CN201398200Y - Distributed one-way transmission system for network information security - Google Patents
Distributed one-way transmission system for network information security Download PDFInfo
- Publication number
- CN201398200Y CN201398200Y CN2009200805043U CN200920080504U CN201398200Y CN 201398200 Y CN201398200 Y CN 201398200Y CN 2009200805043 U CN2009200805043 U CN 2009200805043U CN 200920080504 U CN200920080504 U CN 200920080504U CN 201398200 Y CN201398200 Y CN 201398200Y
- Authority
- CN
- China
- Prior art keywords
- network
- receiving end
- transmission system
- distributed
- media
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The utility model provides a distributed one-way transmission system for network information security, and belongs to the technical field of computer network information security. At least one or moresend-only terminal and a plurality of media converters are arranged on a send-only subsystem terminal; at least one or more media converters and one receive-only terminal are arranged on a receive-only subsystem terminal; and the distributed disposition and transmission of at least one receive-only terminal and multiple send-only terminals spanning a wide area network is realized between the send-only terminal and the receive-only terminals which are far from each other through the connection between a one-way optical fiber and the media converters and the connection between the media converters and the wide area network. Therefore, physically, data is ensured to flow to a high-security classification network of a headquarters from a low-security classification network of a branch officeonly; and information of the high-security classification network can never flow to the low-security classification network through the system. The utility model needs not manual turnover manners suchas light discs and the like, and has very significant meaning in fully playing the efficiency of computer networks and ensuring the security of a sensitivity information system.
Description
Technical field
The utility model relates to the information security of computer network technical field, particularly a kind of distributed network information safety unidirectional transmission system.
Background technology
Computer network is one of computer important way of obtaining information from the outside, yet, computer network the live and work of giving people bring huge simultaneously easily, also brought network information security problem.In recent years, happen occasionally and be the trend that increases gradually because of the classified information system illegally inserts the leakage of a state or party secret that the Internet or other public network cause, information security to units such as Party and government offices, armies constitutes greatly threat, has caused the great attention of national correlation department.For the safety of the classified information system that guarantees units such as Party and government offices, army, the major measure of taking at present is to forbid classified information system direct or indirect access the Internet (or other public network).Clearly stipulate " computer information system that relates to state secret; must not be connected with Internet or other public network directly or indirectly must be carried out physical isolation " in formal " Regulations of Internet Security of Computer Information System " implemented on January 1st, 2000.
After the physical isolation, the benefit of bringing is that the information of classified information system can not be leaked to the Internet or other public network by network, but this is " is cost with the ease of use of sacrificing computer network ", yet, required some basic datas of the operation system of moving in the classified information system are but inevitably from the Internet or other public network, after the physical isolation, required these data of classified information system can only be undertaken by manual mode such as imprint CDs, and greatly reduce operating efficiency.
Have do not have a kind of technological means can make the classified information system by network from the Internet or other public network extract required data, can prevent effectively that again the data in the classified information system are leaked to the Internet or other public network by network? at above-mentioned this problem, this research and design one " distributed network information safety unidirectional transmission system ", this system adopts the pure one way technique based on the fiber data diode, from physically guaranteeing to have only transmission channel from the Low Security Level network to the High Security Level network, guarantee that information can only be from the Low Security Level network flow to the High Security Level network, the information of High Security Level network flows to the Low Security Level network by native system till the ass ascends the ladder.
The utility model content
Purpose of the present utility model designs exactly a kind ofly guarantees that information can only be from the Low Security Level network flow to the High Security Level network, the information of High Security Level network flows to the distributed network information safety unidirectional transmission system of Low Security Level network till the ass ascends the ladder by native system, to overcome above-mentioned technical deficiency.
The technology solution that realizes the purpose of the utility model is such.
A kind of distributed network information safety unidirectional transmission system, comprise an only subsystem 1 that sends files classes data and tcp data section or UDP datagram by unidirectional transmission engine, only receive subsystem 2 by what unidirectional reception engine was accepted files classes data and tcp data section or UDP datagram, it is characterized in that: be provided with at least one or more and make a start 1.1 and many media converters 1.2 only sending out subsystem 1 end, be provided with at least one or many media converters 2.2 and receiving end 2.1 only receiving subsystem 2 ends; At a distance of two places only make a start 1.1 and only between the receiving end 2.1, by being connected of one-way optical fiber and media converter 1.2,2.2, media converter 1.2,2.2 is connected with Wide Area Network, realizes at least one receiving end 2.1 and Duo Tai 1.1 distributed deployment and the transmission of crossing over Wide Area Networks of only making a start.
Described a kind of distributed network information safety unidirectional transmission system is characterized in that: only making a start 1.1 is private servers 1.3, is provided with two Ethernet interfaces 1.31 and the fine Fiber Interface Card 1.32 of bill.
