CN115189916A - Method and device for one-stop display of application system under cross-isolation network - Google Patents
Method and device for one-stop display of application system under cross-isolation network Download PDFInfo
- Publication number
- CN115189916A CN115189916A CN202210656657.8A CN202210656657A CN115189916A CN 115189916 A CN115189916 A CN 115189916A CN 202210656657 A CN202210656657 A CN 202210656657A CN 115189916 A CN115189916 A CN 115189916A
- Authority
- CN
- China
- Prior art keywords
- application system
- display
- network
- system integration
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 16
- 238000002955 isolation Methods 0.000 title claims abstract description 15
- 230000010354 integration Effects 0.000 claims abstract description 86
- 238000007726 management method Methods 0.000 claims description 49
- 230000003287 optical effect Effects 0.000 claims description 24
- 230000005540 biological transmission Effects 0.000 claims description 5
- 238000013481 data capture Methods 0.000 claims description 3
- 238000013523 data management Methods 0.000 claims description 2
- 238000012545 processing Methods 0.000 description 27
- 230000006978 adaptation Effects 0.000 description 9
- 230000004044 response Effects 0.000 description 4
- 230000008569 process Effects 0.000 description 3
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000011084 recovery Methods 0.000 description 2
- 230000004075 alteration Effects 0.000 description 1
- 238000010276 construction Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method and a device for one-stop display of an application system under a cross-isolation network. The method comprises the following steps: 1) For N networks with data display requirements, setting an application system integration workstation in each network, selecting one network from the N networks as a main network, and setting a display module, a display management module and a display operation module in the main network; the display management module comprises N video acquisition cards and is used for acquiring video data in networks, and each network is provided with an application system integration workstation; 2) The display operation module sends an access request to an application system integration workstation of each network; 3) The application system integration workstations of each network respond to the access request and transmit the video data of the requested application system to the display management module through the corresponding video acquisition card; 4) And the display management module sends the video data to the display module and the display operation module respectively for display.
Description
Technical Field
The invention belongs to the technical field of data processing, and particularly relates to a method and a device for one-stop display of an application system under a cross-isolation network.
Background
The computer information system international networking privacy management regulation clearly defines: computer information systems that involve national secrets must not be directly or indirectly linked to the internet or other public information networks. For special industries such as military, government, enterprise, institution, bank finance and the like, business data of the special industries often relate to core confidential contents such as national policy and policy strategy, national military development, economic development and the like, so that the information security of networks of the important departments is particularly important, and the following two problems need to be considered in an information-based construction scheme: firstly, in order to ensure that networks with different security levels are physically isolated from each other, namely a special intranet and the internet must be physically isolated from each other, and the security of network data with higher security level is ensured not to leak; secondly, how to ensure the safe and reliable transmission of data between two networks of interactive service data.
In this context, optical shutters are becoming a widely used isolation and data interaction system. Under many information service scenes, a plurality of application systems under a plurality of physical isolation networks are often required to be displayed on one display screen, and for the requirements, the requirements cannot be realized only by using a shutter technology.
Disclosure of Invention
In view of the problems in the prior art, an object of the present invention is to provide a method and an apparatus for one-stop presentation of an application system across an isolated network. The invention separates the video data and the information control data, and realizes one-stop display of the application system data under the cross-isolation network on the premise of ensuring the physical isolation of the network.
The technical scheme of the invention is as follows:
a method for one-stop display of an application system under a cross-isolation network comprises the following steps:
1) For N networks with data display requirements, setting an application system integration workstation in each network, selecting one network from the N networks as a main network, and setting a display module, a display management module and a display operation module in the main network; the display management module comprises N video capture cards, wherein the ith video capture card is connected with an application system integration workstation in the ith network through a video transmission line and is used for capturing video data in the ith network, and each network is provided with an application system integration workstation; i =1 to N;
2) Integrating application systems to be displayed on a corresponding network on each application system integration workstation;
3) The display operation module sends an access request to an application system integration workstation of the main network; and sending access requests to the application system integration workstations of each of the other networks through the unidirectional optical shutters between the main network and each of the other networks;
4) The application system integration workstations of each network respond to the access request and transmit the video data of the requested application system to the display management module through the corresponding video acquisition card;
5) The display management module sends the video data to the display module and the display operation module respectively; the display operation module is used for controlling the display of the video data on the display module.
Furthermore, a safety management unit is arranged in the video acquisition card, and a one-way management function of video data is arranged in the safety management unit and is used for ensuring that the video acquisition card only has a video data acquisition function.
