CN213342277U - Double physical isolation data one-way transmission system - Google Patents
Double physical isolation data one-way transmission system Download PDFInfo
- Publication number
- CN213342277U CN213342277U CN202022782230.1U CN202022782230U CN213342277U CN 213342277 U CN213342277 U CN 213342277U CN 202022782230 U CN202022782230 U CN 202022782230U CN 213342277 U CN213342277 U CN 213342277U
- Authority
- CN
- China
- Prior art keywords
- arbitration
- isolation
- data
- controller
- receiving
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000002955 isolation Methods 0.000 title claims abstract description 252
- 230000005540 biological transmission Effects 0.000 title claims abstract description 67
- 230000009977 dual effect Effects 0.000 claims abstract description 15
- 230000003287 optical effect Effects 0.000 claims description 23
- 239000000126 substance Substances 0.000 claims description 4
- 238000004891 communication Methods 0.000 description 8
- 238000005516 engineering process Methods 0.000 description 4
- 230000000903 blocking effect Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 230000002427 irreversible effect Effects 0.000 description 2
- 238000000034 method Methods 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 230000001360 synchronised effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009471 action Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 230000007847 structural defect Effects 0.000 description 1
Images
Landscapes
- Power-Operated Mechanisms For Wings (AREA)
Abstract
An embodiment of the utility model provides a data one-way transmission system is kept apart to dual physics. The system comprises: the sending terminal is used for receiving the data sent by the first network equipment and forwarding the data to the arbitration terminal; the arbitration terminal is used for receiving the data sent by the sending terminal and arbitrating the data, and after the arbitration is passed, the arbitrated data is sent to the receiving terminal; the receiving end is used for receiving the arbitrated data sent by the arbitrating end and forwarding the arbitrated data to the second network equipment; the first isolation device is used for carrying out physical isolation under the condition that the sending end does not send data to the arbitration end; the second isolation device is used for carrying out physical isolation under the condition that the arbitration end does not send data to the receiving end. The utility model discloses can realize the dual physics of intranet and extranet and keep apart, guarantee the safety of high security trade intranet information, each part automation mechanized operation need not artificial intervention, uses manpower sparingly.
Description
Technical Field
The embodiments of the present invention generally relate to the field of information transmission technology, and more particularly, to a dual physical isolation data unidirectional transmission system.
Background
The rapid development of information communication technology and internet technology changes our lives and working modes, improves our working efficiency, but also brings many security problems, such as network information leakage and viruses. These problems seriously threaten the information security of each enterprise and public institution. The traditional information security protection technology only detects and controls data transmission at a software layer and cannot meet the requirement of physical isolation between a secret-related network and an external insecure network.
The physical isolation means that the internal network cannot be directly or indirectly connected with the public network to avoid the attack of hackers from the external network on the internal network information, so that a clear security boundary is defined for the internal network, the management is convenient, the controllability is stronger, and the data communication between the two physically isolated networks is more reliable and safer by adopting a one-way transmission communication mode.
In actual work, data output between network information systems is in need, and the unidirectional optical gate has the following risks in the scene: the optical gate sending end must actively send a bottom layer synchronous frame and an upper layer heartbeat packet to become a carrier for constructing a time-type covert channel for coding and transmitting sensitive information; the risk of information leakage due to passive escape cannot trust that the inner end of the optical gate can logically identify and filter all the data packets which are transmitted in a concealed mode based on a security policy (otherwise, the one-way optical gate does not need to exist per se). These passively escaped packets may themselves be highly sensitive information; the risk of the safety bypass of the structural defect is that the inner terminal of the one-way optical gate can reach the intranet, and an attacker can possibly destroy the safety strategy of the inner terminal to cause the safety protection mechanism to be bypassed.
SUMMERY OF THE UTILITY MODEL
According to the utility model discloses an embodiment provides a data unidirectional transmission system is kept apart to dual physics.
