and D-stage data security class is allocated for the data with the source address which is not transmitted by the identification network. Wherein the source of the data security class is a user tag for comparing the size of the data security class.
In some embodiments, data incoming to the wireless network is assigned a lower priority and data incoming to the wired network is assigned a higher priority due to the higher openness of the wireless network. The embodiment can subdivide the priority according to the optimal communication distance of the wireless network, and the closer the communication distance is, the higher the data priority is, for example, the longer the WiFi is than the Bluetooth in the communication distance, so that the processing priority of the data transmitted by the Bluetooth network is higher than the Wi-Fi. In addition, the embodiment can also allocate priority according to the transmission speed of the wireless network, for example, the rate of Zigbee is lower, and the priority of data transmitted from the Zigbee network is lower than that of data transmitted from Wi-Fi and bluetooth networks.
In some preferred embodiments, the present embodiment may further allocate the same first priority to all networks in a fixed first period, acquire load information and topology stability conditions of the wired network and the wireless network in a second period, determine a central network according to the load information, generate a first forward priority according to the load information, generate a second forward priority according to the topology stability condition, sum the first forward priority and the second forward priority with the first priority, update the priority of the central network, read and store data transmitted by the central network according to the updated priority, and continuously acquire the load information and the topology stability condition of the remaining networks in the process of reading the central network until all the priorities are updated, and read and store the transmitted data according to the corresponding priorities.
In general, the priority of each network can be recovered according to a fixed period, or the priority of the original network can be recovered according to an actual load condition, and considering that the load is generally random in this embodiment, if the network is recovered by the load condition of the second period, the network priority is easily recovered by the load condition of the second period, so that part of the networks are always in the priority which is not matched with the network priority, and the invention inverts the second forward priority, and gradually recovers the priority of the network every third period, wherein the first period > the second period > the third period.
104. Unidirectionally transmitting data meeting a first preset condition to an isolated storage area through an optical fiber network;
the first preset condition is to distinguish the data, so that the data with different sources can be partitioned, and malicious data is prevented from being partitioned into the isolated storage area.
The first preset condition includes that the received data meets a second preset condition or/and the received data meets a third preset condition.
In some embodiments, the received data satisfying the second preset condition is that the destination address of the received data is an isolated storage area; where the destination address is the destination address or service to which the data is directed.
In other embodiments, the received data satisfying a third predetermined condition is that the source address of the received data is a whitelist address; wherein the source address is the source address or service of the data.
The white list address is a preset data source, and can be a user, a service or a network address.
The unidirectional transmission means that the optical fiber network converts data to be transmitted from an electric signal to an optical signal for communication, so that the data can be transmitted to the isolated storage area in one direction through the optical fiber network.
In some embodiments, it is further required to determine the amount of data transmitted by the external network and the remaining bandwidth of the optical fiber transmission before unidirectional transmission through the optical fiber network, and adjust the data transmission process according to the difference between the amount of data and the remaining bandwidth.
Specifically, when the transmission data amount of the external network is higher than the residual bandwidth of the optical fiber transmission, temporarily storing the data transmitted by the external network, and waiting for the optical fiber to be idle; and waiting for data when the transmission data quantity of the external network is lower than the transmission bandwidth of the optical fiber, and transmitting the data through the optical fiber after the number of the data packets reaches a preset first threshold value, so that the utilization rate of the optical fiber is improved. The preset first threshold may be any preset value.
It may be understood that the optical fiber idle refers to that the data amount that can be transmitted by the residual bandwidth of the optical fiber transmission exceeds the data amount transmitted by the external network, and the exceeding amount is a second threshold, and the second threshold may also be any preset value.
In one embodiment, the integrity of the received relevant contents such as information, file, message and data packet is further required to be judged before unidirectional transmission through the optical fiber network, and when the relevant contents such as complete information, file, message and data packet are not received, the relevant contents such as complete information, file, message and data packet are stored until the relevant contents such as complete information, file, message and data packet are received, the relevant contents such as information, file, message and data packet are unidirectional transmitted to an isolated storage area through the optical fiber network, and the isolated storage area is an area temporarily stored in the unidirectional data transmission process.
In addition, before the data meeting the preset conditions are transmitted through the optical fiber network, the data are subjected to safe scanning, if the data are judged to carry viruses, the data are isolated and recorded, and virus processing notification is sent to an isolated storage area.
106. Transmitting the data of the isolated storage area to an isolated host through a USB interface;
in this embodiment, the USB is a universal serial bus, and is classified into B-5Pin, B-4Pin, B-8Pin-2×4, micro USB and Type-C according to the Type of the interface of the USB, and since USB transmission does not have a network transmission function, the data of the isolated storage area is transmitted to the isolated host through the USB interface, so that the influence of dangerous data on the security of the intranet network can be avoided, and the isolated host is connected in the intranet.