Further, the access request is converted into a text file by the display operation module and then sent to the one-way optical gate, the text file is transmitted to the corresponding application system integration workstation by the one-way optical gate, and the text file is converted into the access request by the application system integration workstation.
A device for one-stop display of an application system under a cross-isolation network is characterized by comprising a display module, a display management module, a display operation module, a one-way optical gate and an application system integration workstation; wherein,
the display module, the display management module and the display operation module are arranged in a main network, and the main network is one of N networks which are physically isolated from each other and have data display requirements; each network is provided with one application system integration workstation; the main network is connected with other networks through one-way optical gates;
the display management module comprises N video capture cards, wherein the ith video capture card is connected with an application system integration workstation in the ith network through a video transmission line and is used for capturing video data in the ith network, and i = 1-N;
the display operation module is used for sending an access request to the application system integration workstation of the main network; and sending access requests to the application system integration workstations of each of the other networks through the unidirectional optical shutters between the main network and each of the other networks;
the application system integration workstation integrates the application system to be displayed on the network, responds to the access request and transmits the video data of the requested application system to the display management module through the corresponding video acquisition card;
and the display module is used for displaying the video data acquired by each video acquisition card.
The apparatus for one-stop display of application system across isolated network of the present invention is shown in fig. 1, and comprises: the system comprises a display module, a display management module, a display operation module, a first network application system integrated workstation, a one-way optical gate and a second network application system integrated workstation. The display module, the display management module, the display operation module and the first network application system integration workstation are located in a first network, and the second network application system integration workstation is located in a second network. The first network is physically isolated from the second network.
And the display module is used for displaying the video data to be displayed on the display management module.
The display management module collects video data on a first network application system integrated workstation through a video capture card 1 and collects video data on a second network application system integrated workstation through a video capture card 2; the video signal is directly transmitted through a video line and is not transmitted through a network.
Further, the video capture card 1 and the video capture card 2 are provided with a built-in security management unit, in which a unidirectional video data management function is built, so that it is effectively ensured that only a video data capture function is provided, and no other data processing function is provided.
The display operation module is interacted with the display management module to display video data on the display operation module, access request data generation related to a mouse keyboard at a specified position of a video interface of the display operation module is achieved through the mouse keyboard, and the access request data are automatically distributed to the first network application system integration workstation or the second network application system integration workstation according to an operation object source.
Further, when the access request data is distributed to the second network application system integration workstation, the access request data is subjected to the adaptation processing of the one-way optical gate. The adaptation processing is mainly to realize that the access request data is converted into a text file when being sent to the one-way optical gate, and the text file is converted into the access request data after being transmitted by the one-way optical gate. The adaptation process described above is not perceptible when the access request data arrives at the second network application integration workstation.
The first network application system integration workstation is used for realizing integration of the first network application system, generation of video data and processing response to the access request data. After the related application system address is input in the first network application system integration workstation, the corresponding application system can be conveniently accessed. The video data can be rapidly collected and transmitted by linkage processing with the video collecting card 1 on the display management module. The operation of the keyboard and the mouse from the display operation module can be responded in time through analyzing and processing the access request data.
And the second network application system integration workstation is used for realizing the integration of the second network application system, the generation of video data and the processing response of access request data. After the related application system address is input in the second network application system integration workstation, the corresponding application system can be conveniently accessed. The video data can be rapidly collected and transmitted by linkage processing with the video collecting card 2 on the display management module. The operation of the keyboard and the mouse from the display operation module can be responded in time through analyzing and processing the access request data.
The method for displaying the application system in a single-stop mode under the cross-isolation network is shown in fig. 2, and comprises the following specific steps:
1. and configuring the application system to be shown on the first network application system integration workstation and the application system to be shown on the second network application system integration workstation.
2. The display management module respectively collects video data on the first network application system integrated workstation and the second network application system integrated workstation through the video capture card 1 and the video capture card 2.
3. And the display operation module interacts with the display management module to acquire video data.
4. And the display operation module respectively sends access request data to the first network application system integration workstation and the second network application system integration workstation. When the display operation module sends the access request data to the second network application system integrated workstation, the access request data needs to be isolated through the one-way optical gate.
5. The first network application system integration workstation and the second network application system integration workstation can respond to the operation of a keyboard and a mouse from the display operation module in time through analyzing and processing the access request data, and transmit the video data of the requested application system to the display management module through the corresponding video acquisition card;
6. the display management module sends the video data to the display module in real time, and the display module displays the video data according to the received video data.
The invention has the following advantages:
the invention provides a method and a device for one-stop display of an application system under a cross-isolation network for the first time, wherein the application system is directly displayed in a video data form, and the display of the application systems on a plurality of networks is controlled through a display operation module and a one-way optical gate, so that one-stop display of the application system under the cross-isolation network is realized.
Drawings
FIG. 1 is a schematic view of the apparatus of the present invention.
FIG. 2 is a flow chart of the method of the present invention.
Fig. 3 is a diagram of an apparatus according to embodiment 1 of the present invention.
Fig. 4 is a diagram of an apparatus according to embodiment 2 of the present invention.
Detailed Description
The invention will be described in further detail with reference to the drawings, which are given by way of example only for the purpose of illustrating the invention and not for the purpose of limiting the scope of the invention.
Example 1:
in embodiment 1, unified scheduling and display of application system information on three major network systems, namely a first network, a second network and a third network, are realized through a display module, a display management module and a display operation module. The equipment on the first network mainly comprises a display module, a display management module, a video acquisition card 1, a video acquisition card 2, a video acquisition card 3, a display operation module and a first network application system integration workstation; the equipment on the second network mainly comprises a second network application system integration workstation; the device on the third network mainly comprises a third network application system integration workstation. The first network, the second network and the third network are physically isolated by the unidirectional optical gate 1 and the unidirectional optical gate 2, as shown in fig. 3.
The display management module collects video data on the first network application system integration workstation, the second network application system integration workstation and the third network application system integration workstation through a video capture card 1, a video capture card 2 and a video capture card 3 respectively. The video acquisition card 1, the video acquisition card 2 and the video acquisition card 3 effectively ensure that only a video data acquisition function is provided and other data processing functions are not provided through a built-in safety management device.
The display operation module is interacted with the display management module to realize display of video data on the display operation module, access request data generation related to a mouse keyboard at a designated position of a video interface of the display operation module is realized through a mouse keyboard, and the access request data are automatically distributed to the first network application system integration workstation, the second network application system integration workstation or the third network application system integration workstation according to an operation object source.
When the access request data is distributed to the second network application system integration workstation and the third network application system integration workstation, the access request data is subjected to adaptation processing of the one-way optical gate 1 and the one-way optical gate 2. The adaptation processing here is mainly to realize the file processing when the access request data is sent to the unidirectional shutter 1 and the unidirectional shutter 2 and the recovery processing from the file to the access request data after the file is transmitted through the unidirectional shutter 1 and the unidirectional shutter 2. When data arrives at the second network application system integration workstation and the third network application system integration workstation, the data is not aware of the adaptation process.
The first network application system integration workstation, the second network application system integration workstation and the third network application system integration workstation are respectively used for realizing the integration of the first network, the second network and the third network application system, the generation of video data and the processing response of access request data. After the relevant application system addresses are input into the first network application system integration workstation, the second network application system integration workstation and the third network application system integration workstation, the corresponding application systems can be conveniently accessed. The video data is rapidly collected and transmitted by linkage processing with the video collecting card 1, the video collecting card 2 and the video collecting card 3 on the display management module. The operation of the keyboard and the mouse from the display operation module can be responded in time through analyzing and processing the access request data.
Example 2:
in embodiment 2, unified scheduling and display of application system information on two major network systems, namely a first network and a second network, are realized through a display module, a display management module and a display operation module. The equipment on the first network mainly comprises a display module, a display management module, a video acquisition card 1, a video acquisition card 2, a display operation module and a first network application system integration workstation. The display module comprises a display module 1, a display module 2 and a display module 3. The device on the second network mainly comprises a second network application system integration workstation. The first network and the second network are physically isolated by a unidirectional shutter, as shown in fig. 4.
The display management module respectively collects video data on the first network application system integration workstation and the second network application system integration workstation through a video capture card 1 and a video capture card 2. The video acquisition card 1 and the video acquisition card 2 effectively ensure that only a video data acquisition function is provided and other data processing functions are not provided through a built-in safety management device.
The display operation module is interacted with the display management module to realize display of video data on the display operation module, access request data generation related to a mouse keyboard at a designated position of a video interface of the display operation module is realized through the mouse keyboard, and the access request data are automatically distributed to the first network application system integration workstation or the second network application system integration workstation according to an operation object source.
When the access request data is distributed to the second network application system integration workstation, the access request data is subjected to adaptation processing of the one-way optical gate. The adaptation processing here is mainly to realize the filing processing when the access request data is sent to the unidirectional shutter and the recovery processing from the file after the file is transmitted through the unidirectional shutter to the access request data. The adaptation process described above is not perceptible when the data arrives at the second network application integration workstation.
The first network application system integration workstation and the second network application system integration workstation are respectively used for realizing the integration of the first network application system and the second network application system, the generation of video data and the processing response of access request data. After the related application system addresses are input into the first network application system integration workstation and the second network application system integration workstation, the corresponding application systems can be conveniently accessed. The video data is rapidly collected and transmitted by linkage processing with the video collection card 1 and the video collection card 2 on the display management module. The operation of the keyboard and the mouse from the display operation module can be responded in time through analyzing and processing the access request data.
Although specific embodiments of the invention have been disclosed for purposes of illustration, and for purposes of aiding in the understanding of the contents of the invention and its implementation, those skilled in the art will appreciate that: various substitutions, alterations, and modifications are possible without departing from the spirit and scope of this disclosure and the appended claims. Therefore, it is intended that the invention not be limited to the particular embodiment disclosed as the best mode contemplated for carrying out this invention, but that the invention will include all embodiments falling within the scope of the appended claims.
Claims (6)
1. A method for one-stop display of an application system under a cross-isolation network comprises the following steps:
1) For N networks with data display requirements, setting an application system integration workstation in each network, selecting one network from the N networks as a main network, and setting a display module, a display management module and a display operation module in the main network; the display management module comprises N video capture cards, wherein the ith video capture card is connected with an application system integration workstation in the ith network through a video transmission line and is used for capturing video data in the ith network, and each network is provided with an application system integration workstation; i =1 to N;
2) Integrating application systems to be displayed on a corresponding network on each application system integration workstation;
3) The display operation module sends an access request to the application system integration workstation of the main network; and sending access requests to the application system integration workstations of each of the other networks through the unidirectional optical shutters between the main network and each of the other networks;
4) The application system integration workstations of each network respond to the access request and transmit the video data of the requested application system to the display management module through the corresponding video acquisition card;
5) The display management module sends the video data to the display module and the display operation module respectively; the display operation module is used for controlling the display of the video data on the display module.
2. The method according to claim 1, wherein a security management unit is built in the video capture card, and the security management unit has a one-way management function of video data built therein for ensuring that the video capture card has only a video data capture function.
3. The method of claim 1, wherein the presentation manipulation module converts the access request into a text file and sends the text file to the unidirectional shutter, and the unidirectional shutter transmits the text file to a corresponding application system integration workstation which converts the text file into the access request.
4. A device for one-stop display of an application system under a cross-isolation network is characterized by comprising a display module, a display management module, a display operation module, a one-way optical gate and an application system integration workstation; wherein,
the display module, the display management module and the display operation module are arranged in a main network, and the main network is one of N networks which are physically isolated from each other and have data display requirements; each network is provided with one application system integration workstation; the main network is connected with other networks through one-way optical gates;
the display management module comprises N video capture cards, wherein the ith video capture card is connected with an application system integration workstation in the ith network through a video transmission line and is used for capturing video data in the ith network, and i = 1-N;
the display operation module is used for sending an access request to the application system integration workstation of the main network; and sending access requests to the application system integration workstations of each of the other networks through the unidirectional optical shutters between the main network and each of the other networks;
the application system integration workstation integrates the application system to be displayed on the network, responds to the access request and transmits the video data of the requested application system to the display management module through the corresponding video acquisition card;
and the display module is used for displaying the video data acquired by each video acquisition card.
5. The apparatus according to claim 4, wherein a security management unit is built in the video capture card, and the security management unit has a unidirectional video data management function built therein for ensuring that the video capture card has only a video data capture function.
