CN104601575A - One-way safety isolation net gap based data transmission method and system - Google Patents
One-way safety isolation net gap based data transmission method and system Download PDFInfo
- Publication number
- CN104601575A CN104601575A CN201510024466.XA CN201510024466A CN104601575A CN 104601575 A CN104601575 A CN 104601575A CN 201510024466 A CN201510024466 A CN 201510024466A CN 104601575 A CN104601575 A CN 104601575A
- Authority
- CN
- China
- Prior art keywords
- treatment facility
- data
- security level
- network terminal
- level network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000002955 isolation Methods 0.000 title claims abstract description 105
- 230000005540 biological transmission Effects 0.000 title claims abstract description 81
- 238000000034 method Methods 0.000 title claims abstract description 73
- 239000012634 fragment Substances 0.000 claims description 71
- 230000008569 process Effects 0.000 claims description 26
- 238000012546 transfer Methods 0.000 claims description 10
- 238000012545 processing Methods 0.000 abstract description 9
- 238000004891 communication Methods 0.000 abstract description 6
- 238000005516 engineering process Methods 0.000 description 6
- 230000003993 interaction Effects 0.000 description 6
- 230000000694 effects Effects 0.000 description 5
- 230000007246 mechanism Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 2
- 230000006399 behavior Effects 0.000 description 2
- 238000012512 characterization method Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000005538 encapsulation Methods 0.000 description 2
- 230000001737 promoting effect Effects 0.000 description 2
- 238000003860 storage Methods 0.000 description 2
- 238000005520 cutting process Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 239000000203 mixture Substances 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000009467 reduction Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
- 238000004088 simulation Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Mobile Radio Communication Systems (AREA)
Abstract
The invention discloses a one-way safety isolation net gap based data transmission method and system. The one-way safety isolation net gap based data transmission method comprises the steps that a first processing device and a low-security-classification network terminal establish communication relation through a TCP connecting request; the first processing device receives data information sent by the low-security-classification network terminal; the first processing device transmits the data information to a second processing device; the second processing device and a high-security-classification network terminal establish communication relation through a TCP connecting request and then the second processing device sends the received data information sent to the high-security-classification network terminal. The problem that the low-security-classification network terminal and the high-security-classification network terminal cannot perform TCP data transmission through a one-way safety isolation net gap in the prior art is solved by means of the one-way safety isolation net gap based data transmission method.
Description
Technical field
The present invention relates to internet arena, in particular to a kind of data transmission method based on one-way safety isolation gap and system.
Background technology
Adopt the one-way transmission technology without feedback can ensure data sheet to from Low Security Level network flow to High Security Level network, solve the problem that the High Security Level network information in transfer of data is revealed.One-way safety isolation gap has the characteristic being similar to diode unilateal conduction, and it adopts hardware structure design that data only from the outer net Low Security Level network terminal and non-trusted end, can be transferred to the High Security Level network terminal and namely trust end.One-way safety isolation gap can from the absolute one-way flow of physical link layer, transport layer guarantee data.But, just because of the one-way flow of information, the any type of feedback signal making the Low Security Level network terminal in transfer of data can not receive the High Security Level network terminal to send, therefore, all needs communication protocol confirmed of " shaking hands " all can lose meaning in the unidirectional import system of information.
Transmission Control Protocol be a kind of connection-oriented, reliable, based on the transport layer communication protocol of byte stream.TCP need through three-way handshake when connecting, namely client and server through syn and ack mutual after, can connect.Because one-way safety isolation gap does not have backtrack mechanism, data can not by High Security Level network to Low Security Level Internet Transmission, therefore, when the Low Security Level network terminal and the High Security Level network terminal clearly specify use Transmission Control Protocol carry out data transmission or receive time, one-way safety isolation gap cannot realize the data ferry-boat of Transmission Control Protocol, and cannot guarantee the reliable arrival of data when the High Security Level network terminal does not do any information feed back.
The problem of the transfer of data of Transmission Control Protocol cannot be carried out for the Low Security Level network terminal in prior art and the High Security Level network terminal by one-way safety isolation gap, not yet propose effective solution at present.
Summary of the invention
Main purpose of the present invention is to provide a kind of data transmission method based on one-way safety isolation gap and system, cannot be carried out the problem of the transfer of data of Transmission Control Protocol to solve the Low Security Level network terminal and the High Security Level network terminal in prior art by one-way safety isolation gap.
To achieve these goals, according to an aspect of the embodiment of the present invention, a kind of data transmission method based on one-way safety isolation gap is provided.Data transmission method based on one-way safety isolation gap according to the present invention comprises: the first treatment facility and the Low Security Level network terminal set up correspondence by TCP connection request; First treatment facility receives the data message that the Low Security Level network terminal sends; Data message is transferred to the second treatment facility by isolation board by the first treatment facility; After the second treatment facility and the High Security Level network terminal set up correspondence by TCP connection request, the data message received is sent to the High Security Level network terminal by the second treatment facility.
To achieve these goals, according to the another aspect of the embodiment of the present invention, provide a kind of data transmission system based on one-way safety isolation gap.Data transmission system based on one-way safety isolation gap according to the present invention comprises: the first treatment facility, wherein, first treatment facility is used for the Low Security Level network terminal by TCP connection establishment correspondence, receive the data message that the Low Security Level network terminal sends, and data message is sent to isolation board; Isolation board, wherein, isolation board is used for the data message that the first treatment facility is sent to be one-way transmitted to the second treatment facility; Second treatment facility, wherein, the second treatment facility is used for setting up correspondence with the High Security Level network terminal by TCP connection request, and is sent to the High Security Level network terminal by receiving the data message transmitted by isolation board.
According to inventive embodiments, sent by the first treatment facility and the Low Security Level network terminal and set up TCP and be connected and receive the data message that the Low Security Level network terminal sends, by data information transfer to the second treatment facility received, the second treatment facility and the High Security Level network terminal are set up TCP and to be connected and by data information transfer to the High Security Level network terminal; Solve the Low Security Level network terminal and the High Security Level network terminal in prior art and cannot be carried out the problem of the transfer of data of Transmission Control Protocol by one-way safety isolation gap, reach the effect of the unidirectional ferry-boat of safety realizing Transmission Control Protocol based on one-way safety isolation gap.
