[go: up one dir, main page]

TWI771523B - System and method for unidirectional transfer of file - Google Patents

System and method for unidirectional transfer of file Download PDF

Info

Publication number
TWI771523B
TWI771523B TW107140467A TW107140467A TWI771523B TW I771523 B TWI771523 B TW I771523B TW 107140467 A TW107140467 A TW 107140467A TW 107140467 A TW107140467 A TW 107140467A TW I771523 B TWI771523 B TW I771523B
Authority
TW
Taiwan
Prior art keywords
file
files
data diode
receiver
data
Prior art date
Application number
TW107140467A
Other languages
Chinese (zh)
Other versions
TW201931833A (en
Inventor
慶祥 賴
永聰 伍
康偉 彭
建良 林
Original Assignee
新加坡商新科工程
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 新加坡商新科工程 filed Critical 新加坡商新科工程
Publication of TW201931833A publication Critical patent/TW201931833A/en
Application granted granted Critical
Publication of TWI771523B publication Critical patent/TWI771523B/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0209Architectural arrangements, e.g. perimeter networks or demilitarized zones

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Transfer Between Computers (AREA)
  • Computer And Data Communications (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

A system for unidirectional transfer of files between a sender network and a receiver network is provided. The system includes a data diode configured to provide a one-way link between the sender network and the receiver network. The data diode includes a data diode sender and a data diode receiver wherein the data diode receiver is communicably coupled to the data diode sender for unidirectional transfer of files from the data diode sender to the data diode receiver. Each file is identified using a file identifier. The data diode sender is configured to send a file list to the data diode receiver. The file list includes file identifiers of all the files to be sent through the data diode. The data diode receiver is configured to detect a loss of one or more files based on comparing the file identifiers of received files with the file identifiers present in the file list.

Description

單向性轉移檔案的系統及方法 System and method for one-way file transfer

本揭露是有關於一種單向檔案轉移系統。更具體而言,本揭露是有關於在單向檔案轉移系統中偵測檔案遺失。 This disclosure is about a one-way file transfer system. More specifically, the present disclosure relates to detecting file loss in a one-way file transfer system.

單向檔案轉移系統常用於減輕連接兩個不同網路的安全風險。在一種實施方式中,使用資料二極體在實體層上實施單向轉移。允許僅在一個方向上轉移檔案會藉由使網路自潛在的安全漏洞(例如,流出網路的不期望的及未經授權的資料)隔離而向網路提供網路安全,同時仍使得網路能夠以受控方式轉移檔案。通常,待被轉移的檔案自發送器網路中的資料二極體發送器被發送至接收器網路中的資料二極體接收器。在轉移檔案期間可發生檔案遺失情景。舉例而言,當資料二極體接收器無法跟上來自資料二極體發送器的檔案時,可發生檔案遺失。 One-way file transfer systems are often used to mitigate the security risks of connecting two different networks. In one embodiment, unidirectional transfers are implemented on the physical layer using data diodes. Allowing files to be transferred in only one direction provides network security to the network by isolating the network from potential security breaches (eg, unwanted and unauthorized data flowing out of the network), while still allowing the network Road enables the transfer of files in a controlled manner. Typically, the file to be transferred is sent from a data diode transmitter in the transmitter network to a data diode receiver in the receiver network. File loss scenarios can occur during file transfer. For example, file loss can occur when a data diode receiver cannot keep up with files from a data diode transmitter.

由於在單向檔案轉移系統中不存在回饋回路,因此資料二極體發送器不知曉檔案遺失。因此,單向檔案轉移系統的使用者將不知曉檔案遺失(若存在),除非已實體證實所有的檔案已在 資料二極體接收器處被成功接收。解決檔案遺失問題的大部分已知解決方案包括回饋機制以通知資料二極體發送器或發送器網路中的某一其他組件檔案遺失。此外,例如發起對所遺失檔案的重新傳送等矯正動作亦使用回饋機制。在美國專利9,264,470中揭露了利用回饋機制的檔案遺失偵測及修覆的實例。 Since there is no feedback loop in a one-way file transfer system, the data diode transmitter is unaware of file loss. Therefore, users of a one-way file transfer system will not be aware of file loss (if any) unless it has been physically verified that all files are in the Data is successfully received at the diode receiver. Most of the known solutions to the problem of file loss include a feedback mechanism to notify the data diode transmitter or some other component in the transmitter network that the file is lost. In addition, corrective actions such as initiating retransmission of lost files also use a feedback mechanism. An example of file loss detection and repair using a feedback mechanism is disclosed in US Pat. No. 9,264,470.