6. The apparatus of claim 4, wherein the presentation operation module converts the access request into a text file and sends the text file to the unidirectional optical gate, the unidirectional optical gate transmits the text file to a corresponding application system integration workstation, and the application system integration workstation converts the text file into the access request.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210656657.8A CN115189916A (en) | 2022-06-10 | 2022-06-10 | Method and device for one-stop display of application system under cross-isolation network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210656657.8A CN115189916A (en) | 2022-06-10 | 2022-06-10 | Method and device for one-stop display of application system under cross-isolation network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115189916A true CN115189916A (en) | 2022-10-14 |
Family
ID=83513979
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210656657.8A Pending CN115189916A (en) | 2022-06-10 | 2022-06-10 | Method and device for one-stop display of application system under cross-isolation network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115189916A (en) |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150180977A1 (en) * | 2013-12-20 | 2015-06-25 | Airbus Operations Gmbh | Merging human machine interfaces of segregated domains |
| CN207232963U (en) * | 2017-09-01 | 2018-04-13 | 沈杭海 | A kind of remote computer controling system with network isolation function |
| CN207968538U (en) * | 2017-12-26 | 2018-10-12 | 北京东土科技股份有限公司 | A kind of Streaming Media safety isolation network gate |
| US20190289261A1 (en) * | 2016-07-21 | 2019-09-19 | Gl D&If Inc. | Network separation device and video surveillance system employing the same |
| CN110825895A (en) * | 2019-11-07 | 2020-02-21 | 威创集团股份有限公司 | Visual fusion method of isolation information and desktop image processor |
| CN113542274A (en) * | 2021-07-15 | 2021-10-22 | 南京中孚信息技术有限公司 | Cross-domain data transmission method, device, server and storage medium |
| CN114157466A (en) * | 2021-11-25 | 2022-03-08 | 成都普沛科技有限公司 | System and method for realizing safe cross-network access under network partition |
-
2022
- 2022-06-10 CN CN202210656657.8A patent/CN115189916A/en active Pending
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20150180977A1 (en) * | 2013-12-20 | 2015-06-25 | Airbus Operations Gmbh | Merging human machine interfaces of segregated domains |
| US20190289261A1 (en) * | 2016-07-21 | 2019-09-19 | Gl D&If Inc. | Network separation device and video surveillance system employing the same |
| CN207232963U (en) * | 2017-09-01 | 2018-04-13 | 沈杭海 | A kind of remote computer controling system with network isolation function |
| CN207968538U (en) * | 2017-12-26 | 2018-10-12 | 北京东土科技股份有限公司 | A kind of Streaming Media safety isolation network gate |
| CN110825895A (en) * | 2019-11-07 | 2020-02-21 | 威创集团股份有限公司 | Visual fusion method of isolation information and desktop image processor |
| CN113542274A (en) * | 2021-07-15 | 2021-10-22 | 南京中孚信息技术有限公司 | Cross-domain data transmission method, device, server and storage medium |
| CN114157466A (en) * | 2021-11-25 | 2022-03-08 | 成都普沛科技有限公司 | System and method for realizing safe cross-network access under network partition |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US11294616B2 (en) | Systems and methods for the secure synchronization of user interface state amongst computing devices | |
| CN101652999B (en) | System and method for managing live video data | |
| EP3553678B1 (en) | Systems and methods for accessing data items and aggregating data records | |
| WO2020167561A1 (en) | Automatic visual display overlays of contextually related data from multiple applications | |
| US7991838B2 (en) | Apparatus and method for report sharing within an instant messaging framework | |
| CN102447701A (en) | Network information interaction method and network security system | |
| CN102223368B (en) | System and method capable of realizing operation identification during monitoring of remote desktop protocol (RDP) | |
| US9824204B2 (en) | Systems and methods for synchronized sign-on methods for non-programmatic integration systems | |
| US11316859B2 (en) | Work support system and method with device sharing and development system for multi-platform application | |
| CN112287067A (en) | Sensitive event visualization application implementation method, system and terminal based on semantic analysis | |
| CN111669447A (en) | Page display method, device, equipment and medium | |
| CN1501623A (en) | Method and apparatus for remotely transmitting sensitive data | |
| KR101415003B1 (en) | Remote management system for electronic display based on web | |
| CN106060017A (en) | Cloud platform and method of data management and control | |
| Namdeo et al. | Smart Automated Surveillance System using Raspberry Pi | |
| CN115567563B (en) | Comprehensive transportation hub monitoring and early warning system based on end edge cloud and control method thereof | |
| CN115189916A (en) | Method and device for one-stop display of application system under cross-isolation network | |
| KR100792240B1 (en) | Multi vision materialization method and system for the same | |
| Karpagavalli | NEGP in panchayat-an overview with reference to Tiruppur district | |
| US20140156339A1 (en) | Operational risk and control analysis of an organization | |
| CN114942912B (en) | Network disk file collection method and device, network disk and storage medium | |
| US20120102118A1 (en) | Collaboration methods for non-programmatic integration systems | |
| CN114265759A (en) | Tracing method and system after data information leakage and electronic equipment | |
| CN115248647A (en) | Menu processing method and system | |
| KR102324518B1 (en) | Gateway apparatus for securing server based on deep learning and control method thereof |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20221014 |
|
| RJ01 | Rejection of invention patent application after publication |