The utility model discloses an aspect provides a data unidirectional transmission system is kept apart to dual physics. The system comprises: the device comprises a sending end, an arbitration end, a receiving end, a first isolating device and a second isolating device; wherein the content of the first and second substances,
the sending terminal is used for receiving data sent by first network equipment and forwarding the data to the arbitration terminal;
the arbitration terminal is used for receiving the data sent by the sending terminal and arbitrating the data, and after the arbitration is passed, the arbitrated data is sent to the receiving terminal;
the receiving end is used for receiving the arbitrated data sent by the arbitrating end and forwarding the arbitrated data to the second network equipment;
the first isolation device is arranged between the sending end and the arbitration end and is used for carrying out physical isolation under the condition that the sending end does not send data to the arbitration end;
the second isolation device is arranged between the arbitration end and the receiving end and is used for carrying out physical isolation under the condition that the arbitration end does not send data to the receiving end.
The above aspect and any possible implementation manner further provide an implementation manner, where data transmission is performed between the sending end and the arbitration end through a unidirectional optical channel;
and the arbitration end and the receiving end carry out data transmission through a one-way optical channel.
The above aspect and any possible implementation manner further provide an implementation manner, where the first isolation device is provided with a first isolation gate that can be opened and closed, and the first isolation gate is disposed on a unidirectional optical channel transmission path between the sending end and the arbitration end;
the first isolation device is further provided with a second isolation door capable of being opened and closed, and the second isolation door is arranged on a one-way optical channel transmission path between the sending end and the arbitration end.
The above aspect and any possible implementation manner further provide an implementation manner, where the second isolation device is provided with a third isolation gate that can be opened and closed, and the second isolation gate is disposed on the unidirectional optical channel transmission path between the arbitration end and the receiving end.
The above aspect and any possible implementation manner further provide an implementation manner, wherein the transmitting end is provided with a transmitter and a transmitting end controller,
the transmitter is used for transmitting data received from the first network equipment to the arbitration terminal and transmitting a control instruction to the transmitter terminal controller;
and the transmitting terminal controller is used for controlling the first isolation door.
The above-described aspect and any possible implementation manner further provide an implementation manner, wherein the arbitration terminal is provided with an arbitration machine and an arbitration terminal controller,
the arbitration machine is used for sending the arbitrated data to the receiving end and sending a control instruction to the arbitration end controller;
and the arbitration end controller is used for controlling the second isolation gate and the third isolation gate.
The above aspect and any possible implementation manner further provide an implementation manner, further including a sensor, connected to the arbitration end controller, for sensing a switch state of the first isolation gate and feeding back the switch state to the arbitration end controller.
The above aspects and any possible implementation manners further provide an implementation manner, further including a first isolation gate driving motor, a second isolation gate driving motor, and a third isolation gate driving motor; wherein the content of the first and second substances,
the first isolation door driving motor is connected with the transmitting end controller and drives the first isolation door; the second isolation gate driving motor is connected with the arbitration end controller and drives the second isolation gate; and the third isolation gate driving motor is connected with the arbitration end controller and drives the third isolation gate.
The foregoing aspects and any possible implementations further provide an implementation, in which the transmitter, the arbitration terminal, the receiver, the first isolation device, the second isolation device, and the sensor are all disposed in the chassis.
The utility model provides a pair of one-way transmission system of data is kept apart to dual physics, realize the dual physics of intranet and extranet through first isolating device and second isolating device and keep apart, through the transmitting end, arbitration port pair is first, two isolating device's control, and transmitter and arbitration machine, it carries out the one-way transmission of data to set up one-way light channel between arbitration machine and the receiver, realize that data can only be transmitted to the one-way safety of second network equipment by first network equipment, prevent that second network equipment from transmitting data to first network equipment, can guarantee the safety of high security trade intranet information, clear and definite safety boundary has been planned, the management of being convenient for, the controllability is stronger. The utility model discloses a data transmission system is through the logic control to sending terminal, arbitration end and receiving terminal mechanical action, and the transmission of having solved data between two networks that physics was kept apart is artifical manually operation and consuming time and power, inefficiency, the defect that needs personnel frequently to operate the reliability low, has realized the automation mechanized operation of each part, need not artificial intervention, uses manpower sparingly.
