CN207926637U - The information transmission system of isomery multichannel security isolation - Google Patents
The information transmission system of isomery multichannel security isolation Download PDFInfo
- Publication number
- CN207926637U CN207926637U CN201721123137.1U CN201721123137U CN207926637U CN 207926637 U CN207926637 U CN 207926637U CN 201721123137 U CN201721123137 U CN 201721123137U CN 207926637 U CN207926637 U CN 207926637U
- Authority
- CN
- China
- Prior art keywords
- processing circuit
- data processing
- data
- isomery
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Abstract
The utility model discloses a kind of information transmission systems of isomery multichannel security isolation, including first network unit and the second network element, the first network host unit is provided with multiple transmission mouths, the transmission mouth of the first network host unit is correspondingly connected with the receiving port to the first data processing circuit, first data processing circuit connects by a plurality of one-way optical fiber and transfers data to the second data processing circuit, the receiving port for sending mouth and connecting the second network element of second data processing circuit.Invalid data caused by the utility model has the advantages that the possibility back door that data transmission is complete and can eliminate physical connection generation and can take precautions against virus control computer exchanges.
Description
Technical field
The utility model is related to data transmission technologies, and physical connection can be completely eliminated more particularly, to a kind of data transmission
The isomery multichannel security isolation that the possibility back door of generation and invalid data caused by capable of taking precautions against virus control computer exchange
The information transmission system.
Background technology
The network in China and informatization make remarkable achievements by years development, based on information system
System construction ability significantly increases, and the application level of network and information system is substantially improved.But in the west headed by the U.S.
Science and technology power is first sent out in face of technical advantage and aggressive offensive strategy, and China's network security level and defense system are on the whole
Still it is in strategic weak tendency.Main cyberspace basic situation is shown as:Comparison of industrial basis is poor;Belong to tracking mode on the whole
Scientific research, including cyberspace also belong to safely the scientific research of tracking mode, and there is also some phenomenons of village hollowing;Independent development is difficult to cover
It covers entire ecological environment and controls whole links of theft-resistant link chain;Cyberspace present " by it is transparent, by net processed " state.
A strategy " borders Jiong " is faced during the current Network Security Construction in China:On the one hand, do not have to import, it is advanced
Property, maturity and promptness cannot be guaranteed;But then, with the prestige for not being avoided that " toxic to carry disease germs " component again of import
The side of body, safety are difficult to ensure.
So we face two basic safety problems that can not avoid:It is the letter under current technical capability first
The loophole ceased in systematical design idea is unavoidable;Followed by for the current autonomous industry ability in China, completely
It independently is controllably difficult to reach, " by back door " can not avoid.
Realize that the equipment of security isolation and information exchange generally there are following several technologies now:Ferry-boat technology is (based on switch
Switching), buffering area mechanics of communication (being based on switching) and half-duplex channel technology.Wherein ferry-boat technology and buffering area mechanics of communication
Scheme, (there may be back doors as covert channel) that physically two networks are connected together, and virus can be with
By the data back ferry-boat that disguises oneself as by security isolation and the information transmission system (invalid data exchanges), so opposite is uneasy
Complete.So-called half-duplex channel is exactly that two links of sending and receiving of communication are completely separable, cannot complete to communicate in a channel
Feedback, attack just at half-open connection, can not form hiding duplex channel (back door) and cause to divulge a secret, cannot play
Effect.Transmission data, data side receive data to sender by all means by all means.If only one direction, the integrality to data is that have very
It influences greatly.For example, data are damaged in transmission process, recipient does not notify the possibility that sender retransmits, and only abandons.It is right
For sender, data are sent out by all means, whether other side receives, and whether data are available not to be known.But half-duplex channel technology
Safety is ensure that on the basis of having certain damage to data integrity.
Utility model content
To solve the above problems, the purpose of this utility model is to provide a kind of data transmissions completely to eliminate physical connection
The isomery multichannel security isolation that the possibility back door of generation and invalid data caused by capable of taking precautions against virus control computer exchange
The information transmission system.
The utility model realized by following technical measures, a kind of information transmission system of isomery multichannel security isolation
System, including first network unit and the second network element, it is characterised in that:The first network host unit is provided with multiple hairs
Sending mouth, the transmission mouth of the first network host unit is correspondingly connected with the receiving port of one first data processing circuit, and described first
Data processing circuit connects by a plurality of one-way optical fiber and transfers data to the second data processing circuit, at second data
Manage the receiving port for sending mouth and connecting the second network element of circuit.
Second network element is provided with multiple transmission mouths as a preferred method, second network element
The receiving port that mouth is correspondingly connected with third data processing circuit is sent, the third data processing circuit is connected by a plurality of one-way optical fiber
The 4th data processing circuit is connect and transfers data to, the transmission mouth of the 4th data processing circuit connects first network unit
Receiving port.