Fig. 2 is a flowchart of an implementation of a unidirectional transmission method according to a preferred embodiment of the present invention, where the method may be applied to a terminal, as shown in fig. 2, and the implementation further includes, with respect to the implementation process of the unidirectional transmission method described above:
202. receiving and storing data transmitted by an external network;
in some embodiments, wherein the external network is a network outside of the isolated storage area and the non-isolated storage area, the external network comprises a wired network or/and a wireless network; the wired network may be a network connected by a wired manner such as a coaxial cable, a twisted pair wire, and an optical fiber, and the wireless network may be a network capable of realizing interconnection of various communication devices in a wireless manner without wiring. Each external network can be accessed by a special interface, for example, a wired network can be accessed by a wired network interface, wherein the wired network interface can comprise a BNC connector for connecting an RG58 coaxial cable, an RJ-45 connector for connecting a UTP cable, an AUI connector for connecting an AUI cable, and the like; the access mode in the wireless network is determined according to a specific network, wherein the WiFi signal is accessed by a wireless network card, the cellular communication signal is accessed by a baseband chip, and the Bluetooth signal is accessed by a Bluetooth chip.
In the embodiment of the invention, the external network can refer to a single wired network or a plurality of wired network fusion, can refer to a single wireless network or a plurality of wireless network fusion, and can also refer to a composite network in which a single or a plurality of wired networks are fused with a single or a plurality of wireless networks; for example, the external network may be a combination of a wireless network and a wired network such as a coaxial cable access network, a WiFi network, a cellular communication network, a ZigBee network, and a bluetooth network, or may be a network including only one medium.
204. Unidirectionally transmitting data meeting a first preset condition to an isolated storage area through an optical fiber network;
the first preset condition is to distinguish the data, so that the data with different sources can be partitioned, and malicious data is prevented from being partitioned into the isolated storage area.
The first preset condition includes that the received data meets a second preset condition or/and the received data meets a third preset condition.
In some embodiments, the received data satisfying the second preset condition is that the destination address of the received data is an isolated storage area; where the destination address is the destination address or service to which the data is directed.
In other embodiments, the received data satisfying a third predetermined condition is that the source address of the received data is a whitelist address; wherein the source address is the source address or service of the data.
The white list address is a preset data source, and can be a user, a service or a network address.
The unidirectional transmission means that the optical fiber network converts data to be transmitted from an electric signal to an optical signal for communication, so that the data can be transmitted to the isolated storage area in one direction through the optical fiber network.
In some embodiments, it is further required to determine the amount of data transmitted by the external network and the remaining bandwidth of the optical fiber transmission before unidirectional transmission through the optical fiber network, and adjust the data transmission process according to the difference between the amount of data and the remaining bandwidth.
Specifically, when the transmission data amount of the external network is higher than the residual bandwidth of the optical fiber transmission, temporarily storing the data transmitted by the external network, and waiting for the optical fiber to be idle; and waiting for data when the transmission data quantity of the external network is lower than the transmission bandwidth of the optical fiber, and transmitting the data through the optical fiber after the number of the data packets reaches a preset first threshold value, so that the utilization rate of the optical fiber is improved. The preset first threshold may be any preset value.
It may be understood that the optical fiber idle refers to that the data amount that can be transmitted by the residual bandwidth of the optical fiber transmission exceeds the data amount transmitted by the external network, and the exceeding amount is a second threshold, and the second threshold may also be any preset value.
In one embodiment, the integrity of the received relevant contents such as information, file, message and data packet is further determined before unidirectional transmission through the optical fiber network, and when the relevant contents such as complete information, file, message and data packet are not received, the relevant contents such as complete information, file, message and data packet are stored until the relevant contents such as complete information, file, message and data packet are received, and the relevant contents such as the information, file, message and data packet are unidirectional transmitted to the isolated storage area through the optical fiber network.
In addition, before the data meeting the preset conditions are transmitted through the optical fiber network, the data are subjected to safe scanning, if the data are judged to carry viruses, the data are isolated and recorded, and virus processing notification is sent to an isolated storage area.
206. Transmitting the data of the isolated storage area to an isolated host through a USB interface;
in this embodiment, USB is a universal serial bus, and is classified into B-5Pin, B-4Pin, B-8Pin-2×4, micro USB and Type-C according to the interface types of USB, and since USB transmission does not have a network transmission function, the data of the isolated storage area is transmitted to the isolation host through the USB interface, so that the influence of dangerous data on the security of the intranet network can be avoided.
