[go: up one dir, main page]

CN110830760A - A secure network data interaction system and method - Google Patents

A secure network data interaction system and method Download PDF

Info

Publication number
CN110830760A
CN110830760A CN201810911054.1A CN201810911054A CN110830760A CN 110830760 A CN110830760 A CN 110830760A CN 201810911054 A CN201810911054 A CN 201810911054A CN 110830760 A CN110830760 A CN 110830760A
Authority
CN
China
Prior art keywords
control instruction
image data
subnet
instruction
client
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN201810911054.1A
Other languages
Chinese (zh)
Other versions
CN110830760B (en
Inventor
谭登峰
其他发明人请求不公开姓名
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Zen Ai Technology Co ltd
Original Assignee
Beijing Zen-Ai Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Zen-Ai Technology Co Ltd filed Critical Beijing Zen-Ai Technology Co Ltd
Priority to CN201810911054.1A priority Critical patent/CN110830760B/en
Publication of CN110830760A publication Critical patent/CN110830760A/en
Application granted granted Critical
Publication of CN110830760B publication Critical patent/CN110830760B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N7/00Television systems
    • H04N7/18Closed-circuit television [CCTV] systems, i.e. systems in which the video signal is not broadcast
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/20Servers specifically adapted for the distribution of content, e.g. VOD servers; Operations thereof
    • H04N21/23Processing of content or additional data; Elementary server operations; Server middleware
    • H04N21/234Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs
    • H04N21/2343Processing of video elementary streams, e.g. splicing of video streams or manipulating encoded video stream scene graphs involving reformatting operations of video signals for distribution or compliance with end-user requests or end-user device requirements
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04NPICTORIAL COMMUNICATION, e.g. TELEVISION
    • H04N21/00Selective content distribution, e.g. interactive television or video on demand [VOD]
    • H04N21/40Client devices specifically adapted for the reception of or interaction with content, e.g. set-top-box [STB]; Operations thereof
    • H04N21/43Processing of content or additional data, e.g. demultiplexing additional data from a digital video stream; Elementary client operations, e.g. monitoring of home network or synchronising decoder's clock; Client middleware
    • H04N21/44Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs
    • H04N21/4402Processing of video elementary streams, e.g. splicing a video clip retrieved from local storage with an incoming video stream or rendering scenes according to encoded video stream scene graphs involving reformatting operations of video signals for household redistribution, storage or real-time display

Landscapes

  • Engineering & Computer Science (AREA)
  • Multimedia (AREA)
  • Signal Processing (AREA)
  • Computer And Data Communications (AREA)
  • Small-Scale Networks (AREA)

Abstract

本发明公开了一种安全网络数据交互系统,包括:控制指令输出单元、视频编码器、以及相互数据隔离的至少两个子网;每个所述子网中包括指令接收服务器以及至少一个客户端;所述控制指令输出单元用于输出控制指令;所述视频编码器用于将所述控制指令编码成图像数据;所述图像数据通过单向视频传输线路传输至所述子网的指令接收服务器;所述子网中的指令接收服务器用于接收所述图像数据并将所述图像数据解码成所述控制指令,并传输给控制指令相应的所述客户端。本发明可以实现对多个子网内的客户端的安全交互,整个交互过程不会改变各个子网原有的网络安全性,避免了各子网因接收同一交互终端(或控制指令输出单元)的交互而引起的数据泄露问题。

Figure 201810911054

The invention discloses a secure network data interaction system, comprising: a control instruction output unit, a video encoder, and at least two sub-networks isolated from each other in data; each of the sub-networks includes an instruction receiving server and at least one client; The control instruction output unit is used for outputting control instructions; the video encoder is used for encoding the control instructions into image data; the image data is transmitted to the instruction receiving server of the subnet through a one-way video transmission line; The instruction receiving server in the subnet is configured to receive the image data, decode the image data into the control instruction, and transmit it to the client corresponding to the control instruction. The present invention can realize the secure interaction of clients in multiple subnets, the entire interaction process will not change the original network security of each subnet, and avoid the interaction of each subnet due to receiving the same interactive terminal (or control instruction output unit). resulting in data leakage.

Figure 201810911054

Description

一种安全网络数据交互系统及方法A secure network data interaction system and method

技术领域technical field

本发明实施例涉及信息传输技术领域,尤其涉及一种使安全网络数据交互系统及方法。Embodiments of the present invention relate to the technical field of information transmission, and in particular, to a system and method for enabling secure network data interaction.

背景技术Background technique

目前,政府、军队等复杂的指挥中心交互系统需要搭建多个子网并对这些子网通过统一的指令管理系统进行数据交互。因安全性方面的需要,很多子网之间需要进行网络环境隔离,现有大部分交互技术无法通过统一的交互终端对不同子网内的计算机进行交互,即使有一些可以解决这种交互控制问题,但也是以将这些子网和交互终端统一暴露于同一网络环境下,以牺牲安全性为代价实现的。At present, complex command center interaction systems such as the government and the military need to build multiple subnets and conduct data exchange through a unified command management system for these subnets. Due to the needs of security, many subnets need to be isolated from the network environment. Most of the existing interactive technologies cannot interact with computers in different subnets through a unified interactive terminal, even if some can solve this interactive control problem. , but it is also achieved by exposing these subnets and interactive terminals to the same network environment at the expense of security.

为了搭建安全的网络环境,有些技术尝试使用单向传输线进行指令和信息传输。但是,如果使用串口线传输指令和信息,虽然有其传输实时性高的特点,但在处理大量数据的时候串口线的传输速度无法满足传输速度的要求。In order to build a secure network environment, some technologies try to use unidirectional transmission lines for command and information transmission. However, if the serial line is used to transmit instructions and information, although it has the characteristics of high real-time transmission, the transmission speed of the serial line cannot meet the requirements of the transmission speed when processing a large amount of data.