It is connected between first data processing circuit, second data processing circuit as a preferred method,
Port number between the number of one-way optical fiber and first network host unit, the first data processing circuit is equal and there are an a pair
The relationship answered.
It is connected between the third data processing circuit, the 4th data processing circuit as a preferred method,
Port number between the number of one-way optical fiber and the second network element host, third data processing circuit is equal and there are an a pair
The relationship answered.
The first data processing circuit and the second data processing circuit are FPGA data processing electricity as a preferred method,
Road.
Third data processing circuit and the 4th data processing circuit are FPGA data processing electricity as a preferred method,
Road.
The utility model between the first data processing circuit and the second data processing circuit due to using a plurality of unidirectional
Optical fiber, two links of sending and receiving communication are completely separable, as soon as the feedback of communication, attack cannot be completed in channel
At half-open connection, hiding duplex channel (back door) can not be formed and cause to divulge a secret, the back door of hardware aspect is just not present,
For the defect that the data for solving to be likely to occur in half-duplex channel technology are damaged in transmission process, solved using multiple one-way optical fibers
Certainly this problem, the data of multiple one-way optical fibers test mutually school and obtain final data, and the theoretical bit error rate reaches 10-28This grade
Not, to reach real requirement.
Description of the drawings
Fig. 1 is the structure diagram of the utility model embodiment.
Specific implementation mode
With reference to embodiment and compares attached drawing the utility model is described in further detail.
A kind of information transmission system of the isomery multichannel security isolation of the present embodiment, referring to FIG. 1, the inside have two it is hard
Part channel, first channel are the data channel of the transmission data of the inside net unit of outer net unit.Article 2 channel is Intranet list
The data channel of first net unit transmission data outward.Hardware aspect, outer net host 1 and intranet host 1 we select Jijia Brix
5200 (I5 CPU, memory 16G, hard disk 256G SSD), the first FPGA data processing circuit 3 and the second FPGA data processing circuit
5 we select Cyclone V, concrete model 5CGXFC9C6 using ALTERA companies, it can complete data be packaged and
The operational datas such as verification.The connection type of the 1 to the first FPGA data of outer net host processing circuit 3 be 1 USB3.0 interface, two
PCIe interface and two SATA interfaces 2, two of which PCIe interface are directly connected to the first FPGA data processing electricity by outer net host 1
The corresponding pin on road 3, two SATA interfaces are directly connected to the corresponding pin of the first FPGA data processing circuit 3 by outer net host 1,
USB3.0 interfaces are connected to the FX3 modules of CyPress companies by outer net host 1, and FX3 connects the first FPGA data by parallel port again
3 corresponding pin of processing circuit.The transmission mouth of 5 optical modules passes through 5 one-way optical fibers 4 on first FPGA data processing circuit 3
Connect the receiving port of the corresponding optical module of the second FPGA data processing circuit 5.Second FPGA data processing circuit 5 and interior host
Machine 7 is connected to be connected by USB interface, and the hardware that Article 2 channel uses is identical with first channel, except that
Second FPGA data processing circuit and the 4th data processing circuit are to the code encoding/decoding modes of the data that receive (or format inverse transformation side
Formula or decruption key and manner of decryption) it is different.
The information transferring method of this isomery multichannel security isolation, includes the following steps:
(11) for after system program starts, outer net host 1 generates one first biography random number first, and according to this random number
The serial number in multiple valid data channels is calculated, the serial number in valid data channel is then dealt into the first FPGA data processing circuit
3, then the second FPGA data processing circuit 5, the second FPGA data processing circuit 5 are dealt by the first FPGA data processing circuit 3
It will be preserved after the serial number in the valid data channel received, data check made according to the serial number in the valid data channel of preservation;When being
It when system does not receive external data, also can periodically repeat the above process, ensure that valid data channel is changing always;
(12) when outer net host 1 receive external data need toward intranet host 7 send when,
It (includes but not limited to format conversion, encryption etc. that data are encoded by the corresponding format in currently valid channel
Mode) after be saved in the corresponding buffering area in each valid data channel;
(13) data are dealt into corresponding effective data channel by outer nets host 1 by asynchronous mode respectively;
(14) after the first FPGA datas of processing circuit 3 receives the data in each valid data channel, again by data after packing
It is dealt into the corresponding one-way optical fiber in the effective channel 4;
(15) the 4 individual reception data of each one-way optical fiber of the second FPGA datas of processing circuit 5, after receiving fixed length packet, first
The quantity in valid data channel is judged, if it exceeds the quantity in valid data channel, directly abandons data and pass error count
Increase, alarms if error count reaches setting value;If the channel for receiving data is exactly current each valid data channel,
Then the data in valid data channel decoding (including but not limited to format conversion or decryption) is verified afterwards, by the minority is subordinate to the majority
Principle obtain final data, such as each channel data be all different, directly abandon data simultaneously error count is incremented by, if wrong
Miscount reaches setting value and just alarms;
(16) final data is transferred to intranet host 7 by the second FPGA datas of processing circuit 5.