208. Transmitting the data which does not meet the first preset condition to a non-isolated storage area;
and when the data does not meet the first preset condition, transmitting the data to an outlet of the non-isolated storage area, and maintaining the original routing function.
210. The data of the non-isolated storage area is sent to the next network node. In this embodiment, USB is a universal serial bus, and is classified into B-5Pin, B-4Pin, B-8Pin-2×4, micro USB and Type-C according to the interface types of USB, and since USB transmission does not have a network transmission function, the data of the isolated storage area is transmitted to the isolation host through the USB interface, so that the influence of dangerous data on the security of the intranet network can be avoided.
In the embodiment of the invention, when the data does not meet the first preset condition, the data is still transmitted, the data is transmitted to the non-isolated storage area, and the original routing function is maintained, wherein the isolated host is an isolated destination host which can be a server or a personal terminal.
It will be appreciated that when the data does not meet the first preset condition, the present invention may not perform additional processing on the data, so that the non-isolated storage area is used only as a channel for data transmission.
Specifically, the non-isolated storage area refers to any path and storage area except the isolated storage area, and besides, the data of the non-isolated storage area can be output to other paths or devices, for example, the data can be output to a router of a next stage, and the data can be transmitted to a next destination after the routing table is queried according to the working mode of the router.
Fig. 3 is a schematic structural diagram of a unidirectional transmission device according to an embodiment of the present invention, where the device may be implemented as part or all of the device by software, hardware, or a combination of both, and the device is applied to a transmission network, where the transmission network includes a signal receiving end, a signal processing end, and a signal transmitting end. The apparatus provided in this embodiment of the present application may implement the flow described in fig. 1 in this embodiment of the present application, where the unidirectional transmission apparatus 300 includes an external network receiving module 302, an isolated data unidirectional transmission module 304, and an isolated data output module 306; wherein:
the external network receiving module 302: the method comprises the steps of receiving data transmitted by an external network; in particular, it may be used to implement the receiving function of step 102 and the implicit steps involved in step 102 or implement the receiving function of step 202 and the implicit steps involved in step 202.
In some embodiments, the external network receiving module 302 is a data receiving device that includes multiple interfaces that may be correspondingly connected to different network interfaces; the interfaces of the external network receiving module 302 include a wired network interface and a wireless network interface, where the wired network interface may include a BNC connector for connecting an RG58 coaxial cable, an RJ-45 connector for connecting a UTP cable, an AUI connector for connecting an AUI cable, and the like; the wireless network interface comprises a wireless network card interface for connecting WiFi signals, a baseband chip interface for connecting cellular communication signals, a Bluetooth chip interface for connecting Bluetooth chip signals and the like.
The network accessed by the external network receiving module 302 may be a wired network or a wireless network, may be a plurality of wired networks or wireless networks of the same kind, or may be a combination of a plurality of wired networks and wireless networks of different kinds. For example, the external network may be a combination of a wired network such as a coaxial cable access network, a WiFi network, a cellular communication network, a bluetooth communication network, and a wireless network, or may be a network including only WiFi.
It will be appreciated that, in addition to the above wired network interface and wireless network interface, a person skilled in the art may set any other network interface that may be present to the external network receiving module 302 according to the actual situation.
In one embodiment, the external network receiving module 302 may receive data transmitted by an external network at the same time, and it is understood that data transmitted through different network interfaces may be received at the same time.
In another embodiment, the external network receiving module 302 receives only data transmitted by one external network at a time, and the processing sequence problem of different network accesses is not needed to be considered.
The isolated data unidirectional transmission module 304 is configured to unidirectional transmit data meeting a first preset condition to an isolated storage area through an optical fiber network; in particular, it may be used to implement the unidirectional transmission function of step 104 and the implicit steps involved in step 104 or implement the unidirectional transmission function of step 204 and the implicit steps involved in step 204.
The first preset condition includes that the received data meets a second preset condition or/and the received data meets a third preset condition.
The isolated data unidirectional transmission module 304 processes the data meeting the first preset condition according to the isolation rule, processes the data meeting the isolation rule, transmits the processed data into the isolated storage area through the optical fiber network, and outputs the data from the USB interface of the isolated storage area in the subsequent process; the isolation rule is a preset rule used for separating out data to be entered into the isolation area.
In one embodiment, the isolated data unidirectional transmission module 304 determines whether the destination address of the data transmitted by the external network is an isolated host, and if so, conforms to the isolated rule. The destination address may be a subscriber to the quarantine host, or the service may be a network address.
In another embodiment, the isolated data unidirectional transmission module 304 determines whether the data transmitted by the external network is from a whitelist address, and if so, the isolated rule is met. The white list address is a preset data source, and can be a user, a service or a network address.