Described a kind of distributed network information safety unidirectional transmission system, it is characterized in that: a receiving end 2.1 is private servers 2.3, is provided with two Ethernet interfaces 2.31 and one and only receives single fiber Fiber Interface Card 2.32.
Described a kind of distributed network information safety unidirectional transmission system, it is characterized in that: 1.1 two gigabit ethernet interfaces 1.31 of only making a start are connected with the Low Security Level network 3 of branch, the interface (Tx) of the fine Fiber Interface Card 1.32 of bill is connected with media converter 1.2 by an one-way optical fiber, and media converter 1.2 is by common Network Transfer Media access Wide Area Network.
Described a kind of distributed network information safety unidirectional transmission system, it is characterized in that: the media converter 2.2 of a receiving end 2.1 inserts Wide Area Network by common Network Transfer Media, 1 interface (Rx) of only receiving single fiber Fiber Interface Card 2.32 of receiving end 2.1 is connected with media converter 2.2 by an one-way optical fiber, and gigabit ethernet interface 2.31 is connected with general headquarters High Security Level network 4.
The good effect that the utility model is implemented the back generation is such: by said native system, required some of classified information system from the data of Low Security Level network or even the Internet or other public network just to enter the classified information system by network, need not to have enough to meet the need by manual modes such as CDs, to improving the classified information user's of system operating efficiency, give full play to computer network usefulness, guarantee that the safety of classified information system has very important significance.
Description of drawings
Fig. 1 is the said system works schematic block diagram of the utility model.
Fig. 2 is that the said system configuration of the utility model concerns schematic block diagram.
Fig. 3 is make a start private server and an interface schematic diagram thereof of said of the utility model.
Fig. 4 is said receiving end private server of the utility model and interface schematic diagram thereof.
Fig. 5 is that the utility model embodiment files classes data sheet is to the transfer process schematic diagram.
Fig. 6 is the utility model embodiment tcp data section one-way transmission schematic flow sheet.
Symbol description: 1 send out that subsystem, 2 receive that the High Security Level network of the Low Security Level network of subsystem, 3 branches, 4 total portion mechanisms, 1.1 are made a start, 1.2 media converters, 1.3 private servers, 1,31 gigabit ethernet interface, 1.32 bill Fiber Interface Card, 2.1 receiving ends, 2.2 media converters, 2.3 private servers, 2.31 gigabit ethernet interfaces, 2.32 receipts single fiber interface cards.
Embodiment
Provide embodiment referring to Fig. 1 the utility model is done further specifying.
As can be seen from Figure 1, native system mainly comprises and only sends out subsystem 1 and only receive subsystem 2.The data that transmit by system mainly contain two types: a kind of is " files classes data ", such as: ordinary file, database file etc.; Another kind is " tcp data section or a UDP datagram "." files classes data " send to " individual event reception engine " by " unidirectional transmission engine " under the control of " file sends control " module, be distributed to specified server by " file distributing control " module again." tcp data section or UDP datagram " passes through " TCP/UDP service end agency " afterwards, sends to " individual event reception engine " by " unidirectional transmission engine " again, at last by " " TCP/UDP Client Agent " sends to specified server.As can be seen from Figure 2, only make a start 1.1 is special hardwares that are provided with, it has two gigabit ethernet interfaces 1.31 and 1 fine optical fiber interface 1.32 (Tx) of bill, wherein gigabit ethernet interface 1.31 is connected with the Low Security Level network 3 of branch, the fine optical fiber interface 1.32 of bill (Tx) is connected with media converter 1.2 by an one-way optical fiber, the media converter model of selecting is KWSUITS-A-1X, and media converter 1.2 inserts Wide Area Network by common Network Transfer Media.Receiving end 2.1 also is a special hardware, it has 1 only to receive 2.32 and two gigabit ethernet interfaces 2.31 of single fiber optical fiber interface (Rx), wherein only receive single fiber optical fiber interface (Rx) 2.32 and be connected with media converter 2.2 by an one-way optical fiber, the media converter model of selection also is to be KWSUITS-A-1X; Gigabit ethernet interface 2.31 is connected with the High Security Level network 4 of general headquarters.From shown in Figure 3, making a start for said is 1.1 1 private servers 1.3, and what present embodiment was selected for use is KWSUITS-S-500SO model server; It comprises two Ethernet interfaces 1.31 and the fine Fiber Interface Card 1.32. of bill as shown in Figure 4, and a receiving end 1.2 is private servers 2.3, and what present embodiment was selected for use is that model also is to be KWSUITS-S-500RO model server; It comprises two Ethernet interfaces 2.31 and one and only receives single fiber Fiber Interface Card 2.32.Key technology of the present utility model is, at present domestic and international similar technology is will " only make a start " and " receiving end " is integrated in the hardware device, its shortcoming is to belong to different local time when " concerning security matters machine room " and " non-concerning security matters machine room ", especially the very general existence of this situation in the practical application, system can't dispose.In order to overcome above-mentioned shortcoming, native system separates " receiving end " when design with " only making a start ", " only makes a start " by " receiving end " He Duotai of " media converter " realization and crosses over the distributed deployment and the transmission of Wide Area Network.Native system has possessed following major function under the support of server and software thereof: (1) provides secondary development API; (2) provide WINDOWS transmission plug-in unit; (3) provide editable errorlevel; (4) provide mail to report to the police and SMS alarm; (5) based on the storage administration of explorer; (6) support online storage medium to change; (7) support the unidirectional agency of TCP; (8) support the unidirectional agency of UDP; (9) support unidirectional file transfer; (10) support that the one-way data storehouse is synchronous; (11) support unidirectional mail relaying; (12) support unidirectional webpage issue; (13) support the unidirectional message transmission; (14) provide safety functions such as intrusion detection, access control, anti-DDOS attack, IP/MAC binding.From Fig. 5, Fig. 6, scheme as can be seen that the utility model specifically uses the flow implementation example.
Fig. 5 is the files classes data sheet to transfer process:
(1) acquisition module of only making a start is gathered file data from source server;
(2) the one-way transmission engine of only making a start is transferred to a receiving end with file from only making a start;
(3) the unidirectional reception engine of a receiving end receives the file of only making a start and sending;
(4) a receiving end release module arrives destination server with file distribution.
Fig. 6 is a tcp data section one-way transmission flow process:
(1) client is initiated the TCP conversation request;
The TCP server agent of (2) only making a start receives request;
(3) only make a start request msg is sent to a receiving end by the one-way transmission engine;
(4) the unidirectional reception engine of a receiving end receives data;
(5) receiving end is initiated new conversation request to server by the TCP Client Agent.
Claims (5)
1, a kind of distributed network information safety unidirectional transmission system, comprise an only subsystem (1) that sends files classes data and tcp data section or UDP datagram by unidirectional transmission engine, only receive subsystem (2) by what unidirectional reception engine was accepted files classes data and tcp data section or UDP datagram, it is characterized in that: be provided with that one or more is made a start (1.1) and many media converters (1.2) at least only sending out a subsystem (1) end, hold and be provided with at least one or many media converters (2.2) and receiving end (2.1) only receiving subsystem (2); At a distance of two places only make a start (1.1) and a receiving end (2.1) between, by being connected of one-way optical fiber and media converter (1.2,2.2), media converter (1.2,2.2) is connected with Wide Area Network, realizes at least one receiving end (2.1) and many distributed deployment and the transmission that only make a start (1.1) cross over Wide Area Network.
2, a kind of distributed network information safety unidirectional transmission system according to claim 1, it is characterized in that: only make a start (1.1) are private servers (1.3), are provided with two gigabit ethernet interfaces (1.31) and the fine Fiber Interface Card (1.32) of bill.
3, a kind of distributed network information safety unidirectional transmission system according to claim 1, it is characterized in that: a receiving end (2.1) is a private server (2.3), is provided with two gigabit ethernet interfaces (2.31) and one and only receives single fiber Fiber Interface Card (2.32).
4, a kind of distributed network information safety unidirectional transmission system according to claim 1, it is characterized in that: two gigabit ethernet interfaces (1.31) of only make a start (1.1) are connected with Low Security Level network 3, the interface (Tx) of the fine Fiber Interface Card of bill (1.32) is connected with media converter (1.2) by an one-way optical fiber, and media converter (1.2) is by common Network Transfer Media access Wide Area Network.
5, a kind of distributed network information safety unidirectional transmission system according to claim 1, it is characterized in that: the media converter (2.2) of a receiving end (2.1) inserts Wide Area Network by common Network Transfer Media, 1 interface (Rx) of only receiving single fiber Fiber Interface Card (2.32) of receiving end (2.1) is connected with media converter (2.2) by an one-way optical fiber, and gigabit ethernet interface (2.31) is connected with High Security Level network (4).