In the present system, due to being used between the first FPGA data processing circuit and the second FPGA data processing circuit
One-way optical fiber, two links of sending and receiving communication are completely separable, and the feedback of communication, attack row cannot be completed in a channel
For that just at half-open connection, hiding duplex channel (back door) can not be formed and cause to divulge a secret, the back door of hardware aspect is not just deposited
In the defect that the data to solve to be likely to occur in half-duplex channel technology are damaged in transmission process, using multiple Unidirectional lights
Fibre solves the problems, such as this, and the data of multiple one-way optical fibers mutually test school and obtain final data, and the theoretical bit error rate reaches 10-28
This rank, reaches real requirement.This system uses the framework of isomery multichannel, using isomery multichannel transmission data, only
The data of multiple channels transmissions are identical to be just considered valid data, and with isomorphism multichannel ratio, this takes precautions against to a certain extent
The invalid data transmission of virus;While using isomery multichannel, also constantly calculated by the nonce count that system generates effective
Channel, system only presses valid data channel transmission data, and when receiving terminal system verifies, only the majority in valid data channel is logical
The data in road unanimously can just obtain valid data, and there is also when data in non-effective data channel, then it is assumed that be illegal transmissions
It is sent in trial multichannel and gives a warning simultaneously closing passage;It (includes but not limited to lattice that this system, which also uses data format coding,
Formula converts or encryption etc.) application of technology, host encodes the data in different channels (format conversion or with different
Key is encrypted), (inverse transformation or decryption) is decoded by hardware FPGA when group packet verifies, coding mode or key are present in firmware
It neutralizing in software program, every equipment is all different, because virus can not possibly obtain this device coding mode or key,
The data sent out become (counter to change or decrypt operation) when a group packet is verified by decoding, then the data in each channel differ, thus
The data in channel are identical there are two there is no fear of, and final data is abandoned, and achieved the effect that close the door.Void can be also run in host
The transmission program that system carries is run on fictitious host computer by quasi- host, to separate because host is connected to first network unit possibility
By virus control and further control system transmission program.
By above-mentioned technology, viral illegal transmissions data are extremely low by the probability of this system, same reason, intranet host
7 can also be used similar scheme (only the mode of data transformation or cipher mode or encryption key are different) to outer net host 1, interior
Host's machine 7 is provided with multiple transmission mouths, and the transmission mouth of institute's intranet host 7 is correspondingly connected with connecing for third FPGA data processing circuit 8
It closes up, the third FPGA data processing circuit 8 is connected by a plurality of one-way optical fiber 4 and transfers data to the 4th FPGA data
Processing circuit 9, the receiving port for sending mouth connection outer net host 1 of the 4th FPGA data processing circuit 9.Even if virus camouflage
The mode of data by the operation of user enter intranet host 7 (or successfully crack data transformation and revolving door, be successfully entered in
Host's machine), and intranet host 7 is successfully controlled, become because intranet host 7 also uses different formats to outer net host 1
It changes (or different encryption keys), virus still can not send out data.Intranet host 7 needs 1 transmission data of host's machine outward
When, Principle of Process is identical toward 7 transmission data mode of intranet host as outer net host 1.
In the information transmission system of the isomery multichannel security isolation of an embodiment, referring to FIG. 1, technical solution in front
On the basis of can be specifically the list connected between the first FPGA data processing circuit, the second FPGA data processing circuit
Number to optical fiber is equal with the port number between outer net host, the first FPGA data processing circuit and there is one-to-one close
System.The number of the one-way optical fiber connected between third FPGA data processing circuit, the 4th FPGA data processing circuit with it is interior
Port number between host's machine, third FPGA data processing circuit is equal and there are one-to-one relationships
In the information transmission system of the isomery multichannel security isolation of an embodiment, referring to FIG. 1, technical solution in front
On the basis of can be specifically that the transmission mouth of the second FPGA data processing circuit 5 passes through single channel 6 and connects the second network element 7
Receiving port, the 4th FPGA data processing circuit 9 send mouth pass through single channel connect first network unit receiving port.
In the information transmission system of the isomery multichannel security isolation of an embodiment, have on the basis of technical solution in front
Body can be alarmed as the included sound-light alarm of system or send warning message to host computer.