The isolated data output module 306 sends the data processed by the isolated data unidirectional transmission module 304 to an isolated host through a USB interface, where the isolated host is an isolated destination host, and may be a computer, a server, a tablet computer, a personal digital assistant (english: personal Digital Assistant, abbreviated: PDA), a mobile internet device (english: mobile Internet Device, abbreviated: MID), or a device capable of installing application software and networking, which is not limited in this invention.
Fig. 4 is a schematic structural diagram of a unidirectional transmission apparatus according to a preferred embodiment of the present invention, which may be implemented as part or all of the apparatus by software, hardware or a combination of both, and the apparatus is applied to a transmission network, where the transmission network includes a signal receiving end, a signal processing end, and a signal transmitting end. The apparatus provided in this embodiment of the present application may implement the flow described in fig. 2 in this embodiment of the present application, where the unidirectional transmission apparatus 400 includes an external network receiving module 402, a data transmission processing module 403, an isolated data unidirectional transmission module 404, an isolated data output module 406, a non-isolated data unidirectional transmission module 405, and a non-isolated data output module 407; wherein:
External network receiving module 402: the method comprises the steps of receiving data transmitted by an external network; in particular, it may be used to implement the receiving function of step 102 and the implicit steps involved in step 102 or implement the receiving function of step 202 and the implicit steps involved in step 202.
In some embodiments, the external network receiving module 402 is a data receiving device that includes multiple interfaces that may be correspondingly connected to different network interfaces; the interfaces of the external network receiving module 402 include a wired network interface and a wireless network interface, where the wired network interface may include a BNC connector for connecting an RG58 coaxial cable, an RJ-45 connector for connecting a UTP cable, an AUI connector for connecting an AUI cable, and the like; the wireless network interface comprises a wireless network card interface for connecting WiFi signals, a baseband chip interface for connecting cellular communication signals, a Bluetooth chip interface for connecting Bluetooth chip signals and the like.
The network accessed by the external network receiving module 402 may be a wired network or a wireless network, may be a plurality of wired networks or wireless networks of the same kind, or may be a combination of a plurality of wired networks and wireless networks of different kinds. For example, the external network may be a combination of a wired network such as a coaxial cable access network, a WiFi network, a cellular communication network, a bluetooth communication network, and a wireless network, or may be a network including only WiFi.
It will be appreciated that, in addition to the wired network interface and the wireless network interface, those skilled in the art may set any other network interface that may be provided to the external network receiving module 402 according to actual situations.
In one embodiment, the external network receiving module 402 may receive data transmitted by an external network at the same time, and it is understood that data transmitted through different network interfaces may be received at the same time.
In another embodiment, the external network receiving module 402 receives only data transmitted by one external network at a time, and the processing sequence problem of different network accesses is not needed to be considered.
Wherein, the data transmission processing module 403: the method is used for processing data transmitted by different external networks and adjusting the transmission and output time of the data; and in particular may be used to implement the implicit data processing steps involved in step 104.
In one embodiment, the data transmission processing module 403 processes and stores data from different networks according to a predetermined rule, respectively.
In one embodiment, the data transmission processing module 403 may add the data transmitted by the external network receiving module 402 to a receiving queue, and then sequentially read the data from the receiving queue and store the data, where the receiving queue is a data structure of "first in first out".
It will be appreciated that for data received first, the data will be queued for reading first, and then dequeued after the data is read, while data added later will be queued in sequence after the data received first, and then read after the data received first is dequeued.
In another embodiment, different priorities may be set for different network accesses, and data transmitted by a network with a higher priority may be read and stored preferentially.
Specifically, when receiving data, the data transmitted by the network with higher priority is read and stored first. For example, when receiving data transmitted by a network with a lower priority, if there is data transmitted by a network with a higher priority, the data being received may be temporarily interrupted and stored, and then the interruption position may be recorded, and after receiving and storing the data transmitted by the network with a higher priority, the data interrupted before being read and stored may be continued.
In one embodiment, the data transmission processing module 403 adjusts the transmission progress according to the relationship between the remaining bandwidth of the optical fiber transmission and the amount of data transmitted by the external network.
Specifically, when the transmission data amount of the external network is higher than the residual bandwidth of the optical fiber transmission, temporarily storing the data transmitted by the external network, and waiting for the optical fiber to be idle; and waiting for data when the transmission data quantity of the external network is lower than the transmission bandwidth of the optical fiber, and transmitting the data through the optical fiber after the number of the data packets reaches a preset first threshold value, so that the utilization rate of the optical fiber is improved. The preset first threshold may be any preset value.