When the second isolation door is closed, the third isolation door is opened under the condition that the connection between the transmitter and the arbitrator is disconnected. When the transmitter and the arbitrator are still in a connected state, the third isolation door is prevented from being opened, so that the risk of communication among the transmitter, the arbitrator and the receiver is avoided, and the safety of data transmission is further improved. Or when the third isolating door is closed, the connection between the arbitrator and the receiver is in a disconnected state, and the second isolating door is opened, so that the risk of communication among the transmitter, the arbitrator and the receiver due to the fact that the second isolating door is opened when the arbitrator and the receiver are still in a connected state under the condition of continuous tasks is prevented, and the safety of data transmission is further improved.
It should be understood that what is described in this summary section is not intended to limit key or critical features of embodiments of the invention, nor is it intended to limit the scope of the invention. Other features of the present invention will become apparent from the following description.
Drawings
The above and other features, advantages and aspects of various embodiments of the present invention will become more apparent by referring to the following detailed description when taken in conjunction with the accompanying drawings. In the drawings, like or similar reference characters designate like or similar elements, and wherein:
fig. 1 shows a schematic connection diagram of a dual physically isolated data unidirectional transmission system according to an embodiment of the invention;
fig. 2 shows a schematic structural diagram of a dual physical isolation data unidirectional transmission system according to an embodiment of the present invention.
Wherein, the correspondence between the reference numbers and the component names in fig. 1 to 2 is:
the system comprises a chassis 100, a transmitting end 200, a transmitter 210, a transmitting end 220, an arbitration end 300, an arbitration machine 310, an arbitration end 320, a receiving end 400, a receiver 410, a first isolating device 500, a first isolating door 510, a first isolating door driving motor 511, a second isolating door 520, a second isolating door driving motor 521, a first isolating plate 530, a second isolating device 600, a third isolating door 610, a third isolating door 611, a second isolating plate 620 and a sensor 700.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. Based on the embodiments in the present invention, all other embodiments obtained by a person skilled in the art without creative work belong to the protection scope of the present invention.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship.
A dual physically-isolated data unidirectional transmission system of the present embodiment is described below with reference to fig. 1 to 2.
As shown in fig. 1 and 2, the dual physical isolation data unidirectional transmission system includes a chassis 100, a transmitting end 200, an arbitrating end 300, a receiving end 400, a first isolation device 500, a second isolation device 600, and a sensor 700.
The transmitting end 200, the arbitration end 300, the receiving end 400, the first isolating device 500, the second isolating device 600 and the sensor 700 are all arranged in the case 100, and the case 100 supports all the components, so that all the components of the system can be well protected, and meanwhile, the carrying is convenient.
The transmitting end 200 is connected to a first network device, such as an intranet, and the receiving end 400 is connected to a second network device, such as an extranet. According to the data transmission direction, the data transmitted by the first network device passes through the transmitting end 200, the arbitration end 300 and the receiving end 400 in sequence, and is finally received by the second network device. The first isolation device 500 is disposed between the sending end 200 and the arbitration end 300, and is used for physically blocking data transmission between the sending end 200 and the arbitration end 300; the second isolation apparatus 600 is disposed between the arbitration terminal 300 and the receiving terminal 400, and is used for physically blocking data transmission between the arbitration terminal 300 and the receiving terminal 400, so as to implement physical isolation between the first network device and the second network device in a normal state, and the dual physical isolation further ensures the security of data transmission, and prevents the first network device serving as a data sender from being attacked by an external network.
The sending end 200 is provided with a sender 210 and a sending end controller 220, the sender 210 is connected to a first network device, receives data sent by the first network device, and sends the data to the arbitration end 300 by the sender 210, and the sender 210 sends a control instruction to the sending end controller 220. The transmitter 210 and the transmitter controller 220 are connected by a wire, and the transmitter controller 220 controls the first isolator device 500 in accordance with a control command transmitted from the transmitter 210.
