[go: up one dir, main page]

CN114006732A - One-way transmission system and method for image transmission physical isolation data - Google Patents

One-way transmission system and method for image transmission physical isolation data Download PDF

Info

Publication number
CN114006732A
CN114006732A CN202111170777.9A CN202111170777A CN114006732A CN 114006732 A CN114006732 A CN 114006732A CN 202111170777 A CN202111170777 A CN 202111170777A CN 114006732 A CN114006732 A CN 114006732A
Authority
CN
China
Prior art keywords
diaphragm
data
image
transmission
sending end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111170777.9A
Other languages
Chinese (zh)
Inventor
杨勇
王瑞红
孙鸿儒
张丹风
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Railway Xinan Beijing Information Security Technology Co Ltd
Original Assignee
China Railway Xinan Beijing Information Security Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Railway Xinan Beijing Information Security Technology Co Ltd filed Critical China Railway Xinan Beijing Information Security Technology Co Ltd
Priority to CN202111170777.9A priority Critical patent/CN114006732A/en
Publication of CN114006732A publication Critical patent/CN114006732A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L65/00Network arrangements, protocols or services for supporting real-time applications in data packet communication
    • H04L65/80Responding to QoS

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Multimedia (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Lock And Its Accessories (AREA)
  • Studio Devices (AREA)
  • Closed-Circuit Television Systems (AREA)

Abstract

本发明提供了一种图像传输物理隔离数据单向传输系统及方法,包括:发送端、接收端、受控隔离装置;发送端具有LED屏模组;发送端用于接收第一网络设备发送的数据,进行图像化编码得到图像,LED屏模组显示图像;LED屏模组通过LED二进制显示光亮和黑暗,形成图像;接收端用于获取图像,进行解码得到解码数据,发送解码数据至第二网络设备;受控隔离装置设置在发送端与接收端的传输路径上;受控隔离装置设有可开合的光阑;发送端控制光阑的开启和关闭;人为控制或发送端控制光阑的关闭。本发明实现数据只能由第一网络设备向第二网络设备的单向安全传输,得以保证高安全性行业内网信息的安全,划定了明确的安全边界,便于管理,可控性更强。

Figure 202111170777

The invention provides a one-way transmission system and method for image transmission physical isolation data, comprising: a sending end, a receiving end, and a controlled isolation device; the sending end has an LED screen module; The data is image-coded to obtain the image, and the LED screen module displays the image; the LED screen module displays the light and darkness through the LED binary to form an image; the receiving end is used to obtain the image, decode it to obtain the decoded data, and send the decoded data to the second Network equipment; the controlled isolation device is arranged on the transmission path between the sending end and the receiving end; the controlled isolation device is provided with an aperture that can be opened and closed; the sending end controls the opening and closing of the aperture; closure. The invention realizes the one-way safe transmission of data only from the first network device to the second network device, ensures the security of the high-security industry intranet information, defines a clear security boundary, is convenient for management, and has stronger controllability .

Figure 202111170777

Description

一种图像传输物理隔离数据单向传输系统及方法A one-way transmission system and method for image transmission physical isolation data

技术领域technical field

本发明涉及信息传输技术领域,具体地涉及一种图像传输物理隔离数据单向传输系统及方法。The invention relates to the technical field of information transmission, in particular to a one-way transmission system and method for physical isolation data of image transmission.

背景技术Background technique

信息通讯技术和互联网技术的快速发展改变了我们的生活、工作方式,提高了我们的工作效率,但也带来了很多安全问题,例如网络信息泄露、病毒等,这些问题严重威胁到各企事业单位的信息安全。而传统的信息安全保护技术只是在软件层面对数据传输进行检测、控制,不能满足对涉密网络和外部不安全网络之间物理隔离的要求。The rapid development of information communication technology and Internet technology has changed our way of life and work, and improved our work efficiency, but it has also brought many security problems, such as network information leakage, viruses, etc., these problems seriously threaten various enterprises and undertakings Information security of the unit. The traditional information security protection technology only detects and controls data transmission at the software level, and cannot meet the requirements for physical isolation between classified networks and external unsafe networks.

物理隔离是指内部网络不得直接或间接地与公共网络连接,以避免内部网络信息受到来自外部网络黑客的攻击,这样就为内部网络划定了明确的安全边界,便于管理,可控性更强,采用物理隔离的两网之间的数据通讯的单向传输的通讯方式更为可靠、安全。Physical isolation means that the internal network must not be directly or indirectly connected to the public network to avoid internal network information being attacked by external network hackers, thus delineating a clear security boundary for the internal network, which is easy to manage and more controllable , the one-way transmission of data communication between the two networks with physical isolation is more reliable and secure.

在实际工作中,网络信息系统之间的数据输出需求很多,单向光闸在该场景下存在以下风险:主动传输的隐蔽通道风险,为维系一条就绪的传输通道,光闸发送端必须主动发送底层同步帧、上层心跳包,成为构建时间型隐蔽通道的载体,用以编码传递敏感信息;被动逃逸的信息泄露风险,不能信任光闸内端基于安全策略从逻辑上能辨识和过滤所有隐蔽传输的数据包,而这些被动逃逸的数据包本身可以是高敏感信息;结构缺陷的安全旁路风险,单向光闸的内端机对内网可达,攻击者可能破坏内端机安全策略,造成安全防护机制被旁路。In actual work, there are many data output requirements between network information systems. In this scenario, the one-way optical gate has the following risks: the risk of active transmission covert channel, in order to maintain a ready transmission channel, the optical gate sender must actively send The bottom layer synchronization frame and the top layer heartbeat packet become the carrier for constructing a time-type covert channel, which is used to encode and transmit sensitive information; the risk of information leakage due to passive escape, the inner end of the optical gate cannot be trusted to logically identify and filter all covert transmissions based on security policies. However, these passively escaped data packets themselves can be highly sensitive information; the risk of security bypass due to structural defects, the internal terminal of the one-way optical gate is reachable to the internal network, and the attacker may destroy the security policy of the internal terminal. Causes the safety protection mechanism to be bypassed.

发明内容SUMMARY OF THE INVENTION

根据本发明的实施例提供了一种图像传输物理隔离数据单向传输系统及方法,实现数据只能由第一网络设备向第二网络设备的单向安全传输,得以保证高安全性行业内网信息的安全,划定了明确的安全边界,便于管理,可控性更强。According to the embodiments of the present invention, a system and method for one-way transmission of physically isolated data for image transmission are provided, which realizes one-way secure transmission of data only from a first network device to a second network device, and ensures a high-security industry intranet. Information security has a clear security boundary, which is easy to manage and more controllable.

本实施例的第一方面,提供一种图像传输物理隔离数据单向传输系统,包括:发送端、接收端、受控隔离装置;其中,A first aspect of this embodiment provides a one-way transmission system for image transmission physical isolation data, including: a sending end, a receiving end, and a controlled isolation device; wherein,

发送端具有LED屏模组;发送端用于接收第一网络设备发送的数据,进行图像化编码得到图像,LED屏模组显示图像;所述LED屏模组通过 LED灯的亮灭,代表二进制数据,形成所述图像;The sending end has an LED screen module; the sending end is used to receive the data sent by the first network device, perform image coding to obtain an image, and the LED screen module displays the image; the LED screen module represents binary by turning on and off the LED lights. data to form the image;

接收端用于获取图像,进行解码得到解码数据,发送解码数据至第二网络设备;The receiving end is used to obtain the image, decode it to obtain the decoded data, and send the decoded data to the second network device;

受控隔离装置设置在发送端与接收端的传输路径上;受控隔离装置设有可开合的光阑;发送端控制光阑的开启和关闭。The controlled isolation device is arranged on the transmission path between the sending end and the receiving end; the controlled isolation device is provided with a diaphragm that can be opened and closed; the transmitting end controls the opening and closing of the diaphragm.

进一步的,发送端还设置有发送机和编码设备;其中,Further, the transmitting end is also provided with a transmitter and an encoding device; wherein,

发送机用于接收数据,发送至编码设备,同时发送开启指令或关闭指令控制光阑的开启或关闭;The transmitter is used to receive data, send it to the encoding device, and at the same time send an opening command or a closing command to control the opening or closing of the aperture;

编码设备用于接收数据进行图像化编码形成图像。The encoding device is used for receiving data to perform image encoding to form an image.

进一步的,接收端设置有摄像设备、解码设备和接收机;其中,Further, the receiving end is provided with a camera device, a decoding device and a receiver; wherein,

摄像设备用于获取图像;Camera equipment is used to acquire images;

解码设备用于对图像进行解码得到解码数据;The decoding device is used to decode the image to obtain decoded data;

接收机用于发送解码数据至第二网络设备。The receiver is used to send the decoded data to the second network device.

进一步的,受控隔离装置还设置光阑控制器、光阑管控开关和机械电子锁;其中,Further, the controlled isolation device is also provided with a diaphragm controller, a diaphragm control switch and a mechanical and electronic lock; wherein,

光阑控制器用于控制光阑的开启和关闭;The diaphragm controller is used to control the opening and closing of the diaphragm;

光阑管控开关用于接收开启指令或关闭指令控制光阑控制器对光阑的开启和关闭;The diaphragm control switch is used to receive the opening command or the closing command to control the opening and closing of the diaphragm by the diaphragm controller;

机械电子锁的开启和关闭控制单向传输系统的启动和结束;人为控制机械电子锁的开启和关闭。The opening and closing of the mechanical electronic lock controls the start and end of the one-way transmission system; the opening and closing of the mechanical electronic lock is manually controlled.

进一步的,当数据传输时,光阑开启:发送机向光阑管控开关发送开启指令且机械电子锁开启时,光阑开启;当发送机向光阑管控开关发送开启指令但机械电子锁关闭时,光阑不会开启。Further, when the data is transmitted, the diaphragm is opened: when the transmitter sends an opening command to the diaphragm control switch and the mechanical and electronic lock is opened, the diaphragm is opened; when the transmitter sends an opening command to the diaphragm control switch but the mechanical and electronic lock is closed. , the diaphragm will not open.

进一步的,当数据传输完毕,光阑关闭:发送机向光阑管控开关发送关闭指令或机械电子锁关闭时,光阑关闭。Further, when the data transmission is completed, the diaphragm is closed: when the transmitter sends a closing command to the diaphragm control switch or the mechanical and electronic lock is closed, the diaphragm is closed.

本实施例的第二方面,提供一种图像传输物理隔离数据单向传输方法,采用上述的单向传输系统,包括:A second aspect of this embodiment provides a one-way transmission method for image transmission physical isolation data, using the above-mentioned one-way transmission system, including:

发送端接收第一网络设备发送的数据,数据接收完毕后,发送开启指令到光阑控制器控制开启光阑,发送端开始数据传输;The sending end receives the data sent by the first network device, and after receiving the data, sends an opening command to the diaphragm controller to control the opening of the diaphragm, and the sending end starts data transmission;

发送端将数据进行图像化编码形成图像并显示图像;The sender encodes the data to form an image and displays the image;

接收端获取图像,进行解码得到解码数据后发送解码数据至第二网络设备;The receiving end acquires the image, decodes it to obtain the decoded data, and sends the decoded data to the second network device;

在发送端图像传输完毕后,接收端获取到图像时,发送端发送关闭指令到光阑控制器控制关闭光阑,切断发送端与接收端之间的传输通道。After the transmission of the image on the sending end is completed, when the receiving end acquires the image, the sending end sends a closing command to the diaphragm controller to control the closing of the diaphragm, thereby cutting off the transmission channel between the sending end and the receiving end.

进一步的,在数据传输前,人为控制机械电子锁开启,启动单向传输系统;在数据传输完毕后,人为控制机械电子锁关闭,结束单向传输系统。Further, before the data transmission, the mechanical and electronic locks are manually controlled to open, and the one-way transmission system is started; after the data transmission is completed, the mechanical and electronic locks are manually controlled to be closed to end the one-way transmission system.

进一步的,第一网络设备向发送端发送数据传输申请,接收到发送端反馈的接受申请的反馈信息后,将数据发送至发送端。Further, the first network device sends a data transmission application to the sending end, and after receiving the feedback information of accepting the application fed back by the sending end, sends the data to the sending end.

进一步的,光阑开启:发送机向光阑管控开关发送开启指令且机械电子锁开启时,光阑开启;当发送机向光阑管控开关发送开启指令但机械电子锁关闭时,光阑不会开启。Further, the diaphragm is opened: when the transmitter sends an opening command to the diaphragm control switch and the mechanical and electronic lock is turned on, the diaphragm is opened; when the transmitter sends an opening command to the diaphragm control switch but the mechanical and electronic lock is closed, the diaphragm will not. on.

本发明通过设置受控隔离装置实现内外网之间图像传输的受控物理隔离;通过发送端对受控隔离装置的控制,并且发送机与接收机之间通过对数据进行图像化编码及解码进行数据的单向传输,实现数据只能由第一网络设备向第二网络设备的单向安全传输,得以保证高安全性行业内网信息的安全,划定了明确的安全边界,便于管理,可控性更强。本发明解决了物理隔离的两个网络之间数据的传输由人工手动频繁操作而耗时耗力、工作效率低、可靠性低的缺陷,实现了各部件的自动化操作,无需人工干预,节省人力。The invention realizes the controlled physical isolation of image transmission between the internal and external networks by setting the controlled isolation device; the control of the controlled isolation device is performed by the sending end, and the image encoding and decoding of the data are performed between the transmitter and the receiver. The one-way transmission of data realizes the one-way safe transmission of data only from the first network device to the second network device, which ensures the security of intranet information in the high-security industry, and defines a clear security boundary, which is easy to manage and can be More control. The invention solves the defects of time-consuming and labor-intensive, low work efficiency and low reliability due to frequent manual operation of data transmission between two physically isolated networks, realizes the automatic operation of each component, does not require manual intervention, and saves manpower .

应当理解,发明内容部分中所描述的内容并非旨在限定本发明的实施例的关键或重要特征,亦非用于限制本发明的范围。本发明的其它特征将通过以下的描述变得容易理解。It should be understood that the matters described in this Summary are not intended to limit key or critical features of the embodiments of the invention, nor are they intended to limit the scope of the invention. Other features of the present invention will become apparent from the following description.

附图说明Description of drawings

结合附图并参考以下详细说明,本发明各实施例的上述和其他特征、优点及方面将变得更加明显。在附图中,相同或相似的附图标记表示相同或相似的元素,其中:The above and other features, advantages and aspects of various embodiments of the present invention will become more apparent when taken in conjunction with the accompanying drawings and with reference to the following detailed description. In the drawings, the same or similar reference numbers refer to the same or similar elements, wherein:

图1示出了本发明的图像传输物理隔离数据单向传输系统的连接示意图;Fig. 1 shows the connection schematic diagram of the image transmission physical isolation data one-way transmission system of the present invention;

图2示出了本发明的图像传输物理隔离数据单向传输方法的流程图;Fig. 2 shows the flow chart of the image transmission physical isolation data one-way transmission method of the present invention;

其中,图1至图2中的附图标记与部件名称之间的对应关系为:Wherein, the corresponding relationship between the reference numerals and component names in Fig. 1 to Fig. 2 is:

100发送端,110发送机,120编码设备,130LED屏模组,200接收端,210高速光电摄像设备,220解码设备,230接收机,300受控隔离装置,310光阑,320隔离板,330光阑控制器,340光阑管控开关,350 机械电子锁。100 transmitter, 110 transmitter, 120 encoding equipment, 130 LED screen module, 200 receiver, 210 high-speed photoelectric camera equipment, 220 decoding equipment, 230 receiver, 300 controlled isolation device, 310 diaphragm, 320 isolation plate, 330 Aperture controller, 340 aperture control switch, 350 mechanical electronic lock.

具体实施方式Detailed ways

为使本发明实施例的目的、技术方案和优点更加清楚,下面将结合本发明实施例中的附图,对本发明实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例是本发明一部分实施例,而不是全部的实施例。基于本发明中的实施例,本领域普通技术人员在没有作出创造性劳动前提下所获得的全部其他实施例,都属于本发明保护的范围。In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments These are some embodiments of the present invention, but not all embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

另外,本文中术语“和/或”,仅仅是一种描述关联对象的关联关系,表示可以存在三种关系,例如,A和/或B,可以表示:单独存在A,同时存在 A和B,单独存在B这三种情况。另外,本文中字符“/”,一般表示前后关联对象是一种“或”的关系。In addition, the term "and/or" in this article is only an association relationship to describe the associated objects, indicating that there can be three kinds of relationships, for example, A and/or B, it can mean that A exists alone, A and B exist at the same time, There are three cases of B alone. In addition, the character "/" in this document generally indicates that the related objects are an "or" relationship.

下面参照图1描述本实施例的第一方面,提供一种图像传输物理隔离数据单向传输系统,包括:发送端100、接收端200、受控隔离装置300;The first aspect of this embodiment is described below with reference to FIG. 1 , providing a one-way transmission system for image transmission physical isolation data, including: a sending end 100, a receiving end 200, and a controlled isolation device 300;

发送端100连接第一网络设备,例如内网;接收端200连接第二网络设备,例如外网;按照数据传输方向,第一网络设备所发送的数据依次通过发送端100、受控隔离装置300和接收端200,最终由第二网络设备接收;The sending end 100 is connected to a first network device, such as an intranet; the receiving end 200 is connected to a second network device, such as an external network; according to the data transmission direction, the data sent by the first network device passes through the sending end 100 and the controlled isolation device 300 in sequence. and the receiving end 200, finally received by the second network device;

发送端100具有LED屏模组130;发送端100用于接收第一网络设备发送的数据,进行图像化编码得到图像,LED屏模组130显示图像;所述 LED屏模组130通过LED灯的亮灭,代表二进制数据,形成所述图像;The sending end 100 has an LED screen module 130; the sending end 100 is used to receive the data sent by the first network device, perform image coding to obtain an image, and the LED screen module 130 displays the image; the LED screen module 130 passes through the LED lights. On and off, representing binary data, forming the image;

接收端200用于获取图像,进行解码得到解码数据,发送解码数据至第二网络设备;The receiving end 200 is used for acquiring the image, decoding to obtain the decoded data, and sending the decoded data to the second network device;

受控隔离装置300设置在发送端100与接收端200的传输路径上;受控隔离装置300设有可开合的光阑310,用于物理阻隔发送端100与接收端200之间的未经审核的数据传输;发送端100控制所述光阑310的开启和关闭。此设计提高了第一网络设备向第二网络设备单向数据传输的安全性。The controlled isolation device 300 is arranged on the transmission path between the transmitting end 100 and the receiving end 200; Audited data transmission; the sending end 100 controls the opening and closing of the diaphragm 310 . This design improves the security of one-way data transmission from the first network device to the second network device.

在上述实施例中,发送端100还设置有发送机110和编码设备120;其中,In the above-mentioned embodiment, the transmitter 100 is further provided with a transmitter 110 and an encoding device 120; wherein,

发送机110用于接收数据,发送至编码设备120,同时发送开启指令或关闭指令控制光阑310的开启或关闭;The transmitter 110 is used for receiving data, sending it to the encoding device 120, and simultaneously sending an opening command or a closing command to control the opening or closing of the aperture 310;

编码设备130用于接收数据进行图像化编码形成图像;The encoding device 130 is used for receiving data and performing image encoding to form an image;

此处图像可以是二维码、条形码、各种数字组合等其他任何形式的有数据识别功能的图像。LED屏模组为屏幕显示模组,也可以为液晶屏等可显示图像的显示屏。The image here can be any form of image with data recognition function, such as two-dimensional code, barcode, various combination of numbers, etc. The LED screen module is a screen display module, and can also be a display screen that can display images such as a liquid crystal screen.

在上述实施例中,接收端200设置有摄像设备210、解码设备220和接收机230;其中,In the above embodiment, the receiving end 200 is provided with a camera device 210, a decoding device 220 and a receiver 230; wherein,

摄像设备210用于获取图像,可以采用高速光电摄像设备;The imaging device 210 is used to acquire images, and a high-speed photoelectric imaging device can be used;

解码设备220用于对图像进行解码得到解码数据;The decoding device 220 is used for decoding the image to obtain decoded data;

接收机230用于发送解码数据至第二网络设备。因为数据传输是接收端200通过获取图像并解码来实现传输,所以可以保证数据的完全单向传输。The receiver 230 is used to send the decoded data to the second network device. Because the data transmission is realized by the receiving end 200 by acquiring and decoding the image, the complete one-way transmission of the data can be guaranteed.

在上述实施例中,受控隔离装置300还设置光阑控制器330、光阑管控开关340和机械电子锁350;其中,In the above embodiment, the controlled isolation device 300 is further provided with an aperture controller 330, an aperture control switch 340 and a mechanical and electronic lock 350; wherein,

光阑控制器330用于控制光阑310的开启和关闭;The diaphragm controller 330 is used to control the opening and closing of the diaphragm 310;

光阑管控开关340用于接收开启指令或关闭指令控制光阑控制器330 对光阑310的开启和关闭;The diaphragm control switch 340 is used for receiving an opening command or a closing command to control the opening and closing of the diaphragm 310 by the diaphragm controller 330;

机械电子锁350的开启和关闭控制单向传输系统的启动和结束;人为控制机械电子锁350的开启和关闭。The opening and closing of the mechanical electronic lock 350 controls the starting and ending of the one-way transmission system; the opening and closing of the mechanical electronic lock 350 is controlled manually.

在上述实施例中,机械电子锁350采用人为控制,如管理员等人员来实现。机械电子锁的设置,从主观上保证了数据的传输,可以在传输过程中随时中断,增加了数据传输的安全性和灵活性。In the above-mentioned embodiment, the mechanical electronic lock 350 is realized by human control, such as an administrator. The setting of the mechanical electronic lock subjectively ensures the transmission of data, which can be interrupted at any time during the transmission process, which increases the security and flexibility of data transmission.

在上述实施例中,受控隔离装置300包括的光阑310和隔离板320,可在无任务时,阻断发送端100和接收端200之间的传输通道,进行物理隔离。In the above embodiment, the diaphragm 310 and the isolation plate 320 included in the controlled isolation device 300 can block the transmission channel between the transmitting end 100 and the receiving end 200 to perform physical isolation when there is no task.

受控隔离装置300设置隔离板320用于隔离发送端100和接收端200,隔离板320对应发送机110和接收机230之间的传输路径设置有圆孔,光阑 310设置在隔离板320对应圆孔的发送端100一侧,使得光阑310打开时,发送机110向接收机230发送数据;在常态时,光阑310关闭,圆孔被光阑310 遮蔽,发送机110与接收机230处于物理隔离状态。The controlled isolation device 300 is provided with an isolation plate 320 for isolating the transmitting end 100 and the receiving end 200. The isolating plate 320 is provided with a circular hole corresponding to the transmission path between the transmitter 110 and the receiver 230, and the diaphragm 310 is disposed corresponding to the isolating plate 320. The circular hole is on the sending end 100 side, so that when the diaphragm 310 is open, the transmitter 110 sends data to the receiver 230; in normal state, the diaphragm 310 is closed, the circular hole is shielded by the diaphragm 310, the transmitter 110 and the receiver 230 in physical isolation.

在上述实施例中,当数据传输时,只有满足发送机110向光阑管控开关340发送开启指令且机械电子锁350开启时,光阑310开启;当发送机 110向光阑管控开关340发送开启指令但机械电子锁350关闭时,光阑310 不会开启。In the above embodiment, during data transmission, the diaphragm 310 is opened only when the transmitter 110 sends an opening command to the diaphragm control switch 340 and the mechanical electronic lock 350 is open; when the transmitter 110 sends the diaphragm control switch 340 to open Aperture 310 will not open when commanded but mechatronic lock 350 is closed.

在上述实施例中,当数据传输完毕,光阑310关闭:发送机110向光阑管控开关340发送关闭指令或机械电子锁350关闭时,光阑310关闭。In the above embodiment, when the data transmission is completed, the diaphragm 310 is closed: when the transmitter 110 sends a closing command to the diaphragm control switch 340 or the mechanical electronic lock 350 is closed, the diaphragm 310 is closed.

在上述实施例中,在数据传输前,人为控制机械电子锁350开启,启动单向传输系统;在数据传输完毕后,人为控制机械电子锁350关闭,结束单向传输系统。在上述实施例中,当数据传输前,第一网络设备需要先向发送端100发送数据传输申请,当第一网络设备接收到发送端100反馈的接受申请的反馈信息后,才会进行数据的传输,发送至发送端。本实施例中,通过设置受控隔离装置300,实现内外网之间基于显示屏图像传输的受控物理隔离,进一步提高数据传输的安全性。常态时,光阑310关闭,发送机110与接收机230处于物理隔离状态;数据传输状态时,发送机110 通过光阑控制器330控制光阑310开启,开始数据传输,数据传输完毕后,发送机110通过光阑控制器330控制光阑310关闭,处于常态。所以,本系统的内外网之间在无审核通过的任务时处于物理隔离状态,提高了数据单向传输的安全性。光阑控制器330对光阑310的控制实现了光阑310的自动开关,节省人力。In the above embodiment, before data transmission, the mechanical electronic lock 350 is manually controlled to open to start the one-way transmission system; after the data transmission is completed, the mechanical and electronic lock 350 is manually controlled to close to end the one-way transmission system. In the above-mentioned embodiment, before data transmission, the first network device needs to send a data transmission application to the sending end 100, and the first network device will not perform data transmission until the first network device receives the feedback information of accepting the application fed back by the sending end 100. transmission, sent to the sender. In this embodiment, by setting the controlled isolation device 300, the controlled physical isolation between the internal and external networks based on the display screen image transmission is realized, and the security of data transmission is further improved. In the normal state, the diaphragm 310 is closed, and the transmitter 110 and the receiver 230 are in a state of physical isolation; in the data transmission state, the transmitter 110 controls the diaphragm 310 to open through the diaphragm controller 330 to start data transmission. The camera 110 controls the diaphragm 310 to close through the diaphragm controller 330 and is in a normal state. Therefore, the internal and external networks of the system are in a state of physical isolation when there are no audited tasks, which improves the security of one-way data transmission. The control of the diaphragm 310 by the diaphragm controller 330 realizes the automatic switching of the diaphragm 310 and saves manpower.

本实施例中,基于显示屏图像传输的物理隔离数据单向传输系统中,划定了明确的安全边界,便于管理,可控性更强,单向传输的通讯方式更为可靠、安全。In this embodiment, in the one-way transmission system of physical isolation data based on display screen image transmission, a clear security boundary is delineated, which is convenient for management, has stronger controllability, and the communication method of one-way transmission is more reliable and secure.

下面参照图2描述本实施例的第二方面,提供一种图像传输物理隔离数据单向传输方法,采用上述的单向传输系统,包括如下步骤:The second aspect of this embodiment is described below with reference to FIG. 2 , and a method for unidirectional transmission of image transmission physical isolation data is provided, using the above-mentioned unidirectional transmission system, including the following steps:

S1,人为开启机械电子锁350;第一网络设备发送数据传输申请至发送机110,发送机110接受申请并向第一网络设备反馈接受申请的反馈信息后,第一网络设备将数据发送至发送机110。S1, the mechanical electronic lock 350 is manually opened; the first network device sends a data transmission application to the transmitter 110, and after the transmitter 110 accepts the application and feeds back the feedback information of accepting the application to the first network device, the first network device sends the data to the sender 110. machine 110.

S2,编码设备120对发送机110接收到的数据进行图像编码并通过LED 屏130显示。S2 , the encoding device 120 performs image encoding on the data received by the transmitter 110 and displays it on the LED screen 130 .

S3,发送机110向光阑控制器330发送光阑310开启指令,光阑310 开启。S3, the transmitter 110 sends an opening instruction of the aperture 310 to the aperture controller 330, and the aperture 310 is opened.

在本实施例中,只有同时满足发送机110向光阑控制器330发送开启指令且机械电子锁350开启两个条件的情况下,光阑310才能够被开启,两个条件中的任一条件不满足光阑310都不会开启。In this embodiment, the diaphragm 310 can be opened only when the transmitter 110 sends the opening command to the diaphragm controller 330 and the mechanical electronic lock 350 is opened at the same time, the diaphragm 310 can be opened, either of the two conditions The diaphragm 310 will not be opened unless it is satisfied.

S4,光阑310开启后,接收端200的解码设备220通过高速光电摄像设备210获取LED屏130显示的图像并对其解码。S4 , after the diaphragm 310 is opened, the decoding device 220 of the receiving end 200 acquires and decodes the image displayed by the LED screen 130 through the high-speed photoelectric camera device 210 .

S5,接收机230接收到解码后的数据后向第二网络设备转发;数据传输完毕后,人为关闭机械电子锁。S5, the receiver 230 forwards the decoded data to the second network device after receiving the decoded data; after the data transmission is completed, the mechanical and electronic lock is manually turned off.

在本实施例中,通过在隔离板320上设置光阑310:常态时,光阑310 关闭,发送机110与接收机230处于物理隔离状态;数据传输状态时,发送机110通过光阑控制器330控制光阑310开启,开始数据传输;数据传输完毕后,发送机110通过光阑控制器330控制光阑310关闭,处于常态。In this embodiment, the diaphragm 310 is arranged on the isolation plate 320: in the normal state, the diaphragm 310 is closed, and the transmitter 110 and the receiver 230 are in a state of physical isolation; in the data transmission state, the transmitter 110 passes through the diaphragm controller. 330 controls the aperture 310 to open, and starts data transmission; after the data transmission is completed, the transmitter 110 controls the aperture 310 to close through the aperture controller 330 and is in a normal state.

在本实施例中,光阑控制器330对光阑310的控制实现了光阑310的自动开关。In this embodiment, the control of the diaphragm 310 by the diaphragm controller 330 realizes the automatic switching of the diaphragm 310 .

通过本实施例的基于显示屏图像传输的物理隔离数据单向传输方法,实现了在无申请审核通过的任务时内外网的物理隔离,保证高安全性行业内网信息传输的安全。各部件的逻辑控制解决了物理隔离的两个网络之间数据的传输是人工手动操作而耗时耗力、效率低、需要人员频繁操作可靠性低的缺陷。Through the one-way transmission method of physical isolation data based on display screen image transmission in this embodiment, the physical isolation of internal and external networks is realized when there is no task to apply for approval, and the security of information transmission in high-security industry intranets is ensured. The logical control of each component solves the problem that data transmission between the two physically isolated networks is manual operation, which is time-consuming, labor-intensive, low in efficiency, and requires frequent operations by personnel and low reliability.

本发明通过设置受控隔离装置实现内外网之间图像传输的受控物理隔离;通过发送端对受控隔离装置的控制,并且发送机与接收机之间通过对数据进行图像化编码及解码进行数据的单向传输,实现数据只能由第一网络设备向第二网络设备的单向安全传输,得以保证高安全性行业内网信息的安全,划定了明确的安全边界,便于管理,可控性更强。本发明解决了物理隔离的两个网络之间数据的传输由人工手动频繁操作而耗时耗力、工作效率低、可靠性低的缺陷,实现了各部件的自动化操作,无需人工干预,节省人力。The invention realizes the controlled physical isolation of image transmission between the internal and external networks by setting the controlled isolation device; the control of the controlled isolation device is performed by the sending end, and the image encoding and decoding of the data are performed between the transmitter and the receiver. The one-way transmission of data realizes the one-way safe transmission of data only from the first network device to the second network device, which ensures the security of intranet information in the high-security industry, and defines a clear security boundary, which is easy to manage and can be More control. The invention solves the defects of time-consuming and labor-intensive, low work efficiency and low reliability due to frequent manual operation of data transmission between two physically isolated networks, realizes the automatic operation of each component, does not require manual intervention, and saves manpower .

需要说明的是,对于前述的各方法实施例,为了简单描述,故将其都表述为一系列的动作组合,但是本领域技术人员应该知悉,本发明并不受所描述的动作顺序的限制,因为依据本发明,某些步骤可以采用其他顺序或者同时进行。其次,本领域技术人员也应该知悉,说明书中所描述的实施例均属于可选实施例,所涉及的动作和模块并不一定是本发明所必须的。It should be noted that, for the sake of simple description, the foregoing method embodiments are all expressed as a series of action combinations, but those skilled in the art should know that the present invention is not limited by the described action sequence. As in accordance with the present invention, certain steps may be performed in other orders or simultaneously. Secondly, those skilled in the art should also know that the embodiments described in the specification are all optional embodiments, and the actions and modules involved are not necessarily required by the present invention.

在本说明书的描述中,术语“一个实施例”、“一些实施例”等的描述意指结合该实施例或示例描述的具体特征、结构、材料或特点包含于本申请的至少一个实施例或示例中。在本说明书中,对上述术语的示意性表述不一定指的是相同的实施例或实例。而且,描述的具体特征、结构、材料或特点可以在任何的一个或多个实施例或示例中以合适的方式结合。In the description of this specification, the description of the terms "one embodiment", "some embodiments", etc. means that a particular feature, structure, material or characteristic described in connection with the embodiment or example is included in at least one embodiment or example. In this specification, schematic representations of the above terms do not necessarily refer to the same embodiment or instance. Furthermore, the particular features, structures, materials or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.

以上仅为本申请的优选实施例而已,并不用于限制本申请,对于本领域的技术人员来说,本申请可以有各种更改和变化。凡在本申请的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本申请的保护范围之内。The above are only preferred embodiments of the present application, and are not intended to limit the present application. For those skilled in the art, the present application may have various modifications and changes. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of this application shall be included within the protection scope of this application.

Claims (10)

1. An image transmission physical isolation data unidirectional transmission system, characterized by comprising: a sending end, a receiving end and a controlled isolation device; wherein,
the transmitting end is provided with an LED screen module; the sending end is used for receiving data sent by first network equipment, carrying out imaging coding to obtain an image, and the LED screen module displays the image; the LED screen module represents binary data through the on and off of the LED lamps to form the image;
the receiving end is used for acquiring the image, decoding the image to obtain decoded data and sending the decoded data to second network equipment;
the controlled isolation device is arranged on a transmission path between the sending end and the receiving end; the controlled isolating device is provided with a diaphragm which can be opened and closed; and the transmitting end controls the opening and closing of the diaphragm.
2. The unidirectional transmission system of claim 1, wherein the transmitting end is further provided with a transmitter and an encoding device; wherein,
the transmitter is used for receiving the data, transmitting the data to the coding equipment, and simultaneously transmitting an opening instruction or a closing instruction to control the opening or closing of the diaphragm;
the coding device is used for receiving the data to carry out imaging coding to form the image.
3. The unidirectional transmission system of claim 1, wherein the receiving end is provided with an image pickup device, a decoding device, and a receiver; wherein,
the camera equipment is used for acquiring the image;
the decoding device is used for decoding the image to obtain decoded data;
the receiver is configured to send the decoded data to a second network device.
4. A one-way transmission system according to claim 2, wherein the controlled isolation device is further provided with a diaphragm controller, a diaphragm control switch and a mechatronic lock; wherein,
the diaphragm controller is used for controlling the opening and closing of the diaphragm;
the diaphragm control switch is used for receiving the opening instruction or the closing instruction to control the diaphragm controller to open and close the diaphragm;
the opening and closing of the mechanical electronic lock controls the starting and the ending of the one-way transmission system; and manually controlling the opening and closing of the mechanical electronic lock.
5. A one-way transmission system according to claim 4, wherein when said data is transmitted, said diaphragm is opened: the transmitter transmits the opening instruction to the diaphragm control switch, and when the mechanical electronic lock is opened, the diaphragm is opened; when the transmitter sends an opening instruction to the diaphragm control switch but the mechanical electronic lock is closed, the diaphragm cannot be opened.
6. A one-way transmission system according to claim 4, wherein when said data transmission is completed, said diaphragm is closed: and when the transmitter sends the closing instruction to the diaphragm control switch or the mechanical electronic lock is closed, the diaphragm is closed.
7. A unidirectional transmission method for image transmission physical isolation data, which is characterized in that the unidirectional transmission system of claims 1-6 is adopted, and comprises the following steps:
the method comprises the steps that a sending end receives data sent by first network equipment, and after the data are received, an opening instruction is sent to a diaphragm controller to control opening of a diaphragm; the sending end carries out imaging coding on the data to form an image and displays the image;
the receiving end acquires the image, decodes the image to obtain decoded data and then sends the decoded data to the second network equipment;
after the receiving end acquires the image, the sending end sends a closing instruction to the diaphragm controller to control the closing diaphragm to cut off a transmission channel between the sending end and the receiving end.
8. The method of claim 7, wherein before data transmission, the one-way transmission system is started by manually controlling the mechanical electronic lock to be unlocked; and after the data transmission is finished, manually controlling the mechanical electronic lock to be closed, and finishing the one-way transmission system.
9. The method according to claim 7, wherein the first network device sends a data transmission application to the sending end, and sends the data to the sending end after receiving feedback information of receiving the application, which is fed back by the sending end.
10. The method of claim 7, wherein the diaphragm is open: the transmitter transmits the opening instruction to the diaphragm control switch, and when the mechanical electronic lock is opened, the diaphragm is opened; when the transmitter transmits the opening instruction to the diaphragm control switch but the mechanical electronic lock is closed, the diaphragm is not opened.
CN202111170777.9A 2021-10-08 2021-10-08 One-way transmission system and method for image transmission physical isolation data Pending CN114006732A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111170777.9A CN114006732A (en) 2021-10-08 2021-10-08 One-way transmission system and method for image transmission physical isolation data

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202111170777.9A CN114006732A (en) 2021-10-08 2021-10-08 One-way transmission system and method for image transmission physical isolation data

Publications (1)

Publication Number Publication Date
CN114006732A true CN114006732A (en) 2022-02-01

Family

ID=79922501

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202111170777.9A Pending CN114006732A (en) 2021-10-08 2021-10-08 One-way transmission system and method for image transmission physical isolation data

Country Status (1)

Country Link
CN (1) CN114006732A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119696682A (en) * 2024-11-11 2025-03-25 南方电网数字电网科技(广东)有限公司 A timing protection isolation system, method, device and storage medium

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150062413A1 (en) * 2013-08-30 2015-03-05 Sony Corporation Light emission control unit, light emission control method, and image pickup unit
CN109286437A (en) * 2018-10-25 2019-01-29 北京轩宇信息技术有限公司 A kind of controllable light transmitting device and method based on optoisolator
CN111049823A (en) * 2019-12-10 2020-04-21 浩云科技股份有限公司 Physical isolation transmission equipment and method based on two-dimension code
CN112468496A (en) * 2020-11-26 2021-03-09 中铁信安(北京)信息安全技术有限公司 Double physical isolation data one-way transmission system and method

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20150062413A1 (en) * 2013-08-30 2015-03-05 Sony Corporation Light emission control unit, light emission control method, and image pickup unit
CN109286437A (en) * 2018-10-25 2019-01-29 北京轩宇信息技术有限公司 A kind of controllable light transmitting device and method based on optoisolator
CN111049823A (en) * 2019-12-10 2020-04-21 浩云科技股份有限公司 Physical isolation transmission equipment and method based on two-dimension code
CN112468496A (en) * 2020-11-26 2021-03-09 中铁信安(北京)信息安全技术有限公司 Double physical isolation data one-way transmission system and method

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN119696682A (en) * 2024-11-11 2025-03-25 南方电网数字电网科技(广东)有限公司 A timing protection isolation system, method, device and storage medium

Similar Documents

Publication Publication Date Title
CN109873834B (en) Enterprise-level cloud mobile application integrated platform and system based on cloud computing
CN113542240B (en) Mechanical NOT gate physical isolation data unidirectional transmission system and method
CN101754221A (en) Data transmission method between heterogeneous systems and data transmission system
US7689984B2 (en) Client-server data execution flow
CN114006732A (en) One-way transmission system and method for image transmission physical isolation data
US20080204220A1 (en) Power over data cable system and method
CN112468496B (en) Double physical isolation data one-way transmission system and method
CN108182121A (en) In a kind of Android control large-size screen monitors system module between communication means and system
RU2684574C1 (en) System, method and device to change association of interconnection feedback between mcptt user and mcptt group
US6952731B2 (en) Remote control of a device over the internet
WO2009074722A2 (en) Communication of configuration management notifications in a packet-switched network
CN106530465B (en) Low power-consumption intelligent door lock complete machine and its implementation
CN101043519A (en) Network storage system
CN107948208A (en) A kind of method and device of network application layer transparent encryption
Deng et al. 2.38 Kbits/frame WDM transmission over a CVLC system with sampling reconstruction for SFO mitigation
WO2023001082A1 (en) Network configuration method and apparatus
US7788704B2 (en) Method and system for secure connection of peripheral device to processing device
CN111585653A (en) Double-unidirectional isolation exchange method based on optical fiber communication
CN215495024U (en) One-way transmission system for physical isolation data of mechanical NOT gate
CN103618753B (en) Trans-secret-region data exchange method based on one-way transmission equipment
CN113328896B (en) Configuration method of network equipment and related device
CN101751594A (en) Method and device for controlling intelligent card and extra-card equipment
CN114157466A (en) System and method for realizing safe cross-network access under network partition
KR101011987B1 (en) How to set up firewall security using JSOS & RPC for Linux server system
Gouin et al. Real-time optical transponder prototype with autonegotiation protocol for software defined networks

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20220201

RJ01 Rejection of invention patent application after publication