It may be understood that the optical fiber idle refers to that the data amount that can be transmitted by the residual bandwidth of the optical fiber transmission exceeds the data amount transmitted by the external network, and the exceeding amount is a second threshold, and the second threshold may also be any preset value.
In one embodiment, the integrity of the received data or file is determined prior to transmission over the fiber optic network, and when the complete data or file is not received, it is stored until the complete data or file is received and the data or file is not transmitted.
The isolated data unidirectional transmission module 404 is configured to unidirectional transmit data meeting a first preset condition to an isolated storage area through an optical fiber network; in particular, it may be used to implement the unidirectional transmission function of step 104 and the implicit steps involved in step 104 or implement the unidirectional transmission function of step 204 and the implicit steps involved in step 204.
The first preset condition includes that the received data meets a second preset condition or/and the received data meets a third preset condition.
The isolated data unidirectional transmission module 404 processes the data meeting the first preset condition according to the isolation rule, processes the data meeting the isolation rule, transmits the processed data into the isolated storage area through the optical fiber network, and outputs the data from the USB interface of the isolated storage area in the subsequent process; the isolation rule is a preset rule used for separating out data to be entered into the isolation area.
In one embodiment, the isolated data unidirectional transmission module 404 determines whether the destination address of the data transmitted by the external network is an isolated host, and if so, conforms to the isolation rule. The destination address may be a subscriber to the quarantine host, or the service may be a network address.
In another embodiment, the isolated data unidirectional transmission module 404 determines whether the data transmitted by the external network is from a whitelist address, and if so, the isolated rule is met. The white list address is a preset data source, and can be a user, a service or a network address.
The non-isolated data unidirectional transmission module 405 processes the data which does not meet the first preset condition according to the isolation rule, processes the data which does not meet the isolation rule, and then transmits the processed data into the non-isolated storage area through the optical fiber network; the isolation rule is a preset rule used for separating data to enter the isolation area and the non-isolation area.
In one embodiment, the non-isolated data unidirectional transmission module 405 determines whether the destination address of the data transmitted by the external network is an isolated host, and if not, does not conform to the isolation rule. The destination address may be a subscriber to the quarantine host, or the service may be a network address.
In another embodiment, the non-isolated data unidirectional transmission module 405 determines whether the data transmitted by the external network is from a whitelist address, and if not, does not conform to the isolation rule. The white list address is a preset data source, and can be a user, a service or a network address.
The isolated data output module 406 sends the data processed by the isolated data unidirectional transmission module 404 to an isolated host through a USB interface, where the isolated host is an isolated destination host, and may be a device that can install application software and can be connected to a network, such as a computer, a server, a tablet computer, a personal digital assistant (english: personal Digital Assistant, abbreviated: PDA), a mobile internet device (english: mobile Internet Device, abbreviated: MID), and the like, which is not limited in this invention.
The non-isolated data output module 407 may directly send the data processed by the non-isolated data unidirectional transmission module 405 to a next network node or directly output the data, for example, the data may directly send the data to a non-isolated host, where the non-isolated host is a non-isolated destination host, and the non-isolated host may be a computer, a server, a tablet computer, a personal digital assistant (Personal Digital Assistant, abbreviated as PDA), a mobile internet device (Mobile Internet Device, abbreviated as MID), or other devices capable of installing application software and networking, and in addition, the non-isolated data may also be output to other channels or devices through the non-isolated data output module in the embodiment of the present invention; the invention is not limited in any way in this regard.
Fig. 5 is a schematic structural diagram of a unidirectional transmission terminal in an embodiment, which may implement operations performed by a unidirectional transmission method in the above embodiment.
In general, the transmission terminal 500 includes: the network routing module 501 and the isolation storage module 507 are communicated through optical fibers, so that unidirectional flow of data is ensured; the isolation storage module 507 is connected to the isolation host 510 through a USB interface, so as to ensure that dangerous data will not affect the internal network. The network routing module comprises: a first processor 501, a first memory 502, an external network interface 503; optionally, the isolated storage module 507 includes a second processor 508 and a second memory 509.
The first processor 502 and the second processor 508 may include one or more processing cores, such as a 4-core processor, an 8-core processor, and the like. The first memory 503 and the second memory 509 may include one or more computer-readable storage media, which may be non-transitory, for storing at least one instruction for being possessed by the first processor 502 and the second processor 508 to implement the network quarantine storage exchange method provided by the method embodiments herein.
In some embodiments, the first processor 502, the first memory 503, and the external network interface 504 may be connected by a bus or signal lines. The second processor 508 and the second memory 509 may be connected via a bus or signal lines.
