JP2020025173A - Data diode device - Google Patents

Abstract

To provide a data diode device with a high security level.SOLUTION: A data diode device 30 comprises: a data diode transmission part 100 to which a slave device 10 is connected; and a data diode reception part 200 to which a master device 20 is connected. The data diode device 30 is capable of transmitting data only in one direction from the data diode transmission part to the data diode reception part. The data diode transmission part is provided with a request message including a pseudo request command which has the same effect as that of a request command transmitted from the master device so as to request response data of the slave device.SELECTED DRAWING: Figure 1

Description

  The present application relates to a data diode device.

  2. Description of the Related Art There is known a data collection system for collecting information on an operation state in order to monitor and maintain an operation state of a plant. In this data collection system, an information requesting computer installed at a monitoring location and an information providing device installed inside a plant or the like are connected via a network. Then, the information requesting computer sends a message requesting information to the information providing device, and in response, the information providing device transmits data on the operating state to the information requesting computer.

  In such a data collection system, the information providing device is connected to the internal network of the plant. It is important to protect these devices from unauthorized access, information leakage, virus attack, hacking, etc. To protect the internal network by connecting a firewall to the boundary of the external network to which the information requesting computer is connected There are many. However, many systems require a higher security level, and a data diode device that physically limits communication in one direction is installed between the external network and the internal network, and only data communication to the external network is effective. (For example, see Patent Document 1).

JP-A-2017-123603

  When a data diode device that enables only data communication to the external network is installed at the boundary between the external network and the internal network, a message that requests information from the information requesting computer to the information providing device connected to the internal network Can not send. In view of this, a configuration has been proposed in which a signal line is separately formed in the information providing side device so that only allowed information can be communicated. However, since an additional signal line is formed, there is a problem that the security level cannot be sufficiently increased.

  The present application has been made to solve the above-described problem, and has as its object to obtain a data diode device having a high security level by enabling data communication in only one direction.

  The data diode device of the present application has a data diode transmitting unit to which a slave device is connected, and a data diode receiving unit to which a master device is connected, and has only one-way data from the data diode transmitting unit to the data diode receiving unit. A data diode device that enables transmission, wherein the data diode transmitting unit includes a request message including a pseudo request instruction having the same effect as a request instruction transmitted from the master device and requesting response data of the slave device. It is assumed that.

  In the data diode device of the present invention, the security level can be increased by enabling data transmission in only one direction.

FIG. 2 is a plant configuration diagram including a data diode device according to the first embodiment. FIG. 5 is a flowchart of request message transmission according to the first embodiment. FIG. 4 is a flowchart of transmitting a response message in the first embodiment. FIG. 4 is a flowchart of receiving a response message in the first embodiment. FIG. 4 is a flowchart of response message determination according to the first embodiment. FIG. 3 is a diagram showing a data structure of a request message according to the first embodiment. FIG. 4 shows a data structure of a response message according to the first embodiment. FIG. 7 is a plant configuration diagram including a data diode device according to a second embodiment. FIG. 14 is a flowchart of request message transmission in the second embodiment. FIG. 13 is a flowchart of transmitting a response message in the second embodiment. FIG. 14 is a flowchart of response message determination according to the second embodiment. FIG. 14 is a diagram showing a data structure of a request message according to the second embodiment. FIG. 13 is a diagram illustrating a data structure of a response message according to the second embodiment. FIG. 11 is a plant configuration diagram including a data diode device according to a third embodiment. FIG. 14 is a flowchart of request message transmission in the third embodiment. FIG. 17 is a diagram illustrating a data structure of a request message according to the third embodiment. FIG. 15 is a diagram illustrating a data structure of a response message according to the third embodiment. FIG. 6 is a hardware diagram of a determination unit and the like in the data diode device according to the first to third embodiments.

  In the description of the embodiments and the drawings, parts denoted by the same reference numerals indicate the same or corresponding parts.

Embodiment 1 FIG.
Embodiment 1 will be described with reference to FIGS. 1 to 7.
FIG. 1 is a configuration diagram of a plant including a data diode device according to Embodiment 1 of the present application. FIGS. 2 to 5 are flow charts of information transmission and reception in the first embodiment of the present invention. 6 and 7 show the data structures of the request message and the response message according to the first embodiment of the present invention.

<Configuration of data diode device>
The configuration of the plant and the main functions of each component will be described based on the configuration diagram of the plant according to the first embodiment of the present invention described in FIG.
The data diode device 30 includes a data diode transmitting unit 100 and a data diode receiving unit 200. The data diode receiving unit 200 is connected to a master device 20 such as an information requesting computer that requests information of the system, and the data diode transmitting unit 100 is an information providing device to which the master device 20 requests information. The slave device 10 is connected.

  In a normal plant, the master device 20 sends a message requesting information to the slave device 10, and in response thereto, data such as an operation state is sent from the slave device 10 to the master device 20. Thereby, the master device 20 obtains information of the slave device 10 and controls the plant. However, the plant of the present embodiment has the data diode device 30 to protect devices inside the plant from unauthorized access and the like, and data is limited to one-way communication from the slave device 10 to the master device 20. A message requesting information cannot be transmitted from the master device 20 to the slave device 10.

  As described above, in the present embodiment, an instruction (request instruction) for requesting information from the master device 20 cannot be directly transmitted to the slave device 10. Therefore, the data diode transmitting unit 100 includes a request message storage unit 130 that stores a message (request message) to the slave device 10 including an instruction (pseudo request instruction) having the same effect as the request instruction. Further, a timer unit 110 for giving a transmission time to the request message storage unit 130 is provided. Further, a transmission determination unit 120 for determining whether the transmission time of the request message given by the timer unit 110 is appropriate. A request message transmitting unit 140 for transmitting a message to the slave device 10 is provided. Here, the request instruction and the pseudo request instruction have the same effect from the viewpoint of requesting information to the slave device 10 and do not necessarily include the same data or the like. In addition, there may be a case where there is a difference between the request instruction and the pseudo request instruction in data other than the instruction for requesting information.

  The data diode transmitting unit 100 includes a response data receiving unit 150 that receives response data transmitted from the slave device 10 in response to the request message transmitted as described above, and notifies a time corresponding to the response data at the time of reception. It has a time management section 170 and a one-way transmission section 160 for transmitting a response message in which the reception time is added to the response data to the data diode receiving section 200.

  The data diode receiving unit 200 that receives a response message from the data diode transmitting unit 100 is provided with a one-way receiving unit 250, and a response message storage unit 260 that stores the response message. . The data diode receiving unit 200 includes a request instruction receiving unit 210 that receives a request instruction from the master device 20, a request message including a pseudo request instruction stored in the request message storage unit 130 in the data diode transmitting unit 100, A request message storage unit 230 storing the same message is provided.

  Based on the data in the response message storage unit 260 and the request message storage unit 230, the validity of the request message is determined. If the request message is determined to be valid, the current time data of the time management unit 270 is acquired, and the response message storage unit When the difference between the time added to the response message stored in 260 and the current time does not exceed the threshold, the transmission determining unit 220 that determines to transmit the response message to the master device 20 and receives the transmission request from the transmission determining unit 220 And a response message transmitting unit 240 that transmits a response message to the master device 20.

<Operation of data diode device>
Next, the operation of each component of the data diode device 30 will be described with reference to FIGS. 2 and 3 are flowcharts showing the operation of the data diode transmitting unit 100, and FIGS. 4 and 5 are flowcharts showing the operation of the data diode receiving unit 200. FIGS. 6 and 7 show the data structures of the request message and the response message.

First, the operation of the data diode transmitting unit 100 will be described with reference to FIGS.
FIG. 2 is a flowchart of the operation started by the timer unit 110 provided in the data diode transmission unit 100. First, it is determined whether an activation signal has been received from the timer unit 110 (step S200). If not, do nothing and end the flow. If it has been received, a request message including a request instruction to the slave device 10 is obtained from the request message storage unit 130 (step S210). FIG. 6 shows the data structure of a request message. The request message is composed of a pseudo request instruction 612 and a message transmission period 611.

Next, the transmission determination unit 120 automatically accumulates the number of operations N started by the timer unit 110 (step S220). The number of operations N is obtained by accumulating the number of occurrences from the previous transmission of the request message to the activation operation by the timer unit 110 this time. The product P × N of the activation interval P and the number of operations N is the request message data If it is smaller than the transmission cycle 611, it waits until the next activation (step S230). If the transmission cycle 611 exceeds P × N, it is determined that the request message is to be transmitted, the number of operations N is reset to 0 (step S240), and the request message is transmitted to the slave device 10 via the request message transmission unit 140. Is transmitted (step S250).
Thereafter, the variable of the reception completion is set to NO (step S260), the process is terminated, and a state of waiting for response data from the slave device 10 is set.

FIG. 3 is a flowchart when the data diode transmitting unit 100 receives response data from the slave device 10.
When the response data from the slave device 10 has been received, the variable of the reception completion of the response data receiving unit 150 is set to YES (step S300). When the reception has failed, the process ends because there is no received data. (Step S310). If the reception is successful, the response data receiving unit 150 acquires the response data from the slave device 10 (Step S320). The current time is acquired from the time management unit 170 (step S330), and the current time is added to the acquired response data as a response reception time (step S340).

FIG. 7 shows a data structure of a response message received by the one-way receiving unit 250 of the data diode receiving unit 200 and stored in the response message storing unit 260. The response message 712 is added with a response receiving time 711. I have. The response data receiving unit 150 creates data having the structure shown in FIG.
The response data 712 to which the response reception time 711 is added is transferred to the data diode receiving unit 200 via the one-way transmitting unit 160 (Step S350).

Next, the operation of the data diode receiving unit 200 will be described with reference to FIGS.
FIG. 4 is a flowchart showing a process when the one-way receiver 250 of the data diode receiver 200 receives the response message from the one-way transmitter 160. First, it is determined whether the reception by the one-way receiver 250 is correct or not. If the reception has failed, there is no data to be processed, and the process ends (step S400). If the reception is successful, a response message is obtained (step S410), the response message is stored in the response message storage unit 260 (step S420), and the process ends. Here, the data stored in the response message storage unit 260 has a data structure in which the response reception time 711 received by the data diode receiving unit 200 is added to the response data 712 transmitted from the slave device 10 as shown in FIG. It has become.

FIG. 5 is a flowchart showing a process when the data diode receiving unit 200 receives a request instruction from the master device 20.
With respect to the request instruction from the master device 20, it is determined whether the reception of the request instruction receiving unit 210 is successful or not. If the request instruction from the master device 20 has been successfully received, the request instruction receiving unit 210 acquires the request instruction (step S510), and then, in the transmission determining unit 220, the response transmitted separately from the slave device 10. The validity of the data is examined, and it is determined whether a response message can be transmitted to the master device 20 in response to a request instruction from the master device 20.

  First, the transmission determination unit 220 acquires the pseudo request instruction 612 from the request message storage unit 230 that stores the same message as the request message transmitted from the data diode transmission unit 100 to the slave device 10 (step S520). It is compared with the request instruction received by the request instruction receiving unit 210 to determine whether the pseudo request instruction is valid (step S530). The request instruction of the request instruction receiving unit 210 is compared with the pseudo request instruction 612 of the request message storage unit 230. If the two do not match, it is determined that the request instruction is not valid, and an error message is created (step S570). If the two match, and it is determined that the request instruction is valid, a response message is obtained from the response message storage unit 260 (step S540).

  Next, it is determined whether the acquired response data is valid, that is, whether the slave device 10 can respond to the request instruction issued by the master device 20.

First, the current time is obtained from the time management unit 270 (step S550). As shown in FIG. 7, a response reception time 711 is added to the response data, and a time difference is confirmed by comparing the two times. If the time difference exceeds a predetermined threshold, the response data is old data. Is determined to be invalid (step S560), and an error message is created (step S570). If the time difference does not reach the threshold value, it is determined that the response data is valid response to the request instruction sent by the master device 20.
Based on the above determination, a response message or an error message is transmitted to master device 20 via response message transmitting section 240 (step S580).

<Effect of data diode device>
As described above, the data diode device 30 of the present embodiment can maintain a high security level for complete one-way communication, and at the same time, discards old response data from the slave device 10 and sets the intended timing. Only response data can be obtained. Further, in the data diode device 30 of the present embodiment, no additional special device is required, so that the device cost can be reduced.

Embodiment 2 FIG.
Embodiment 2 will be described with reference to FIGS.
FIG. 8 is a configuration diagram of a plant including a data diode device according to Embodiment 2 of the present application. 9 to 11 are flow charts of information transmission / reception in the present embodiment, and FIGS. 12 and 13 show data structures of a request message and a response message in the present embodiment.

<Configuration of data diode device>
FIG. 8 shows a plant configuration diagram in the second embodiment. The basic configuration is the same as that of the first embodiment shown in FIG. 1 except that the data diode transmitting section 100 has a request ID storage section 180. The request ID is added to distinguish the request message from other request messages. When the request message including the pseudo request instruction for requesting information from the slave device 10 is transmitted, the request ID is stored in the request ID storage unit 180. I do. When the response data from the slave device 10 is received by the response data receiving unit 150, the stored request ID is read from the request ID storage unit 180 and added to the response data.

<Configuration of data diode device>
The operation of the data diode device 30 according to the present embodiment will be described with reference to FIGS. FIG. 9 is a flowchart of request message transmission, FIG. 10 is a flowchart of response data reception from the slave device 10, FIG. 11 is a flowchart of response message determination, and FIGS. 12 and 13 are data structures of a request message and a response message, respectively. Is shown. The flow chart of the response message reception is the same as that of FIG.

  FIG. 9 is a flowchart of the operation started by timer 110 provided in data diode transmitting section 100 constituting data diode apparatus 30 according to the present embodiment. First, it is determined whether or not the activation signal from the timer unit 110 has been received (step S200). If not, the flow ends without performing any operation. If it has been received, a loop process is performed on the number of times of execution instruction to the request message storage unit 130.

  The number of execution instructions I is reset to 0 (step S201), the I-th request message is obtained (step S211), and the number of operations N (I) started by the timer unit 110 is automatically accumulated (step S221). If the product P × N (I) of the start interval P and the number of operations N does not exceed the request message data transmission period 611, the process stands by until the next start (step S230). If the transmission period 611 exceeds P × N (I), it is the transmission timing of the request message, the number of operations N (I) is reset to 0 (step S241), and the slave is transmitted via the request message transmission unit 140. A request message is transmitted to the device 10 (Step S250).

  At this time, the request ID 601 added to the message to be transmitted is stored in the request ID storage unit 180 (Step S251). Thereafter, the variable of the completion of reception is reset to NO, and the process is terminated (step S260), and a state of waiting for response data from the slave device 10 is set (step S270).

  FIG. 10 is a flowchart when the data diode transmitting unit 100 receives response data from the slave device 10. This is basically the same as FIG. 3 used in the description of the first embodiment, except that handling of a request ID is added.

  When the response data from the slave device 10 is received, first, the variable of the reception completion of the response data receiving unit 150 is set to YES (step S300), and if the reception is successful (step S310), the response data is acquired. (Step S320). The current time is obtained from the time management unit 170 (step S330), and the obtained time is added to the response data (step S340). Thereafter, the request ID transmitted immediately before is acquired from the request ID storage unit 180 (step S341), and added to the response data (step S342).

  FIG. 13 is a diagram illustrating a data structure stored in the response message storage unit 260 of the data diode receiving unit 200. The response message created by the response data receiving unit 150 of the data diode transmitting unit 100 has the data structure of this data structure. It has the same structure as one. That is, the response data 712 has a structure in which the response reception time 711 and the request ID 701 are added. This response message is transferred from the one-way transmission unit 160 to the data diode reception unit 200 (step S350). The processing of the unit 100 ends.

  When the process in the data diode transmitting unit 100 is completed, the process returns to the state of waiting for the reception completion process (step S270) in FIG. 9 to restart the process, and the execution instruction count I to the request message storage unit 130 is automatically accumulated (step S280). ), Loop processing is continued (step S201). When the number I of execution instructions reaches the number of operations stored in the request message storage unit 130, the loop processing is completed (step S201), and a state of waiting for the next startup operation is set.

  The receiving process in one-way receiving unit 250 of data diode receiving unit 200 in the present embodiment is the same as the receiving process in the first embodiment (FIG. 4). That is, it is determined whether the reception by the one-way receiving unit 250 is correct or not, and if the reception has failed, the process ends (step S400). If the reception is successful, a response message is obtained (step S410), the response message is stored in the response message storage unit 260 (step S420), and the process ends.

  The data structure of the response message stored in the response message storage unit 260 (FIG. 13) is different from that of the first embodiment, and a plurality of response data 712 are stored as one. In addition to the response reception time 711, a request ID 701 is added.

  The operation when the data diode receiving unit 200 receives the request instruction from the master device 20 will be described with reference to the flowchart of FIG. The flowchart of FIG. 11 is similar to FIG. 5 of the first embodiment, and the same portions as those in the description of the operation at the time of receiving the request instruction will be briefly described using the same reference numerals.

  The request instruction from the master device 20 is determined by the request instruction receiving unit 210 shown in FIG. 8 as to success or failure of reception, and if the reception has failed, nothing is done and the processing ends (step S500). If the reception is successful, the request instruction receiving unit 210 acquires the request instruction (step S510), and searches for a corresponding pseudo request instruction stored in the request message storage unit 230 (step S510). S521). FIG. 12 shows the data structure of the request message stored in the request message storage unit 230, which is common to the first embodiment in that each message has a pseudo request instruction 612 and a transmission cycle 611. However, in this embodiment, a request ID 601 for distinguishing each request message from other request messages is further added, and a plurality of request messages are collectively stored as one. Are different.

  The received request instruction is compared with the stored group of request messages, and the one in which the pseudo request instruction 612 matches is determined to be the corresponding request message. If there is no corresponding request message (step S531), an error message is created (step S570). If it is determined that the request message is applicable, the request ID is acquired (step S532), and a response message having a request ID matching the acquired request ID is searched from the response messages stored in the response message storage unit 260 (step S532). Step S533). As described above, the response message has the data structure shown in FIG. 13, and a plurality of response messages including the request ID 701 are stored, and a response message matching the request ID is searched from these.

  If no response message matching the request ID 701 is found, an error message is created (step S570). If both request IDs 701 match and the request message is recognized as a valid request message, the response message is acquired from the response message storage unit (step S540), and the current time is acquired from the time management unit 270 (step S550). A response reception time 711 is added to the response message as shown in FIG. 13, and the two times are compared.

The time difference is confirmed by comparing the two times, and if the time difference exceeds a predetermined threshold, the response data is determined to be old data and is invalidated (step S560), and an error message is created (step S570). If the time difference does not exceed the threshold, it is determined that the response data is valid.
Based on the above determination, a response message or an error message is transmitted to master device 20 via response message transmitting section 240 (step S580).

<Effect of data diode device>
As described above, by using the data diode device 30 of the present embodiment, it is possible to maintain a high security level by complete one-way communication. At the same time, old response data received from the slave device 10 is discarded, and the master device 20 can acquire data collected for a limited period. Further, since a single data diode device 30 can handle a plurality of request messages and response messages corresponding thereto, the cost of the system can be reduced.

Embodiment 3 FIG.
Embodiment 3 will be described with reference to FIGS.
FIG. 14 is a configuration diagram of a plant including a data diode device according to Embodiment 3 of the present application, and the same parts as those in the configuration diagram of Embodiment 2 are denoted by the same reference numerals. FIG. 15 is a flowchart of request message transmission, and FIGS. 16 and 17 show data structures of the request message and the response message.

  Regarding a flow diagram other than the flow diagram of the request message transmission shown in FIG. 15, for example, a flow diagram of response data reception in the data diode transmission unit 100, a flow diagram of reception and transmission of a response message in the data diode reception unit 200, The description is omitted because it is basically the same as the second embodiment.

<Configuration of data diode device>
The configuration diagram of the present embodiment shown in FIG. 14 is different from the configuration diagram of the plant in the second embodiment (FIG. 8) in that a plurality of slave devices are installed. FIG. 14 shows an example in which the number of slave devices is three, but this is merely an example, and the same operation can be performed even if the number of connected devices further increases.

<Operation of data diode device>
In the request message transmission flow chart of FIG. 15, in order to specify the slave device 10, 11, 12 that transmits a message from the plurality of slave devices 10, 11, 12, each slave device 10, 11, 12 is identified. A step (step S242) of setting an indicated IP address is provided. Therefore, the transmitted message has a data structure with a destination IP address 602 added thereto, as shown in FIG.

Hereinafter, the operation and the like of data diode device 30 according to the present embodiment will be described focusing on differences from data diode device 30 of the second embodiment.
As shown in FIG. 15, in the request message transmission flow, the operation flow is started by the timer unit 110, the reception of the start signal is determined (steps S200 to S221), and the request message transmission timing is determined (step S230). The point that the loop processing is performed is the same as the request message transmission flow in the second embodiment.

  In the present embodiment, the destination IP address 602 for specifying the slave device that transmits the message is added to the message stored in the request message storage unit 130 (FIG. 16). If it is determined that it is the request message transmission timing (step S230), the destination IP addresses of the slave devices 10, 11, and 12 that transmit the message are set, and the slave device 10 having the IP address specified for each request message is set. , 11, and 12.

  The operation after the response data receiving unit 150 receives the response data from each of the slave devices 10, 11, and 12 is the same as that of the second embodiment, and the response message transferred to the data diode receiving unit 200 includes FIG. As shown in FIG. 13, the destination IP address is not added, and has the same data structure (FIG. 13) as described in the second embodiment.

  The operation of the data diode receiving section 200 for transferring the response message from the data diode transmitting section 100 to the one-way receiving section 250 and the operation after transmitting the request instruction from the master device 20 are the same as those in the second embodiment. That is, after transmitting the request message from the master device 20, in order to search and specify the corresponding response message, the request ID stored in the request message storage unit 230 of the data diode receiving unit and the request of the transmitted response message The IDs are compared. Therefore, after transmitting the response message to the one-way receiving unit 250, the destination IP address is not necessary to determine whether or not the response data is appropriate based on the request ID. The operation is the same as that of the second embodiment that is not used.

<Effect of data diode device>
As described above, by using the data diode device 30 described in the present embodiment, it is possible to maintain a high security level by complete one-way communication, and at the same time, the master device 20 becomes the slave device 10, 11, 12 The old response data received in is discarded, and data collected for a limited period can be obtained. In addition, one data diode device 30 can handle a plurality of request messages and a plurality of response data corresponding to the plurality of slave devices with respect to a plurality of slave devices, so that the system cost can be reduced.

FIG. 18 shows an example of hardware 801 that performs the operation of determining transmission timing, comparing response data with a request message, and the like in the embodiment of the present application.
As illustrated, the hardware 801 includes a processor 802 and a storage device 803. Although not shown, the storage device includes a volatile storage device such as a random access memory and a nonvolatile auxiliary storage device such as a flash memory. Further, an auxiliary storage device of a hard disk may be provided instead of the flash memory. The processor 802 executes a program input from the storage device 803. In this case, a program is input from the auxiliary storage device to the processor 802 via the volatile storage device. Further, the processor 802 may output data such as an operation result to the volatile storage device of the storage device 803, or may store the data in the auxiliary storage device via the volatile storage device.

Although this application describes various exemplary embodiments and examples, the various features, aspects, and functions described in one or more embodiments may be applied to the application of a particular embodiment. The present invention is not limited thereto, and can be applied to the embodiment alone or in various combinations.
Accordingly, innumerable modifications not illustrated are contemplated within the scope of the technology disclosed herein. For example, a case where at least one component is deformed, added or omitted, and a case where at least one component is extracted and combined with a component of another embodiment are included.

10, 11, 12 slave device, 20 master device, 30 data diode device, 100 data diode transmission unit, 110 timer unit, 120 transmission determination unit, 130 request message storage unit, 140 request message transmission unit, 150 response data reception unit, 160 one-way transmission unit, 170 time management unit, 180 request ID storage unit, 200 data diode reception unit, 210 request instruction reception unit, 220 transmission determination unit, 230 request message storage unit, 240 response message transmission unit, 250 one-way reception Section, 260 response message storage section, 270 time management section, 601 request ID, 602 destination IP address, 611 transmission cycle, 612 pseudo request instruction, 701 request ID, 711 response reception time, 712 response data, 801 hardware, 802 Processor, 803 storage device.

Claims (4)

A data diode transmitting unit to which a slave device is connected,
A data diode receiving unit to which the master device is connected,
A data diode device that enables data transmission in only one direction from the data diode transmission unit to the data diode reception unit,
The data diode transmission unit, comprising: a request message including a pseudo request instruction transmitted from the master device and having the same effect as a request instruction requesting response data of the slave device. A time at which the response data is received by the data diode transmitting unit,
Determine the time difference from the time of the validity determination of the response data in the data diode receiving unit,
If the time difference is equal to or greater than a reference, the response data is determined to be invalid,
The data diode device according to claim 1, wherein the response data is determined to be effective for controlling the slave device when the time difference is less than a reference. A request ID corresponding to the request message added to the response data transmitted from the slave device in response to the request message including the pseudo request instruction,
Compare a plurality of the request ID corresponding to the request message stored in the data diode receiving unit,
The data diode device according to claim 1, wherein whether the response data is appropriate or not is determined. The data diode device, wherein a plurality of the slave devices are connected to the data diode transmission unit,
4. The request message according to claim 1, wherein the request message has a destination IP address corresponding to each of the slave devices, and is transmitted to the slave device corresponding to the destination IP address. 3. The data diode device according to claim 1.

Images