The arbitration terminal 300 is provided with an arbitration machine 310 and an arbitration terminal controller 320, when in a data transmission state, the arbitration machine 310 is communicated with the transmitter 210 to receive data transmitted by the transmitter 210, preferably, data transmission is performed between the transmitter 210 and the arbitration machine 310 through a unidirectional optical channel, and an optical signal has unidirectional transmission and irreversible characteristics, so that complete unidirectional transmission of data can be ensured. In addition, a preset security policy is built in the arbiter 310 to arbitrate data, including whether there is a security risk in arbitrating data, whether a transmission operation of the first network device has a right, whether the second network device has a receiving right, and the like. The arbitrator 310 receives the data transmitted by the transmitter 210 and performs arbitration, and after the arbitration is passed, transmits the arbitrated data to the receiver 400. The arbitrator 310 is connected to the arbitrator controller 320 by a wire, the arbitrator 310 sends a control command to the arbitrator controller 320, and the arbitrator controller 320 controls the first isolation device 500 and the second isolation device 600 according to the control command sent by the arbitrator 310.
The receiving end 400 is provided with a receiver 410, and in a data transmission state, the receiver 410 is communicated with the arbitrator 310 to receive the arbitrated data sent by the arbitrator 310, preferably, data transmission is performed between the arbitrator 310 and the receiver 410 through a unidirectional optical channel, and an optical signal has unidirectional transmission and irreversible characteristics, so that complete unidirectional transmission of data can be ensured.
The first isolation device 500 includes a first isolation gate 510 and a second isolation gate 520 that can be opened and closed for physical isolation in case that the transmitting end 200 does not transmit data to the arbitrating end 300. The first isolation gate 510 is controlled by the transmitting side director 220 and the second isolation gate 520 is controlled by the arbitrator side director 320. The first isolation device 500 is provided with a first isolation plate 530, the transmitting end 200, the arbitration end 300 and the receiving end 400 are isolated, a round hole is formed in a transmission path between the first isolation plate 530 and the arbitration machine 310, the first isolation door 510 is arranged on one side of the first isolation plate 530, which corresponds to the round hole transmitting end 200, and the second isolation door 520 is arranged on the other side of the first isolation plate 530, which corresponds to the round hole, so that when the first isolation door 510 and the second isolation door 520 are opened, the transmitting end 210 is communicated with the arbitration machine 310, and the transmitting end 210 and the arbitration machine 310 are in a data transmission state. In a normal state, the first isolation gate 510 and the second isolation gate 520 are closed, the circular holes are shielded by the first isolation gate 510 and the second isolation gate 520, and the transmitter 210 is physically isolated from the arbiter 310.
The first isolation device 500 is further provided with a first isolation gate driving motor 511 and a second isolation gate driving motor 521, wherein the first isolation gate driving motor 511 is connected with the transmitting end controller 220 to drive the first isolation gate 510; the second isolation gate driving motor 521 is connected to the arbitration terminal controller 320, and drives the second isolation gate 520. The transmitting-end controller 220 controls the first isolation gate 510 to open and close by controlling the first isolation gate driving motor 511, and the arbitration-end controller 320 controls the second isolation gate 520 to open and close by controlling the second isolation gate driving motor 521.
The second isolation device 600 includes a third isolation gate 610 that can be opened and closed for physical isolation in case the arbitration terminal 300 does not send data to the reception terminal 400. The third isolation gate 610 is controlled by the arbitration side controller 320. The second isolation device 600 is provided with a second isolation plate 620, an arbitration terminal 300 and a receiving terminal 400, a round hole is formed in a transmission path between the second isolation plate 620 and the receiver 410, the second isolation plate 620 corresponds to the round hole, a third isolation door 610 is arranged at the round hole of the second isolation plate 620, so that when the third isolation door 610 is opened, the arbitration machine 310 is communicated with the receiver 410, the arbitration machine 310 and the receiver 410 are in a data transmission state, and the arbitration terminal controller 320 controls the third isolation door 610 to be opened after the second isolation door 520 is closed. In normal state, the third isolation gate 610 is closed, the circular hole is shielded by the third isolation gate 610, and the arbiter 310 is physically isolated from the receiver 410.
The second isolation device 600 is further provided with a third isolation door driving motor 611, and the third isolation door driving motor 611 is connected with the arbitration terminal controller 320 to drive the third isolation door 610.