In some embodiments, the external network interface 504 may also optionally include: at least one of a wireless network interface 505 and a wired network interface 506. The wireless network interface 505 may be a WiFi, cellular communication, bluetooth, or the like network.
Those skilled in the art will appreciate that the structure shown in fig. 3 is not limiting and that more or fewer components than shown may be included or certain components may be combined or a different arrangement of components may be employed.
FIG. 6 is a block diagram of a computer device in accordance with an embodiment of the present invention, as shown in FIG. 6, the computer device including a memory 630 and a processor 610, the memory 630 and the processor 610 being connected by a bus 620; the memory 630 has stored therein a computer program, the processor 610 being arranged to perform the steps of any of the method embodiments described above by means of the computer program.
Alternatively, in this embodiment, the above-mentioned computer device may be located in at least one network device among a plurality of network devices of the computer network.
Alternatively, in the present embodiment, the above-described processor may be configured to execute the following steps by a computer program:
receiving and storing data transmitted by an external network;
unidirectionally transmitting data meeting a first preset condition to an isolated storage area through an optical fiber network;
transmitting the data of the isolated storage area to an isolated host through a USB interface;
optionally, in this embodiment, the above processor may be further configured to execute the following steps by a computer program:
receiving and storing data transmitted by an external network;
unidirectionally transmitting data meeting a first preset condition to an isolated storage area through an optical fiber network;
transmitting the data of the isolated storage area to an isolated host through a USB interface;
transmitting the data which does not meet the first preset condition to a non-isolated storage area;
and transmitting the data of the non-isolated storage area to a non-isolated host through a USB interface.
Alternatively, it will be understood by those skilled in the art that the structure shown in fig. 6 is only schematic, and the computer device may also be a terminal device such as a smart phone (e.g. an Android phone, an iOS phone, etc.), a tablet computer, a palm computer, and a mobile internet device (Mobile Internet Devices, MID), a PAD, etc. Fig. 6 is not limited to the structure of the above-mentioned electronic device computer apparatus. For example, the computer device may also include more or fewer components (e.g., network interfaces, etc.) than shown in FIG. 6, or have a different configuration than shown in FIG. 6.
The memory 630 may be used to store software programs and modules, such as program instructions/modules corresponding to a unidirectional transmission method and apparatus in the embodiments of the present invention, and the processor 610 executes the software programs and modules stored in the memory 630 to perform various functional applications and data processing, that is, implement a unidirectional transmission method as described above. Memory 630 may include high-speed random access memory, and may also include non-volatile memory, such as one or more magnetic storage devices, flash memory, or other non-volatile solid-state memory. In some examples, memory 630 may further include memory located remotely from processor 610, which may be connected to the terminal by a network. Examples of such networks include, but are not limited to, the internet, intranets, local area networks, mobile communication networks, and combinations thereof. The memory 630 may be, but is not limited to, storing data transmitted by an external network, data in an isolated storage area, or/and data in a non-isolated storage area.
The embodiment of the invention also provides a computer readable storage medium applied to the unidirectional transmission apparatus, where at least one instruction, at least one section of program, code set, or instruction set is stored in the computer readable storage medium, and the instruction, the program, the code set, or the instruction set is loaded and executed by a processor to implement the operations performed by the method of the unidirectional transmission apparatus of the above embodiment.
The embodiment of the present invention also provides a computer readable storage medium, which is applied to a unidirectional transmission apparatus, and in which at least one instruction, at least one program, a code set, or an instruction set is stored, the instruction, the program, the code set, or the instruction set being loaded and executed by a processor to implement the operations performed by the unidirectional transmission apparatus in the method of the unidirectional transmission apparatus of the above embodiment.
The embodiment of the present invention also provides a computer readable storage medium, which is applied to a network device, and at least one instruction, at least one program, a code set, or an instruction set is stored in the computer readable storage medium, and the instruction, the program, the code set, or the instruction set is loaded and executed by a processor to implement the operations performed by the respective modules in the method of the unidirectional transmission apparatus of the above embodiment.
It will be understood by those skilled in the art that all or part of the steps for implementing the above embodiments may be implemented by hardware, or may be implemented by a program for instructing relevant hardware, where the program may be stored in a computer readable storage medium, and the storage medium may be a read-only memory, a magnetic disk or an optical disk, etc.