发明内容SUMMARY OF THE INVENTION

为了解决上述问题,本发明第一方面提供一种安全网络数据交互系统,包括:In order to solve the above problems, a first aspect of the present invention provides a secure network data interaction system, including:

控制指令输出单元、视频编码器、以及相互数据隔离的至少两个子网;每个所述子网中包括指令接收服务器以及至少一个客户端;a control instruction output unit, a video encoder, and at least two sub-networks that are data-isolated from each other; each of the sub-networks includes an instruction receiving server and at least one client;

所述控制指令输出单元用于输出控制指令;The control instruction output unit is used for outputting control instructions;

所述视频编码器用于将所述控制指令编码成图像数据;The video encoder is used for encoding the control instruction into image data;

所述图像数据通过单向视频传输线路传输至各子网的指令接收服务器;The image data is transmitted to the instruction receiving server of each subnet through the one-way video transmission line;

所述子网中的指令接收服务器用于接收所述图像数据并将所述图像数据解码成所述控制指令,并传输给控制指令相应的所述客户端。The instruction receiving server in the subnet is configured to receive the image data, decode the image data into the control instruction, and transmit it to the client corresponding to the control instruction.

根据本发明的一些实施例,所述单向视频传输线路包括显卡、分线器;According to some embodiments of the present invention, the one-way video transmission line includes a graphics card and a splitter;

所述视频编码器、所述显卡与所述分线器依次通过视频数据线连接;The video encoder, the graphics card and the splitter are sequentially connected through a video data line;

所述分线器用于将所述视频数据线分成至少两条。The splitter is used for dividing the video data lines into at least two.

根据本发明的一些实施例,所述单向视频传输线路包括至少两个显卡;According to some embodiments of the present invention, the one-way video transmission line includes at least two graphics cards;

所述视频编码器、所述显卡通过视频数据线连接。The video encoder and the graphics card are connected through a video data line.

根据本发明的一些实施例,所述指令接收服务器进一步包括视频采集卡、视频解码器;According to some embodiments of the present invention, the instruction receiving server further includes a video capture card and a video decoder;

所述视频采集卡用于接收所述图像数据并传输给所述视频解码器。The video capture card is used for receiving the image data and transmitting it to the video decoder.

根据本发明的一些实施例,所述各子网中的指令接收服务器用于仅解码所述图像数据中的被预先分配给该子网中的指令接收服务器的相应区域部分的图像数据。According to some embodiments of the present invention, the instruction receiving server in each sub-network is configured to decode only the image data of the image data that is pre-assigned to the corresponding region portion of the instruction receiving server in the sub-network.

根据本发明的一些实施例,所述控制指令包括客户端的标识;According to some embodiments of the present invention, the control instruction includes an identifier of the client;

所述各子网中的指令接收服务器用于解码所述图像数据的全部数据,并根据所述控制指令中的客户端的标识将所述控制指令发送给相应的客户端。The instruction receiving server in each sub-network is used to decode all the data of the image data, and send the control instruction to the corresponding client according to the identification of the client in the control instruction.

根据本发明的一些实施例,所述控制指令包含子网标识和客户端标识;所述子网中的指令接收服务器用于接收所述图像数据并将所述图像数据解码成所述控制指令,根据控制指令中的子网标识判断是否属于本子网内的控制指令;如果属于本子网内的控制指令,则根据控制指令中的客户端标识将控制指令发送给相应的客户端。According to some embodiments of the present invention, the control instruction includes a subnet identification and a client identification; an instruction receiving server in the subnet is configured to receive the image data and decode the image data into the control instruction, According to the subnet identifier in the control instruction, it is judged whether it belongs to the control instruction in this subnet; if it belongs to the control instruction in this subnet, the control instruction is sent to the corresponding client according to the client identifier in the control instruction.

根据本发明的一些实施例,所述控制指令输出单元为触控屏幕;所述客户端用于根据所述控制指令进行响应。According to some embodiments of the present invention, the control instruction output unit is a touch screen; the client is configured to respond according to the control instruction.

根据本发明的一些实施例,控制指令输出单元、视频编码器、以及至少两个子网;每个所述子网中包括指令接收服务器以及至少一个客户端;According to some embodiments of the present invention, a control instruction output unit, a video encoder, and at least two subnets; each of the subnets includes an instruction receiving server and at least one client;

所述控制指令输出单元用于输出控制指令;The control instruction output unit is used for outputting control instructions;

所述视频编码器用于将所述控制指令编码成图像数据;The video encoder is used for encoding the control instruction into image data;

所述图像数据通过单向视频传输线路传输至各子网的指令接收服务器;The image data is transmitted to the instruction receiving server of each subnet through the one-way video transmission line;

所述子网中的指令接收服务器用于接收所述图像数据并将所述图像数据解码成所述控制指令,并传输给控制指令相应的所述客户端。The instruction receiving server in the subnet is configured to receive the image data, decode the image data into the control instruction, and transmit it to the client corresponding to the control instruction.

本发明第二方面提供一种跨网数据交互设备,其包括:A second aspect of the present invention provides a cross-network data interaction device, which includes:

控制指令输出单元、视频编码器、以及用于每个子网中的指令接收服务器;Control command output unit, video encoder, and command receiving server for each subnet;

所述控制指令输出单元用于输出控制指令;The control instruction output unit is used for outputting control instructions;

所述视频编码器用于将所述控制指令编码成图像数据;The video encoder is used for encoding the control instruction into image data;

所述图像数据通过单向视频传输线路传输至各子网的指令接收服务器;The image data is transmitted to the instruction receiving server of each subnet through the one-way video transmission line;

所述子网中的指令接收服务器用于接收所述图像数据并将所述图像数据解码成所述控制指令,并传输给控制指令相应的所述客户端。The instruction receiving server in the subnet is configured to receive the image data, decode the image data into the control instruction, and transmit it to the client corresponding to the control instruction.

本发明第三方面提供一种安全网络数据交互方法,所述网络包括至少两个相互数据隔离的子网,所述子网包括至少一个客户端,所述方法包括:A third aspect of the present invention provides a secure network data interaction method, the network includes at least two mutually data-isolated subnets, the subnets include at least one client, and the method includes:

输出对所述客户端的控制指令;outputting a control instruction to the client;

将所述控制指令编码成图像数据;encoding the control instructions into image data;

通过单向视频传输线路将所述图像数据传输至所述子网;transmitting the image data to the subnet through a one-way video transmission line;

将所述图像数据解码成所述控制指令,并将其传输给控制指令相应的所述客户端。The image data is decoded into the control command and transmitted to the client corresponding to the control command.

通过本发明的上述实施例,可以实现对多个子网内的客户端的安全交互,整个交互过程不会改变各个子网原有的网络安全性,避免了各子网因接收同一交互终端(或控制指令输出单元)的交互而引起的数据泄露问题。Through the above-mentioned embodiments of the present invention, it is possible to realize secure interaction with clients in multiple subnets, and the entire interaction process will not change the original network security of each subnet, avoiding the need for each subnet to receive the same interactive terminal (or control The data leakage problem caused by the interaction of the instruction output unit).

附图说明Description of drawings

图1为本发明实施例的安全网络数据交互系统的示意图;1 is a schematic diagram of a secure network data interaction system according to an embodiment of the present invention;

图2为本发明实施例的控制指令传输方法的流程示意图;2 is a schematic flowchart of a control command transmission method according to an embodiment of the present invention;

图3为本发明实施例的指令接收服务器中包含的装置结构示意图;3 is a schematic structural diagram of a device included in an instruction receiving server according to an embodiment of the present invention;

图4为本发明一个实施例的单向视频数据线路的装置结构示意图;4 is a schematic structural diagram of an apparatus for a unidirectional video data line according to an embodiment of the present invention;

图5为本发明另一个实施例的单向视频数据线路的装置结构示意图;5 is a schematic structural diagram of a device for a unidirectional video data line according to another embodiment of the present invention;

图6为本发明的一个实施例的一帧图像数据组成示意图;6 is a schematic diagram of the composition of one frame of image data according to an embodiment of the present invention;

图7为图6所示的一个实施例的图像数据中的其中一个子网数据区域组成图;FIG. 7 is a composition diagram of one of the subnet data regions in the image data of an embodiment shown in FIG. 6;

图8为图6所示的另一个实施例的图像数据中的其中一个子网数据区域组成图。FIG. 8 is a composition diagram of one of the sub-network data regions in the image data of another embodiment shown in FIG. 6 .

具体实施方式Detailed ways

下面结合附图和实施例对本发明作进一步的详细说明。可以理解的是,此处所描述的具体实施例仅仅用于解释本发明,而非对本发明的限定。另外还需要说明的是,为了便于描述,附图中仅示出了与本发明相关的部分而非全部结构。The present invention will be further described in detail below in conjunction with the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention. In addition, it should be noted that, for the convenience of description, the drawings only show some but not all structures related to the present invention.

为了使本发明的目的、技术方案和优点更加清楚,下面结合附图对本发明具体实施例作进一步的详细描述。可以理解的是,此处所描述的具体实施例仅仅用于解释本发明,而非对本发明的限定。In order to make the objectives, technical solutions and advantages of the present invention clearer, the specific embodiments of the present invention will be further described in detail below with reference to the accompanying drawings. It should be understood that the specific embodiments described herein are only used to explain the present invention, but not to limit the present invention.

另外还需要说明的是,为了便于描述,附图中仅示出了与本发明相关的部分而非全部内容。在更加详细地讨论示例性实施例之前应当提到的是,一些示例性实施例被描述成作为流程图描绘的处理或方法。虽然流程图将各项操作(或步骤)描述成顺序的处理,但是其中的许多操作可以被并行地、并发地或者同时实施。此外,各项操作的顺序可以被重新安排。当其操作完成时所述处理可以被终止,但是还可以具有未包括在附图中的附加步骤。所述处理可以对应于方法、函数、规程、子例程、子程序等等。In addition, it should be noted that, for the convenience of description, the drawings only show some but not all of the contents related to the present invention. Before discussing the exemplary embodiments in greater detail, it should be mentioned that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart depicts various operations (or steps) as a sequential process, many of the operations may be performed in parallel, concurrently, or concurrently. Additionally, the order of operations can be rearranged. The process may be terminated when its operation is complete, but may also have additional steps not included in the figures. The processes may correspond to methods, functions, procedures, subroutines, subroutines, and the like.

图1是根据本发明一个实施例的用于两个以上或两个以上子网内(如至少两个)的客户端进行交互的系统示意性框图。FIG. 1 is a schematic block diagram of a system for interaction between clients in two or more or more than two subnets (eg, at least two) according to an embodiment of the present invention.

其中包括控制指令输出单元1、视频编码器2、以及相互数据隔离的子网31、32、33,如图中椭圆线框所示。It includes a control instruction output unit 1, a video encoder 2, and sub-networks 31, 32, and 33 that are isolated from each other in data, as shown by the elliptical line frame in the figure.

在每个子网31、32或33中可以各自包含一个或一个以上个客户端,例如子网1中的三个客户端311、312、313;子网2中的三个客户端321、322、323等,以此类推。Each subnet 31, 32 or 33 may contain one or more clients, for example, three clients 311, 312, 313 in subnet 1; three clients 321, 322, 323, etc., and so on.

其中,每个子网31、32、33还包括各自的指令接收服务器,例如子网31中的指令接收服务器310,子网32中的指令接收服务器320等,以此类推;其中,指令接收服务器的数目与子网的数目相同,用于各个子网的控制指令接收。Wherein, each subnet 31, 32, 33 also includes a respective instruction receiving server, for example, the instruction receiving server 310 in the subnet 31, the instruction receiving server 320 in the subnet 32, etc., and so on; The number is the same as the number of subnets and is used for control command reception of each subnet.

其中,每个子网内的客户端通过设置id进行标识,例如子网31中的客户端可以标识为11、12、13,子网32中的客户端可以标识为21、22、23等,以此类推,或者也可以用客户端本身已自带的一些标识来标识该客户端。Among them, the clients in each subnet are identified by setting an id. For example, the clients in the subnet 31 can be identified as 11, 12, and 13, and the clients in the subnet 32 can be identified as 21, 22, and 23. By analogy, the client can also be identified by some identifiers that the client itself has.

其中,为了网络安全的目的,本发明的子网31、32、33之间完全隔离,不允许子网之间的数据访问。Among them, for the purpose of network security, the subnets 31, 32, and 33 of the present invention are completely isolated, and data access between the subnets is not allowed.

其中,控制指令输出单元1用于发出对各子网中客户端的控制指令;Wherein, the control instruction output unit 1 is used to issue control instructions to the clients in each subnet;

其中,视频编码器2用于将控制指令编码为适合视频数据线传输的图像数据,然后通过单向视频传输线路将图像数据传输给各子网1、2、3中的指令接收服务器;控制指令中包括要控制的客户端的ID信息;Among them, the video encoder 2 is used to encode the control instruction into image data suitable for transmission by the video data line, and then transmit the image data to the instruction receiving server in each subnet 1, 2, and 3 through the one-way video transmission line; the control instruction Include the ID information of the client to be controlled;

其中,控制指令可以为但不限于开机指令、关机指令、播放指令、快进指令、暂停指令等。The control instruction may be, but not limited to, a power-on instruction, a power-off instruction, a play instruction, a fast-forward instruction, a pause instruction, and the like.

其中,视频数据线包括但不限于为以下任意一种:音视频数据线(Audio VideoCable,AV线)、S端子线、三色差线、视频图形阵列数据线(Video Graphics Array,VGA)、数字视频界面数据线(Digital Visual Interface,DVI)、高清晰多媒体接口线(HighDefinition Multimedia Interface,HDMI)等。Wherein, the video data lines include but are not limited to any of the following: audio and video data lines (Audio VideoCable, AV lines), S terminal lines, three color difference lines, video graphics array data lines (Video Graphics Array, VGA), digital video Interface data line (Digital Visual Interface, DVI), high-definition multimedia interface line (High Definition Multimedia Interface, HDMI) and so on.

如图2所示为根据本发明的实施例的图像数据编解码方法的示意图。FIG. 2 is a schematic diagram of a method for encoding and decoding image data according to an embodiment of the present invention.

其中,在步骤101,对所述控制指令中包含的内容进行量化处理,将对应的量化值作为第一图像像素值;具体的,首先将控制指令信息转换成一个长字符串,将整个字符串转为相应的二进制位,一个字节对应8个二进制位,总二进制位数为8倍的总字节数,计算出字符串总字节数,这样形成一个二进制序列,将二进制序列中的各二进制数(即0或1)作为第一图像像素值。其中,所述量化可以采用0或1表示各字符,或采用0或255表示各字符。或者,将各字符对应的数值在0-255间做归一化处理,使得各字符对应的量化值为0-255中的任意数值,等等。Wherein, in step 101, quantization processing is performed on the content contained in the control instruction, and the corresponding quantized value is used as the first image pixel value; specifically, the control instruction information is first converted into a long character string, and the entire character string is Convert to the corresponding binary bits, one byte corresponds to 8 binary bits, the total number of binary bits is 8 times the total number of bytes, and the total number of bytes in the string is calculated, thus forming a binary sequence. A binary number (ie 0 or 1) as the first image pixel value. The quantization may use 0 or 1 to represent each character, or use 0 or 255 to represent each character. Alternatively, the numerical value corresponding to each character is normalized between 0 and 255, so that the quantized value corresponding to each character is any numerical value from 0 to 255, and so on.

然后,步骤202,创建一个空白图像(即像素值全为0或1的图像),该空白图像的像素总字节数为大于或等于上述计算出的总字节数,并将上述第一图像的像素值写入到空白图像的相应位置处,得到所述图像数据。Then, in step 202, create a blank image (that is, an image whose pixel values are all 0 or 1), the total number of bytes of pixels in the blank image is greater than or equal to the total number of bytes calculated above, and the above first image The pixel values of , are written into the corresponding positions of the blank image to obtain the image data.

其中,具体的,可使用opencv开源库创建一张空白的图像,然后将上述转换后的二进制序列依次写入空白图像中,一个二进制位占据一个像素值,以连续8个1作为二进制序列结束标记。Specifically, you can use the opencv open source library to create a blank image, and then write the above converted binary sequence into the blank image in turn, one binary bit occupies one pixel value, and 8 consecutive 1s are used as the end marker of the binary sequence .

本实施例考虑了一种容错机制,即在编码时不直接存入0和1,而是如果值为0则存入0,如果值为1则存入255,传输后,即使像素值有轻微的改变,如有些0变成了3或5,有些255变成了245或251等,对接收端收到的图像做二值化,如取二值化阈值为128,如果值小于128,则置为0,如果值大于128,则置为1,如此对传输过程中的损失有了容纳能力,可以完全复原原始信息。This embodiment considers a fault tolerance mechanism, that is, instead of directly storing 0 and 1 during encoding, 0 is stored if the value is 0, and 255 is stored if the value is 1. After transmission, even if the pixel value is slightly changes, such as some 0 become 3 or 5, some 255 become 245 or 251, etc., binarize the image received by the receiving end, such as taking the binarization threshold as 128, if the value is less than 128, then Set to 0, if the value is greater than 128, set to 1, so that the loss in the transmission process can be accommodated, and the original information can be completely restored.

然后,在步骤103,采用视频数据线对图像数据进行传输。Then, in step 103, the video data lines are used to transmit the image data.

相应地,本发明的实施例提供了一种图形数据解码方法。在接收所述控制指令的设备收到图像数据后,例如图1中的指令接收服务器,其可以采用与发送设备对应一致的编码方式对图像数据进行解码得到对应的信息,对图像数据从头开始遍历像素值,每获取到8个值解析为一个字节,存入字节数组中,遇到结束标志连续8个1,说明已经获取到所有的被编码方式,停止遍历,将字节数组转为字符串,即完成了整个编码->传输->解码过程。Accordingly, embodiments of the present invention provide a graphics data decoding method. After the device receiving the control command receives the image data, such as the command receiving server in FIG. 1, it can decode the image data in a coding method consistent with that of the sending device to obtain the corresponding information, and traverse the image data from the beginning. For pixel values, every 8 values obtained are parsed into one byte and stored in the byte array. When the end flag is encountered with 8 consecutive 1s, it means that all the encoded methods have been obtained, stop traversing, and convert the byte array to String, that is, the entire encoding->transmission->decoding process is completed.

其中,所述的单向视频传输线路可以通过设置图像适配器(例如显卡)进行视频数据线的传输,在指令接收服务器端,例如接收服务器310,可以设置视频采集卡3101进行图像数据接收,并将接收到的图像数据通过视频解码器3102按照如上所述的解码方法进行解码,如图3所示。在本发明的实施例中,利用图像适配器和视频采集卡的单向传输性从而实现了单向视频传输线路,保证了系统的安全性。Wherein, the one-way video transmission line can be configured to transmit the video data line by setting an image adapter (such as a graphics card), and on the instruction receiving server side, such as the receiving server 310, a video capture card 3101 can be set to receive image data, and the The received image data is decoded by the video decoder 3102 according to the decoding method described above, as shown in FIG. 3 . In the embodiment of the present invention, the one-way transmission line of the image adapter and the video capture card is utilized to realize the one-way video transmission line, which ensures the security of the system.

如图4所示,可以设置相应子网数量的显卡,例如显卡41、42、43用于分别连接至多条视频数据线,然后将图像数据传送给多个子网;也可以如图5所示,仅设置一个显卡4,而使用分线器5将视频数据线分成多路视频数据线,然后将图像数据传送给多个子网。As shown in Figure 4, graphics cards with the corresponding number of subnets can be set, for example, graphics cards 41, 42, and 43 are used to connect to multiple video data lines respectively, and then transmit image data to multiple subnets; or as shown in Figure 5, Only one graphics card 4 is provided, and a splitter 5 is used to divide the video data line into multiple video data lines, and then transmit the image data to multiple subnets.

指令接收服务器310、320、330将控制指令发送至所要控制的客户端后,所要控制的客户端对所述控制指令进行响应。After the instruction receiving servers 310, 320, and 330 send the control instruction to the client to be controlled, the client to be controlled responds to the control instruction.

如图6所示,为每秒传输的每帧图像数据格式。其中,根据子网的数量,每帧图像数据包括与相应子网数量对应的图像区域。例如,如图所示为子网数量为3个的情况,其中设置3个部分图像数据区域组合成一个图像数据帧用于存储每秒的控制指令。例如,当在t1时刻时,控制指令为对第2个子网32内的客户端323进行控制操作,例如,控制指令为打开客户端323的某个文件,则该t1时刻对应的控制指令的帧图像数据即为位于子网32数据区的图像区域的图像数据,其余的部分可以为空白的图像数据。其中,t1时刻的控制指令也可以包括对两个或两个以上子网客户端的控制,在这种情况下,t1时刻帧图像数据包括两个或两个以上子网区域的图像数据。As shown in Figure 6, it is the data format of each frame of image transmitted per second. Wherein, according to the number of subnets, each frame of image data includes an image area corresponding to the corresponding number of subnets. For example, as shown in the figure, the number of subnets is 3, in which 3 partial image data areas are set to combine into one image data frame for storing control instructions per second. For example, at time t1, the control command is to perform a control operation on the client 323 in the second subnet 32. For example, the control command is to open a certain file of the client 323, then the frame of the control command corresponding to the time t1 The image data is the image data located in the image area of the data area of the subnet 32, and the rest of the image data may be blank image data. Wherein, the control instruction at time t1 may also include control of two or more subnet clients. In this case, the frame image data at time t1 includes image data of two or more subnet regions.

并且,在控制指令编码成的图像数据中的每个子网图像数据区域还可以设置相应的子网ID以标识该子网数据区,例如ID1为子网31的数据区标识,如图7所示。In addition, each sub-network image data area in the image data encoded by the control instruction can also be set with a corresponding sub-network ID to identify the sub-network data area, for example, ID1 is the data area identifier of the sub-network 31, as shown in Figure 7 .

指令接收服务器可以预先设置为仅可读取帧图像中的相应区域。图像数据通过各自连接的视频数据线被发送给各子网后,各子网的指令接收服务器读取预先设定的属于自己的那部分区域的图像并解码后,根据控制指令中的客户端id将控制指令发送给相应子网内的具有该id的客户端计算机,客户端根据控制指令进行响应。The instruction receiving server may be pre-configured so that only the corresponding area in the frame image can be read. After the image data is sent to each subnet through the respective connected video data lines, the command receiving server of each subnet reads the pre-set image of its own part of the area and decodes it, according to the client id in the control command. The control instruction is sent to the client computer with the id in the corresponding subnet, and the client responds according to the control instruction.

在本发明的另一个实施例中,指令接收服务器也可以不预先设置仅可读取相应的区域,而在控制指令中同时设置子网ID和客户端id,并编码在图像数据中,如图8所示。指令接收服务器读取全部区域的图像数据后并解码后,根据其中的子网ID判断是否属于本子网内的控制指令;如果属于本子网内的控制指令,则根据控制指令中的客户端id将控制指令发送给相应的客户端,客户端根据控制指令进行响应。In another embodiment of the present invention, the instruction receiving server may not pre-set only the corresponding area, but set both the subnet ID and the client ID in the control instruction, and encode them in the image data, as shown in the figure 8 shown. After the command receiving server reads the image data of all areas and decodes it, it judges whether it belongs to the control command in this sub-network according to the sub-network ID; if it belongs to the control command in this sub-network, it will The control command is sent to the corresponding client, and the client responds according to the control command.

如上所述的实施例中,通过将控制指令编码成合适传输的图像数据,并通过单向视频传输线路将图像数据进行传输,并通过指令接收服务器进行接收和相应解码,根据获取的控制指令发送给相应的客户端,既能够实现对子网内客户端的控制操作,又能够达到子网间的物理隔离,提高了网络交互系统的安全性。In the above-mentioned embodiment, the control command is encoded into image data suitable for transmission, and the image data is transmitted through a one-way video transmission line, and is received and decoded by the command receiving server, and is sent according to the obtained control command. For the corresponding client, it can not only realize the control operation of the client in the subnet, but also achieve the physical isolation between the subnets, and improve the security of the network interaction system.

在根据本发明的一些实施中,可以想见,上述子网之间也可能不是完全隔离的,而前面围绕图1-6描述的本发明应用于这样的子网时,不会将这些子网暴露于额外的网络环境下,也即,不会破坏原有子网的已有网络安全性。与此相应,本发明提出一种跨网数据交互系统,所述跨网数据交互系统包括:In some implementations according to the present invention, it is conceivable that the above-mentioned subnets may not be completely isolated, and when the present invention described above with reference to FIGS. 1-6 is applied to such subnets, these subnets will not be exposed. In the additional network environment, that is, the existing network security of the original subnet will not be destroyed. Correspondingly, the present invention proposes a cross-network data interaction system, and the cross-network data interaction system includes:

控制指令输出单元、视频编码器、以及至少两个子网;每个所述子网中包括指令接收服务器以及至少一个客户端;a control instruction output unit, a video encoder, and at least two subnets; each of the subnets includes an instruction receiving server and at least one client;

所述控制指令输出单元用于输出控制指令;The control instruction output unit is used for outputting control instructions;

所述视频编码器用于将所述控制指令编码成图像数据;The video encoder is used for encoding the control instruction into image data;

所述图像数据通过单向视频传输线路传输至各子网的指令接收服务器;The image data is transmitted to the instruction receiving server of each subnet through the one-way video transmission line;

所述子网中的指令接收服务器用于接收所述图像数据并将所述图像数据解码成所述控制指令,并传输给控制指令相应的所述客户端。The instruction receiving server in the subnet is configured to receive the image data, decode the image data into the control instruction, and transmit it to the client corresponding to the control instruction.

其和前面的安全网络数据交互系统的区别在于,并不要求子网之间完全隔离,此外,前述围绕安全网络数据交互系统所做的描述也都适用于跨网数据交互系统。The difference between it and the previous secure network data interaction system is that it does not require complete isolation between subnets. In addition, the foregoing descriptions about the security network data interaction system are also applicable to the cross-network data interaction system.

与前面的描述相应的是,本发明还提出一种跨网数据交互设备,其包括:Corresponding to the foregoing description, the present invention also proposes a cross-network data interaction device, which includes:

控制指令输出单元、视频编码器、以及用于每个子网中的指令接收服务器;Control command output unit, video encoder, and command receiving server for each subnet;

所述控制指令输出单元用于输出控制指令;The control instruction output unit is used for outputting control instructions;

所述视频编码器用于将所述控制指令编码成图像数据;The video encoder is used for encoding the control instruction into image data;

所述图像数据通过单向视频传输线路传输至各子网的指令接收服务器;The image data is transmitted to the instruction receiving server of each subnet through the one-way video transmission line;

所述子网中的指令接收服务器用于接收所述图像数据并将所述图像数据解码成所述控制指令,并传输给控制指令相应的所述客户端。The instruction receiving server in the subnet is configured to receive the image data, decode the image data into the control instruction, and transmit it to the client corresponding to the control instruction.

前述围绕图1-6描述的与上述控制指令输出单元、视频编码器、指令接收服务器有关的内容也适用于此,此设备可以应用于前述安全网络数据交互系统,其中的各个部件及连接方式一如前面在描述安全网络数据交互系统时所涉及的,此处不再赘述。The above-mentioned content related to the above-mentioned control command output unit, video encoder, and command receiving server described around Fig. 1-6 is also applicable to this. This device can be applied to the above-mentioned secure network data interaction system. As mentioned above in the description of the secure network data interaction system, details are not repeated here.

在本发明的一些实施例中,前述的控制指令输出单元1可以是一种触控屏幕,例如红外光幕式触控屏幕、红外矢量压力传感式、电容式、电阻式、红外边框式、近场成像式、电磁感应式、表面声波式触控屏等。In some embodiments of the present invention, the aforementioned control command output unit 1 may be a touch screen, such as an infrared light curtain type touch screen, an infrared vector pressure sensing type, a capacitive type, a resistive type, an infrared frame type, Near field imaging type, electromagnetic induction type, surface acoustic wave type touch screen, etc.

在本发明的一些实施例中,控制指令可以通过触控动作、或者在屏幕上书写“M”、“O”等动作、或者体感动作等进行输入。In some embodiments of the present invention, the control instruction may be input through a touch action, an action such as writing "M" and "O" on the screen, or a somatosensory action.

在本发明的一些实施例中,控制指令可以包括:打开一个文件、关闭一个文件等;所述响应例如可以包括:将要打开的文件输出到显示单元,或者关闭所述文件等。In some embodiments of the present invention, the control instruction may include: opening a file, closing a file, etc.; the response may include, for example, outputting the file to be opened to the display unit, or closing the file, and the like.

在本发明的一些实施例中,所述系统中的控制指令输出单元1可以由多个子屏幕组成的大型触控屏幕,用户可以对多个子屏幕输入控制指令以控制不同的客户端。In some embodiments of the present invention, the control instruction output unit 1 in the system may be a large touch screen composed of multiple sub-screens, and the user may input control instructions to the multiple sub-screens to control different clients.

另外,指令接收服务器与客户端计算机通过网络进行连接,例如通过路由器和/或交换机、网关等将控制指令发送至所要控制的计算机。In addition, the instruction receiving server is connected with the client computer through a network, for example, the control instruction is sent to the computer to be controlled through a router and/or a switch, a gateway, and the like.

另外,本发明实施例提供的图像数据的传输可采用软件和/或硬件的方式实现。其中,客户端可以为但不限于为平板电脑或智能手机、台式电脑等。In addition, the transmission of the image data provided by the embodiments of the present invention may be implemented by means of software and/or hardware. Wherein, the client may be, but not limited to, a tablet computer, a smart phone, a desktop computer, or the like.

上述各实施例所述的信息传输装置同样用于执行上述各实施例所述的信息传输方法,其技术原理和产生的技术效果类似,这里不再累述。The information transmission apparatuses described in the foregoing embodiments are also used to execute the information transmission methods described in the foregoing embodiments, and the technical principles and the resulting technical effects are similar, which will not be repeated here.

注意,上述仅为本发明的较佳实施例及所运用技术原理。本领域技术人员会理解,本发明不限于这里所述的特定实施例,对本领域技术人员来说能够进行各种明显的变化、重新调整和替代而不会脱离本发明的保护范围。因此,虽然通过以上实施例对本发明进行了较为详细的说明,但是本发明不仅仅限于以上实施例,在不脱离本发明构思的情况下,还可以包括更多其他等效实施例,而本发明的范围由所附的权利要求范围决定。Note that the above are only preferred embodiments of the present invention and applied technical principles. Those skilled in the art will understand that the present invention is not limited to the specific embodiments described herein, and various obvious changes, readjustments and substitutions can be made by those skilled in the art without departing from the protection scope of the present invention. Therefore, although the present invention has been described in detail through the above embodiments, the present invention is not limited to the above embodiments, and can also include more other equivalent embodiments without departing from the concept of the present invention. The scope is determined by the scope of the appended claims.

Claims (11)

1. A secure network data interaction system, comprising:
the video encoder comprises a control instruction output unit, a video encoder and at least two subnets which are mutually isolated from each other in data; each subnet comprises an instruction receiving server and at least one client;
the control instruction output unit is used for outputting a control instruction;
the video encoder is used for encoding the control instruction into image data;
the image data is transmitted to the instruction receiving server of each subnet through a unidirectional video transmission line;
and the instruction receiving server in the subnet is used for receiving the image data, decoding the image data into the control instruction and transmitting the control instruction to the client corresponding to the control instruction.
2. The system of claim 1, wherein:
the unidirectional video transmission line comprises a display card and a deconcentrator;
the video encoder, the display card and the deconcentrator are sequentially connected through a video data line;
the splitter is configured to split the video data line into at least two.
3. The system of claim 1, wherein:
the unidirectional video transmission line comprises at least two display cards;
the video encoder and the display card are connected through a video data line.
4. The system of claim 1, wherein:
the instruction receiving server further comprises a video capture card and a video decoder;
the video capture card is used for receiving the image data and transmitting the image data to the video decoder.
5. The system of claim 1, wherein:
the instruction receiving server in each sub-network is used for decoding only the image data of the corresponding area part which is pre-allocated to the instruction receiving server in the sub-network in the image data.
6. The system of claim 1, wherein:
the control instruction comprises an identification of the client;
and the instruction receiving server in each subnet is used for decoding all data of the image data and sending the control instruction to the corresponding client according to the identification of the client in the control instruction.
7. The system of claim 1, wherein:
the control instruction comprises a subnet identifier and a client identifier; the instruction receiving server in the subnet is used for receiving the image data, decoding the image data into the control instruction, and judging whether the image data belongs to the control instruction in the subnet according to the subnet identification in the control instruction; and if the control command belongs to the control command in the subnet, the control command is sent to the corresponding client according to the client identifier in the control command.
8. The system according to any one of claims 1-7, wherein:
the control instruction output unit is a touch screen; and the client is used for responding according to the control instruction.
9. A cross-network data interaction system, comprising:
a control instruction output unit, a video encoder, and at least two subnets; each subnet comprises an instruction receiving server and at least one client;
the control instruction output unit is used for outputting a control instruction;
the video encoder is used for encoding the control instruction into image data;
the image data is transmitted to the instruction receiving server of each subnet through a unidirectional video transmission line;
and the instruction receiving server in the subnet is used for receiving the image data, decoding the image data into the control instruction and transmitting the control instruction to the client corresponding to the control instruction.
10. An inter-network data interaction device, comprising:
a control instruction output unit, a video encoder, and an instruction receiving server for use in each subnet;
the control instruction output unit is used for outputting a control instruction;
the video encoder is used for encoding the control instruction into image data;
the image data is transmitted to the instruction receiving server of each subnet through a unidirectional video transmission line;
and the instruction receiving server in the subnet is used for receiving the image data, decoding the image data into the control instruction and transmitting the control instruction to the client corresponding to the control instruction.
11. A method of secure network data interaction, the network comprising at least two sub-networks that are data isolated from each other, the sub-networks comprising at least one client, the method comprising:
outputting a control instruction to the client;
encoding the control instruction into image data;
transmitting the image data to the subnet through a unidirectional video transmission line;
and decoding the image data into the control instruction, and transmitting the control instruction to the client corresponding to the control instruction.
CN201810911054.1A 2018-08-10 2018-08-10 A secure network data interaction system and method Active CN110830760B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201810911054.1A CN110830760B (en) 2018-08-10 2018-08-10 A secure network data interaction system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201810911054.1A CN110830760B (en) 2018-08-10 2018-08-10 A secure network data interaction system and method

Publications (2)

Publication Number Publication Date
CN110830760A true CN110830760A (en) 2020-02-21
CN110830760B CN110830760B (en) 2021-07-02

Family

ID=69541351

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201810911054.1A Active CN110830760B (en) 2018-08-10 2018-08-10 A secure network data interaction system and method

Country Status (1)

Country Link
CN (1) CN110830760B (en)

Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020196159A1 (en) * 2001-05-23 2002-12-26 Laurent Lesenne Devices and processes for the transmission and implementation of control instructions for access to functionalities of receivers
CN1665235A (en) * 2004-03-02 2005-09-07 华为技术有限公司 A method for traversing subnet and subnet traversing system
US20080013538A1 (en) * 2006-07-11 2008-01-17 Joo Chul Lee Method of transmitting neighbor discovery protocol message in IEEE 802.16/Wibro network
CN101800757A (en) * 2010-02-03 2010-08-11 国家保密科学技术研究所 No-feedback one-way data transmission method based on single fiber structure
CN201928308U (en) * 2010-12-31 2011-08-10 凌涛 Hotel individualized network service system
CN102263998A (en) * 2011-07-11 2011-11-30 深圳市同洲电子股份有限公司 Receiving method and device for digital television
CN202197279U (en) * 2011-08-22 2012-04-18 珠海网博信息科技有限公司 Data one-way transmission security system
CN104125227A (en) * 2014-07-30 2014-10-29 刘鹏 Physical isolation cross-network unidirectional optical transmission device and transmission method
CN105227423A (en) * 2015-10-09 2016-01-06 天维尔信息科技股份有限公司 Contactless inter-network data interaction system, bilateral network transmission system and data interactive method
CN105357025A (en) * 2015-09-24 2016-02-24 陈鸣 Method for designing multidimensional double space network
CN106612362A (en) * 2015-10-21 2017-05-03 中兴通讯股份有限公司 Terminal, and method and device for data transmission
CN106685992A (en) * 2017-02-14 2017-05-17 厦门畅享信息技术有限公司 Over-network safe exchange and interactive application system based on unidirectional transmission technology, and method thereof
CN107517330A (en) * 2017-09-26 2017-12-26 南京哈卢信息科技有限公司 A kind of method and system of desktop portable type one-way safety transmission
US20180054734A1 (en) * 2016-08-16 2018-02-22 Lg Electronics Inc. Method and apparatus for authenticating device in wireless communication system
CN108134916A (en) * 2016-12-01 2018-06-08 北京视联动力国际信息技术有限公司 A kind of data processing method of 4K terminals and 4K terminals

Patent Citations (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20020196159A1 (en) * 2001-05-23 2002-12-26 Laurent Lesenne Devices and processes for the transmission and implementation of control instructions for access to functionalities of receivers
CN1665235A (en) * 2004-03-02 2005-09-07 华为技术有限公司 A method for traversing subnet and subnet traversing system
US20080013538A1 (en) * 2006-07-11 2008-01-17 Joo Chul Lee Method of transmitting neighbor discovery protocol message in IEEE 802.16/Wibro network
CN101800757A (en) * 2010-02-03 2010-08-11 国家保密科学技术研究所 No-feedback one-way data transmission method based on single fiber structure
CN201928308U (en) * 2010-12-31 2011-08-10 凌涛 Hotel individualized network service system
CN102263998A (en) * 2011-07-11 2011-11-30 深圳市同洲电子股份有限公司 Receiving method and device for digital television
CN202197279U (en) * 2011-08-22 2012-04-18 珠海网博信息科技有限公司 Data one-way transmission security system
CN104125227A (en) * 2014-07-30 2014-10-29 刘鹏 Physical isolation cross-network unidirectional optical transmission device and transmission method
CN105357025A (en) * 2015-09-24 2016-02-24 陈鸣 Method for designing multidimensional double space network
CN105227423A (en) * 2015-10-09 2016-01-06 天维尔信息科技股份有限公司 Contactless inter-network data interaction system, bilateral network transmission system and data interactive method
CN106612362A (en) * 2015-10-21 2017-05-03 中兴通讯股份有限公司 Terminal, and method and device for data transmission
US20180054734A1 (en) * 2016-08-16 2018-02-22 Lg Electronics Inc. Method and apparatus for authenticating device in wireless communication system
CN108134916A (en) * 2016-12-01 2018-06-08 北京视联动力国际信息技术有限公司 A kind of data processing method of 4K terminals and 4K terminals
CN106685992A (en) * 2017-02-14 2017-05-17 厦门畅享信息技术有限公司 Over-network safe exchange and interactive application system based on unidirectional transmission technology, and method thereof
CN107517330A (en) * 2017-09-26 2017-12-26 南京哈卢信息科技有限公司 A kind of method and system of desktop portable type one-way safety transmission

Also Published As

Publication number Publication date
CN110830760B (en) 2021-07-02

Similar Documents

Publication Publication Date Title
WO2022252488A1 (en) Image compression method and apparatus, electronic device, and readable storage medium
CN106034241A (en) Multimedia redirection method, device and system
US20210173802A1 (en) Method for transmitting control instruction, transmitting device, and receiving device
CN107592551A (en) Method and apparatus for cloud stream service
CN108694339B (en) Signal switching device and signal switching method
US11968379B2 (en) Video decoding method and apparatus, video encoding method and apparatus, storage medium, and electronic device
TWI610553B (en) Apparatus for transmitting image data
CN103503381B (en) The method of data transmission of device redirection, Apparatus and system
US20160373685A1 (en) Video Controller, Playback Controller and Display System
CN208094590U (en) Physical Disconnection System inside and outside dual host system
CN110830423A (en) Secure network data interaction system and method
CN103957445A (en) Video redirecting system and method based on application virtualization technology
CN110830760B (en) A secure network data interaction system and method
WO2018192231A1 (en) Image processing method, device, and terminal device
CN110830744B (en) A secure interactive system
CN110365858B (en) Information transmission method, device, equipment, system and storage medium
CN112839227A (en) An image coding method, apparatus, device and medium
CN110515575B (en) Apparatus and method for interacting with computers within a subnet
US11792432B2 (en) Techniques for signaling and identifying access unit boundaries
US10025550B2 (en) Fast keyboard for screen mirroring
CN116781977A (en) Web-based video playback methods, devices, equipment, storage media and products
CN111757120A (en) Data decoding method, electronic equipment and machine-readable storage medium
US12073808B2 (en) AV over IP terminal with bidirectional video streaming
US11689598B1 (en) Synchronized out-of-order live video encoding for reduced latency
CN111200580B (en) A kind of player and playing method

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
CP03 Change of name, title or address

Address after: Room 201, floor 2, building 1, No. 28, Shangdi Chuangye Middle Road, Haidian District, Beijing 100085

Patentee after: BEIJING ZEN-AI TECHNOLOGY Co.,Ltd.

Country or region after: China

Address before: 100085 room 02-a177, 2 / F, block B, 22 Xinhe Road, Haidian District, Beijing

Patentee before: BEIJING ZEN-AI TECHNOLOGY Co.,Ltd.

Country or region before: China

CP03 Change of name, title or address