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009200805043U CN201398200Y (en) | 2009-04-30 | 2009-04-30 | Distributed one-way transmission system for network information security |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2009200805043U CN201398200Y (en) | 2009-04-30 | 2009-04-30 | Distributed one-way transmission system for network information security |
Publications (1)
Publication Number | Publication Date |
---|---|
CN201398200Y true CN201398200Y (en) | 2010-02-03 |
Family
ID=41620731
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2009200805043U Expired - Fee Related CN201398200Y (en) | 2009-04-30 | 2009-04-30 | Distributed one-way transmission system for network information security |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN201398200Y (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101829480A (en) * | 2010-05-25 | 2010-09-15 | 中电投远达环保工程有限公司 | Power plant desulfurization operation condition real time data interface device and transmission method |
CN101888284A (en) * | 2010-07-08 | 2010-11-17 | 中国科学院高能物理研究所 | Method and device used for one-way transmission of data |
CN102333011A (en) * | 2011-10-17 | 2012-01-25 | 中兴通讯股份有限公司 | Unidirection link detection (UDLD) method and UDLD device |
CN102347946A (en) * | 2011-09-22 | 2012-02-08 | 中铁信安(北京)信息安全技术有限公司 | Terminal type interactive link platform system framework and realization method thereof |
CN105553925A (en) * | 2015-06-27 | 2016-05-04 | 刘晓建 | Method for unidirectional information transmission among different networks |
CN106302360A (en) * | 2015-06-10 | 2017-01-04 | 刘晓建 | Information is the method for one-way transmission between heterogeneous networks |
-
2009
- 2009-04-30 CN CN2009200805043U patent/CN201398200Y/en not_active Expired - Fee Related
Cited By (9)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101829480A (en) * | 2010-05-25 | 2010-09-15 | 中电投远达环保工程有限公司 | Power plant desulfurization operation condition real time data interface device and transmission method |
CN101888284A (en) * | 2010-07-08 | 2010-11-17 | 中国科学院高能物理研究所 | Method and device used for one-way transmission of data |
CN101888284B (en) * | 2010-07-08 | 2013-08-28 | 中国科学院高能物理研究所 | Method and device used for one-way transmission of data |
CN102347946A (en) * | 2011-09-22 | 2012-02-08 | 中铁信安(北京)信息安全技术有限公司 | Terminal type interactive link platform system framework and realization method thereof |
CN102347946B (en) * | 2011-09-22 | 2014-04-16 | 中铁信安(北京)信息安全技术有限公司 | Terminal type interactive link platform system framework and realization method thereof |
CN102333011A (en) * | 2011-10-17 | 2012-01-25 | 中兴通讯股份有限公司 | Unidirection link detection (UDLD) method and UDLD device |
CN102333011B (en) * | 2011-10-17 | 2017-11-03 | 中兴通讯股份有限公司 | One way link detection method and device |
CN106302360A (en) * | 2015-06-10 | 2017-01-04 | 刘晓建 | Information is the method for one-way transmission between heterogeneous networks |
CN105553925A (en) * | 2015-06-27 | 2016-05-04 | 刘晓建 | Method for unidirectional information transmission among different networks |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN201398200Y (en) | Distributed one-way transmission system for network information security | |
US7133916B2 (en) | Asset tracker for identifying user of current internet protocol addresses within an organization's communications network | |
CN102664871B (en) | A kind of processing method of intelligent terminal address list | |
CN110225016A (en) | A kind of data hiding transmission method based on block chain network | |
CN107947357B (en) | Power distribution automation data acquisition device and method based on safety access area | |
CN105357037B (en) | A kind of implementation method of public's wechat platform centralized management | |
CN101753553B (en) | Safety isolating and message switching system and method | |
CN103617255B (en) | A kind of business datum for power information system exchanges and synchronizes system and method | |
WO2006079001A3 (en) | Data exchanges related to financial transactions over a public network | |
CN101340289B (en) | Replay attack preventing method and system thereof | |
CN109992565A (en) | A kind of file storage system based on cloud terminal data transmission | |
CN103457736B (en) | A kind of official document receive-transmit system based on WEB and official document receiving/transmission method | |
CN109391661A (en) | The block chain network-building method and system of internet-of-things terminal | |
CN111405001A (en) | Node monitoring system applied to block chain | |
CN105187209A (en) | Ethernet communication security protection method | |
CN102664735B (en) | A kind of cell phone lottery system safety session implementation method based on public keys | |
CN106921677A (en) | A kind of multiple encryption system of block chain houseclearing | |
CN107733936B (en) | Encryption method for mobile data | |
CN101730085A (en) | Address book data synchronizing method and system | |
CA2628815A1 (en) | System and method for correlating messages within a wireless transaction | |
CN101237422A (en) | Organization instant messaging system and method | |
CN102612001A (en) | Method for realizing short message mass-sending through transfer by utilizing short message mass-sending platform server | |
CN101754207B (en) | Smart phone intrusion detection method based on game theory | |
CN103023642B (en) | A kind of mobile terminal and digital certificate functionality implementation method thereof | |
CN101188008A (en) | Open multi-business member information management method and system on one platform |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C14 | Grant of patent or utility model | ||
GR01 | Patent grant | ||
C17 | Cessation of patent right | ||
CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100203 Termination date: 20140430 |