It is to be expounded to the information transmission system of the utility model isomery multichannel security isolation above, is used to help
Understand the utility model, but the embodiment of the utility model and is not restricted to the described embodiments, it is any without departing from this practicality
Changes, modifications, substitutions, combinations, simplifications made by under new principle should be equivalent substitute mode, be included in this practicality
Novel protection domain it is interior.
Claims (6)
1. a kind of information transmission system of isomery multichannel security isolation, including first network unit and the second network element,
It is characterized in that:The first network host unit is provided with multiple transmission mouths, and the transmission mouth of the first network host unit is right
The receiving port of one first data processing circuit should be connected, first data processing circuit is connected and incited somebody to action by a plurality of one-way optical fiber
Data are transferred to the second data processing circuit, the reception for sending mouth and connecting the second network element of second data processing circuit
Mouthful.
2. the information transmission system of isomery multichannel security isolation according to claim 1, it is characterised in that:Described second
Network element is provided with multiple transmission mouths, and the transmission mouth of second network element is correspondingly connected with connecing for third data processing circuit
It closing up, the third data processing circuit connects by a plurality of one-way optical fiber and transfers data to the 4th data processing circuit,
The receiving port for sending mouth connection first network unit of 4th data processing circuit.
3. the information transmission system of isomery multichannel security isolation according to claim 1, it is characterised in that:Described first
The number and first network host unit of the one-way optical fiber connected between data processing circuit, second data processing circuit,
Port number between first data processing circuit is equal and there are one-to-one relationships.
4. the information transmission system of isomery multichannel security isolation according to claim 2, it is characterised in that:The third
The number of the one-way optical fiber connected between data processing circuit, the 4th data processing circuit and the second network element host,
Port number between third data processing circuit is equal and there are one-to-one relationships.
5. the information transmission system of isomery multichannel security isolation according to claim 1, it is characterised in that:First data
Processing circuit and the second data processing circuit are FPGA data processing circuit.
6. the information transmission system of isomery multichannel security isolation according to claim 2, it is characterised in that:Third data
Processing circuit and the 4th data processing circuit are FPGA data processing circuit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201721123137.1U CN207926637U (en) | 2017-09-03 | 2017-09-03 | The information transmission system of isomery multichannel security isolation |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201721123137.1U CN207926637U (en) | 2017-09-03 | 2017-09-03 | The information transmission system of isomery multichannel security isolation |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN207926637U true CN207926637U (en) | 2018-09-28 |
Family
ID=63612650
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201721123137.1U Active CN207926637U (en) | 2017-09-03 | 2017-09-03 | The information transmission system of isomery multichannel security isolation |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN207926637U (en) |
-
2017
- 2017-09-03 CN CN201721123137.1U patent/CN207926637U/en active Active
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN107493292A (en) | The information transmission system and method for isomery multichannel security isolation | |
| Xin | A mixed encryption algorithm used in internet of things security transmission system | |
| CN101207628B (en) | Method and system for managing shared information | |
| CN103200185B (en) | Data safe transmission method in a kind of body area network system | |
| CN102780698A (en) | User terminal safety communication method in platform of Internet of Things | |
| CN201830272U (en) | Network encryption machine based on quantum keys | |
| CN106022080A (en) | Cipher card based on PCIe (peripheral component interface express) interface and data encryption method of cipher card | |
| CN101627395A (en) | Maidsafe.net | |
| CN103746962B (en) | GOOSE electric real-time message encryption and decryption method | |
| CN102081713B (en) | Office system for preventing data from being divulged | |
| CN103237036A (en) | Device for realizing physical partition of internal and external networks | |
| CN105207950B (en) | A kind of communication data guard method based on SDN technology | |
| CN106549502B (en) | A kind of safe distribution of electric power protecting, monitoring system | |
| CN107276753A (en) | The quantum key distribution system and method for a kind of channel multiplexing | |
| CN103209191A (en) | Method for realizing physical partition of internal and external networks | |
| CN206506555U (en) | The information transmission system of isomery multichannel security isolation | |
| CN109995528A (en) | Bidirectional identity authentication and half quantum safety direct communication method for resisting channel noise | |
| CN105959355B (en) | Secret information transmission method under P2P network based on BitTorrent agreement | |
| CN109547456A (en) | There is the network isolation system of controllable interaction capabilities based on information one-way transmission technology | |
| CN114500068B (en) | Information data exchange system based on safety isolation gatekeeper | |
| US8788817B1 (en) | Methods and apparatus for secure and reliable transmission of messages over a silent alarm channel | |
| CN102611557A (en) | Safe network coding data transmission method based on knapsack cryptosystem | |
| CN207926637U (en) | The information transmission system of isomery multichannel security isolation | |
| CN108155996B (en) | Smart home safe communication method based on family's channel | |
| Kent | Encryption-based protection for interactive user/computer communication |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant |