CN1929490A - No-feedback one-way transmitted physical isolation method - Google Patents
No-feedback one-way transmitted physical isolation method Download PDFInfo
- Publication number
- CN1929490A CN1929490A CN 200610140541 CN200610140541A CN1929490A CN 1929490 A CN1929490 A CN 1929490A CN 200610140541 CN200610140541 CN 200610140541 CN 200610140541 A CN200610140541 A CN 200610140541A CN 1929490 A CN1929490 A CN 1929490A
- Authority
- CN
- China
- Prior art keywords
- data
- computer
- program
- sending
- operates
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Communication Control (AREA)
Abstract
This invention relates to physical isolation method without single transmission data feedback, which can transmit data by single direction, wherein, the send host sends data and receive host receives data not able for transmitting data from physical part. This method can solve single transmission data lost problem through formula, wherein, the receive host can find error and alarm without error memory data used for single transmitting data from open network.
Description
(1) technical field
The present invention relates to a kind of physical isolation method of no-feedback one-way transmission, is the information security method of a kind of confidentiality, integrality and high availability.
(2) background technology
Along with the popularization of project of government's surfing the net, E-Government and government's online working and deeply, the content of increasing government is transferred on computer and the network from traditional paper.The system that relates to state secret information has just become the concerning security matters system, and the network that relates to state secret information has become the concerning security matters network.In order to guarantee the confidentiality of concerning security matters system and concerning security matters network, statutory regulation concerning security matters system and concerning security matters network must carry out physical isolation with other network.
The most crucial problem of information security, computer security and network security is exactly a privacy concerns.Promptly protect computer, information system and network, prevent from not expect the information leakage that takes place.Especially the secret information of government.Privacy concerns is not only the secret information of government, enterprise's business secret, and individual privacy, intellectual property etc. all relate to privacy concerns.Do not wish to take place information leakage, all belong to the category of confidentiality.
A kind of way of maintaining secrecy is that this content of maintaining secrecy is stashed, and other people can't find and obtain the information that will maintain secrecy.Concrete measure is, concerning security matters network and concerning security matters system physical are isolated, and other networks such as inaccurate and the Internet are directly or indirectly networked.When needs are imported data to the concerning security matters system, by portability move medias such as floppy disk, USB, portable hard drives, arrive first in the non-concerning security matters system copies data to move media, then move media is taken away from non-concerning security matters system, manually carry and be inserted in the concerning security matters system, again data are copied in the concerning security matters system.
The greatest problem of this method is, the action of artificial plug can not automation, and exchanges data efficient is low.Simultaneously, also not exclusively possible.In a single day move media inserts the concerning security matters system, and the concerning security matters medium has also become the concerning security matters medium, can not be again uses in non-concerning security matters system.How many move medias a large amount of transferring datas needs, and how these media are managed all is problem.
More complicated way is a gateway, and a kind of Network Isolation and information of manually copying the realization of dish mechanism simulated is changed system.Gateway adopted isolation framework, agreement peel off, use peel off, reduction of data, credible exchange, authentication, Content inspection and filtration, technology such as digital signature have undoubtedly than higher fail safe, if but have the two-way exchange of data, just can not get rid of the possibility of divulging a secret theoretically.
Another method is that data are carried out one-way transmission.Promptly can only transmit data to classified network from non-classified network, can not be from classified network to non-classified network transmission data.There is a problem in one-way transmission in theory, and promptly transmit leg does not know whether reciever successfully accepts data, owing to can not confirm that theoretically, one-way transmission is unreliable, does not have availability.
In order to solve the availability issue of one-way transmission, the method for a lot of compromises has appearred, as little channel feedback (4bit or lbit), channel feedback independently, hardware channel feedback etc.In theory, as long as feedback is arranged, just there is the channel of diving.The size of latent channel, the extent of injury has difference, does not also all have thoroughly to get rid of the possibility of reveal information.
Need a kind of one-way transmission method of not having feedback, both guaranteed physical isolation, also have availability simultaneously, can be in real time from non-concerning security matters system to concerning security matters system transmissions data, simultaneously can not be from the concerning security matters system to non-concerning security matters system transmissions data.Consider secret generality, the low-cost implementation method on existing infrastructure is significant.There was not the research of this respect in the past.
The physical isolation method of no-feedback one-way transmission produces under such technical background.
(3) summary of the invention
The present invention relates to a kind of physically-isolated building method of no-feedback one-way transmission, to satisfy the special requirement of confidentiality, integrality and high availability in physical isolation system or the network.This method comprises carries out the redundant correcting coding to data waiting for transmission, sends data, accepts data, carries out the redundant correcting decoding to accepting data, finds when introducing mistake in the transmission course, and mistake is reported to the police, storage data during inerrancy.
(4) description of drawings
Fig. 1 describes a kind of flow chart of physical isolation method of one-way transmission.
Fig. 2 describes a kind of circuit of the one-way transmission parts based on the ether medium.
Fig. 3 describes a kind of flow chart of method of one-way transmission data.
Fig. 4 describes a kind of flow chart of redundant correcting algorithm.
(5) embodiment
Fig. 1 describes a kind of flow chart of physical isolation method of one-way transmission.Unidirectional transmission system comprises a transmission main frame, and one-way transmission parts are accepted main frame for one.
(1) sends main frame
Sending main frame can be any common computer.As PC, industrial computer, work station, server etc.Sending main frame also can be the processor of special purpose.As embedded computer, digital signal processing appts, microcontroller etc.Any computer comprises input/output port, and wherein output port is the ether medium, can.
(2) one-way transmission parts
The one-way transmission parts are passive circuit and two ether RJ45 interfaces of a special use.RJ45 indicates "+" machine and "-" symbol.Permit data and transmit data to "-" direction from "+", but from physically just not transmitting data to "+" direction from "-".
Fig. 2 has described the circuit diagram of one-way transmission parts.
(3) receive main frame
Receiving main frame can be any common computer.As PC, industrial computer, work station, server etc.Receiving main frame also can be the processor of special purpose.As embedded computer, digital signal processing appts, microcontroller etc.Any computer comprises input/output port, and wherein input port is the ether medium, can.
Receiving computer can not send data to sending computer, therefore, is physical isolation truly.
Receiving computer also comprises an alarm appliance.Can directly get final product with the loudspeaker on the PC.Also can connect a display, error message is directly printed on the screen.Also error message can be write on the storage medium.
(4) method of work
Fig. 3 has described a kind of flow chart of one-way data transmission method.
4.1 transmission synchronizing information
The first step of the method that Fig. 3 describes is to send synchronizing information.
Because the one-way transmission and the physical isolation characteristic of one-way transmission parts receive main frame and can't send information to sending main frame, therefore send main frame and know the state that receives main frame never.The computer of present main flow all is the interrupt requests working method that adopts, and is in busy operating state if receive main frame, and this is to send main frame to send data, and the reception main frame just may be handled and not come over, thereby produces mistake or obliterated data.
The present invention provides a kind of method for synchronous.It is the transmit leg of synchronizing information that this method for synchronous regulation sends main frame, sends main frame and formulates synchronizing information according to the task of transmission situation.
Synchronizing information of the present invention, regulation regularly sends synchronizing information according to certain Fixed Time Interval.
4.2 receiving synchronous information
Second step of the method that Fig. 3 describes is a receiving synchronous information.
It is the recipient of synchronizing information that a kind of method for synchronous that the present invention provides, regulation receive main frame, receives main frame and receives unconditional following after the synchronizing information.
Receive main frame after losing synchronizing information, the system that unconditionally guarantees immediately receiving synchronous information is not received any interference, promptly has the highest priority.
4.3 carry out the redundant correcting coding to sending data
The 3rd step of the method that Fig. 3 describes is that data to be sent are carried out the redundant correcting coding.
One-way transmission does not have reliability to guarantee theoretically, and the meeting obliterated data can be introduced mistake, does not therefore possess availability.
The present invention can obliterated data be a prerequisite with one-way transmission, introduces one group of redundant correcting encryption algorithm.Fig. 4 has described the flow chart of this algorithm.This algorithm, at first data are carried out piecemeal, every size is consistent, and chooses the N blocks of data and forms one group, every group of data are carried out parity check (B), choose N group data, from every group of data, choose one in order, form one again sequentially and newly organize, it also is the N group, each data of new group is being carried out parity check (P), and the parity data combination with twice produces data to be sent.
The redundant correcting algorithm is realized redundant characteristic by twice parity check, has very high error correcting capability.
4.4 transmission data
The 4th step of the method that Fig. 3 describes is to send data.
What send the main frame transmission is through the redundant correcting coded data.Router itself also carries out error checking to sending data, and data may comprise parity bit (parity bit), check code (checksum), error detection code (error detection code) and error correcting code (error correctioncode) etc.But this undercapacity can not replace the 4.3 redundant correcting encryption algorithms of carrying can guarantee the correctness of data.
Router is signed to sending data, sends to the reception main frame.
After data send, because can not send data to the transmission main frame from receiving main frame on the system physical, because do not receive the function of affirmation.No matter mistake can or can not occur, remaining work is given the redundant correcting decoding algorithm and is gone to finish.
4.5 reception data
The 5th step of the method that Fig. 3 describes is to receive data.
After the reception main frame is received data, confirm whether signature is correct,, be considered as attacking, abandon data if incorrect.
Data after signature is correct, reception program itself is also carried out error checking to receiving data, and data may comprise parity bit (parity bit), check code (checksum), error detection code (error detection code) and error correcting code (error correction code) etc.But this undercapacity can not replace the 4.6 redundant correcting decoding algorithms of carrying can guarantee the correctness of data.
4.6 carry out the redundant correcting decoding to receiving data
The 6th step of the method that Fig. 3 describes is to receiving that data carry out the redundant correcting decoding.
After the data that the reception program is received, carry out the redundant correcting decoding, the reduction initial data.
The present invention can obliterated data be a prerequisite with one-way transmission, introduces one group of redundant correcting decoding algorithm.Decoding algorithm is the reverse process that Fig. 4 has described encryption algorithm.The redundant correcting algorithm is realized redundant characteristic by twice parity check, has very high error correcting capability.
4.7 discovery mistake
The 7th step of the method that Fig. 3 describes is to find mistake.
Although the present invention has very strong redundant correcting ability, under many circumstances, data send mistake may occur, as ageing equipment, equipment fault, power failure or environmental interference etc., in this case, bust this.Data transmission fails need clearly be found data transmission fails, avoids system to be in nondeterministic statement.
Find mistake, mainly comprise the redundant correcting decoding find data be wrong be bust this, the reception program finds that receiving data itself imperfect is bust this, the reception program is overtime in a synchronous regime to be bust this etc.
4.8 false alarm
The 8th step of the method that Fig. 3 describes is an error message warning.
After finding mistake, carry out false alarm.
The mode of false alarm comprises, mistake is write daily record, prints on the screen or by receiving the forms such as audible alarm of main frame.
4.9 storage data
The 9th step of the method that Fig. 3 describes is the storage data.
When not finding mistake,, be stored in the storage medium of appointment to the data of correct reception.
4.10 other specific implementation
Except the mode of Fig. 1, consider the consideration of aspects such as electromagnetic radiation leakage, a kind of specific implementation way of the present invention is placed on two main frames and one-way transmission parts within the cabinet, promptly comprises two computer motherboards and one-way transmission parts in a cabinet.Also can be grafted directly to the one-way transmission parts on the ether medium or the line preface of ether line on.
Under the situation that does not break away from spirit of the present invention and fundamental characteristics, the present invention may have the multiple form of expression, unless so should be appreciated that certain illustrated, the above embodiments are not limited by previously described any details, explain widely but be construed as within the defined such spirit and scope of claim.Therefore corrigendum and the modification within the claim scope, and other equivalence transformation within this scope is also included among the claim.
Claims (6)
- One kind be applicable between two networks or two systems between the physical isolation method of no-feedback one-way transmission, this method comprises:(1) sends synchronizing information;(2) accept synchronizing information;(3) carry out the redundant correcting coding to sending data;(4) send data;(5) accept data;(6) carry out the redundant correcting decoding to receiving data;When (7) mistake occurring, reciever can carry out mistake and find;(8) reciever provides the warning message that reports an error when finding mistake;(9) inerrancy time storage data.
- 2. the data of this method send and accept, and finish by the transmission ether protocol media of computer standard configuration.
- 3. the data format of this method transmission and acceptance is an Ether frame.
- 4. a unidirectional transmission system comprises: two main frames.(1) one one sends data computer;(2) program that operates on the sending computer is carried out the redundant correcting coding;(3) program that operates on the sending computer is carried out signature function to sending data;(4) program that operates on the sending computer is carried out sending function;Accept data computer for (5) one ones;(6) operate in the program execution of accepting on the computer and accept function;(7) program that operates on the receiving computer is carried out certifying signature;(8) program that operates on the receiving computer is carried out the redundant correcting decoding;(9) program that operates on the receiving computer is carried out the warning function of makeing mistakes;Memory function when (10) operating in program on the receiving computer and carry out inerrancy.
- 5. this system also comprises one-way transmission parts, and two computers are connected by the one-way data transmission part.(1) the one-way transmission parts have directivity;(2) the one-way transmission parts have the RJ45 interface;(3) can send data to "-" from "+";(4) physically can not send data to "+" from "-".
- 6. this system is placed on two computer motherboards and one-way transmission parts in the casing.(1) externally anti-electromagnetic radiation disturbs;(2) internally anti-electromagnetic radiation leaks.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610140541XA CN1929490B (en) | 2006-10-17 | 2006-10-17 | No-feedback one-way transmitted physical isolation method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200610140541XA CN1929490B (en) | 2006-10-17 | 2006-10-17 | No-feedback one-way transmitted physical isolation method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1929490A true CN1929490A (en) | 2007-03-14 |
| CN1929490B CN1929490B (en) | 2010-09-08 |
Family
ID=37859274
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200610140541XA Expired - Fee Related CN1929490B (en) | 2006-10-17 | 2006-10-17 | No-feedback one-way transmitted physical isolation method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1929490B (en) |
Cited By (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771716A (en) * | 2008-12-29 | 2010-07-07 | 深圳市维信联合科技有限公司 | E-mail synchronous receiving method and system |
| CN101829480A (en) * | 2010-05-25 | 2010-09-15 | 中电投远达环保工程有限公司 | Power plant desulfurization operation condition real time data interface device and transmission method |
| CN101771624B (en) * | 2008-12-29 | 2011-12-28 | 深圳市维信联合科技有限公司 | E-mail synchronous sending method and system |
| CN101789866B (en) * | 2010-02-03 | 2012-06-13 | 国家保密科学技术研究所 | High-reliability safety isolation and information exchange method |
| CN102710638A (en) * | 2012-05-31 | 2012-10-03 | 广东电网公司电力科学研究院 | Device and method for isolating data by adopting non-network manner |
| CN101771674B (en) * | 2008-12-29 | 2013-09-04 | 深圳市维信联合科技有限公司 | Signal processing method, device and signal processing system |
| CN110809138A (en) * | 2019-11-19 | 2020-02-18 | 北京国保金泰信息安全技术有限公司信息安全技术研究中心 | Video one-way transmission system based on no feedback light |
| CN112200980A (en) * | 2020-10-12 | 2021-01-08 | 天津市中环电子计算机有限公司 | Smart phone storage cabinet capable of identifying mobile phone incoming call and implementation method thereof |
| CN112217943A (en) * | 2020-10-12 | 2021-01-12 | 天津市中环电子计算机有限公司 | Smart phone storage cabinet capable of automatically identifying mobile phone incoming call and implementation method thereof |
| CN113765582A (en) * | 2021-10-25 | 2021-12-07 | 江苏云涌电子科技股份有限公司 | System and method for realizing one-way transmission data of domestic-design redundant optical port |
| CN115314544A (en) * | 2022-08-05 | 2022-11-08 | 成都卫士通信息产业股份有限公司 | TCP data one-way transmission method, device, equipment and medium |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2703366Y (en) * | 2004-05-08 | 2005-06-01 | 青岛金弘测控技术发展有限公司 | Single direction transmission gateway for computer network |
-
2006
- 2006-10-17 CN CN200610140541XA patent/CN1929490B/en not_active Expired - Fee Related
Cited By (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101771716A (en) * | 2008-12-29 | 2010-07-07 | 深圳市维信联合科技有限公司 | E-mail synchronous receiving method and system |
| CN101771624B (en) * | 2008-12-29 | 2011-12-28 | 深圳市维信联合科技有限公司 | E-mail synchronous sending method and system |
| CN101771674B (en) * | 2008-12-29 | 2013-09-04 | 深圳市维信联合科技有限公司 | Signal processing method, device and signal processing system |
| CN101789866B (en) * | 2010-02-03 | 2012-06-13 | 国家保密科学技术研究所 | High-reliability safety isolation and information exchange method |
| CN101829480A (en) * | 2010-05-25 | 2010-09-15 | 中电投远达环保工程有限公司 | Power plant desulfurization operation condition real time data interface device and transmission method |
| CN102710638A (en) * | 2012-05-31 | 2012-10-03 | 广东电网公司电力科学研究院 | Device and method for isolating data by adopting non-network manner |
| CN110809138A (en) * | 2019-11-19 | 2020-02-18 | 北京国保金泰信息安全技术有限公司信息安全技术研究中心 | Video one-way transmission system based on no feedback light |
| CN110809138B (en) * | 2019-11-19 | 2021-07-30 | 北京国保金泰信息安全技术有限公司信息安全技术研究中心 | Video one-way transmission system based on no feedback light |
| CN112200980A (en) * | 2020-10-12 | 2021-01-08 | 天津市中环电子计算机有限公司 | Smart phone storage cabinet capable of identifying mobile phone incoming call and implementation method thereof |
| CN112217943A (en) * | 2020-10-12 | 2021-01-12 | 天津市中环电子计算机有限公司 | Smart phone storage cabinet capable of automatically identifying mobile phone incoming call and implementation method thereof |
| CN113765582A (en) * | 2021-10-25 | 2021-12-07 | 江苏云涌电子科技股份有限公司 | System and method for realizing one-way transmission data of domestic-design redundant optical port |
| CN115314544A (en) * | 2022-08-05 | 2022-11-08 | 成都卫士通信息产业股份有限公司 | TCP data one-way transmission method, device, equipment and medium |
| CN115314544B (en) * | 2022-08-05 | 2023-12-15 | 成都卫士通信息产业股份有限公司 | TCP data unidirectional transmission method, device, equipment and medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1929490B (en) | 2010-09-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1929490A (en) | No-feedback one-way transmitted physical isolation method | |
| CN1739098A (en) | State recovery and failover of intelligent network adapters | |
| CN104363221A (en) | Network safety isolation file transmission control method | |
| CN1703881A (en) | Integrated circuit and method for establishing affair | |
| CN1842075A (en) | Using subqueues to enhance local message processing | |
| CN1819560A (en) | Message serial number inspection and inspector with multi-unit transmission | |
| WO2010099653A1 (en) | Signal encoding method and apparatus, and combination feedback signal encoding method | |
| CN109189749B (en) | File synchronization method and terminal equipment | |
| CN106534190A (en) | Data capture transmission method and system of intranet and extranet based on two-dimensional bar code | |
| CN101022473B (en) | Method for automatic, identifying plate card configration and generating local data in exchanger | |
| EP1700224B1 (en) | Receiver corporation | |
| CN100346603C (en) | Method and apparatus for updating group member views in group communication systems | |
| CN106992987A (en) | A kind of information transmission equipment and method based on USB | |
| CN1909551A (en) | Data exchanging method based on Web service | |
| CN111475867A (en) | General safety cooperation system | |
| CN102325025B (en) | Data processing method and system for verifying provision source authenticity | |
| CN1976259A (en) | Directive non-feedback optical fiber one-way transmitting physica isolating method | |
| CN101052034A (en) | Method and system for transmitting network event journal protocol message | |
| US9203607B2 (en) | Keyless challenge and response system | |
| US7657650B2 (en) | Reliable and efficient data transfer over serial port | |
| CN1901492A (en) | Communication method via bus interface in network and and system thereof | |
| CN1956415A (en) | Method for reducing redirected message characteristic information | |
| CN110381095B (en) | System on chip, equipment and communication system | |
| CN1783881A (en) | Mechanism for binding a structured data protocol to a protocol offering up byte streams | |
| CN1838568A (en) | Apparatus, system, and method for detecting a fibre channel miscabling event |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Assignee: China Net Communication Net Co., Ltd. Assignor: NetChina Information Technology Co., Ltd. Contract record no.: 2010110000213 Denomination of invention: No-feedback one-way transmitted physical isolation method Granted publication date: 20100908 License type: Exclusive License Open date: 20070314 Record date: 20101209 |
|
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20100908 Termination date: 20151017 |
|
| EXPY | Termination of patent right or utility model |