Accompanying drawing explanation
The accompanying drawing forming a application's part is used to provide a further understanding of the present invention, and schematic description and description of the present invention, for explaining the present invention, does not form inappropriate limitation of the present invention.In the accompanying drawings:
Fig. 1 is the flow chart of the data transmission method based on one-way safety isolation gap according to the embodiment of the present invention one; And
Fig. 2 is the schematic diagram of the data transmission system based on one-way safety isolation gap according to the embodiment of the present invention two.
Embodiment
It should be noted that, when not conflicting, the embodiment in the application and the feature in embodiment can combine mutually.Below with reference to the accompanying drawings and describe the present invention in detail in conjunction with the embodiments.
The present invention program is understood better in order to make those skilled in the art person, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the embodiment of a part of the present invention, instead of whole embodiments.Based on the embodiment in the present invention, those of ordinary skill in the art, not making the every other embodiment obtained under creative work prerequisite, should belong to the scope of protection of the invention.
It should be noted that, term " first ", " second " etc. in specification of the present invention and claims and above-mentioned accompanying drawing are for distinguishing similar object, and need not be used for describing specific order or precedence.Should be appreciated that the data used like this can be exchanged, in the appropriate case so that embodiments of the invention described herein.In addition, term " comprises " and " having " and their any distortion, intention is to cover not exclusive comprising, such as, contain those steps or unit that the process of series of steps or unit, method, system, product or equipment is not necessarily limited to clearly list, but can comprise clearly do not list or for intrinsic other step of these processes, method, product or equipment or unit.
In the embodiment that the application provides, network is divided into High Security Level network and Low Security Level network according to level of confidentiality, the corresponding Intranet of High Security Level network, also can be described as and trusts end network, and the corresponding outer net of Low Security Level network, also can be described as non-trusted end network.In order to realize data sheet to from Low Security Level network ferry-boat to High Security Level network, be provided with one-way safety isolation gap between Low Security Level network and High Security Level network.The one-way safety isolation gap related in the present invention, also can be described as one-way safety shielding system, comprises isolation board, outer terminal and interior terminal.Wherein, outer terminal connects Low Security Level network, and interior terminal connects High Security Level network.Outer terminal is replaced with the first treatment facility, terminal in replacing with the second treatment facility in following examples.
Embodiment one
Embodiments provide a kind of data transmission method based on one-way safety isolation gap.
Fig. 1 is the flow chart of the data transmission method based on one-way safety isolation gap according to the embodiment of the present invention.As shown in Figure 1, step should be comprised based on the data transmission method of one-way safety isolation gap as follows:
Step S102, the first treatment facility and the Low Security Level network terminal set up correspondence by TCP connection request;
Concrete, in above-mentioned steps S102, first treatment facility is connected with Low Security Level network, and first the first treatment facility receives the TCP connection request that the Low Security Level network terminal sends, and then comes to set up correspondence with the Low Security Level network terminal by responding this TCP connection request;
Optionally, the step that the first treatment facility and the Low Security Level network terminal set up correspondence by TCP connection request comprises:
Step S201: receive the message that the Low Security Level network terminal is sent;
Step S202: the classification judging message, wherein, the classification of message at least comprises: the data of TCP connection request, Transmission Control Protocol encapsulation;
Step S203: if message is TCP connection request, then the first treatment facility responds this TCP connection request, connects with the Low Security Level network terminal;
To sum up, in the scheme that step S201 ~ S202 provides, first treatment facility judges the classification of the message received, and perform different operations according to the classification judged, especially at the first treatment facility when judging that this message is TCP connection request, this TCP connection request of the first treatment facility active response.By above-mentioned technological means, the first treatment facility that the program solves one-way safety isolation gap in prior art does not judge the classification of the message received, that all makes no exception is forwarded to the High Security Level network terminal to the message received, and cause when the Low Security Level network terminal sends the communication protocol that needs " shake hands ", due to the answer signal of High Security Level network terminal feedback and the problem that cannot connect can not be received.
Step S104, the first treatment facility receives the data message that the Low Security Level network terminal sends;
Concrete, in above-mentioned steps S104, establish after TCP is connected at the Low Security Level network terminal and the first treatment facility, the Low Security Level network terminal and the first treatment facility use Transmission Control Protocol interaction data, namely former data message to be sent is sent to the first treatment facility according to the form that Transmission Control Protocol requires by the Low Security Level network terminal, and the first treatment facility draws former data message according to Transmission Control Protocol reduction equally.Now, according to the transmission mechanism of Transmission Control Protocol, can confirm that the first treatment facility can receive the former data message of Low Security Level network transmission complete, reliably.
Step S106, data message is transferred to the second treatment facility by isolation board by the first treatment facility;
Concrete, in above-mentioned steps S106, isolation board is used for data to be one-way transmitted to the second treatment facility by the first treatment facility.Optionally, division board links the side connecing the first treatment facility only has data sending terminal, only there is data receiver the side connecting the second treatment facility, by unidirectional physical link, achieves data by the absolute one-way transmission of the first treatment facility to the second treatment facility.Secure isolation module is all had, for the unidirectional ferry-boat of data in first treatment facility and the second treatment facility.Optionally, isolate board and include but not limited to light one-way safety isolation board.
Step S108, after the second treatment facility and the High Security Level network terminal set up correspondence by TCP connection request, the data message received is sent to the High Security Level network terminal by the second treatment facility.
Concrete, in above-mentioned steps S108, first, second treatment facility and the High Security Level network terminal set up correspondence by TCP connection request, wherein, the foundation of this connection correspondence, starts from the TCP connection request that the second treatment facility initiatively sends to the High Security Level network terminal, the trigger condition of this TCP connection request can be the TCP connection request that the second treatment facility have received the first treatment facility forwarding, also can be the former data message that the second treatment facility have received the first treatment facility forwarding; Then, when after TCP connection establishment, the data message received is sent to the High Security Level network terminal by the second treatment facility, and the second treatment facility and the High Security Level network terminal use Transmission Control Protocol interaction data.
To sum up, in the scheme that step S102 to step S108 provides, first treatment facility has responded for the High Security Level network terminal TCP connection request that the Low Security Level network terminal sends, second treatment facility sends TCP connection request for the Low Security Level network terminal to the High Security Level network terminal, finally achieve by the Low Security Level network terminal, one-way safety isolation gap, in the system of High Security Level network terminal composition, Low Security Level network and High Security Level network still use Transmission Control Protocol to carry out the effect of data interaction, meet the High Security Level network terminal and the Low Security Level network terminal clearly to specify and use Transmission Control Protocol to carry out data sheet to the demand of ferrying.
Preferably, after execution step S106, also comprise according to the data transmission method based on one-way safety isolation gap that the embodiment of the present invention one provides:
Step S1071: the first treatment facility sends feedback message to the Low Security Level network terminal, and wherein, this feedback message is used for characterization data information and is successfully transmitted to the High Security Level network terminal.
Concrete, in above-mentioned steps S1071, the form of this feedback message, is arranged in advance by the first treatment facility and the Low Security Level network terminal; The effect of this feedback message, also depends on the setting of the Low Security Level network terminal, such as, after can being set as that the Low Security Level network terminal only receives this feedback message, just can send next data message.The reliability of this feedback message, receives the guarantee of Transmission Control Protocol and isolation board reliability.Concrete, due to the erroneous retransmissions mechanism of Transmission Control Protocol, make the tcp data between the Low Security Level network terminal and the first treatment facility, between the second treatment facility and the High Security Level network terminal mutual reliably complete.By the scheme that above-mentioned steps S1071 provides, achieve when data are only from Low Security Level network to High Security Level Internet Transmission, and High Security Level network is not when doing any information feed back, Transmission Control Protocol can be used to carry out data ferry-boat, and the reliable arrival of data can be guaranteed greatly;
Preferably, before execution step S106, also comprise according to the data transmission method based on one-way safety isolation gap that the embodiment of the present invention one provides:
Step S1051: the protocol format obtaining data message, judges whether data message meets protocol requirement, abandon the data message not meeting protocol requirement.Concrete, in above-mentioned steps S1051, first treatment facility need know the protocol format of application data in advance, such as: http protocol, Session Initiation Protocol, binary protocol etc., according to concrete protocol format, judge whether data message meets protocol requirement, discard processing is done to the data message not meeting protocol requirement, guarantee the fail safe of highly dense net; Wherein, step S1051 is optional and does not have the step of direct correlation with step S1052, before execution step S1052, can not perform S1051.
Step S1052: data message is carried out burst process, obtains the fragment data comprising data frame head, and sends in buffer queue by fragment data stored in first; Wherein, each length comprising the fragment data of data frame head is all less than MTU, and data frame head comprises number information and the burst size information of each fragment data.Wherein, first send buffer queue be preset in the first treatment facility, for storing the memory space of data treating to send to isolation board.Such as, the packet being greater than 1460 is carried out cutting, the large I of fragment data presets, and is numbered each fragment data.By in step S1052 to the burst process of data message, make the second treatment facility after receiving packet segment, can determine whether that the situation of packet loss occurs accurately, ensure the reliability of transmitting procedure.
Preferably, in above-mentioned steps S1052, data frame head comprise calculate the md5 value of each fragment data after the md5 check digit that obtains, and/or each fragment data is added that superfluous process obtains add superfluous position.Optionally, the first treatment facility calculates the md5 value of fragment data, and generates the md5 check digit of such as 4 bytes; First treatment facility by fragment data ferry-boat repeatedly to the second treatment facility, and generate such as 4 bytes add superfluous position.Optionally, also can comprise encrypted bits in this data frame head, watermark is added to fragment data after watermark check digit, the end to end command bit etc. that obtain, such as, the first treatment facility is encrypted fragment data, and generates the encrypted bits as 4 bytes; First treatment facility adds watermark to fragment data, generates the watermark check digit as 4 bytes; The command bit end to end of the file as 2 bytes that first treatment facility generates, is used for identification document end to end.
In sum, in the scheme that step S1051 and step S1052 provides, when the first treatment facility is to the second treatment facility transmission data, adopt the data format of simulation Transmission Control Protocol to carry out, namely the first treatment facility has carried out burst to former data message and has numbered.And optionally include in the data frame head of fragment data each fragment data numbering, burst size, md5 check digit, add superfluous position, encrypted bits, watermark check digit, end to end command bit etc.The number information of fragment data is for characterizing the order of packet segment and reconfiguring for fragment data, and md5 check digit, to add superfluous position, encrypted bits, watermark check digit etc. correct or complete for verifying whether fragment data transmits.By carrying out dismounting to former data message and recombinating to fragment data, substantially increase the controllability to data message in transmitting procedure; Adding superfluous technology by introducing, ensure that the integrality of data, greatly reducing packet loss; By using MD5 calibration technology, increasing and the fail safe of packet is detected, promoting fail safe further.Improve the integrality of data message in the transmitting procedure of the first treatment facility to the second treatment facility to greatest extent, reliability, and, enhance the reliability of feedback message in step S1071, for step S1071 provides safeguard.
Preferably, the step of step S106 comprises:
Step 1062: read first and send the data stored in buffer queue;
Step 1064: the data of reading are sent to isolation board.Optionally, when comprising the first Secure isolation module in the first treatment facility, read first by the first Secure isolation module send the data in buffer queue and these data are transferred to isolation board, such as, data are moved into the spatial cache of isolation board transmitting terminal by the first Secure isolation module.
Preferably, before execution step S108, also comprise according to the data transmission method based on one-way safety isolation gap that the embodiment of the present invention one provides:
Step S1073a: the second treatment facility is from isolation board read data information; When comprising the second Secure isolation module in the second treatment facility, being read the spatial cache of division board clamping receiving end by the second Secure isolation module, the data in this spatial cache are shifted out.
The data message read sends in buffer queue stored in second by the step S1076: the second treatment facility; Wherein, second send buffer queue be preset in the second treatment facility, for storing the memory space of data treating to send to the High Security Level network terminal.
Step S1079: the second treatment facility sends the data connection request of Transmission Control Protocol to the High Security Level network terminal.Concrete, in above-mentioned steps S1079, the triggering signal that the second treatment facility sends TCP connection request is: the second treatment facility have received the data message that isolation board place is transmitted; That is, the behavior that this is received data message by the second treatment facility resolves to the Low Security Level network terminal has data message will mail to the High Security Level network terminal by Transmission Control Protocol, therefore, second treatment facility is as transfer person, by sending the mode of TCP connection request, the notice High Security Level network terminal: the Low Security Level network terminal has data to need to be sent to the High Security Level network terminal by Transmission Control Protocol.
Preferably, when performing step S1052, before execution step S108, also comprise according to the data transmission method based on one-way safety isolation gap that the embodiment of the present invention one provides:
Step S1073b: similar with step S1073a, the second treatment facility reads data from isolation board; Be with the difference of step S1073a, the second treatment facility is from the data read of isolation board herein, not identical with former data message in form, but the fragment data after burst process.
Step S1074: the second treatment facility peels off the data frame head in data; After execution step S1052, the data that the second treatment facility receives are the fragment data that with the addition of data frame head; Namely the data that the second treatment facility receives comprise body of data and data frame head two parts, optionally comprise the number information of each fragment data, burst size, md5 check digit, add superfluous position, encrypted bits, watermark check digit, end to end command bit etc. in data frame head.
Step S1075: the second treatment facility resolution data frame head, fragment data is processed, obtains data message, wherein, the process that fragment data carries out is comprised: extract the number information comprised in data frame head, according to number information, fragment data is combined;
Concrete, in above-mentioned steps S1075, when also comprising md5 check digit in data frame head, extracting md5 check digit and judging whether the content of fragment data changes, judging to abandon fragment data in the reformed situation of fragment data content;
Concrete, in above-mentioned steps S1075, when also comprising watermark check digit in data frame head, extracting watermark check digit and judging whether the content of fragment data changes, judging to abandon fragment data in the reformed situation of fragment data content;
Concrete, in above-mentioned steps S1075, when comprise in data frame head add superfluous position time, extract and add superfluous position to judge whether fragment data receives complete, judging that fragment data reception abandons redundant data after complete.
The data message obtained sends in buffer queue stored in second by the step S1076: the second treatment facility;
Step S1079: the second treatment facility sends the data connection request of Transmission Control Protocol to the High Security Level network terminal.
Preferably, in step S108, the method that the data message received is sent to the High Security Level network terminal comprises by the second treatment facility:
Step S1082: read second and send the data stored in buffer queue;
Step S1084: the data of reading are sent to the High Security Level network terminal.
Preferably, before execution step S102, also comprise according to the data transmission method based on one-way safety isolation gap that the embodiment of the present invention one provides:
Step S101: the first treatment facility obtains the port of specifying, and monitors connection request at port.
Embodiment two
The embodiment of the present invention additionally provides a kind of data transmission system based on one-way safety isolation gap.It should be noted that, the data transmission system based on one-way safety isolation gap of the embodiment of the present invention may be used for performing the data transmission method based on one-way safety isolation gap that the embodiment of the present invention provides, and the data transmission system based on one-way safety isolation gap that the data transmission method based on one-way safety isolation gap of the embodiment of the present invention also can be provided by the embodiment of the present invention performs.
Fig. 2 is the schematic diagram of the data transmission system 40 based on one-way safety isolation gap according to the embodiment of the present invention.As shown in Figure 2, data transmission system 40 comprises:
First treatment facility 10, wherein, the first treatment facility 10 is connected with the Low Security Level network terminal 50, for passing through TCP connection establishment correspondence with the Low Security Level network terminal 50, and carrys out interaction data by the Transmission Control Protocol of standard; Then the data message that the Low Security Level network terminal 50 received is sent is sent to isolation board 20 by the first treatment facility 10;
Isolation board 20, wherein, isolation board 20 is one-way transmitted to the second treatment facility 30 for the data message sent by the first treatment facility 10; Optionally, isolation board 20 is between the first treatment facility 10 and the second treatment facility 30, and only there is data sending terminal mouth the side that isolation board 20 connects the first treatment facility 10, and only there is data receiver port the side that isolation board 20 connects the second treatment facility 30; By the unidirectional physical link in isolation board 20, achieve data by the absolute one-way transmission of the first treatment facility 10 to the second treatment facility 30.Optionally, isolate board 20 and include but not limited to light one-way safety isolation board 20.
Second treatment facility 30, wherein, the second treatment facility 30 is connected with the High Security Level network terminal 60, for setting up correspondence with the High Security Level network terminal 60 by TCP connection request, and carrys out interaction data by the Transmission Control Protocol of standard; Then, the second treatment facility 30 is sent to the High Security Level network terminal 60 by receiving the data message transmitted by isolation board 20.
To sum up, in the data transmission system 40 that the embodiment of the present invention two provides, the first treatment facility 10 generation High Security Level network terminal 60 has responded the TCP connection request that the Low Security Level network terminal 50 is sent, the second treatment facility 30 generation Low Security Level network terminal 50 sends TCP connection request to the High Security Level network terminal 60, finally achieve by the Low Security Level network terminal 50, data transmission system 40, in the system that the High Security Level network terminal 60 forms, Low Security Level network and High Security Level network still use Transmission Control Protocol to carry out the effect of data interaction, meet the High Security Level network terminal 60 clearly to specify with the Low Security Level network terminal 50 and use Transmission Control Protocol to carry out data sheet to the demand of ferrying.
Preferably, the first treatment facility 10 sends feedback message to the Low Security Level network terminal 50, and wherein, feedback message is used for characterization data information and is successfully transmitted to the High Security Level network terminal 60.Concrete, the form of this feedback message, is arranged with the Low Security Level network terminal 50 in advance by the first treatment facility 10; The effect of this feedback message, also depends on the setting of the Low Security Level network terminal 50, such as, after can being set as that the Low Security Level network terminal 50 only receives this feedback message, just can send next data message.The reliability of this feedback message, receives the guarantee of Transmission Control Protocol and isolation board 20 reliability.Concrete, due to the erroneous retransmissions mechanism of Transmission Control Protocol, make the tcp data between the Low Security Level network terminal 50 and the first treatment facility 10, between the second treatment facility 30 and the High Security Level network terminal 60 mutual reliably complete.Achieve when data are only from Low Security Level network to High Security Level Internet Transmission, and when High Security Level network does not do any information feed back, Transmission Control Protocol can be used to carry out data ferry-boat, and the reliable arrival of data can be guaranteed greatly.
Preferably, the first treatment facility 10, setting up in the process of correspondence with the Low Security Level network terminal 50 by TCP connection request, the scheme that step S211 to step S213 realizes can performed:
Step S211: receive the message that the Low Security Level network terminal 50 is sent;
Step S212: the classification judging message, wherein, the classification of message at least comprises: the data of TCP connection request, Transmission Control Protocol encapsulation;
Step S213: if message is TCP connection request, then the first treatment facility 10 responds this TCP connection request, connects with the Low Security Level network terminal 50.
In the data transmission system 40 that the embodiment of the present invention two provides, its first treatment facility 10 is by performing such scheme, the first treatment facility 10 solving one-way safety isolation gap in prior art does not judge the classification of the message received, that all makes no exception is forwarded to the High Security Level network terminal 60 to the message received, and cause when the Low Security Level network terminal 50 sends the communication protocol that needs " shake hands ", due to the answer signal that the High Security Level network terminal 60 feeds back and the problem that cannot connect can not be received.
Preferably, the first treatment facility 10, after receiving the data that the Low Security Level network terminal 50 transmits, also carries out following any one or multiple processing mode to data:
Process one: the protocol format obtaining data message, judges whether data message meets protocol requirement, abandon the data message not meeting protocol requirement.
Process two: data message is carried out burst process, obtains the fragment data comprising data frame head, and fragment data is sent in buffer queue stored in first; Wherein, each length comprising the fragment data of data frame head is all less than MTU, and data frame head comprises number information and the burst size information of each fragment data.Wherein, first send buffer queue be preset in the first treatment facility 10, for storing the memory space of data treating to send to isolation board 20.Preferably, in process two, data frame head comprise calculate the md5 value of each fragment data after the md5 check digit that obtains, and/or each fragment data is added that superfluous process obtains add superfluous position.Optionally, the first treatment facility 10 calculates the md5 value of fragment data, and generates the md5 check digit of such as 4 bytes; First treatment facility 10 by fragment data ferry-boat repeatedly to the second treatment facility 30, and generate such as 4 bytes add superfluous position.Optionally, also can comprise encrypted bits in this data frame head, watermark is added to fragment data after watermark check digit, the end to end command bit etc. that obtain, such as, the first treatment facility 10 pairs fragment data is encrypted, and generates the encrypted bits as 4 bytes; First treatment facility 10 pairs fragment data adds watermark, generates the watermark check digit as 4 bytes; The command bit end to end of the file as 2 bytes that first treatment facility 10 generates, is used for identification document end to end.
In sum, first treatment facility 10 is by performing with the process of upper type, the data that the Low Security Level network terminal 50 received is sent are encapsulated according to Transmission Control Protocol, and preferred, in data frame head, include the numbering of each fragment data, burst size, md5 check digit, add superfluous position, encrypted bits, watermark check digit, end to end command bit etc.The number information of fragment data is for characterizing the order of packet segment and reconfiguring for fragment data, and md5 check digit, to add superfluous position, encrypted bits, watermark check digit etc. correct or complete for verifying whether fragment data transmits.By carrying out dismounting to former data message and recombinating to fragment data, substantially increase the controllability to data message in transmitting procedure; Adding superfluous technology by introducing, ensure that the integrality of data, greatly reducing packet loss; By using MD5 calibration technology, increasing and the fail safe of packet is detected, promoting fail safe further.Improve the integrality of data message in the transmitting procedure of the first treatment facility 10 to the second treatment facility 30 to greatest extent, reliability, and, enhance the reliability of the feedback message that the first treatment facility 10 sends to the Low Security Level network terminal 50.
Preferably, the first treatment facility 10, is being sent to the data message received in the process of the second treatment facility 30 by isolation board 20, can also performing the scheme that following steps S1162 and step S1164 realizes:
Step S1162: read first and send the data stored in buffer queue;
Step S1164: the data of reading are sent to isolation board 20.Optionally, when comprising the first Secure isolation module in the first treatment facility 10, read first by the first Secure isolation module send the data in buffer queue and these data be transferred to isolation board 20, such as, data are moved into the spatial cache of isolation board 20 transmitting terminal by the first Secure isolation module.
Preferably, when the first treatment facility 10 does not carry out the process of above-mentioned two kinds of modes to data message, the second treatment facility 30 is reading in the process of information from isolation board 20, can perform the scheme that step S1173a to S1179 realizes:
Step S1173a: the second treatment facility 30 is from isolation board 20 read data information; When comprising the second Secure isolation module in the second treatment facility 30, being read the spatial cache of isolation board 20 receiving terminal by the second Secure isolation module, the data in this spatial cache are shifted out.
The data message read sends in buffer queue stored in second by the step S1176: the second treatment facility 30; Wherein, second send buffer queue be preset in the second treatment facility 30, for storing the memory space of data treating to send to the High Security Level network terminal 60.
Step S1179: the second treatment facility 30 sends the data connection request of Transmission Control Protocol to the High Security Level network terminal 60.Concrete, in above-mentioned steps S1179, the triggering signal that the second treatment facility 30 sends TCP connection request is: the second treatment facility 30 have received the data message that isolation board 20 place is transmitted; That is, the behavior that this is received data message by the second treatment facility 30 resolves to the Low Security Level network terminal 50 has data message will mail to the High Security Level network terminal 60 by Transmission Control Protocol, therefore, second treatment facility 30 is as transfer person, by sending the mode of TCP connection request, the notice High Security Level network terminal 60: the Low Security Level network terminal 50 has data to need to be sent to the High Security Level network terminal 60 by Transmission Control Protocol.
Preferably, when the first treatment facility 10 pairs of data messages carry out the process of above-mentioned two kinds of modes, second treatment facility 30 is reading in the process of information from isolation board 20, perform the scheme that above-mentioned steps S1176 and above-mentioned steps S1179 realizes, and before above-mentioned steps S1176, the second treatment facility 30 also performs the scheme that step S1173b to step S1175 realizes:
Step S1173b: similar with step S1173a, the second treatment facility 30 reads data from isolation board 20; Be with the difference of step S1173a, the second treatment facility 30 is from the data read of isolation board 20 herein, not identical with former data message in form, but the fragment data after burst process.
Step S1174: the second treatment facility 30 peels off the data frame head in data; Optionally comprise the number information of each fragment data, burst size, md5 check digit in data frame head, add superfluous position, encrypted bits, watermark check digit, end to end command bit etc.
Step S1175: the second treatment facility 30 resolution data frame head, fragment data is processed, obtains data message, wherein, the process that fragment data carries out is comprised: extract the number information comprised in data frame head, according to number information, fragment data is combined; When also comprising md5 check digit in data frame head, extracting md5 check digit and judging whether the content of fragment data changes, judging to abandon fragment data in the reformed situation of fragment data content; When also comprising watermark check digit in data frame head, extracting watermark check digit and judging whether the content of fragment data changes, judging to abandon fragment data in the reformed situation of fragment data content; When comprise in data frame head add superfluous position time, extract and add superfluous position to judge whether fragment data receives complete, judging that fragment data reception abandons redundant data after complete.
Preferably, the data message received is being sent in the process of the High Security Level network terminal 60 by the second treatment facility 30, also performs the scheme that step S1182 and step S1184 realizes:
Step S1182: read second and send the data stored in buffer queue;
Step S1184: the data of reading are sent to the High Security Level network terminal 60.
Preferably, the first treatment facility 10 obtains the port of specifying, and monitors connection request at port.
It should be noted that, the example that each optional and preferred embodiment of the method that the system embodiment that above-described embodiment two provides and above-described embodiment one provide realizes is identical with application scenarios, but is not limited to the content disclosed in above-described embodiment one herein.
It should be noted that, for aforesaid each embodiment of the method, in order to simple description, therefore it is all expressed as a series of combination of actions, but those skilled in the art should know, the present invention is not by the restriction of described sequence of movement, because according to the present invention, some step can adopt other orders or carry out simultaneously.Secondly, those skilled in the art also should know, the embodiment described in specification all belongs to preferred embodiment, and involved action and module might not be that the present invention is necessary.
In the above-described embodiments, the description of each embodiment is all emphasized particularly on different fields, in certain embodiment, there is no the part described in detail, can see the associated description of other embodiments.
Each functional unit in each embodiment of the present invention can be integrated in a processing unit, also can be that the independent physics of unit exists, also can two or more unit in a unit integrated.Above-mentioned integrated unit both can adopt the form of hardware to realize, and the form of SFU software functional unit also can be adopted to realize.
If described integrated unit using the form of SFU software functional unit realize and as independently production marketing or use time, can be stored in a computer read/write memory medium.Based on such understanding, the part that technical scheme of the present invention contributes to prior art in essence in other words or all or part of of this technical scheme can embody with the form of software product, this computer software product is stored in a storage medium, comprises all or part of step of some instructions in order to make a computer equipment (can be personal computer, mobile terminal, server or the network equipment etc.) perform method described in each embodiment of the present invention.And aforesaid storage medium comprises: USB flash disk, read-only memory (ROM, Read-Only Memory), random access memory (RAM, Random Access Memory), portable hard drive, magnetic disc or CD etc. various can be program code stored medium.
The foregoing is only the preferred embodiments of the present invention, be not limited to the present invention, for a person skilled in the art, the present invention can have various modifications and variations.Within the spirit and principles in the present invention all, any amendment done, equivalent replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (12)
1. based on a data transmission method for one-way safety isolation gap, it is characterized in that, comprising:
First treatment facility and the Low Security Level network terminal set up correspondence by TCP connection request;
Described first treatment facility receives the data message that the described Low Security Level network terminal sends;
Described data message is transferred to the second treatment facility by isolation board by described first treatment facility;
After described second treatment facility and the described High Security Level network terminal set up correspondence by TCP connection request, the described data message received is sent to the described High Security Level network terminal by described second treatment facility.
2. method according to claim 1, it is characterized in that, after described data message is transferred to the second treatment facility by isolation board by described first treatment facility, described method also comprises: described first treatment facility sends feedback message to the described Low Security Level network terminal, wherein, described feedback message is successfully transmitted to the described High Security Level network terminal for characterizing described data message.
3. method according to claim 1 and 2, is characterized in that, before described data message is transferred to the second treatment facility by isolation board by described first treatment facility, described method also comprises:
Described data message is carried out burst process, obtains the fragment data comprising data frame head, and described fragment data is sent in buffer queue stored in first; Wherein, each length comprising the described fragment data of data frame head is all less than MTU, and described data frame head comprises number information and the burst size information of each described fragment data.
4. method according to claim 3, is characterized in that, described data frame head comprises: md5 check digit and/or add superfluous position, wherein, obtains described data frame head in the following way:
The md5 check digit obtained after calculating the md5 value of each described fragment data, and/or,
What add that superfluous process obtains to each described fragment data adds superfluous position.
5. method according to claim 3, it is characterized in that, before described data message is carried out burst process, described method also comprises: the protocol format obtaining described data message, judge whether described data message meets protocol requirement, abandon the described data message not meeting protocol requirement.
6. method according to claim 3, is characterized in that, the step that described data message transfers to the second treatment facility by isolation board comprises by described first treatment facility:
Read described first and send the data stored in buffer queue;
The described data read are sent to described isolation board.
7. method according to claim 1, is characterized in that, before described second treatment facility and the described High Security Level network terminal set up correspondence by TCP connection request, described method also comprises:
Described second treatment facility reads described data message from described isolation board;
The described data message read sends in buffer queue stored in second by described second treatment facility;
Described second treatment facility sends the data connection request of Transmission Control Protocol to the described High Security Level network terminal.
8. method according to claim 3, is characterized in that, before described second treatment facility and the described High Security Level network terminal set up correspondence by TCP connection request, described method also comprises:
Described second treatment facility reads data from described isolation board;
Described second treatment facility peels off the data frame head in described data;
Described second treatment facility resolves described data frame head, described fragment data is processed, obtain described data message, wherein, the process that described fragment data carries out is comprised: extract the described number information comprised in described data frame head, according to described number information, described fragment data is combined;
The described data message obtained sends in buffer queue stored in second by described second treatment facility;
Described second treatment facility sends the data connection request of Transmission Control Protocol to the described High Security Level network terminal.
9. the method according to claim 7 or 8, is characterized in that, the step that the described data message received is sent to the described High Security Level network terminal comprises by described second treatment facility:
Read described second and send the data stored in buffer queue;
The described data read are sent to the described High Security Level network terminal.
10. method according to claim 1, is characterized in that, before the first treatment facility receives TCP connection request, described method also comprises: the first treatment facility obtains the port of specifying, and monitors connection request at described port.
11. 1 kinds based on the data transmission system of one-way safety isolation gap, is characterized in that, comprising:
First treatment facility, wherein, described first treatment facility is used for passing through TCP connection establishment correspondence with the Low Security Level network terminal, receives the data message that the described Low Security Level network terminal sends, and described data message is sent to isolation board;
Isolation board, wherein, the described data message that described isolation board is used for the first treatment facility to send is one-way transmitted to the second treatment facility;
Second treatment facility, wherein, described second treatment facility is used for setting up correspondence with the described High Security Level network terminal by TCP connection request, and is sent to the described High Security Level network terminal by receiving the described data message transmitted by described isolation board.
12. systems according to claim 11, is characterized in that, described first treatment facility sends feedback message to the described Low Security Level network terminal, and wherein, described feedback message is successfully transmitted to the described High Security Level network terminal for characterizing described data message.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510024466.XA CN104601575A (en) | 2015-01-16 | 2015-01-16 | One-way safety isolation net gap based data transmission method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510024466.XA CN104601575A (en) | 2015-01-16 | 2015-01-16 | One-way safety isolation net gap based data transmission method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104601575A true CN104601575A (en) | 2015-05-06 |
Family
ID=53127081
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510024466.XA Pending CN104601575A (en) | 2015-01-16 | 2015-01-16 | One-way safety isolation net gap based data transmission method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104601575A (en) |
Cited By (22)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106060003A (en) * | 2016-05-09 | 2016-10-26 | 北京航天数控系统有限公司 | One-way isolated transmission device for network border |
| CN106230789A (en) * | 2016-07-19 | 2016-12-14 | 杭州维尔信息技术有限公司 | A kind of data transmission method and equipment |
| CN107172011A (en) * | 2017-04-18 | 2017-09-15 | 东莞信大融合创新研究院 | Method and device for data transmission |
| CN108200020A (en) * | 2017-12-21 | 2018-06-22 | 上海电机学院 | A kind of industry big data safe transmission device and method |
| CN108234506A (en) * | 2018-01-15 | 2018-06-29 | 马晓东 | A kind of unidirection insulation network brake and data transmission method |
| CN109194682A (en) * | 2018-09-29 | 2019-01-11 | 江苏新质信息科技有限公司 | A kind of double one-way isolation switching technology implementation methods |
| CN109389998A (en) * | 2018-10-24 | 2019-02-26 | 北京星震维度信息技术有限公司 | A kind of data ferry device and method |
| CN109474628A (en) * | 2018-12-27 | 2019-03-15 | 北京奇安信科技有限公司 | A kind of data transmission method, system, equipment and medium based on double unidirectional gateways |
| CN109495509A (en) * | 2018-12-27 | 2019-03-19 | 北京奇安信科技有限公司 | Data transmission method, equipment, system and the medium of gateway |
| CN109714438A (en) * | 2019-02-13 | 2019-05-03 | 上海期安智能科技有限公司 | A kind of subway comprehensive monitoring system real time data inter-network ferry device and method |
| CN109768923A (en) * | 2018-12-26 | 2019-05-17 | 浪潮软件集团有限公司 | A kind of safety isolation one-way gate and method |
| CN110365795A (en) * | 2019-07-31 | 2019-10-22 | 北京安盟信息技术股份有限公司 | Data transmission method and data transmission network |
| CN110839018A (en) * | 2019-10-22 | 2020-02-25 | 珠海许继芝电网自动化有限公司 | A file transmission method and system based on distribution automation |
| CN112217848A (en) * | 2019-07-11 | 2021-01-12 | 千寻位置网络有限公司 | Emergency positioning method and system thereof |
| CN112291095A (en) * | 2020-10-30 | 2021-01-29 | 武汉绿色网络信息服务有限责任公司 | Unidirectional physical isolation data transmission method and equipment |
| CN112436998A (en) * | 2020-11-12 | 2021-03-02 | 北京天融信网络安全技术有限公司 | Data transmission method and electronic equipment |
| CN112788030A (en) * | 2021-01-11 | 2021-05-11 | 北京鼎轩科技有限责任公司 | Data exchange method and system between high-density network and low-density network |
| CN113489750A (en) * | 2021-09-06 | 2021-10-08 | 网御安全技术(深圳)有限公司 | Data transmission method, data processing method and related equipment |
| CN113596118A (en) * | 2021-07-16 | 2021-11-02 | 上海淇玥信息技术有限公司 | Communication method and device for bridging two isolated network domains and electronic equipment |
| CN114005563A (en) * | 2020-07-27 | 2022-02-01 | 华龙国际核电技术有限公司 | Instrument control system |
| CN114172900A (en) * | 2022-02-11 | 2022-03-11 | 北京安帝科技有限公司 | File transmission method and system based on unidirectional network gate |
| CN116828079A (en) * | 2023-06-29 | 2023-09-29 | 武汉佰思杰科技有限公司 | Cross-network data transmission method and cross-network data transmission system |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060031485A1 (en) * | 2001-09-27 | 2006-02-09 | Alex Veprinsky | Remote data facility over an IP network |
| CN101127761A (en) * | 2006-08-16 | 2008-02-20 | 北京城市学院 | Unidirectional protocol isolation method and device in network |
| CN101127760A (en) * | 2006-08-16 | 2008-02-20 | 北京城市学院 | Bidirectional protocol isolation method and its device in network |
| CN202231742U (en) * | 2011-09-28 | 2012-05-23 | 辽宁国兴科技有限公司 | Network isolation device |
| CN104168257A (en) * | 2014-01-28 | 2014-11-26 | 广东电网公司电力科学研究院 | Data isolation device based on non-network mode, and method and system thereof |
-
2015
- 2015-01-16 CN CN201510024466.XA patent/CN104601575A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20060031485A1 (en) * | 2001-09-27 | 2006-02-09 | Alex Veprinsky | Remote data facility over an IP network |
| CN101127761A (en) * | 2006-08-16 | 2008-02-20 | 北京城市学院 | Unidirectional protocol isolation method and device in network |
| CN101127760A (en) * | 2006-08-16 | 2008-02-20 | 北京城市学院 | Bidirectional protocol isolation method and its device in network |
| CN202231742U (en) * | 2011-09-28 | 2012-05-23 | 辽宁国兴科技有限公司 | Network isolation device |
| CN104168257A (en) * | 2014-01-28 | 2014-11-26 | 广东电网公司电力科学研究院 | Data isolation device based on non-network mode, and method and system thereof |
Non-Patent Citations (1)
| Title |
|---|
| 唐晋: "网络单向隔离控制系统的设计与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (31)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106060003A (en) * | 2016-05-09 | 2016-10-26 | 北京航天数控系统有限公司 | One-way isolated transmission device for network border |
| CN106230789A (en) * | 2016-07-19 | 2016-12-14 | 杭州维尔信息技术有限公司 | A kind of data transmission method and equipment |
| CN107172011A (en) * | 2017-04-18 | 2017-09-15 | 东莞信大融合创新研究院 | Method and device for data transmission |
| CN108200020A (en) * | 2017-12-21 | 2018-06-22 | 上海电机学院 | A kind of industry big data safe transmission device and method |
| CN108234506A (en) * | 2018-01-15 | 2018-06-29 | 马晓东 | A kind of unidirection insulation network brake and data transmission method |
| CN108234506B (en) * | 2018-01-15 | 2021-06-08 | 马晓东 | Unidirectional isolation network gate and data transmission method |
| CN109194682A (en) * | 2018-09-29 | 2019-01-11 | 江苏新质信息科技有限公司 | A kind of double one-way isolation switching technology implementation methods |
| CN109389998A (en) * | 2018-10-24 | 2019-02-26 | 北京星震维度信息技术有限公司 | A kind of data ferry device and method |
| CN109389998B (en) * | 2018-10-24 | 2024-04-02 | 北京星震维度信息技术有限公司 | Data ferrying device and method |
| CN109768923A (en) * | 2018-12-26 | 2019-05-17 | 浪潮软件集团有限公司 | A kind of safety isolation one-way gate and method |
| CN109768923B (en) * | 2018-12-26 | 2021-06-15 | 浪潮软件股份有限公司 | A Safe Isolation One-way Gatekeeper |
| CN109495509A (en) * | 2018-12-27 | 2019-03-19 | 北京奇安信科技有限公司 | Data transmission method, equipment, system and the medium of gateway |
| CN109474628B (en) * | 2018-12-27 | 2021-06-08 | 奇安信科技集团股份有限公司 | Data transmission method, system, equipment and medium based on double unidirectional network gates |
| CN109474628A (en) * | 2018-12-27 | 2019-03-15 | 北京奇安信科技有限公司 | A kind of data transmission method, system, equipment and medium based on double unidirectional gateways |
| CN109714438A (en) * | 2019-02-13 | 2019-05-03 | 上海期安智能科技有限公司 | A kind of subway comprehensive monitoring system real time data inter-network ferry device and method |
| CN112217848A (en) * | 2019-07-11 | 2021-01-12 | 千寻位置网络有限公司 | Emergency positioning method and system thereof |
| CN112217848B (en) * | 2019-07-11 | 2022-04-19 | 千寻位置网络有限公司 | Emergency positioning method and system thereof |
| CN110365795B (en) * | 2019-07-31 | 2020-10-20 | 北京安盟信息技术股份有限公司 | Data transmission method and data transmission network |
| CN110365795A (en) * | 2019-07-31 | 2019-10-22 | 北京安盟信息技术股份有限公司 | Data transmission method and data transmission network |
| CN110839018A (en) * | 2019-10-22 | 2020-02-25 | 珠海许继芝电网自动化有限公司 | A file transmission method and system based on distribution automation |
| CN114005563A (en) * | 2020-07-27 | 2022-02-01 | 华龙国际核电技术有限公司 | Instrument control system |
| CN112291095A (en) * | 2020-10-30 | 2021-01-29 | 武汉绿色网络信息服务有限责任公司 | Unidirectional physical isolation data transmission method and equipment |
| CN112291095B (en) * | 2020-10-30 | 2022-07-01 | 武汉绿色网络信息服务有限责任公司 | A one-way physical isolation data transmission method and device |
| CN112436998A (en) * | 2020-11-12 | 2021-03-02 | 北京天融信网络安全技术有限公司 | Data transmission method and electronic equipment |
| CN112788030A (en) * | 2021-01-11 | 2021-05-11 | 北京鼎轩科技有限责任公司 | Data exchange method and system between high-density network and low-density network |
| CN113596118B (en) * | 2021-07-16 | 2023-07-21 | 上海淇玥信息技术有限公司 | A communication method, device and electronic equipment for bridging two isolated network domains |
| CN113596118A (en) * | 2021-07-16 | 2021-11-02 | 上海淇玥信息技术有限公司 | Communication method and device for bridging two isolated network domains and electronic equipment |
| CN113489750A (en) * | 2021-09-06 | 2021-10-08 | 网御安全技术(深圳)有限公司 | Data transmission method, data processing method and related equipment |
| CN114172900A (en) * | 2022-02-11 | 2022-03-11 | 北京安帝科技有限公司 | File transmission method and system based on unidirectional network gate |
| CN116828079A (en) * | 2023-06-29 | 2023-09-29 | 武汉佰思杰科技有限公司 | Cross-network data transmission method and cross-network data transmission system |
| CN116828079B (en) * | 2023-06-29 | 2025-05-13 | 武汉佰思杰科技有限公司 | Cross-network data transmission method and cross-network data transmission system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104601575A (en) | One-way safety isolation net gap based data transmission method and system | |
| KR101378647B1 (en) | Providing apparatus and method capable of protecting privacy mac frame in ieee 802.15.4 networks | |
| CN104539739A (en) | System, method and device for uploading files | |
| EP4044546B1 (en) | Message processing method, device and apparatus as well as computer readable storage medium | |
| CN103647777B (en) | Safety certificate method and bidirectional forwarding detection BFD equipment | |
| CN105337935A (en) | Method of establishing long connection of client and server and apparatus thereof | |
| CN104601703A (en) | File transmission method and device based on one-way safety isolation gap | |
| CN104601576A (en) | File transmission method and device based on one-way safety isolation gap | |
| US10419212B2 (en) | Methods, systems, apparatuses, and devices for securing network communications using multiple security protocols | |
| EP2710776A1 (en) | Anonymous signalling | |
| CN113518105B (en) | Data transfer method, device and system | |
| CN107181770A (en) | Method of data synchronization and system | |
| CN107104929A (en) | The methods, devices and systems of defending against network attacks | |
| CN104080059A (en) | Method, device and system of implementing short message sending and receiving | |
| WO2025082030A1 (en) | Data transmission method, apparatus, storage medium and device | |
| CN112689014A (en) | Double-full-duplex communication method and device, computer equipment and storage medium | |
| CN115052049A (en) | Message forwarding method and system based on IPsec tunnel | |
| EP3654579A1 (en) | Methods and devices for providing message authentication code suitable for short messages | |
| CN106100839A (en) | A kind of Network Communicate Security method based on tcp data bag and custom algorithm | |
| JP2003204326A (en) | Communication system, lan controller equipped with encryption function and communication control program | |
| CN113302877B (en) | Method and apparatus for providing a message authentication code suitable for short messages | |
| CN105591976A (en) | Message processing method, apparatus, and system | |
| US20200092268A1 (en) | Decoding method and apparatus | |
| KR20180018137A (en) | Apparatus for one-way transmission, apparatus for one-way reception, and one-way retransmission method for using same | |
| CN110417804B (en) | Bidirectional identity authentication encryption communication method and system suitable for single-chip microcomputer implementation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150506 |
|
| RJ01 | Rejection of invention patent application after publication |