As used in this specification, the terms "component," "module," "system," and the like are intended to refer to a computer-related entity, either hardware, firmware, a combination of hardware and software, or software in execution. For example, a component may be, but is not limited to being, a process running on a processor, an object, an executable, a thread of execution, a program, and/or a computer. By way of illustration, both an application running on a computing device and the computing device can be a component. One or more components may reside within a process and/or thread of execution and a component may be localized on one computer and/or distributed between 2 or more computers. Furthermore, these components can execute from various computer readable media having various data structures stored thereon. The components may communicate by way of local and/or remote processes such as in accordance with a signal having one or more data packets (e.g., data from two components interacting with one another in a local system, distributed system, and/or across a network such as the internet with other systems by way of the signal).
In the description of the present invention, it should be understood that the terms "coaxial," "bottom," "one end," "top," "middle," "another end," "upper," "one side," "top," "inner," "outer," "front," "center," "two ends," etc. indicate or are based on the orientation or positional relationship shown in the drawings, merely to facilitate description of the invention and simplify the description, and do not indicate or imply that the devices or elements referred to must have a specific orientation, be configured and operated in a specific orientation, and therefore should not be construed as limiting the invention.
In the present invention, unless explicitly specified and limited otherwise, the terms "mounted," "configured," "connected," "secured," "rotated," and the like are to be construed broadly, and may be, for example, fixedly connected, detachably connected, or integrally formed; can be mechanically or electrically connected; either directly or indirectly through intermediaries, or in communication with each other or in interaction with each other, unless explicitly defined otherwise, the meaning of the terms described above in this application will be understood by those of ordinary skill in the art in view of the specific circumstances.
Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, substitutions and alterations can be made therein without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. A unidirectional transmission method, comprising:
receiving and storing data transmitted by an external network according to a preset priority;
unidirectionally transmitting data meeting a first preset condition to an isolated storage area through an optical fiber network;
Transmitting the data of the isolated storage area to an isolated host through a USB interface;
the first preset condition comprises that the received data meets a second preset condition or/and the received data meets a third preset condition;
the preset priority comprises determining the corresponding priority according to load information and topology information of an external network; and distributing the same first priority to all networks in a fixed first period, acquiring the load information and the topology stability condition of the wired network and the wireless network in a second period, determining a central network according to the load information, generating a first forward priority by the central network according to the load information, generating a second forward priority according to the topology stability condition, summing the first forward priority and the second forward priority with the first priority, updating the priority of the central network, reading and storing the data transmitted by the central network according to the updated priority, and continuously acquiring the load information and the topology stability condition of the rest networks in the reading process of the central network until the priorities of all networks are updated, and reading and storing the transmitted data according to the corresponding priorities.
2. A unidirectional transmission method as claimed in claim 1, characterized in that the external network is prioritized, the data of the corresponding external network is received and read in the order of priority, and the data of the corresponding external network is stored in the order of priority.
3. The unidirectional transmission method of claim 1, wherein the received data satisfies a second predetermined condition that a destination address of the received data is an isolated storage area; the received data satisfying a third preset condition is that the source address of the received data is a white list address.
4. The unidirectional transmission method of claim 1, wherein before unidirectional transmission of the data satisfying the first preset condition to the isolated storage area via the optical fiber network, further comprises:
processing the transmission process of the data according to the relation between the transmission data quantity of the external network and the residual bandwidth of the optical fiber transmission:
under the condition that the transmission data amount of the external network is higher than the residual bandwidth of the optical fiber transmission, temporarily storing the data transmitted by the external network, and waiting for the optical fiber to be idle; and/or waiting for data to be transmitted through the optical fiber after the number of the data packets reaches a first threshold value under the condition that the transmission data volume of the external network is lower than the residual bandwidth of the optical fiber transmission.
5. A unidirectional transmission apparatus as claimed in any one of claims 1 to 4, characterized in that it comprises:
an external network receiving module: the method comprises the steps of receiving data transmitted by an external network;
the isolated data unidirectional transmission module is used for unidirectional transmission of data meeting a first preset condition to the isolated storage area through the optical fiber network;
and the isolated data output module is used for transmitting the data processed by the isolated data unidirectional transmission module to the isolated host through the USB interface.
6. The unidirectional transmission apparatus of claim 5, further comprising:
the non-isolated data unidirectional transmission module is used for unidirectional transmission of data which does not meet a first preset condition to a non-isolated storage area through an optical fiber network; and the non-isolated data output module is used for sending the data processed by the non-isolated data unidirectional transmission module to the next network node.
7. A unidirectional transmission apparatus as claimed in claim 5 or 6, further comprising:
and the data transmission processing module is used for processing data transmitted by different external networks and adjusting the transmission and output time of the data.