The sensor 700 is disposed at the other side of the first isolation plate 530 and is disposed near the first isolation door 510 to sense the open/close state of the first isolation door 510. The sensor 700 is connected to the arbitration side controller 320, and feeds back an opening signal or a closing signal of the first isolation gate 510 to the arbitration side controller 320. Therefore, the arbitration terminal 300 can sense the state of the first isolation gate 510 according to the sensor 700 and then act according to the state, so that the arbitration terminal 300 and the transmission terminal 200 are not connected with the same isolation gate but are respectively connected with the isolation gate on one side of the arbitration terminal, control is facilitated, and the safety of the system is improved.
Preferably, in this embodiment, the arbitration side controller 320 detects an opening or closing signal of the first isolation gate 510 sensed by the sensor 700, the arbitration side controller 320 returns the signal to the arbitration machine 310, the arbitration machine 310 determines whether the second isolation gate 520 should be opened or closed according to the signal and the data transmission state, and sends a door opening or closing command to the arbitration side controller 320 to control the second isolation gate 520 to be opened or closed. For example, when the transmitter 210 starts to transmit data to the arbiter 310, the arbiter 310 receives the first isolation gate 510 opening signal fed back by the sensor 700, the arbiter 310 prepares for data reception, and according to the state of the third isolation gate 610, the arbiter 310 determines whether to allow the second isolation gate 520 to be opened, and the arbiter controller 320 allows the second isolation gate 520 to be opened only when the third isolation gate 610 is in the closed state.
In this embodiment, the physical isolation between the intranet and the extranet is realized by the first isolation device 500, and the dual physical isolation is realized by the second isolation device 600, so that the security of data transmission is further improved. In a normal state, the first isolation gate 510, the second isolation gate 520, and the third isolation gate 610 are closed, the transmitter 210, the arbiter 310, and the receiver 410 are in a physical isolation state, and in a data transmission state, the first isolation gate 510, the second isolation gate 520, and the third isolation gate 610 are sequentially opened. After the data transmission is finished, the first isolation gate 510, the second isolation gate 520, and the third isolation gate 610 are closed again and are in a normal state. The data transmission is carried out by non-simultaneous communication of the unidirectional optical paths, so that the internal network and the external network of the system are in a physical isolation state at any time, and unidirectional safe transmission of data is ensured. The control of the sending-end controller 220 on the first isolation gate 510 and the control of the arbitration-end controller 320 on the second isolation gate 520 and the third isolation gate 610 realize the automatic opening and closing of the first isolation gate 510, the second isolation gate 520 and the third isolation gate 610, and save manpower.
In the dual physical isolation data unidirectional transmission system of the embodiment, a clear security boundary is defined, the management is convenient, the controllability is stronger, and the unidirectional transmission communication mode is more reliable and safer.
The data transmission system of the present embodiment has the following working procedures:
s1, after the transmitter 210 receives the data sent by the first network device, the transmitter 210 sends a first isolation gate opening instruction to the sender controller 220, and the sender controller 220 controls the first isolation gate 510 to open.
Specifically, in this embodiment, the first network device sends a data transmission application to the transmitter 210, and after the transmitter 210 receives the application and feeds back feedback information of receiving the application to the first network device, the first network device sends the data to the transmitter 210. The transmitter 210 sends a first isolation door opening instruction to the transmitting end controller 220 after receiving the data, and the transmitting end controller 220 controls the first isolation door driving motor 511 to drive the first isolation door 510 to open after receiving the control instruction.
S2, the sensor 700 detects that the first isolation gate 510 is opened, and feeds back the open state of the first isolation gate to the arbitration terminal 300, the arbiter 310 sends a second isolation gate opening instruction to the arbitration terminal controller 320, and the arbitration terminal controller 320 controls the second isolation gate 520 to be opened; the sender 210 transmits the data to the arbiter 310.
Specifically, in this embodiment, the arbitration side controller 320 detects the first isolation door opening signal sensed by the sensor 700, the arbitration side controller 320 receives the first isolation door opening signal and returns the first isolation door opening signal to the arbitration machine 310, the arbitration machine 310 prepares for data reception, and according to the state of the third isolation door 610, the arbitration machine 310 determines whether to allow the second isolation door 520 to be opened, and only when the third isolation door 610 is in the closed state, the second isolation door 520 is allowed to be opened.
Further, if the third isolation gate 610 is in the open state, the arbitration side controller 320 suspends the opening of the second isolation gate 520, and when the third isolation gate 610 is suspended to be closed, the arbitration side controller 320 controls the opening of the second isolation gate 520. When continuous tasks exist, the second isolation door 520 is prevented from being opened when the arbitrator 310 and the receiver 410 are still in a connected state, the risk of communication between an internal network and an external network is avoided, and the safety of data transmission is improved.
When the third isolation gate 610 is in a closed state, the arbiter 310 sends a second isolation gate opening command to the arbiter controller 320, the arbiter controller 320 controls the second isolation gate driving motor 521 to drive the second isolation gate 520 to open, the transmitter 210 is communicated with the arbiter 310 through a unidirectional optical channel, and at this time, data is transmitted from the transmitter 210 to the arbiter 310.
S3, after the data transmission is completed, the transmitter 210 sends a first isolation door closing instruction to the transmitter controller 220, and the transmitter controller 220 controls the first isolation door 510 to close.
Specifically, in the present embodiment, the transmitting-end controller 220 controls the first isolation gate driving motor 511 to drive the first isolation gate 510 to close.
S4, the sensor 700 detects that the first isolation door 510 is closed, and feeds back the closed state of the first isolation door to the arbitration terminal 300, the arbiter 310 sends a second isolation door closing command to the arbitration terminal controller 320, and the arbitration terminal controller 320 controls the second isolation door 520 to close.
Specifically, in this embodiment, the arbitration side controller 320 detects a first isolation door closing signal sensed by the sensor 700, the arbitration side controller 320 receives the first isolation door closing signal and returns the first isolation door closing signal to the arbitration machine 310, the arbitration machine 310 sends a second isolation door closing command to the arbitration side controller 320, and the arbitration side controller 320 controls the second isolation door driving motor 521 to drive the second isolation door 520 to close. At this time, the first isolation gate 510 and the second isolation gate 520 are closed, and the unidirectional optical channel between the transmitter 210 and the arbiter 310 is disconnected, thereby being in a physically isolated state.
S5, the arbiter 310 sends a third isolation gate open command to the arbiter controller 320, and the arbiter controller 320 controls the third isolation gate 610 to open; the arbiter 310 transmits the data to the receiver 410.
Specifically, in the present embodiment, the arbiter 310 determines whether to allow the third isolation gate 610 to be opened according to the state of the second isolation gate 520, and allows the third isolation gate 610 to be opened only when the second isolation gate 520 is in the closed state.
If the second isolation gate 520 is in the open state, the arbitrator transmit-side controller 320 suspends the opening of the third isolation gate 610, and when the second isolation gate 520 is suspended to be closed, the arbitrator transmit-side controller 320 controls the opening of the third isolation gate 610.
When the second isolation gate 520 is in a closed state, the arbiter 310 sends a third isolation gate opening command to the arbiter controller 320, and the arbiter controller 320 controls the third isolation gate driving motor 611 to drive the second isolation gate 520 to open, at this time, the arbiter 310 and the receiver 410 are communicated through the unidirectional optical channel, and data is transmitted from the arbiter 310 to the receiver 410.
Further, S5 further includes the following steps:
after receiving the data, the arbitrator 310 arbitrates the transmitted data according to a built-in preset security policy;
if the arbitration passes, the arbiter 310 sends the data to the receiving end;
if the arbitration does not pass, the arbiter 310 does not send the data, and the arbiter 310 sends the arbitration information to the receiving end. The arbitration information includes security risk of data existence, no authority for transmission operation of the first network device, no authority for reception of the second network device, and the like.
S6, after the data transmission of the arbiter 310 is completed, the arbiter 320 sends a third isolation gate closing command to the arbiter 320, and the arbiter 320 controls the third isolation gate 610 to close.
Specifically, in the present embodiment, the arbitration-side controller 320 controls the third isolation gate driving motor 611 to close the third isolation gate 610.
S7, the receiver 410 sends the received data to the second network device.
In this embodiment, the first isolation door 510 and the second isolation door 520 are disposed on the first isolation board 530, and the third isolation door 610 is disposed on the second isolation board 620, in a normal state, the first isolation door 510, the second isolation door 520, and the third isolation door 610 are closed, the transmitter 210, the arbiter 310, and the receiver 410 are in a physical isolation state, in a data transmission state, the first isolation door 510 and the second isolation door 520 are first opened synchronously, at this time, the third isolation door 610 is closed, after the data transmission of the transmitter 210 is completed, the first isolation door 510 and the second isolation door 520 are first closed synchronously, and the third isolation door 610 is then opened. After the data transmission is finished, the first isolation gate 510, the second isolation gate 520, and the third isolation gate 610 are closed again and are in a normal state. Thus, the states of the first isolation gate 510 and the second isolation gate 520 are synchronized, and are opposite to the state of the third isolation gate 610; alternatively, the first isolation gate 510, the second isolation gate 520, and the third isolation gate 610 are all normally closed.
And the control of the first isolation gate 510 by the sending-end controller 220 and the control of the second isolation gate 520 and the third isolation gate 610 by the arbitration-end controller 320 realize the automatic opening and closing of the first isolation gate 510, the second isolation gate 520 and the third isolation gate 610.
By the double physical isolation data one-way transmission method, physical isolation of the internal network and the external network is realized, and safety of internal network information of high-safety industry is guaranteed. The defects that the transmission of data between two physically isolated networks is manually operated, time and labor are consumed, the efficiency is low, the frequent operation of personnel is needed, and the reliability is low are overcome through the logic control of each part.
In the description of the present application, the description of the terms "one embodiment," "some embodiments," etc. means that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the application. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
The above description is only a preferred embodiment of the present application and is not intended to limit the present application, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, improvement and the like made within the spirit and principle of the present application shall be included in the protection scope of the present application.
Claims (9)
1. A dual physically isolated data unidirectional transmission system, comprising: the device comprises a sending end, an arbitration end, a receiving end, a first isolating device and a second isolating device; wherein the content of the first and second substances,
the sending terminal is used for receiving data sent by first network equipment and forwarding the data to the arbitration terminal;
the arbitration terminal is used for receiving the data sent by the sending terminal and arbitrating the data, and after the arbitration is passed, the arbitrated data is sent to the receiving terminal;
the receiving end is used for receiving the arbitrated data sent by the arbitrating end and forwarding the arbitrated data to second network equipment;
the first isolation device is arranged between the sending end and the arbitration end and is used for carrying out physical isolation under the condition that the sending end does not send data to the arbitration end;
the second isolation device is arranged between the arbitration end and the receiving end and is used for carrying out physical isolation under the condition that the arbitration end does not send data to the receiving end.
2. The system of claim 1,
the sending end and the arbitration end carry out data transmission through a one-way optical channel;
and the arbitration end and the receiving end carry out data transmission through a one-way optical channel.
3. The system of claim 1,
the first isolation device is provided with a first isolation door capable of being opened and closed, and the first isolation door is arranged on a one-way optical channel transmission path between the sending end and the arbitration end;
the first isolation device is further provided with a second isolation door capable of being opened and closed, and the second isolation door is arranged on a one-way optical channel transmission path between the sending end and the arbitration end.
4. The system of claim 3,
the second isolation device is provided with a third isolation door capable of being opened and closed, and the second isolation door is arranged on a one-way optical channel transmission path between the arbitration end and the receiving end.
5. The system of claim 4,
the sending end is provided with a sender and a sending end controller,
the transmitter is used for transmitting data received from the first network equipment to the arbitration terminal and transmitting a control instruction to the transmitter terminal controller;
and the transmitting terminal controller is used for controlling the first isolation door.
6. The system of claim 5,
the arbitration end is provided with an arbitration machine and an arbitration end controller,
the arbitration machine is used for sending the arbitrated data to the receiving end and sending a control instruction to the arbitration end controller;
and the arbitration end controller is used for controlling the second isolation gate and the third isolation gate.
7. The system of claim 6, further comprising:
and the sensor is connected with the arbitration end controller and used for sensing the on-off state of the first isolating door and feeding back the on-off state to the arbitration end controller.
8. The system of claim 6, further comprising:
the first isolation door driving motor, the second isolation door driving motor and the third isolation door driving motor; wherein the content of the first and second substances,
the first isolation door driving motor is connected with the transmitting end controller and drives the first isolation door; the second isolation gate driving motor is connected with the arbitration end controller and drives the second isolation gate; and the third isolation gate driving motor is connected with the arbitration end controller and drives the third isolation gate.
9. The system of claim 1, further comprising:
and the sending end, the arbitration end, the receiving end, the first isolating device, the second isolating device and the sensor are all arranged in the case.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202022782230.1U CN213342277U (en) | 2020-11-26 | 2020-11-26 | Double physical isolation data one-way transmission system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202022782230.1U CN213342277U (en) | 2020-11-26 | 2020-11-26 | Double physical isolation data one-way transmission system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN213342277U true CN213342277U (en) | 2021-06-01 |
Family
ID=76079050
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202022782230.1U Active CN213342277U (en) | 2020-11-26 | 2020-11-26 | Double physical isolation data one-way transmission system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN213342277U (en) |
-
2020
- 2020-11-26 CN CN202022782230.1U patent/CN213342277U/en active Active
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10063517B2 (en) | One way secure link | |
| US11785090B2 (en) | Linkage control system and method, storage medium, and electronic device | |
| CN112468496B (en) | Double physical isolation data one-way transmission system and method | |
| CN109617813B (en) | Enhanced intelligent process control switch port locking | |
| US9584521B2 (en) | Bi-directional communication over a one-way link | |
| EP3026863B1 (en) | Firewall with application packet classifier | |
| CN101855854A (en) | Wireless mesh network with secure automatic key loads to wireless devices | |
| CN113542240B (en) | Mechanical NOT gate physical isolation data unidirectional transmission system and method | |
| CN202424770U (en) | Safety isolator for network data | |
| US20060191004A1 (en) | Secured one-way interconnection system | |
| CN213342277U (en) | Double physical isolation data one-way transmission system | |
| WO2020089895A1 (en) | Application specific gateway device | |
| KR101972469B1 (en) | Apparatus for supporting communication between seperate networks and method for the same | |
| CN111556062A (en) | Network security isolation device with one-way import function and method | |
| CN215495024U (en) | One-way transmission system for physical isolation data of mechanical NOT gate | |
| CN101394467A (en) | Intelligent main control system for reinforcement digital video monitoring terminal system | |
| EP2865156B1 (en) | Apparatus and method for connecting computer networks | |
| CN111585653A (en) | Double-unidirectional isolation exchange method based on optical fiber communication | |
| KR101866093B1 (en) | Apparatus and method for controlling operation of Slave Controller | |
| CN105407095B (en) | Secure communication device and its communication means between heterogeneous networks | |
| EP1811731A1 (en) | Data amount monitoring control system of channels | |
| CN114006732A (en) | One-way transmission system and method for image transmission physical isolation data | |
| US8233386B2 (en) | Device that uses parameters to provide multi-channel serial data transmissions and method thereof | |
| KR20190045892A (en) | Apparatus for supporting communication between seperate networks and method for the same | |
| CN107579770A (en) | Communications network system, diverter device and its method for accessing one-way transport network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| GR01 | Patent grant | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: Room 514, 5th Floor, Building 1, No. 138 Malianwa North Road, Haidian District, Beijing, 100193 Patentee after: ZHONGTIE XINAN (BEIJING) INFORMATION SECURITY TECHNOLOGY Co.,Ltd. Country or region after: China Address before: 100193 room 708-710, building 22, Shouti South Road, Haidian District, Beijing Patentee before: ZHONGTIE XINAN (BEIJING) INFORMATION SECURITY TECHNOLOGY Co.,Ltd. Country or region before: China |
|
| CP03 | Change of name, title or address |