TW201931833A - System and method for unidirectional transfer of file - Google Patents

System and method for unidirectional transfer of file Download PDF

Info

Publication number
TW201931833A
TW201931833A TW107140467A TW107140467A TW201931833A TW 201931833 A TW201931833 A TW 201931833A TW 107140467 A TW107140467 A TW 107140467A TW 107140467 A TW107140467 A TW 107140467A TW 201931833 A TW201931833 A TW 201931833A
Authority
TW
Taiwan
Prior art keywords
data diode
file
files
receiver
transmitter
Prior art date
Application number
TW107140467A
Other languages
Chinese (zh)
Other versions
TWI771523B (en
Inventor
慶祥 賴
永聰 伍
康偉 彭
建良 林
Original Assignee
新加坡商新科電子(訊密)私人有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 新加坡商新科電子(訊密)私人有限公司 filed Critical 新加坡商新科電子(訊密)私人有限公司
Publication of TW201931833A publication Critical patent/TW201931833A/en
Application granted granted Critical
Publication of TWI771523B publication Critical patent/TWI771523B/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones

Abstract

A system for unidirectional transfer of files between a sender network and a receiver network is provided. The system includes a data diode configured to provide a one-way link between the sender network and the receiver network. The data diode includes a data diode sender and a data diode receiver wherein the data diode receiver is communicably coupled to the data diode sender for unidirectional transfer of files from the data diode sender to the data diode receiver. Each file is identified using a file identifier. The data diode sender is configured to send a file list to the data diode receiver. The file list includes file identifiers of all the files to be sent through the data diode. The data diode receiver is configured to detect a loss of one or more files based on comparing the file identifiers of received files with the file identifiers present in the file list.

Description

在單向檔案轉移系統中之檔案遺失的偵測Detection of lost files in one-way file transfer system

本揭露是有關於一種單向檔案轉移系統。更具體而言,本揭露是有關於在單向檔案轉移系統中偵測檔案遺失。This disclosure is about a one-way file transfer system. More specifically, this disclosure is about detecting file loss in a one-way file transfer system.

單向檔案轉移系統常用於減輕連接兩個不同網路的安全風險。在一種實施方式中,使用資料二極體在實體層上實施單向轉移。允許僅在一個方向上轉移檔案會藉由使網路自潛在的安全漏洞(例如,流出網路的不期望的及未經授權的資料)隔離而向網路提供網路安全,同時仍使得網路能夠以受控方式轉移檔案。通常,待被轉移的檔案自發送器網路中的資料二極體發送器被發送至接收器網路中的資料二極體接收器。在轉移檔案期間可發生檔案遺失情景。舉例而言,當資料二極體接收器無法跟上來自資料二極體發送器的檔案時,可發生檔案遺失。One-way file transfer systems are often used to mitigate the security risks of connecting two different networks. In one embodiment, a one-way transfer is performed on the physical layer using a data diode. Allowing files to be transferred in only one direction provides network security to the network by isolating it from potential security holes (such as unwanted and unauthorized data flowing out of the network), while still allowing the network to Road can transfer files in a controlled manner. Generally, the files to be transferred are sent from the data diode transmitter in the transmitter network to the data diode receiver in the receiver network. Loss of files may occur during the transfer of files. For example, file loss can occur when a data diode receiver cannot keep up with files from a data diode transmitter.

由於在單向檔案轉移系統中不存在回饋回路,因此資料二極體發送器不知曉檔案遺失。因此,單向檔案轉移系統的使用者將不知曉檔案遺失(若存在),除非已實體證實所有的檔案已在資料二極體接收器處被成功接收。解決檔案遺失問題的大部分已知解決方案包括回饋機制以通知資料二極體發送器或發送器網路中的某一其他組件檔案遺失。此外,例如發起對所遺失檔案的重新傳送等矯正動作亦使用回饋機制。在美國專利9,264,470中揭露了利用回饋機制的檔案遺失偵測及修覆的實例。Because there is no feedback loop in the one-way file transfer system, the data diode transmitter is unaware of the missing files. As a result, users of the one-way file transfer system will not know if the files are missing (if they exist) unless it has been physically verified that all files have been successfully received at the data diode receiver. Most known solutions to file loss issues include feedback mechanisms to notify the data diode sender or some other component in the sender network that the file is missing. In addition, corrective actions such as initiating retransmissions of lost files also use feedback mechanisms. An example of file loss detection and repair using a feedback mechanism is disclosed in US Patent 9,264,470.

因此,需要一種經設計以快速且簡單的方式偵測檔案遺失的單向檔案轉移系統。Therefore, there is a need for a one-way file transfer system designed to detect lost files in a fast and simple manner.

在本發明的態樣中,提供了一種在發送器網路與接收器網路之間單向性轉移檔案的系統。所述系統包括資料二極體,所述資料二極體被配置成在發送器網路與接收器網路之間提供單向鏈路。In an aspect of the present invention, a system for unidirectionally transferring files between a sender network and a receiver network is provided. The system includes a data diode configured to provide a unidirectional link between a transmitter network and a receiver network.

所述資料二極體包括資料二極體發送器以及資料二極體接收器。所述資料二極體接收器可通訊地耦合至所述資料二極體發送器用於將檔案自所述資料二極體發送器單向性轉移至所述資料二極體接收器。每一檔案利用例如檔案名稱或檔案編號等檔案辨識符進行辨識。The data diode includes a data diode transmitter and a data diode receiver. The data diode receiver is communicatively coupled to the data diode transmitter for unidirectionally transferring files from the data diode transmitter to the data diode receiver. Each file is identified using a file identifier such as a file name or file number.

所述資料二極體發送器更被配置成向所述資料二極體接收器發送檔案清單。所述檔案清單包括將經由所述資料二極體發送的所有檔案的檔案辨識符。所述資料二極體接收器被配置成基於將所接收檔案的所述檔案辨識符與存在於所述檔案清單中的所述檔案辨識符進行比較而偵測一或多個檔案的遺失。The data diode transmitter is further configured to send a file list to the data diode receiver. The file list includes file identifiers of all files to be sent via the data diode. The data diode receiver is configured to detect the loss of one or more files based on comparing the file identifier of the received file with the file identifier existing in the file list.

在本發明的態樣中,所述資料二極體發送器被配置成重覆地向所述資料二極體接收器發送所述檔案清單。舉例而言,所述資料二極體發送器可發送所述檔案清單預定次數。作為另一選擇,所述資料二極體發送器可向所述資料二極體接收器周期性地發送所述檔案清單。In an aspect of the invention, the data diode transmitter is configured to repeatedly send the archive list to the data diode receiver. For example, the data diode transmitter may send the archive list a predetermined number of times. Alternatively, the data diode transmitter may periodically send the file list to the data diode receiver.

在本發明的態樣中,在偵測到所述一或多個檔案的遺失時,所述資料二極體接收器被配置成產生含有所遺失的所述一或多個檔案的所述檔案辨識符的日誌(log)。In an aspect of the present invention, when the loss of the one or more files is detected, the data diode receiver is configured to generate the file containing the lost one or more files. Identifier log.

在本發明的另一態樣中,在偵測到所述一或多個檔案的遺失時,所述資料二極體接收器被配置成產生指示所述一或多個檔案的所述遺失的警報消息。所述警報消息包括在將檔案自所述資料二極體發送器轉移至所述資料二極體接收器期間遺失的所述一或多個檔案的所述檔案辨識符。所述警報消息利用簡單郵件轉移協定(Simple Mail Transfer Protocol,SMTP)或系統日誌(Syslog)被傳遞至可通訊地耦合至所述資料二極體的使用者裝置或監測單元。In another aspect of the present invention, when the loss of the one or more files is detected, the data diode receiver is configured to generate an indication of the loss of the one or more files. Alert message. The alert message includes the file identifier of the one or more files that were lost during the transfer of the files from the data diode transmitter to the data diode receiver. The alert message is transmitted to a user device or a monitoring unit communicatively coupled to the data diode using a Simple Mail Transfer Protocol (SMTP) or a system log (Syslog).

在本發明的另一態樣中,所述警報消息是用於觸發對在將檔案自所述資料二極體發送器轉移至所述資料二極體接收器期間遺失的所述一或多個檔案的重新傳送。對所述一或多個檔案的所述重新傳送是利用所述一或多個檔案的所述檔案辨識符觸發。In another aspect of the present invention, the alert message is for triggering a response to the one or more of the files lost during the transfer of the file from the data diode transmitter to the data diode receiver. Resend the file. The retransmission of the one or more files is triggered using the file identifier of the one or more files.

結合以下說明及附圖,本發明的其他特征及態樣將顯而易見。Other features and aspects of the present invention will be apparent from the following description and drawings.

在可能情況下,將在圖示通篇中使用相同的參考編號來指代相同或相似的部件。此外,當可能存在多於一個同一類型的元件時,本文中所述的對各種元件的提及是集體性地或個別性地作出。然而,此種提及在本質上僅為例示性的。可注意,除非在隨附申請專利範圍中明確陳述,否則對單數形式的元件的任意提及亦可被解釋為與複數相關,反之亦可,而未將本發明的範圍限制為確切數目或類型的此類元件。Wherever possible, the same reference numbers will be used throughout the drawings to refer to the same or similar parts. In addition, where more than one element of the same type may be present, references to various elements described herein are made collectively or individually. However, such references are merely exemplary in nature. It may be noted that unless explicitly stated in the scope of the accompanying patent application, any reference to an element in the singular can be interpreted as being related to the plural, and vice versa, without limiting the scope of the invention to the exact number or type Of such components.

圖1根據本發明的一個實施例,示意性地示出包括資料二極體102的單向檔案轉移系統100的實例。舉例而言,其在發送器網路104與接收器網路106之間提供通訊,但亦設想額外的網路。發送器網路104可包括一或多個網路流量源108。接收器網路106可包括一或多個網路流量目的地110。資料二極體102被配置成使得能夠在發送器網路104與接收器網路106之間以單向性方式轉移檔案。具體而言,資料二極體102被配置成使得能夠將檔案自發送器網路104轉移至接收器網路106,並阻止將檔案自接收器網路106轉移至發送器網路104。因此,資料二極體102充當允許檔案的單向性轉移而不對經過其的資料進行修改的透明路由器。僅管資料二極體102在圖1中被示出為位於發送器網路104及接收器網路106外部,但資料二極體102的一或多個組件可設置於發送器網路104及/或接收器網路106中。FIG. 1 schematically illustrates an example of a one-way file transfer system 100 including a data diode 102 according to an embodiment of the present invention. For example, it provides communication between the transmitter network 104 and the receiver network 106, but also envisages additional networks. The sender network 104 may include one or more network traffic sources 108. The receiver network 106 may include one or more network traffic destinations 110. The data diode 102 is configured to enable one-way transfer of files between the transmitter network 104 and the receiver network 106. Specifically, the data diode 102 is configured to enable files to be transferred from the sender network 104 to the receiver network 106 and to prevent files from being transferred from the receiver network 106 to the sender network 104. Therefore, the data diode 102 acts as a transparent router that allows unidirectional transfer of files without modifying the data passing through it. Although the data diode 102 is shown in FIG. 1 as being external to the transmitter network 104 and the receiver network 106, one or more components of the data diode 102 may be disposed on the transmitter network 104 and And / or the receiver network 106.

在一個實施例中,檔案可包含各種類型的內容,例如文件、影像、網頁、圖形、視訊、聲音、程式及/或其他格式。僅管已使用檔案解釋了本發明,但本發明同樣適用於此項技術中已知的其他類型的數位資訊或數位資料。In one embodiment, the file may contain various types of content, such as documents, images, web pages, graphics, video, sound, programs, and / or other formats. Although the invention has been explained using archives, the invention is equally applicable to other types of digital information or digital data known in the art.

圖2示意性地示出根據本發明的一個實施例的單向檔案轉移系統100的示例性組件。資料二極體102包括資料二極體發送器202以及資料二極體接收器204。資料二極體發送器202藉由單向光學資料鏈路連接至資料二極體接收器204。此種配置在將資料二極體發送器202連接至資料二極體接收器204的光纖的兩端處實體實施單向資料轉移,藉此生成自發送器網路104至接收器網路106的真正單向性的單向資料鏈路。FIG. 2 schematically illustrates exemplary components of a one-way archive transfer system 100 according to one embodiment of the present invention. The data diode 102 includes a data diode transmitter 202 and a data diode receiver 204. The data diode transmitter 202 is connected to the data diode receiver 204 via a unidirectional optical data link. This configuration physically implements one-way data transfer at both ends of the optical fiber that connects the data diode transmitter 202 to the data diode receiver 204, thereby generating data from the transmitter network 104 to the receiver network 106. A truly unidirectional unidirectional data link.

資料二極體發送器202被配置成將多個檔案發送至資料二極體接收器204。在某些情景中,在自資料二極體發送器202轉移至資料二極體接收器204期間,可存在一些檔案的遺失。舉例而言,資料二極體接收器204可能無法跟上來自資料二極體發送器202的檔案流入。為解決此種情景,資料二極體發送器202被配置成發送檔案清單,所述檔案清單包括關於將經由資料二極體102發送的所有檔案的資訊。所述檔案清單可包括一或多個檔案辨識符,例如檔案名稱、檔案ID、時間戳等。圖3示出包括將經由資料二極體102傳送的50個檔案的資訊的檔案清單302的實例。檔案清單302包括檔案名稱及檔案編號作為檔案辨識符。The data diode transmitter 202 is configured to send a plurality of files to the data diode receiver 204. In some scenarios, some files may be lost during the transfer from the data diode transmitter 202 to the data diode receiver 204. For example, the data diode receiver 204 may not be able to keep up with the file inflow from the data diode transmitter 202. To address this scenario, the data diode sender 202 is configured to send a file list that includes information about all files to be sent via the data diode 102. The file list may include one or more file identifiers, such as a file name, a file ID, a time stamp, and the like. FIG. 3 shows an example of a file list 302 including information of 50 files to be transmitted via the data diode 102. The file list 302 includes file names and file numbers as file identifiers.

在一個實施例中,資料二極體發送器202被配置成在自資料二極體發送器202發送每一檔案時編纂檔案的檔案清單。對檔案清單的編纂含有自資料二極體發送器202發送的所有檔案的歷史或在一段時間期間發送的檔案的編纂。In one embodiment, the data diode transmitter 202 is configured to compile a file list of the files as each file is transmitted from the data diode transmitter 202. The compilation of the archive list contains the history of all archives sent from the data diode sender 202 or the compilation of archives sent over a period of time.

在一些情形中,檔案清單可在資料二極體發送器202與資料二極體接收器204之間的轉接中遺失。為解決此種擔憂,資料二極體發送器202可被配置成向資料二極體接收器204重覆地發送檔案清單。在一個實施例中,資料二極體發送器202被配置成發送檔案清單預定次數。在另一實施例中,資料二極體發送器202被配置成向資料二極體接收器204周期性地發送檔案清單。In some cases, the file list may be lost in the transfer between the data diode transmitter 202 and the data diode receiver 204. To address this concern, the data diode transmitter 202 may be configured to repeatedly send the file list to the data diode receiver 204. In one embodiment, the data diode transmitter 202 is configured to send the archive list a predetermined number of times. In another embodiment, the data diode transmitter 202 is configured to periodically send the file list to the data diode receiver 204.

資料二極體接收器204被配置成接收由資料二極體發送器202發送的檔案。資料二極體接收器204可被配置成提取所接收的檔案的檔案辨識符。資料二極體接收器204亦被配置成接收包括將經由資料二極體102轉移的所有檔案的檔案辨識符的檔案清單。在完成檔案轉移之後,資料二極體接收器204被配置成偵測是否存在一或多個檔案的遺失。具體而言,資料二極體接收器204被配置成使用所接收的檔案清單來將所接收的檔案的檔案辨識符與存在於檔案清單中的檔案辨識符進行比較。The data diode receiver 204 is configured to receive files transmitted by the data diode transmitter 202. The data diode receiver 204 may be configured to extract a file identifier of the received file. The data diode receiver 204 is also configured to receive a file list including file identifiers for all files to be transferred via the data diode 102. After completing the file transfer, the data diode receiver 204 is configured to detect whether one or more files are missing. Specifically, the data diode receiver 204 is configured to use the received file list to compare the file identifier of the received file with the file identifier present in the file list.

若一些檔案在資料二極體發送器202與資料二極體接收器204之間轉移期間遺失,則資料二極體接收器204將能夠基於對檔案辨識符的比較而辨識所遺失的檔案。換言之,所遺失的檔案可被辨識為檔案辨識符存在於檔案清單中但未在資料二極體接收器204處被接收的檔案。If some files are lost during the transfer between the data diode transmitter 202 and the data diode receiver 204, the data diode receiver 204 will be able to identify the missing files based on a comparison of the file identifiers. In other words, the missing file may be identified as a file in which the file identifier exists in the file list but is not received at the data diode receiver 204.

在一個實施例中,資料二極體接收器204被配置成產生含有關於一或多個檔案的遺失的資訊的日誌。所述日誌可包括在資料二極體接收器204處未被接收到但被列於檔案清單中的檔案的檔案辨識符。視情況,所述日誌可包括時間及日期資訊以及與所遺失的檔案相關的資訊。In one embodiment, the data diode receiver 204 is configured to generate a log containing information about the loss of one or more files. The log may include a file identifier of a file that is not received at the data diode receiver 204 but is listed in the file list. Optionally, the log may include time and date information and information related to the lost files.

在各種實施例中,資料二極體接收器204被配置成產生指示一或多個檔案的遺失的警報消息。警報消息可為電子郵件、文字消息或此項技術中已知的任意其他警報消息。警報消息可包括在將檔案自資料二極體發送器202轉移至資料二極體接收器204期間遺失的一或多個檔案的檔案辨識符。警報消息可被傳遞至可通訊地耦合至資料二極體102的使用者裝置或遠端監測單元。警報消息可利用簡單郵件轉移協定(SMTP)或系統日誌或此項技術中已知的其他報警協定進行傳遞。In various embodiments, the data diode receiver 204 is configured to generate an alert message indicating the loss of one or more files. The alert message can be an email, text message, or any other alert message known in the art. The alert message may include the file identifier of one or more files that were lost during the transfer of the files from the data diode transmitter 202 to the data diode receiver 204. The alert message may be delivered to a user device or a remote monitoring unit communicatively coupled to the data diode 102. Alert messages can be delivered using Simple Mail Transfer Protocol (SMTP) or syslog or other alert protocols known in the art.

警報消息可用於觸發對在將檔案自資料二極體發送器202轉移至資料二極體接收器204期間遺失的一或多個檔案的重新傳送。對所遺失檔案的所述重新傳送可利用所遺失檔案的檔案辨識符觸發。The alert message may be used to trigger the retransmission of one or more files that were lost during the transfer of the files from the data diode sender 202 to the data diode receiver 204. The retransmission of the lost file may be triggered using the file identifier of the lost file.

本文中所揭露的各種實施例將以說明性及解釋性意義進行理解,而決不應被解釋為限制本發明的範圍。另外,所有數字性用語(例如但不限於:「初級」、「次級」、「第一」、「第二」、「第三」或任意其他普通及/或數字性用語)亦應僅被理解為辨識符來輔助讀者理解本發明的各種元件、實施例、變化及/或修改,且可不生成任意限制,尤其是對任一元件、實施例、變化及/或修改相對於或相比另一元件、實施例、變化及/或修改的次序或偏好的限制。The various embodiments disclosed herein are to be understood in an illustrative and explanatory sense and should not be construed as limiting the scope of the invention. In addition, all numerical terms (such as, but not limited to, "primary", "secondary", "first", "second", "third" or any other general and / or numerical terms) shall also It is understood as an identifier to assist the reader in understanding various elements, embodiments, variations and / or modifications of the present invention, and may not generate any restrictions, especially for any element, embodiment, variation and / or modification relative to or compared to other Restrictions on the order or preference of an element, embodiment, variation, and / or modification.

應理解,針對一個實施例示出或闡述的個別特征可與針對另一實施例示出或闡述的個別特征相結合。上述實施方式不以任何方式限制本發明的範圍。因此應理解,僅管在功能性組件的上下文中示出或闡述了一些特征來說明本發明的用途,但在不背離由隨附申請專利範圍界定的本發明的精神的條件下,可自本發明的範圍省略此類特征。It should be understood that individual features shown or described for one embodiment may be combined with individual features shown or described for another embodiment. The above embodiments do not limit the scope of the present invention in any way. It should therefore be understood that, although some features are shown or described in the context of a functional component to illustrate the use of the invention, it may be used without departing from the spirit of the invention as defined by the scope of the accompanying patent application The scope of the invention omits such features.

工業適用性Industrial applicability

本發明的實施例針對在單向檔案轉移系統100中偵測檔案遺失的使用及實施中具有適用性。本發明的資料二極體102設置有檔案清單,所述檔案清單可有利地用於在將檔案自資料二極體發送器202轉移至資料二極體接收器204期間偵測檔案的遺失。此外,相較於在單向檔案轉移系統中偵測檔案遺失的傳統解決方案,藉由利用本文中所揭露的實施例,將容易並快速地偵測檔案遺失並進一步辨識檔案進行重新傳送。The embodiments of the present invention are applicable to the use and implementation of detecting lost files in the one-way file transfer system 100. The data diode 102 of the present invention is provided with a file list, which can be advantageously used to detect the loss of files during the transfer of files from the data diode sender 202 to the data diode receiver 204. In addition, compared with the traditional solution for detecting file loss in a one-way file transfer system, by using the embodiments disclosed herein, it is easy and fast to detect the file loss and further identify the file for retransmission.

圖4示出在將檔案自發送器網路104單向性轉移至接收器網路106期間偵測一或多個檔案的遺失的方法400。在步驟402處,由資料二極體接收器204接收檔案清單。所述檔案清單包括將經由資料二極體102發送的所有檔案的檔案辨識符。在步驟404處,由資料二極體接收器204接收資料二極體發送器202發送的檔案。資料二極體接收器204被配置成提取由資料二極體接收器204接收的所有檔案的檔案辨識符。FIG. 4 illustrates a method 400 for detecting the loss of one or more files during a unidirectional transfer of files from the sender network 104 to the receiver network 106. At step 402, the file list is received by the data diode receiver 204. The file list includes file identifiers of all files to be sent via the data diode 102. At step 404, the file sent by the data diode transmitter 202 is received by the data diode receiver 204. The data diode receiver 204 is configured to extract file identifiers of all files received by the data diode receiver 204.

在步驟406處,資料二極體接收器204被配置成在將檔案自資料二極體發送器202轉移至資料二極體接收器204期間偵測一或多個檔案的遺失。所述偵測是基於比較所接收的檔案的檔案辨識符與存在於檔案清單中的檔案辨識符而執行。因此,使用本文中所揭露的單向檔案轉移系統100可節省人工偵測檔案遺失或利用此項技術中傳統已知的其他檔案遺失偵測技術通常會導致的時間、成本及精力。At step 406, the data diode receiver 204 is configured to detect the loss of one or more files during the transfer of the files from the data diode transmitter 202 to the data diode receiver 204. The detection is performed based on comparing a file identifier of a received file with a file identifier existing in a file list. Therefore, using the one-way file transfer system 100 disclosed herein can save time, cost, and effort that are usually caused by manually detecting file loss or using other file loss detection techniques traditionally known in this technology.

僅管已參照以上實施例特別示出並闡述了本發明的態樣,但熟習此項技術者將理解,在不背離所揭露的精神及範圍的條件下,可藉由修改所揭露的機器、系統及方法而設想各種額外的實施例。此類實施例應被理解為落於基於申請專利範圍及其任意等效形式而確定的本發明的範圍內。Although the aspect of the present invention has been particularly shown and described with reference to the above embodiments, those skilled in the art will understand that without departing from the spirit and scope of the disclosure, it is possible to modify the disclosed machine, Systems and methods contemplate various additional embodiments. Such embodiments should be understood to fall within the scope of the present invention determined based on the scope of the patent application and any equivalents thereof.

100‧‧‧單向檔案轉移系統100‧‧‧One-way file transfer system

102‧‧‧資料二極體 102‧‧‧Data Diode

104‧‧‧發送器網路 104‧‧‧Transmitter Network

106‧‧‧接收器網路 106‧‧‧ Receiver Network

108‧‧‧網路流量源 108‧‧‧ network traffic source

110‧‧‧網路流量目的地 110‧‧‧ network traffic destination

202‧‧‧資料二極體發送器 202‧‧‧Data Diode Transmitter

204‧‧‧資料二極體接收器 204‧‧‧Data Diode Receiver

302‧‧‧檔案清單 302‧‧‧File list

400‧‧‧方法 400‧‧‧Method

402、404、406‧‧‧步驟 402, 404, 406‧‧‧ steps

圖1是根據本發明的實施例,一種用於將資料自發送器網路單向性轉移至接收器網路的單向檔案轉移系統的示意圖。FIG. 1 is a schematic diagram of a one-way file transfer system for unidirectionally transferring data from a sender network to a receiver network according to an embodiment of the present invention.

圖2是根據本發明的實施例,單向檔案轉移系統的組件的示意性表示。 Figure 2 is a schematic representation of the components of a one-way archive transfer system according to an embodiment of the invention.

圖3是根據本發明的實施例,自資料二極體發送器發送的檔案清單的實例。 3 is an example of a file list sent from a data diode transmitter according to an embodiment of the present invention.

圖4是根據本發明的實施例,一種用於將檔案自發送器網路單向性轉移至接收器網路的方法的示意性流程圖。 4 is a schematic flowchart of a method for unidirectionally transferring files from a sender network to a receiver network according to an embodiment of the present invention.

Claims (20)

一種用於在發送器網路與接收器網路之間單向性轉移檔案的系統,所述系統包括: 資料二極體,被配置成在所述發送器網路與所述接收器網路之間提供單向鏈路,所述資料二極體包括; 資料二極體發送器;以及 資料二極體接收器,所述資料二極體接收器可通訊地耦合至所述資料二極體發送器用於將檔案自所述資料二極體發送器單向性轉移至所述資料二極體接收器,其中每一檔案利用檔案辨識符進行辨識; 其中所述資料二極體發送器被配置成向所述資料二極體接收器發送檔案清單,所述檔案清單包括將經由所述資料二極體發送的所有檔案的檔案辨識符,且所述資料二極體接收器被配置成基於將所接收檔案的所述檔案辨識符與存在於所述檔案清單中的所述檔案辨識符進行比較而偵測一或多個檔案的遺失。A system for unidirectionally transferring files between a sender network and a receiver network, the system includes: A data diode configured to provide a unidirectional link between the transmitter network and the receiver network, the data diode comprising; Data diode transmitter; and Data diode receiver communicably coupled to the data diode transmitter for unidirectionally transferring files from the data diode transmitter to the data diode Volume receiver, where each file is identified using a file identifier; Wherein the data diode transmitter is configured to send a file list to the data diode receiver, the file list includes file identifiers of all files to be sent via the data diode, and the data diode The data diode receiver is configured to detect the loss of one or more files based on comparing the file identifier of the received file with the file identifier present in the file list. 如申請專利範圍第1項所述的系統,其中所述資料二極體發送器被配置成向所述資料二極體接收器發送所述檔案清單的預定次數。The system of claim 1, wherein the data diode transmitter is configured to send the archive list a predetermined number of times to the data diode receiver. 如申請專利範圍第2項所述的系統,其中所述資料二極體發送器被配置成向所述資料二極體接收器周期性地發送所述檔案清單。The system according to item 2 of the patent application scope, wherein the data diode transmitter is configured to periodically send the archive list to the data diode receiver. 如申請專利範圍第1項所述的系統,其中所述檔案辨識符是檔案名稱及檔案編號中的至少一者。The system according to item 1 of the scope of patent application, wherein the file identifier is at least one of a file name and a file number. 如申請專利範圍第1項所述的系統,其中所述資料二極體接收器在偵測到所述一或多個檔案的遺失時更被配置成產生含有所述一或多個檔案的所述檔案辨識符的日誌。The system of claim 1, wherein the data diode receiver is further configured to generate a file containing the one or more files when the loss of the one or more files is detected. A log describing the file identifier. 如申請專利範圍第1項所述的系統,其中所述資料二極體接收器在偵測到所述一或多個檔案的遺失時更被配置成產生指示所述一或多個檔案的所述遺失的警報消息。The system of claim 1, wherein the data diode receiver is further configured to generate an address indicating the one or more files when the loss of the one or more files is detected. The missing alert message is described. 如申請專利範圍第6項所述的系統,其中所述警報消息包括在將檔案自所述資料二極體發送器轉移至所述資料二極體接收器期間遺失的所述一或多個檔案的所述檔案辨識符。The system of claim 6, wherein the alert message includes the one or more files that were lost during the transfer of files from the data diode transmitter to the data diode receiver The file identifier of. 如申請專利範圍第6項所述的系統,其中所述警報消息利用簡單郵件轉移協定或系統日誌被傳遞至可通訊地耦合至所述資料二極體的使用者裝置或監測單元。The system of claim 6, wherein the alert message is delivered to a user device or monitoring unit communicatively coupled to the data diode using a simple mail transfer protocol or a system log. 如申請專利範圍第6項所述的系統,其中所述警報消息是用於觸發對在將檔案自所述資料二極體發送器轉移至所述資料二極體接收器期間遺失的所述一或多個檔案的重新傳送。The system according to item 6 of the patent application, wherein the alert message is used to trigger a response to the one that was lost during the transfer of files from the data diode transmitter to the data diode receiver. Or resend multiple files. 如申請專利範圍第7項所述的系統,其中對所述一或多個檔案的所述重新傳送是利用所述一或多個檔案的所述檔案辨識符觸發。The system of claim 7, wherein the retransmission of the one or more files is triggered using the file identifier of the one or more files. 一種利用資料二極體將檔案自發送器網路單向性轉移至接收器網路的方法,所述資料二極體包括資料二極體發送器以及資料二極體接收器,所述方法包括: 由所述資料二極體接收器接收檔案清單,所述檔案清單包括將經由所述資料二極體發送的所有檔案的檔案辨識符; 由所述資料二極體接收器在單向鏈路上自所述資料二極體發送器接收所述檔案;以及 由所述資料二極體接收器基於將所接收檔案的所述檔案辨識符與存在於所述檔案清單中的所述檔案辨識符進行比較而偵測一或多個檔案的遺失。A method for unidirectionally transferring a file from a transmitter network to a receiver network using a data diode, the data diode includes a data diode transmitter and a data diode receiver, and the method includes : Receiving a file list by the data diode receiver, the file list including file identifiers of all files to be sent via the data diode; Receiving said file by said data diode receiver from said data diode transmitter on a unidirectional link; and Loss of one or more files is detected by the data diode receiver based on comparing the file identifier of the received file with the file identifier present in the file list. 如申請專利範圍第11項所述的方法,其中接收所述檔案清單包括接收所述檔案清單的預定次數。The method of claim 11, wherein receiving the archive list includes receiving the archive list a predetermined number of times. 如申請專利範圍第11項所述的方法,其中接收所述檔案清單包括周期性地接收所述檔案清單。The method of claim 11, wherein receiving the archives list includes periodically receiving the archives list. 如申請專利範圍第11項所述的方法,其中所述檔案辨識符是檔案名稱及檔案編號中的至少一者。The method according to item 11 of the patent application scope, wherein the file identifier is at least one of a file name and a file number. 如申請專利範圍第11項所述的方法,更包括在偵測到所述一或多個檔案的遺失時產生含有所述一或多個檔案的所述檔案辨識符的日誌。The method according to item 11 of the patent application scope further comprises generating a log containing the file identifier of the one or more files when the loss of the one or more files is detected. 如申請專利範圍第11項所述的方法,更包括在偵測到所述一或多個檔案的遺失時產生指示所述一或多個檔案的所述遺失的警報消息。The method according to item 11 of the patent application scope further comprises generating an alarm message indicating the loss of the one or more files when the loss of the one or more files is detected. 如申請專利範圍第16項所述的方法,其中所述警報消息包括在將檔案自所述資料二極體發送器轉移至所述資料二極體接收器期間遺失的所述一或多個檔案的所述檔案辨識符。The method of claim 16, wherein the alert message includes the one or more files that were lost during the transfer of files from the data diode transmitter to the data diode receiver The file identifier of. 如申請專利範圍第16項所述的方法,其中所述警報消息利用簡單郵件轉移協定或系統日誌被傳遞至可通訊地耦合至所述資料二極體的使用者裝置或監測單元。The method of claim 16, wherein the alert message is delivered to a user device or a monitoring unit communicatively coupled to the data diode using a simple mail transfer protocol or a system log. 如申請專利範圍第16項所述的方法,其中所述警報消息是用於觸發對在將檔案自所述資料二極體發送器轉移至所述資料二極體接收器期間遺失的所述一或多個檔案的重新傳送。The method according to item 16 of the patent application scope, wherein the alert message is used to trigger a response to the first Or resend multiple files. 如申請專利範圍第19項所述的方法,其中對所述一或多個檔案的所述重新傳送是利用所述一或多個檔案的所述檔案辨識符觸發。The method of claim 19, wherein the retransmission of the one or more files is triggered using the file identifier of the one or more files.
TW107140467A 2018-01-05 2018-11-14 System and method for unidirectional transfer of file TWI771523B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SG10201800126VA SG10201800126VA (en) 2018-01-05 2018-01-05 Detection of file loss in a one-way file transfer system
SG10201800126V 2018-01-05

Publications (2)

Publication Number Publication Date
TW201931833A true TW201931833A (en) 2019-08-01
TWI771523B TWI771523B (en) 2022-07-21

Family

ID=67144223

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107140467A TWI771523B (en) 2018-01-05 2018-11-14 System and method for unidirectional transfer of file

Country Status (3)

Country Link
SG (1) SG10201800126VA (en)
TW (1) TWI771523B (en)
WO (1) WO2019135708A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111107536B (en) * 2019-12-30 2022-07-26 联想(北京)有限公司 User plane function forwarding method, device, system and storage medium

Family Cites Families (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US9678921B2 (en) * 2012-03-21 2017-06-13 Owl Computing Technologies, Llc Method and apparatus for data transfer reconciliation
KR101334240B1 (en) * 2012-09-20 2013-11-28 한국전력공사 System for transferring data only in one direction
US9575987B2 (en) * 2014-06-23 2017-02-21 Owl Computing Technologies, Inc. System and method for providing assured database updates via a one-way data link

Also Published As

Publication number Publication date
SG10201800126VA (en) 2019-08-27
TWI771523B (en) 2022-07-21
WO2019135708A1 (en) 2019-07-11

Similar Documents

Publication Publication Date Title
US11368437B2 (en) Method and apparatus for repercussion-free unidirectional transfer of data to a remote application server
Lonvick The BSD syslog protocol
US8495736B2 (en) Method and apparatus for providing information assurance attributes through a data providence architecture
CN1787495B (en) Reliably transferring queued application messages
CN105282138B (en) Interest return control message
CN101707608A (en) Method and device for automatically testing application layer protocol
CN107733581B (en) Rapid internet asset feature detection method and device based on whole network environment
US8351605B2 (en) Stealth message transmission in a network
CN112839083B (en) Data transmission method and device and readable storage medium
WO2010099754A1 (en) Log information transmission method and apparatus
US20110038378A1 (en) Techniques for using the network as a memory device
US20150296037A1 (en) Pushlet instant messaging framework and pushlet instant messaging method
CN105814861B (en) Apparatus and method for transmitting data
JP4170301B2 (en) DoS attack detection method, DoS attack detection system, and DoS attack detection program
US20100017485A1 (en) Enforcing conformance in email content
TWI771523B (en) System and method for unidirectional transfer of file
WO2011153582A1 (en) Electronic messaging recovery engine
JP2020092318A (en) Relay device, relay method, and computer program
JP4977060B2 (en) Trail management system, transmission device, and reception device
JP4631668B2 (en) Electronic document management apparatus and electronic document management program
CN109155792B (en) Updating a transport stack in a content-centric network
CN105471839A (en) Method for judging whether router data is tampered
JP2014021509A (en) Fraudulence detection system, terminal unit, fraudulence sensing device, computer program, and fraudulence detection method
JP6095718B2 (en) Loop mail detection system, loop mail detection device, loop mail detection method, and program
KR102052388B1 (en) Apparatus for ARQ operation based on MPEG media transport and ARQ operation method