8. The unidirectional transmission apparatus of claim 7, wherein the data transmission processing module:
processing the transmission process of the data according to the relation between the transmission data quantity of the external network and the residual bandwidth of the optical fiber transmission:
under the condition that the transmission data amount of the external network is higher than the residual bandwidth of the optical fiber transmission, temporarily storing the data transmitted by the external network, and waiting for the optical fiber to be idle; and/or waiting for data to be transmitted through the optical fiber after the number of the data packets reaches a first threshold value under the condition that the transmission data volume of the external network is lower than the residual bandwidth of the optical fiber transmission.
9. A computer device comprising a processor, a memory and a program or instruction stored on said memory and executable on said processor, said program or instruction when executed by said processor implementing the steps of a unidirectional transmission method as claimed in any one of claims 1 to 4.
10. A readable storage medium, characterized in that the readable storage medium has stored thereon a program or instructions which, when executed by a processor, implement the steps of a unidirectional transmission method as claimed in any one of claims 1-4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110828667.0A CN113630388B (en) | 2021-07-22 | 2021-07-22 | Unidirectional transmission method, unidirectional transmission device, computer equipment and readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110828667.0A CN113630388B (en) | 2021-07-22 | 2021-07-22 | Unidirectional transmission method, unidirectional transmission device, computer equipment and readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN113630388A CN113630388A (en) | 2021-11-09 |
| CN113630388B true CN113630388B (en) | 2023-08-08 |
Family
ID=78380517
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110828667.0A Active CN113630388B (en) | 2021-07-22 | 2021-07-22 | Unidirectional transmission method, unidirectional transmission device, computer equipment and readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113630388B (en) |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127680A (en) * | 2007-07-20 | 2008-02-20 | 胡德勇 | Unidirectional physical separation network brake for USB optical fiber |
| CN203788294U (en) * | 2014-04-24 | 2014-08-20 | 武汉科源安信科技有限公司 | Unidirectional data transmission machine for optical transmission |
| CN206272653U (en) * | 2016-12-07 | 2017-06-20 | 常州华龙通信科技股份有限公司 | A kind of one-way isolation shutter |
| CN107277813A (en) * | 2017-07-19 | 2017-10-20 | 南京邮电大学 | A kind of uni-directional wireless network security isolation Transmission system and method |
-
2021
- 2021-07-22 CN CN202110828667.0A patent/CN113630388B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101127680A (en) * | 2007-07-20 | 2008-02-20 | 胡德勇 | Unidirectional physical separation network brake for USB optical fiber |
| CN203788294U (en) * | 2014-04-24 | 2014-08-20 | 武汉科源安信科技有限公司 | Unidirectional data transmission machine for optical transmission |
| CN206272653U (en) * | 2016-12-07 | 2017-06-20 | 常州华龙通信科技股份有限公司 | A kind of one-way isolation shutter |
| CN107277813A (en) * | 2017-07-19 | 2017-10-20 | 南京邮电大学 | A kind of uni-directional wireless network security isolation Transmission system and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN113630388A (en) | 2021-11-09 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| EP3494682B1 (en) | Security-on-demand architecture | |
| CN105191216B (en) | The system and method for Buffer Status Report for multithread polymerization | |
| CN103299588B (en) | Communication system, forward node and reception packet processing method | |
| EP2993838A1 (en) | Method for setting identity of gateway device and management gateway device | |
| KR20090031778A (en) | Methods and apparatus for policy enforcement in a wireless communication system | |
| CN110808948B (en) | Remote procedure calling method, device and system | |
| KR20140059818A (en) | Network environment separation | |
| CN106533973B (en) | Method, equipment and system for distributing service message | |
| WO2021135382A1 (en) | Network security protection method and protection device | |
| JP2017091493A (en) | Security management method, program, and security management system | |
| EP2913966A1 (en) | Method and router device for neighbor relationship processing | |
| US20210185534A1 (en) | Method for securing accesses to a network, system and associated device | |
| CN113261249A (en) | Data transmission method, related equipment and computer storage medium | |
| CN113630388B (en) | Unidirectional transmission method, unidirectional transmission device, computer equipment and readable storage medium | |
| CN110708678B (en) | Communication method and device | |
| CN112995056A (en) | Traffic scheduling method, electronic device and storage medium | |
| CN112838992A (en) | Message scheduling method and network equipment | |
| CN111132223A (en) | Data packet transmission method and communication equipment | |
| US11005767B2 (en) | Method, device and computer program product for data processing | |
| US20060047784A1 (en) | Method, apparatus and system for remotely and dynamically configuring network elements in a network | |
| CN109150725B (en) | Traffic grooming method and server | |
| CN115314945B (en) | Service processing method, device, server and storage medium | |
| CN111327604B (en) | Data processing system and method thereof | |
| CN113810348B (en) | Network security detection method, system, equipment and controller | |
| CN102752304A (en) | Method and system for preventing semi-connection attack |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |