KR20180028742A - 2-way communication apparatus capable of changing communication mode and method thereof - Google Patents

Abstract

A bidirectional communication apparatus capable of changing a mode, and a method thereof are disclosed. According to the present invention, the bidirectional communication apparatus capable of changing a mode comprises: an internal network module for transferring data received from one or more internal network apparatuses to an external network apparatus; an external network module for receiving the data from the internal network module, and transmitting the data received from the one or more external network apparatuses to the internal network module; and a communication mode control module for relaying the data that the external network module transmits to the internal network module, setting any one mode of either a unidirectional mode or a bidirectional mode, and transmitting the data received from the external network module to the internal network module when the bidirectional mode is set.

Description

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates to a two-way communication apparatus and method,

BACKGROUND OF THE INVENTION 1. Field of the Invention The present invention relates generally to a bi-directional communication technology capable of changing modes, and more particularly to a bidirectional communication technology in which a communication mode is changed to a unidirectional mode or a bidirectional mode according to predetermined conditions, .

A firewall is a device located between an external network and an internal network, and is used to block intrusion from the external network to the internal network. However, the conventional firewall may fail to block the access from the external attacker due to the security policy error or the administrator error. In addition, the cyber attack may expose the administrator privileges of the firewall and may prevent access by an external attacker.

Basically, in order to block external attacks, it is necessary to separate the network from the external network physically. However, there is a need to transmit log information corresponding to the internal network. For this purpose, a physical unidirectional data transmission technique capable of blocking external attacks has been developed.

A physical unidirectional data transmission system according to the prior art consists of a transmission system and a reception system. The transmission system is connected to the internal network, and the receiving system is connected to the external network. The physical unidirectional data transmission system allows only the physical circuit from the transmission system to the reception system, and the physical circuit from the reception system to the transmission system is not connected.

The transmission system receives data transmitted from one or more internal network devices to one or more external network devices in the middle, and transmits the received data to the receiving system. The receiving system then transmits the received data to the external network device. Thus, by using a physical unidirectional line between the transmission system and the reception system, a cyber attack from the external network to the internal network can be fundamentally blocked.

However, the conventional unidirectional data transmission technique has the following limitations. When the internal network device transmits data to the external network device using TCP, the internal network device can not directly receive the TCP ACK transmitted by the external network device. Therefore, the intermediate transmission / reception system must perform the role of receiving the TCP ACK. That is, a proxy system must be implemented.

However, when implementing a proxy system, the existing end-to-end TCP connection is divided into a TCP connection between the internal network device and the transmission system, a TCP connection between the reception system and the external network device, and a UDP connection between the transmission system and the reception system. That is, end-to-end TCP semantics are not maintained. Since the TCP semantics are not maintained, the end-to-end TCP layer encryption can not be applied and the reliability of the data received by the external network device can not be guaranteed. Also, there is a problem of data loss between the transmission system and the reception system.

Likewise, in the case of an application program implemented for bi-directional communication, the intermediate transmission system and the reception system must perform a proxy function. That is, the complexity of implementation of the transmission system and the reception system is increased.

For example, in order for a unidirectional data transmission system to be applied to a specific environment (eg, nuclear power, electric power, hydropower, thermal power, etc.), all application programs used for manganese data transmission in the environment are analyzed, System and the receiving system. The limitations of this unidirectional data transmission technology may be a factor that reduces applicability to existing systems.

Therefore, it is possible to solve the problem of connection from a device of an external network to a firewall, a problem of setting change when an administrator privilege is exposed to the outside, and the like, which can occur in a conventional firewall and improve the application and usability of a unidirectional device. It is necessary to develop a technique for a communication device.

Korean Patent Laid-Open No. 10-2006-0021565, published on Mar. 08, 2006 (name: a method for bidirectionally transmitting / receiving data during an allocated time, and a wireless device using the method)

An object of the present invention is to provide a communication device capable of changing unidirectional and bidirectional communication modes by utilizing two unidirectional communication between an internal network and an external network.

It is another object of the present invention to provide a firewall capable of blocking an access from an external network to an internal network module through a network without a separate setting, unlike an existing firewall that requires a separate setting.

It is also an object of the present invention to change a communication mode to a unidirectional mode and a bidirectional mode based on user authentication so that bi-directional communication or unidirectional communication can be performed as needed.

It is also an object of the present invention to change the communication mode into a unidirectional mode and a bidirectional mode based on whether or not an abnormal situation occurs, thereby enabling bi-directional communication or unidirectional communication to be performed as needed.

It is another object of the present invention to make it impossible to determine whether the current communication mode is a unidirectional mode or a bidirectional mode in the external network module, thereby reducing the threat of external exposure of the internal network module and the internal network device.

According to another aspect of the present invention, there is provided a bi-directional communication device capable of changing modes, including an internal network module for transmitting data received from at least one internal network device to an external network device, An external network module that transmits data received from the external network device to the internal network module, and a data relaying module that relays data transmitted from the external network module to the internal network module, and transmits the unidirectional mode and the bidirectional mode And a communication mode control module for transmitting data received from the external network module to the internal network module when the bidirectional mode is set.

The internal network module includes a first transceiver for communicating with the internal network through an internal network, a first transmitter for transmitting data received from the internal network to the external network module, And a first receiver for receiving data from the external network module through the communication mode control module, if it is set.

Here, the communication mode control module may include: a relay receiver for receiving data from a transmitter of the external network module; a relay transmitter for transmitting the data received by the relay receiver to the first receiver of the internal network module; And a communication mode setting unit for setting whether to operate the at least one of the receiver and the relay transmitter so as to set the communication mode.

At this time, the internal network module can identify the established communication mode based on operation state information of the relay transmitter.

At this time, the communication mode setting unit may set the communication mode based on at least one of link link time, authentication result, and occurrence of an abnormal situation.

The communication mode setting unit may set the relay transmitter to the active state and set the communication mode to the bidirectional mode when the current time corresponds to the predetermined link connection time.

At this time, the communication mode setting unit may perform authentication of at least one of ID / password based authentication, certificate based authentication, and authentication using an authentication server, and may set the communication mode to the bidirectional mode when the authentication is successful.

At this time, when the emergency stop signal is received from the user or unscheduled traffic exceeding the threshold value of the traffic monitoring result is identified, the communication mode setting unit determines that the abnormal situation occurs and sets the communication mode to the unidirectional mode have.

At this time, the internal network module may perform filtering based on at least one of a unidirectional white list and a bidirectional white list, and may transmit only allowed data to either the external network module or the internal network device.

Here, the external network module may include a second transceiver for communicating with the external network device through an external network, a second transmitter for transmitting data to the first receiver of the internal network module through the communication mode control module, And a second receiver for receiving data from the first transmitter of the internal network module, wherein the data transmitted by the second transmitter to the first receiver is transmitted only when the bidirectional mode is set, Lt; RTI ID = 0.0 > 1 < / RTI >

At this time, the internal network module can transmit the electric state information to the communication mode control module through the line in one direction.

At this time, the communication mode control module may set the communication mode to the unidirectional mode when the electrical state information received from the internal network module is in the off state.

Further, a two-way communication method performed by a two-way communication device capable of changing modes according to an embodiment of the present invention includes the steps of setting a communication mode of either a unidirectional mode or a bidirectional mode to correspond to a predetermined condition, Capturing data from at least one of a receiver and a transceiver of the external network module, determining whether the captured data is transmitted to an external network module or received from the external network module, Performing filtering on the basis of the white list corresponding to the communication mode and transmitting the filtered data to an external network corresponding to the external network module and an internal network corresponding to the internal network module, And transmitting to any one of the devices.

At this time, the setting of the communication mode may include a relay transmitter for transmitting data received from the external network module to the internal network module, and a relay receiver for transmitting data received from the internal network module to the external network module The communication mode can be set by setting any one of them.

In this case, when the communication mode is set to the bidirectional mode, the relay transmitter sets the relay transmitter to an active state, captures data received by the relay receiver from the external network module, And transmitting the data to a receiver of the internal network module.

In this case, the step of setting the communication mode may set the communication mode based on at least one of a link connection time, an authentication result, and an occurrence of an abnormal situation.

In this case, the step of setting the communication mode may set the relay transmitter to the active state and set the communication mode to the bidirectional mode when the current time corresponds to the predetermined link connection time.

At this time, the step of setting the communication mode may include performing authentication of at least one of ID / password based authentication, certificate based authentication, and authentication using an authentication server, and when the authentication is successful, And setting the communication mode to the unidirectional mode if the authentication fails.

In this case, when the authentication is successful, the step of setting the communication mode to the bi-directional mode may set the communication mode to the bi-directional mode temporarily, based on the allowed time corresponding to the user who has succeeded in the authentication.

The step of setting the communication mode may include the steps of receiving an emergency stop signal from a user or determining that the abnormal situation occurs when unscheduled traffic exceeding a threshold value of the traffic monitoring result is identified, And setting the communication mode to the unidirectional mode if it is determined that the communication mode is the unidirectional mode.

The filtering based on the whitelist may perform filtering based on the whitelist corresponding to the communication mode identified based on whether the relay transmitter operates.

In this case, the data captured from the receiver of the internal network module may be data captured from the data transmitted from the external network module to the internal network module, with the communication mode being set to the bidirectional mode.

In this case, the internal network module may transmit unidirectional electrical status information to the communication mode control module through the line.

In this case, the communication mode control module may further include setting the communication mode to the unidirectional mode when the electrical status information received from the internal network module is in an off state.

According to the present invention, it is possible to provide a communication device capable of changing unidirectional and bidirectional communication modes by utilizing two unidirectional communication between an internal network and an external network.

Also, according to the present invention, unlike an existing firewall that requires a separate setting, access from the external network to the internal network module through the network can be intrinsically blocked without any additional setting.

Further, according to the present invention, by changing the communication mode into the unidirectional mode and the bidirectional mode based on the user authentication, bidirectional communication or unidirectional communication can be performed as needed.

Further, according to the present invention, the communication mode is changed to the unidirectional mode and the bidirectional mode based on whether or not an abnormal situation occurs, so that bidirectional communication or unidirectional communication can be performed as needed.

In addition, according to the present invention, it is possible to reduce the external exposure threat of the internal network module and the internal network device by making it impossible to determine whether the current communication mode is the unidirectional mode or the bidirectional mode.

1 is a diagram schematically illustrating an environment to which a bidirectional communication device capable of mode change according to an embodiment of the present invention is applied.
FIG. 2 is a block diagram illustrating a configuration of a bidirectional communication apparatus capable of mode change according to an embodiment of the present invention.
3 is a flowchart illustrating a bidirectional communication method capable of mode change according to an embodiment of the present invention.
4 is a flowchart illustrating an operation of a first transceiver of a bidirectional communication apparatus capable of mode change in a unidirectional mode according to an embodiment of the present invention.
5 is a flowchart illustrating an operation of a first transceiver of a bidirectional communication apparatus capable of mode change in a bidirectional mode according to an embodiment of the present invention.
FIG. 6 is a view for explaining a data flow of a bidirectional communication apparatus capable of mode change according to an embodiment of the present invention.
7 is a table showing an IP list of an internal network module utilizing apparatus according to an embodiment of the present invention.
8 is a table showing an IP list of unidirectional mode proxy ARP target apparatuses of an internal network according to an embodiment of the present invention.
9 is a table showing a bidirectional mode proxy ARP target apparatus IP list of the internal network according to an embodiment of the present invention.
10 is a table showing a unidirectional mode white list according to an embodiment of the present invention.
11 is a table showing a bi-directional mode whitelist according to an embodiment of the present invention.
12 is a table showing an IP list of an external network module utilizing apparatus according to an embodiment of the present invention.
13 is a table showing an IP list of a proxy ARP target apparatus of an external network according to an embodiment of the present invention.
14 is a table for explaining link connection time management according to an embodiment of the present invention.
15 is a table for explaining permission time management for each user according to an embodiment of the present invention.
16 is a diagram for explaining a process of setting a communication mode based on a result of authentication according to an embodiment of the present invention.
17 is a block diagram illustrating a computer system in accordance with an embodiment of the present invention.

The present invention will now be described in detail with reference to the accompanying drawings. Hereinafter, a repeated description, a known function that may obscure the gist of the present invention, and a detailed description of the configuration will be omitted. Embodiments of the present invention are provided to more fully describe the present invention to those skilled in the art. Accordingly, the shapes and sizes of the elements in the drawings and the like can be exaggerated for clarity.

Hereinafter, preferred embodiments according to the present invention will be described in detail with reference to the accompanying drawings.

1 is a diagram schematically illustrating an environment to which a bidirectional communication device capable of mode change according to an embodiment of the present invention is applied.

As shown in FIG. 1, the bidirectional communication apparatus 200 capable of changing modes supports data communication between the physically separated internal network 100 and the external network 300. Here, the internal network 100 is connected to one or more internal network devices 150, and the external network 300 is connected to one or more external network devices 350.

The external network devices 350 are connected to the external network 300 through a file transfer protocol (FTP), Telnet, SSH (Secure Shell), HTTP (HyperText Transfer Protocol), or the like corresponding to the internal network 100 I can not.

The bidirectional communication device 200 capable of changing the mode includes an internal network module connected to the internal network 100, an external network module connected to the external network 300, and a communication module for relaying data transmitted from the external network module to the internal network module Mode control module.

The internal network module of the bidirectional communication device 200 capable of changing modes receives data from one or more internal network devices 150 via the internal network 100 and transmits the received data to the external network module. At this time, the internal network module performs filtering based on the white list corresponding to the current communication mode, and then transmits only the allowed data to the external network module.

Also, the internal network module receives data from the external network module through the communication mode control module. At this time, the communication control mode can be set to either the bidirectional mode or the unidirectional mode by setting whether or not at least one of the relay receiver and the relay transmitter is operated. And the internal network module can receive data from the external network module through the communication mode control module only when the internal network module is set to the bidirectional mode.

Next, the communication mode control module may set the communication mode based on at least one of link link time, authentication result, and occurrence of an abnormal situation. Only when the communication mode is set to the bidirectional mode, data received from the external network module can be transmitted to the internal network module using the relay transmitter.

If it is determined that the communication mode control module meets the conditions of bidirectional communication, the relay transmitter can be set to the active state for a predetermined period of time. Further, the communication mode control module can determine whether or not predetermined conditions are satisfied only in a specific time zone, and can support bidirectional communication only when a predetermined condition is satisfied in a specific time period.

The external network module receives data from the internal network module and transfers the received data to the external network 300. The external network module may receive data from one or more external network devices 350 through the external network 300 and may transmit data received from the external network 300 to the internal network module through the communication mode control module have.

At this time, the external network module can not determine whether the current communication mode is the bidirectional mode or the unidirectional mode, and the internal network module can receive data from the external network through the communication mode control module only when the internal network module is set to the bidirectional mode.

As described above, the bidirectional communication device 200 capable of changing modes according to an embodiment of the present invention includes a communication mode for physically dividing a communication device into an internal network module and an external network module, and relaying the internal network module and the external network module By setting the communication mode using the control module, the security can be improved as compared with the conventional two-way communication device.

For convenience of explanation, it has been described that the relay transmitter is set to the active state and set to the bidirectional communication mode only when the communication mode control module satisfies the preset condition. However, the present invention is not limited to this, And setting the unidirectional mode by setting at least one of the relay receivers to the inactive state.

FIG. 2 is a block diagram illustrating a configuration of a bidirectional communication apparatus capable of mode change according to an embodiment of the present invention.

2, the bidirectional communication device 200 capable of changing modes includes an internal network module 210, a communication mode control module 220, and an external network module 230. At this time, the internal network module 210 may perform at least one of a management function for managing various lists, a transmission / reception data filtering function, a data capture function, a communication mode recognition function, and a data transfer function. The external network module 230 may perform at least one of a management function, a data capture function, and a data transfer function.

Here, the management function of the internal network module 210 manages the internal network module utilization device IP list and the proxy ARP target device IP list, and can manage the unidirectional mode whitelist, the bidirectional mode whitelist, and the TCP session.

The internal network module 210 and the communication mode control module 220 are connected through a physical interface of any one of RJ-45 (UTP), RS-232, fiber optic, UTP, STP, Coax, 10baseT, and 802.11 PHY And the internal network module 210 and the external network module 230 are connected through a physical interface of any one of RJ-45 (UTP), RS-232, fiber optic, UTP, STP, Coax, 10baseT and 802.11 PHY .

The communication mode control module 220 and the external network module 230 may be connected through a physical interface of any one of RJ-45 (UTP), RS-232, fiber optic, UTP, STP, Coax, 10baseT, have.

The unidirectional data transmission to the external network module 230 is possible and the external network module 230 can transmit the unidirectional data to the internal network module 210 through the communication mode control module 220 . At this time, the communication mode control module 220 can set the communication mode by setting the operation state of at least one of the relay transmitter and the relay receiver so as to correspond to the predetermined condition. The communication mode control module 220 transmits data received from the external network module 230 to the internal network module 210 only when the communication mode is set to the bidirectional mode.

In addition, the internal network module 210 may transmit electrical status information to the communication mode control module 220 via the line. At this time, the electrical status information means either On or Off, and the internal network module 210 can transmit the electronic status information in a unidirectional manner.

That is, the internal network module 210 can only transmit on / off status, which is electrical status information, to the communication mode control module 220 through the line, and the communication mode control module 220 can transmit the on / The module 210 can only receive the on / off status, which is electrical status information.

In particular, when the internal network module 210 detects an abnormality that the communication mode control module 220 has failed to identify in the TCP packet or the UDP packet, the communication mode control module 220 is deactivated via the GPIO line, A command for forcibly terminating the mode may be transmitted to the communication mode control module 220. At this time, the internal network module 210 may transmit the off state electrical state information to the communication mode control module 220, thereby forcibly terminating the bidirectional mode.

When the electrical state information received from the internal network module 210 is in the off state, the communication mode control module 220 sets the communication mode to the unidirectional mode. That is, when it is determined that the electrical state information is in the off state, the communication mode control module 220 sets the operation state of at least one of the relay transmitter and the relay receiver of the communication mode control module 220 to the inactive state, Mode, and the communication mode can be set to the unidirectional mode.

Hereinafter, the configuration of the internal network module 210, the communication mode control module 220, and the external network module 230 will be described in more detail.

The internal network module 210 includes a first transceiver 211, a first transmitter 213, and a first receiver 215. The communication mode control module 220 includes a relay receiver 221, a relay transmitter 223 and a communication mode setting unit 225. The external network module 230 includes a second transceiver 231, a second transmitter 233 and a second receiver 235.

The first receiver 215, the relay receiver 221 and the second receiver 235 are connected to the receiving interface 215. The first receiver 215, the relay receiver 221, .

The first transceiver 211 and the second transceiver 231 support a transmitting function and a receiving function. The first transmitter 213, the relay transmitter 223 and the second transmitter 233 support only the transmission function and are not receivable. The first receiver 215, the relay receiver 221 and the second receiver 235 ) Supports only the reception function, and transmission is impossible.

The first transceiver 211 of the internal network module 210 is connected to the internal network and the first transmitter 213 is connected to the second receiver 235 of the external network module 230, 215 are connected to the relay transmitter 223 of the communication mode control module 220.

The first transceiver 211 of the internal network module 210 communicates with one or more internal network devices via the internal network. The first transmitter 213 transmits the data received from the internal network device to the external network module 230. At this time, the first transmitter 213 may transmit data to the second receiver 235 of the external network module 230.

The first transceiver 211 may be assigned an IP address, and the internal network module 210 may transmit communication mode information and log information about an abnormal situation to the user. At this time, the abnormal situation may include a situation where a packet that violates the whitelist is received in the bidirectional mode. The internal network module 210, the communication mode control module 220, and the external network module 230 may be connected to the IP network 200 through an IP It may also operate through a console connection without assigning addresses.

In addition, the first receiver 215 receives data from the relay transmitter 223 of the communication mode control module 220. The data transmitted from the relay transmitter 223 to the first receiver 215 may be data received from the second transmitter 233 of the external network module 230 by the communication mode control module 220 .

The first receiver 215 can receive data from the external network module via the relay transmitter 223 only when the communication mode is set to the bi-directional mode. Here, the communication mode is set by the communication mode control module 220, and the communication mode control module 220 can set the communication mode based on at least one of the link connection time, the authentication result, and the occurrence of an abnormal situation .

Next, the relay receiver 221 of the communication mode control module 220 receives data from the second transmitter 233 of the external network module 230. Here, the data received by the relay receiver 221 may mean data that the external network module 230 desires to transmit to the internal network module 210.

The relay transmitter 223 transmits the data received by the relay receiver 221 to the first receiver 215 of the internal network module 210. At this time, the relay transmitter 223 can transmit data to the first receiver 215 only when the communication mode is set to the bidirectional communication mode.

The communication mode setting unit 225 sets either the unidirectional mode or the bidirectional mode to the communication mode. At this time, the communication mode setting unit 225 sets the operation state of at least one of the relay receiver 221 and the relay transmitter 223 to the inactive state when the unidirectional mode is set, 221 and the relay transmitter 223 to the active state.

The relay receiver 221 and the relay transmitter 223 can relay the data of the external network module 230 to the internal network module 210 only when the communication mode setting unit 225 is set to the bidirectional mode.

The external network module 230 includes a second transceiver 231 for communicating with one or more external network devices via an external network and a second transceiver 231 for transmitting data to a relay receiver 221 of the communication mode control module 220. [ 2 transmitter 233 and a second receiver 235 for receiving data from the first transmitter 213 of the internal network module 210. [

The data transmitted from the second transmitter 233 to the relay receiver 221 is data for transmission to the first receiver 215 of the internal network module 210. The data transmitted from the second transmitter 233 The data may be delivered to the internal network module 210 only when the communication mode is set to the bi-directional mode. The external network module 230 can not determine whether the first receiver 215 of the internal network module 210 is operating and transmits the data to the relay receiver 221 of the communication mode setting module 220 regardless of the communication mode. .

The external network module 230 can manage the external network module utilization device IP list and the proxy ARP target device IP list.

Hereinafter, a bidirectional communication method capable of changing a mode of a bidirectional communication apparatus capable of mode change according to an embodiment of the present invention will be described in detail with reference to FIG.

3 is a flowchart illustrating a bidirectional communication method capable of mode change according to an embodiment of the present invention.

The bidirectional communication method capable of changing modes of FIG. 3 to be described later is performed by the bidirectional communication device 200 capable of changing modes, and in particular, can be performed by an internal network module of the bidirectional communication device 200 capable of changing modes.

First, the bidirectional communication apparatus 200 capable of mode change captures data received from the first transceiver of the internal network module (S310).

The data captured by the first transceiver of the internal network module means data received from the internal network device through the internal network. At this time, when the destination IP address or the source IP address corresponds to the IP address of the internal network module, the bidirectional communication device 200 capable of changing the mode may exclude the corresponding data from the capture target.

Then, the bidirectional communication apparatus 200 capable of changing the mode determines whether the current communication mode is the unidirectional mode or the bidirectional mode (S320).

The communication mode may be one of a unidirectional mode and a bidirectional mode. Here, the unidirectional mode means a mode in which the bidirectional communication device 200 capable of changing modes can transmit data received from the internal network to the external network but can not receive data from the external network. On the other hand, when the bi-directional mode is set, data received from the internal network can be transmitted to the external network, and data received from the external network can be transmitted to the internal network.

The internal network module of the bidirectional communication device 200 capable of changing modes can recognize the current communication mode based on the operation state of at least one of the relay transmitter and the relay receiver of the communication mode control module. When at least one of the relay transmitter and the relay receiver is set to the inactive state, the internal network module recognizes that it is a unidirectional mode. On the other hand, when the operating states of the relay transmitter and the relay receiver are all set to the active state, the internal network module can recognize that the current communication mode is set to the bidirectional mode.

When the communication mode is set to the unidirectional mode, the bidirectional communication device 200 capable of changing the mode operates in the unidirectional mode (S330) and operates in the bidirectional mode when the communication mode is set in the bidirectional mode (S340).

The operation of the bidirectional communication device 200 capable of changing modes in the unidirectional mode in step S330 will be described in detail with reference to FIG. In operation S340, the bidirectional communication device 200 operates in the bidirectional mode. The bidirectional mode proxy ARP target device IP list, the unidirectional mode whitelist, and the unidirectional mode TCP session management are managed instead of the bidirectional mode proxy ARP target device IP list , A bi-directional mode whitelist, and a bi-directional mode TCP session management.

For convenience of description, the unidirectional mode TCP session management and the bidirectional mode TCP session management are separately described. However, the unidirectional mode TCP session management and the bidirectional mode TCP session management can be substantially the same as the normal TCP session management.

Hereinafter, the process of capturing, processing, and transmitting data by the bidirectional communication device capable of changing modes through FIG. 4 and FIG. 5 will be described in detail.

4 is a flowchart illustrating an operation of a first transceiver of a bidirectional communication apparatus capable of mode change in a unidirectional mode according to an embodiment of the present invention.

First, the bidirectional communication device 200 capable of mode change captures data of the first transceiver (S410). And identifies which packet the captured data is (S420).

In step S410, the bidirectional communication apparatus 200 capable of changing modes can capture data received by the first transceiver of the internal network module through the internal network.

When the captured data is an ARP packet, the bidirectional communication apparatus 200 capable of changing the mode performs step S430, which will be described later, and performs step S450, which will be described later, when the captured data is an IP packet. On the other hand, if the captured packet is not an ARP packet or an IP packet, the bidirectional communication apparatus 200 capable of mode change can perform the step S410 again or end the bidirectional communication process in which mode change is possible.

When the captured data is an ARP packet, the bidirectional communication apparatus 200 capable of mode change generates an ARP response packet (S430). The bidirectional communication apparatus 200 capable of changing the mode transmits the generated ARP response packet to the first transceiver (S440).

At this time, the bidirectional communication apparatus 200 capable of changing modes can generate an ARP response packet based on a unidirectional mode proxy ARP target device IP list of the internal network of FIG. 8 to be described later.

On the other hand, if the captured data is an IP packet, the bidirectional communication device 200 capable of mode change determines whether the captured data corresponds to the external network module (S450).

If the captured data is data transmitted from the internal network to the external network, the bidirectional communication apparatus 200 capable of changing modes performs filtering based on the whitelist (S460).

At this time, the bidirectional communication apparatus 200 capable of changing the mode performs filtering based on the white list corresponding to the currently set communication mode, and performs filtering based on the unidirectional mode white list of FIG. .

The bidirectional communication device 200 capable of changing modes can perform white list-based filtering before transmitting data received from an internal network device to an external network, thereby allowing only permitted data to be transmitted to the external network. In the case of unauthorized data, the bidirectional communication device 200 capable of changing the mode can generate a log of warning or notification information and provide it to the user.

When the captured data corresponds to the unidirectional mode whitelist, the bidirectional communication device 200 capable of mode change determines whether the captured data corresponds to which one of the TCP packet and the UDP packet (S470).

When the captured data corresponds to the UDP packet, the bidirectional communication apparatus 200 capable of mode change can transmit the UDP packet to the first transmitter through step S490 described later.

On the other hand, if the captured data corresponds to a TCP packet, the bidirectional communication device 200 capable of mode change manages a unidirectional mode TCP session (S480).

The bidirectional communication device 200 capable of changing the mode manages the time from when the TCP session is created to when the TCP session is ended when the internal network device transmits the TCP data to the external network device using the TCP proxy function.

A TCP session is created when a TCP SYN packet in the whitelist is received from an internal network device. When a TCP end packet is received during the TCP session termination, the TCP session is terminated normally. The bidirectional communication device 200 capable of changing the mode can manage the time from when the TCP session is created to when the internal network device transmits the TCP data to the external network device.

In the unidirectional mode TCP session management, the bidirectional communication device 200 capable of changing the mode can manage the remaining allowed time of the session, and the initial value of the remaining allowed time may be the allowed time of the unidirectional mode whitelist have. If the remaining time allowed before the end of the TCP session becomes 0, the bidirectional communication device 200 capable of changing the mode can terminate the corresponding TCP session.

Finally, the mode changeable bidirectional communication device 200 transmits the captured data to the first transmitter (S490). At this time, data transmitted to the first transmitter is data transmitted from the internal network to the external network, and may be a UDP packet or a TCP packet.

For convenience of explanation, although the case where the captured data is not TCP / IP data is not shown in FIG. 4, the bidirectional communication device 200 capable of changing modes captures a UDP packet when the captured data is not TCP / It is possible to carry out substantially the same process as that performed when

A method of operating the first transceiver of the bidirectional communication device 200 capable of changing modes when the communication mode is set to the unidirectional mode has been described with reference to FIG. When the communication mode is set to the bi-directional mode, the first transceiver of the bidirectional communication device 200 capable of changing modes can perform substantially the same process as that of FIG. 4 to transmit the data captured by the first transceiver to the first transmitter.

At this time, the bidirectional communication apparatus 200 capable of changing modes generates an ARP response packet based on the bidirectional mode proxy ARP target device IP list of the internal network in step S430, and performs filtering based on the bidirectional mode white list in step S460 And may manage the bi-directional mode TCP session in step S480.

5 is a flowchart illustrating an operation of a first transceiver of a bidirectional communication apparatus capable of mode change in a bidirectional mode according to an embodiment of the present invention.

First, the bidirectional communication device 200 capable of changing modes captures data of the first receiver (S510).

In this case, the captured data means data received by the first receiver of the internal network module, and may mean data received by the first receiver from the relay transmitter of the communication mode control module.

The bidirectional communication device 200 capable of changing modes determines whether the captured data is an IP packet corresponding to the external network module (S520).

The bidirectional communication apparatus 200 capable of changing the mode determines whether the captured data is an IP packet received from the external network module. If the captured data is not an IP packet corresponding to the external network module, the bidirectional communication device 200 capable of mode change can perform step S510 again or end the bidirectional communication process capable of mode change.

On the other hand, if the captured data is an IP packet corresponding to the external network module, the bidirectional communication device 200 capable of mode change determines whether the captured data exists in the bi-directional mode whitelist (S530).

The bidirectional communication device 200 capable of changing modes performs filtering based on the bi-directional mode whitelist and identifies which of the TCP packet and the UDP packet the data is in if the captured data exists in the bi-directional mode whitelist S540).

When the captured data is a UDP packet, the bidirectional communication apparatus 200 capable of mode change performs step S560 described later.

On the other hand, when the captured data is a TCP packet, the bidirectional communication device 200 capable of mode change manages a TCP session (S550).

The internal network module 210 of the bidirectional communication device 200 capable of changing the mode manages the time from when the TCP session is established to when the internal network device transmits the TCP data to the external network device, When the TCP data is transmitted to the internal network device, from the time when the TCP session is created to the time when the session ends.

A TCP session is created when a TCP SYN packet is received from a source IP in a unidirectional mode whitelist or a bidirectional mode whitelist. Upon receipt of a TCP termination packet, the TCP session is terminated normally. The bidirectional communication device 200 capable of changing modes is terminated when a TCP session is generated when the internal network device transmits TCP data to the external network device or when the external network device transmits TCP data to the internal network device Up to the point of view.

The internal network module 210 of the bidirectional communication device 200 capable of changing the mode can manage the remaining time allowed for the TCP session when managing the bidirectional mode TCP session and the initial value of the remaining allowed time is defined in the bidirectional mode whitelist Lt; / RTI > When the remaining allowed time becomes 0 before the end of the TCP session, the bidirectional communication device 200 capable of changing modes can delete the corresponding TCP session, and when receiving a packet for a TCP session that is not an object of management, The corresponding packet can be deleted.

Finally, the bidirectional communication device 200 capable of mode change transmits data captured by the first transceiver (S560).

The bidirectional communication device 200 capable of mode change transfers data captured by the first transceiver to transmit data to a destination corresponding to the captured data.

Hereinafter, the data flow of the bidirectional communication apparatus capable of mode change according to an embodiment of the present invention will be described in detail with reference to FIG.

FIG. 6 is a view for explaining a data flow of a bidirectional communication apparatus capable of mode change according to an embodiment of the present invention.

As shown in FIG. 6, the bidirectional communication device 200 capable of changing modes can perform communication with the internal network devices 110 to 130 through the internal network 100. The bidirectional communication device 200 capable of changing modes can perform communication with the external network devices 6 310 through 330 through the external network 300.

The bidirectional communication device 200 capable of changing modes includes an internal network module 210, a communication mode control module 220 and an external network module 230. The internal network module 210 and the external network module 230 A transmitter and a receiver, and the communication mode control module 220 includes a relay transmitter, a relay receiver, and a communication mode setting unit.

The first transceiver of the internal network module 210 is connected to the internal network 100 and the second transceiver of the external network module 230 is connected to the external network 300. And the first receiver receives data from the relay transmitter of the communication mode control module and the first transmitter performs unidirectional communication to transmit data to the second receiver.

At this time, the communication mode setting unit of the communication mode control module 220 sets the communication mode to either the bidirectional mode or the unidirectional mode, and determines whether or not at least one of the relay transmitter and the relay receiver is operated So that data can be received from the external network module only when the first receiver is in the bi-directional mode.

Hereinafter, the functions performed by the internal network module of the bidirectional communication device capable of mode switching according to an embodiment of the present invention will be described in more detail with reference to FIG. 7 through FIG.

The internal network module of the bidirectional communication device 200 capable of changing modes can perform at least any one of a management function for managing various lists, a transmission / reception data filtering function, a data capture function, a communication mode recognition function, have.

The management function of the internal network module may include at least one of an internal network module utilization device IP list management, a proxy ARP target device IP list management, a whitelist management, and a TCP session management.

At this time, proxy ARP target device IP list management is classified into unidirectional mode proxy ARP target device IP list management and bidirectional mode proxy ARP target device IP list management, whitelist management is classified into unidirectional mode whitelist management and bidirectional mode whitelist management .

7 is a table showing an IP list of an internal network module utilizing apparatus according to an embodiment of the present invention.

Internal network module The device IP list manages the IP addresses of all internal network devices that transmit data to the external network through the internal network module or the internal network module. In FIG. 6, when the first device 110 and the second device 120 transmit data to the external network, the IP list of the internal network module may be as shown in FIG.

FIG. 8 is a table showing an unidirectional mode proxy ARP target device IP list of the internal network according to an exemplary embodiment of the present invention, FIG. 9 is a table showing the bidirectional mode proxy ARP target device IP list of the internal network according to an exemplary embodiment of the present invention .

In response to an ARP request for an external network device existing in an external network, one or more internal network devices included in the internal network module utilization apparatus IP list of FIG. 7, The internal network module of the changeable bidirectional communication apparatus 200 manages a proxy ARP target device IP list of the internal network. In this case, the internal network module can be managed by dividing into a unidirectional mode proxy ARP target device IP list and a bidirectional mode proxy ARP target device IP list.

Unidirectional mode proxy ARP target IP list is a list of proxy ARP target device IPs required in an environment in which an internal network device performs unidirectional communication with an external network device. The unidirectional mode proxy ARP target device IP list of the internal network when the internal network devices 1 and 2 transmit data to the external network devices 4 and 5, respectively, can be expressed as shown in FIG. 8 have.

Also, the bidirectional mode proxy ARP target device IP list means a list of proxy ARP target device IPs required in an environment in which an internal network device performs uni-directional communication to an external network device or bidirectional communication between an internal network device and an external network device. When the internal network devices 1, 2 and external network devices communicate with the external network device 5, the internal network device 6, and the internal network device 3, the bidirectional mode proxy ARP target device IP list of the internal network 9 < / RTI >

10 and 11 are tables showing a white list according to an embodiment of the present invention.

The internal network module of the bidirectional communication device 200 capable of changing modes can be classified into a general 5-tuple (source IP, source port, destination IP, destination port, protocol) A white list including the allowed time information of the communication can be additionally managed.

At this time, the internal network module can manage the whitelist by dividing into the unidirectional mode whitelist and the bidirectional mode whitelist. The unidirectional mode whitelist is a whitelist describing that the internal network module is capable of only unidirectional transmission to the external network module, and the bidirectional mode whitelist is a whitelist describing enabling bidirectional communication between the internal network module and the external network module. .

The internal network module performs filtering using the unidirectional white list when it is determined that the communication mode is the unidirectional mode, and performs filtering using the bidirectional white list when the communication mode is determined to be the bidirectional mode. In this manner, the internal network module can perform the transmission / reception data filtering function by performing filtering using the whitelist.

If the internal network module supports the TCP proxy function and the internal network module and the external network module support the TCP proxy function for some TCP applications that the internal network device uses to communicate with the external network device with the TCP proxy function, Way communication device 200 can transmit data by performing unidirectional communication like a conventional unidirectional system in a unidirectional mode.

10 is a table showing a unidirectional mode white list according to an embodiment of the present invention.

6, the internal network device 1 supports the TCP proxy function for a program for transmitting TCP data to the port 3000 of the external network device 4 using the port 2000 as the source port, and the internal network device 2 as the source port When UDP data is transmitted to the 5000 port of the external network device 5 using the 5000 port, the ??? mode ??? white list may be as shown in FIG.

At this time, as shown in FIG. 10, the allowable time corresponding to the TCP data communication is 5, and the allowable time corresponding to UDP data communication may be -1. After the TCP session is created between the internal network device 1 and the internal network module through the TCP proxy function, the allowed time is allowed to be transmitted to the second receiver of the external network module through the first transmitter of the internal network module . The session exceeding the allowed time is forcibly deleted, and a log relating to the session can be provided to the user.

11 is a table showing a bi-directional mode whitelist according to an embodiment of the present invention.

11 shows that the internal network device 2 transmits UDP data to the port 5000 of the external network device 5 using the port 5000 as the source port and the external network device 4 uses the port 1000 as the source port to transmit the UDP data to the internal network device 1 The internal network device 1 exchanges TCP data to the port 200 of the external network device 6 using the port 100 and the external network device 5 exchanges the TCP data with the internal network And a bidirectional mode whitelist when TCP data is exchanged to the port 500 of the device 3.

The internal network module of the bidirectional communication device 200 capable of changing modes can perform a TCP session management function. In this case, the internal network module can manage the TCP session by dividing into the unidirectional mode TCP session management and the bidirectional mode TCP session management.

In particular, the internal network module can manage the TCP session for the TCP data in which the TCP proxy function is not applied in the bi-directional mode TCP session management. As for the TCP session management function of the internal network module, the description of step S480 of FIG. 4 and step S550 of FIG. 5 will be omitted.

The data capture function of the internal network module is a function of capturing at least one of data received by the first transceiver and data received by the first receiver of the internal network module. Then, the captured data is filtered based on the white list through the transmission / reception data filtering function. In addition, the filtered data may be transmitted to the first transceiver or the first transmitter, which is a transmitter corresponding to the data, through the data transfer function of the internal network module.

The communication mode recognition function of the internal network module recognizes the operation state information of at least one of the relay receiver and the relay transmitter of the communication mode control module and judges whether the currently set communication mode is the unidirectional communication mode or the bidirectional communication mode can do. The internal network module may perform an operation by selecting a proxy ARP target device IP list or a white list so as to correspond to the determined communication mode.

Hereinafter, the function performed by the external network module of the bidirectional communication apparatus capable of changing modes according to an embodiment of the present invention will be described in more detail with reference to FIG. 12 and FIG.

The external network module can perform the management function, the data capture function, and the data transfer function. The data capture function of the external network module means a function of capturing data received from the second transceiver of the external network module and data received from the second receiver. The captured data is transferred to the second transceiver or the second transmitter through the data transfer function.

The management function of the external network module performed by the bidirectional communication device 200 capable of changing modes may include management of the external network module utilizing device IP list and management of the proxy ARP target device IP list.

12 is a table showing an IP list of an external network module utilizing apparatus according to an embodiment of the present invention.

The external network module of the bidirectional communication device 200 capable of changing modes manages the IP addresses of all the external network devices that are to transmit data to the internal network through the external network module and the external network module And manage the IP address of the router.

When the external network device 4 and the external network device 5 transmit data through the external network, the IP list of the external network module may be as shown in FIG.

13 is a table showing an IP list of a proxy ARP target apparatus of an external network according to an embodiment of the present invention.

The external network module of the bidirectional communication apparatus 200 capable of mode change can be configured such that the external network module included in the external network module utilization apparatus IP list of FIG. 12 is replaced with the ARP request packet for the internal network apparatus, To manage the proxy ARP target device IP list of the external network.

When the devices 4 310 and 5 320 which are external network devices transmit data to the device 1 110 and the device 2 120, which are internal network devices, the proxy ARP target device IP list of the external network is shown in FIG. 13 ≪ / RTI >

The data capture function of the external network module means a function of capturing at least one of data received at the second transceiver and data received at the second receiver of the external network module. Then, the captured data is transmitted to the transmitter corresponding to the captured data through the data transfer function of the external network module. At this time, the transmitter may mean either the second transceiver or the second transmitter.

When the TCP data transmitted from the external network device to the internal network device is captured from the second transceiver of the external network module, the external network module transmits the captured data to the relay receiver of the communication mode control module through the second transmitter. When the external network module captures an ARP request packet, which is a packet other than TCP data or UDP data, from the external network device, the ARP response message is generated based on the proxy ARP target device IP list of the external network, To the transceiver.

At this time, the external network module can not determine whether the current communication mode is the unidirectional mode or the bidirectional mode. That is, the external network module can not determine whether the data transmitted to the relay receiver of the communication mode control module can be transmitted to the internal network module through the relay transmitter.

Hereinafter, the functions of the communication mode control module will be described in more detail with reference to FIGS. 14 and 15. FIG.

A communication mode control module including a relay receiver, a relay transmitter, and a communication mode setting unit includes a link connection time management function, a relay transmitter management function, a relay receiver management function, a temporary connection function after authentication, a data capture function, Function.

The communication mode control module captures data received from the second transmitter of the external network module through the data capture function, and transmits the captured data to the first receiver of the internal network module through the data transfer function. The communication mode control module sets a communication mode based on at least one of link link time, authentication result, and occurrence of an abnormal situation.

At this time, when the communication mode is set to the bidirectional mode, the communication mode control module sets the operation of the relay transmitter and the relay receiver to the active state, and activates the data transfer function to support bidirectional communication. On the other hand, when the communication mode is set to the unidirectional mode, the communication mode control module can set the operation of the relay transmitter to the inactive state and set the data transfer function to the inactive state.

In addition, the communication mode control module sets the state of the relay transmitter and the relay receiver to the active state to set the second transmitter of the external network module and the first receiver of the internal network module to be physically connected, Function may be activated to support bi-directional communication.

For convenience of explanation, it has been described that the communication mode control module sets the status of the relay transmitter and relay receiver, and sets the communication mode by setting whether to activate the data capture function and the data transfer function of the communication mode control module. However, , The communication mode control module sets the communication mode using the state of the relay transmitter regardless of whether the data capture function and the data transfer function is activated or not, sets whether to activate the data capture function and the data transfer function, The communication mode can be set by setting the state of the relay receiver.

14 is a table for explaining link connection time management according to an embodiment of the present invention.

The communication mode control module can set the communication mode to the bidirectional mode by setting the relay transmitter to the active state when the current time corresponds to the preset link connection time.

For example, if the link connection time is set from 20:00 to 20:01 every day and every Monday from 21:00 to 21:05, as shown in FIG. 14, the communication mode control module is updated every day from 8:00 pm to 8:00 pm It is possible to set the bidirectional mode for 1 minute to 1 minute, and the bidirectional mode to 5 minutes for every Monday at 9:00 pm.

At this time, the communication mode control module sets the operation state of the relay receiver and the relay transmitter to the active state, and activates the data capture function and the data transfer function of the communication mode control module to set the communication mode to the bidirectional mode.

And, the communication mode control module can set the communication mode to the unidirectional mode by setting the relay receiver and the relay transmitter to the inactive state and deactivating the data capture function and the data transfer function at a time other than the link connection time.

Also, the communication mode control module performs authentication when it corresponds to the link connection time of FIG. 14, and only when the authentication is successful, the second transmitter of the external network module transmits to the first receiver of the internal network module through the communication mode control module Directional communication so that data can be transmitted.

15 is a table for explaining permission time management for each user according to an embodiment of the present invention.

The communication mode control module can manage the allowed time for each user and perform the connection function after authentication. The communication mode control module may perform the user authentication according to the user's needs and then operate in the bi-directional mode for a limited time based on the allowed time corresponding to the authenticated user. At this time, the communication mode control module can perform user authentication using one or more authentication methods among various authentication methods such as ID / password based authentication and certificate based authentication.

Also, the communication mode control module may manage the allowed time set differently for each user, or may manage different allowed times for each authentication method. For example, bidirectional communication is allowed for 5 minutes if ID / password based authentication is performed, and bidirectional communication is allowed for 10 minutes if certificate based authentication is performed.

15, the communication mode control module supports bidirectional communication for 2 minutes if the ID succeeded in authentication is the ID corresponding to the user, and performs bidirectional communication for 10 minutes if the ID succeeded in authentication is the ID corresponding to the manager. . Here, supporting bi-directional communication means activating the relay transmitter, and transmitting the data received from the second transmitter of the external network module to the first receiver of the internal network module by the communication mode control module.

Further, the communication mode control module sets the relay transmitter and the relay receiver to the inactive state when the user releases the authentication, the link connection time has elapsed, or when it is judged that the allowed time after the authentication or the abnormal situation occurs , The data transfer function and the data capture function may be inactivated to allow the bi-directional communication device capable of changing the mode to operate in the unidirectional mode.

The communication mode control module can perform the emergency stop function in a state in which the communication mode is set to the bidirectional mode. When the emergency stop signal is received from the user or the unscheduled traffic is monitored as a result of the traffic monitoring, the communication mode control module determines that an abnormal situation has occurred and performs the emergency stop function. At this time, the communication mode control module can receive the emergency stop signal from the user through the physical push button.

The communication mode control module may set the communication mode to the unidirectional mode by performing the emergency stop function, setting the relay transmitter and the relay receiver in the inactive state, and disabling the data capture function and the data transfer function of the communication mode control module.

16 is a diagram for explaining a process of setting a communication mode based on a result of authentication according to an embodiment of the present invention.

As shown in FIG. 16, the administrator PC 600 can manage the bidirectional communication devices 200 capable of changing a plurality of modes through the independent network 400. At this time, the administrator PC 600 can access the communication mode control module of the bidirectional communication devices 200 capable of mode change and perform authentication or manage the link connection time. Also, the administrator PC 600 may include an authentication server 500 in the independent network 400, and may perform authentication using the authentication server 500. [ The administrator PC 600 may set the emergency stop function to operate through the independent network 400. [

17 is a block diagram illustrating a computer system in accordance with an embodiment of the present invention.

17, embodiments of the present invention may be implemented in a computer system 1700, such as a computer readable recording medium. 17, the computer system 1700 includes one or more processors 1710, a memory 1730, a user input device 1740, a user output device 1750, and a storage 1730 that communicate with each other via a bus 1720. [ (1760). In addition, the computer system 1700 may further include a network interface 1770 coupled to the network 1780. The processor 1710 may be a central processing unit or a semiconductor device that executes the processing instructions stored in the memory 1730 or the storage 1760. Memory 1730 and storage 1760 can be various types of volatile or non-volatile storage media. For example, the memory may include a ROM 1731 or a RAM 1732.

Thus, embodiments of the invention may be embodied in a computer-implemented method or in a non-volatile computer readable medium having recorded thereon instructions executable by the computer. When computer readable instructions are executed by a processor, the instructions readable by the computer are capable of performing the method according to at least one aspect of the present invention.

As described above, the bidirectional communication apparatus and method capable of modifying the mode according to the present invention are not limited to the configuration and method of the embodiments described above, but the embodiments can be applied to various modes All or some of the embodiments may be selectively combined.

100: internal network 110 to 150: internal network device
200: Two-way communication device capable of mode change
210: internal network module 211: first transceiver
213: first transmitter 215: first receiver
220: Communication mode control module 221: Relay receiver
223: Relay transmitter 225: Communication mode setting unit
230: external network module 231: second transceiver
233: second transmitter 235: second receiver
300: external network 310-350: external network device
400: Independent network 500: Authentication server
600: Administrator PC 1700: Computer System
1710: Processor 1720: Bus
1730: Memory 1731: ROM
1732: RAM 1740: user input device
1750: User output device 1760: Storage
1770: Network interface 1780: Network

Claims (20)

An internal network module for transmitting data received from one or more internal network devices to external network devices,
An external network module for receiving data from the internal network module and transmitting data received from one or more external network devices to the internal network module,
Wherein the external network module relays data transmitted from the external network module to the internal network module and sets the communication mode to one of a unidirectional mode and a bidirectional mode so as to correspond to a predetermined condition, And transmitting the data to the internal network module
Directional communication device. The method according to claim 1,
The internal network module includes:
A first transceiver for communicating with the internal network through an internal network,
A first transmitter for transmitting data received from the internal network device to the external network module, and
And a first receiver for receiving data from the external network module through the communication mode control module when the bi-directional mode is set. 3. The method of claim 2,
Wherein the communication mode control module comprises:
A relay receiver for receiving data from a transmitter of the external network module,
A relay transmitter for transmitting the data received by the relay receiver to the first receiver of the internal network module, and
A communication mode setting unit for setting whether to operate at least one of the relay receiver and the relay transmitter,
Directional communication device. The method of claim 3,
The internal network module includes:
And identifies the established communication mode based on operation state information of the relay transmitter. The method of claim 3,
Wherein the communication mode setting unit,
Wherein the communication mode is set based on at least one of a link connection time, an authentication result, and an occurrence of an abnormal situation. 6. The method of claim 5,
Wherein the communication mode setting unit,
And setting the communication mode to the bidirectional mode by setting the relay transmitter to the active state when the current time corresponds to the predetermined link connection time. 6. The method of claim 5,
Wherein the communication mode setting unit,
Wherein the communication mode is set to the bidirectional mode when the authentication is successful, the authentication mode being a mode in which at least one of authentication by ID / password based authentication, certificate based authentication and authentication using an authentication server is performed. 6. The method of claim 5,
Wherein the communication mode setting unit,
The bidirectional communication apparatus according to claim 1, wherein the unidirectional communication mode is set to the unidirectional mode when the emergency stop signal is received from the user or unscheduled traffic exceeding a threshold value of the traffic monitoring result is identified. The method according to claim 1,
The internal network module includes:
Wherein the filtering is performed based on at least one of a unidirectional white list and a bidirectional white list, and only allowed data is transmitted to either the external network module or the internal network device. 3. The method of claim 2,
The external network module includes:
A second transceiver for communicating with the external network device via an external network,
A second transmitter for transmitting data via the communication mode control module to the first receiver of the internal network module,
And a second receiver for receiving data from the first transmitter of the internal network module,
Wherein the data transmitted by the second transmitter to the first receiver comprises:
Directional mode, and is transmitted to the first receiver of the internal network module only when the mode is set to the bi-directional mode. The method according to claim 1,
The internal network module includes:
Wherein the communication mode control module transmits unidirectional electrical status information to the communication mode control module via the line. 12. The method of claim 11,
Wherein the communication mode control module comprises:
Wherein the communication mode is set to the unidirectional mode when the electrical state information received from the internal network module is in an off state. A two-way communication method performed by a two-way communication device capable of mode change,
Setting a communication mode of one of a unidirectional mode and a bidirectional mode so as to correspond to a predetermined condition,
Capturing data from at least one of a receiver and a transceiver of an internal network module,
Determining whether the captured data is transmitted to an external network module or received from the external network module,
Performing filtering based on the white list corresponding to the communication mode when the captured data is data corresponding to an external network module, and
Transmitting the filtered data to one of an external network device corresponding to the external network module and an internal network device corresponding to the internal network module
Lt; RTI ID = 0.0 > mode changeable < / RTI > 14. The method of claim 13,
Wherein the setting of the communication mode comprises:
A relay transmitter for transmitting data received from the external network module to the internal network module and a relay receiver for transmitting data received from the internal network module to the external network module, Way communication method capable of changing a mode for setting a mode. 15. The method of claim 14,
Setting the relay transmitter to an active state when the communication mode is set to the bi-directional mode,
Capturing data received by the relay receiver from the external network module, and
Transmitting the data received by the relay receiver to the receiver of the internal network module
Further comprising the steps of: 15. The method of claim 14,
Wherein the setting of the communication mode comprises:
Wherein the communication mode is set based on at least one of a link connection time, an authentication result, and an occurrence of an abnormal situation. 17. The method of claim 16,
Wherein the setting of the communication mode comprises:
And setting the communication mode to the bidirectional mode by setting the relay transmitter to the active state when the current time corresponds to the predetermined link connection time. 17. The method of claim 16,
Wherein the setting of the communication mode comprises:
Authenticating at least one of ID / password based authentication, certificate based authentication, and authentication using an authentication server; and
Setting the communication mode to the bi-directional mode when the authentication is successful, and setting the communication mode to the unidirectional mode if the authentication fails
Lt; RTI ID = 0.0 > mode changeable < / RTI > 19. The method of claim 18,
And setting the communication mode to the bi-directional mode when the authentication is successful,
And setting the communication mode to the bidirectional mode on a temporary basis based on an allowable time corresponding to the user who has succeeded in the authentication. 17. The method of claim 16,
Wherein the setting of the communication mode comprises:
Determining that the abnormal situation occurs when receiving an emergency stop signal from a user or when unscheduled traffic exceeding a threshold value of the traffic monitoring result is identified; and
Setting the communication mode to the unidirectional mode if it is determined that the abnormal situation has occurred;
Lt; RTI ID = 0.0 > mode changeable < / RTI >

Images