因此,需要一種經設計以快速且簡單的方式偵測檔案遺失的單向檔案轉移系統。 Therefore, there is a need for a one-way file transfer system designed to detect file loss in a fast and simple manner.

在本發明的態樣中,提供了一種在發送器網路與接收器網路之間單向性轉移檔案的系統。所述系統包括資料二極體,所述資料二極體被配置成在發送器網路與接收器網路之間提供單向鏈路。 In an aspect of the present invention, a system for unidirectionally transferring files between a sender network and a receiver network is provided. The system includes data diodes configured to provide a unidirectional link between a network of transmitters and a network of receivers.

所述資料二極體包括資料二極體發送器以及資料二極體接收器。所述資料二極體接收器可通訊地耦合至所述資料二極體發送器用於將檔案自所述資料二極體發送器單向性轉移至所述資料二極體接收器。每一檔案利用例如檔案名稱或檔案編號等檔案辨識符進行辨識。 The data diode includes a data diode transmitter and a data diode receiver. The data diode receiver is communicatively coupled to the data diode transmitter for unidirectional transfer of files from the data diode transmitter to the data diode receiver. Each file is identified by a file identifier such as a file name or a file number.

所述資料二極體發送器更被配置成向所述資料二極體接收器發送檔案清單。所述檔案清單包括將經由所述資料二極體發送的所有檔案的檔案辨識符。所述資料二極體接收器被配置成基於將所接收檔案的所述檔案辨識符與存在於所述檔案清單中的所 述檔案辨識符進行比較而偵測一或多個檔案的遺失。 The data diode transmitter is further configured to transmit a file list to the data diode receiver. The file list includes file identifiers for all files to be sent via the data diode. The data diode receiver is configured based on comparing the file identifier of the received file with all the files present in the file list. The file identifiers are compared to detect the loss of one or more files.

在本發明的態樣中,所述資料二極體發送器被配置成重覆地向所述資料二極體接收器發送所述檔案清單。舉例而言,所述資料二極體發送器可發送所述檔案清單預定次數。作為另一選擇,所述資料二極體發送器可向所述資料二極體接收器周期性地發送所述檔案清單。 In aspects of the invention, the data diode transmitter is configured to repeatedly transmit the profile list to the data diode receiver. For example, the data diode transmitter may send the file list a predetermined number of times. Alternatively, the data diode transmitter may periodically send the file list to the data diode receiver.

在本發明的態樣中,在偵測到所述一或多個檔案的遺失時,所述資料二極體接收器被配置成產生含有所遺失的所述一或多個檔案的所述檔案辨識符的日誌(log)。 In aspects of the present invention, upon detecting the loss of the one or more files, the data diode receiver is configured to generate the file containing the missing one or more files The log of identifiers (log).

在本發明的另一態樣中,在偵測到所述一或多個檔案的遺失時,所述資料二極體接收器被配置成產生指示所述一或多個檔案的所述遺失的警報消息。所述警報消息包括在將檔案自所述資料二極體發送器轉移至所述資料二極體接收器期間遺失的所述一或多個檔案的所述檔案辨識符。所述警報消息利用簡單郵件轉移協定(Simple Mail Transfer Protocol,SMTP)或系統日誌(Syslog)被傳遞至可通訊地耦合至所述資料二極體的使用者裝置或監測單元。 In another aspect of the invention, upon detecting the loss of the one or more files, the data diode receiver is configured to generate a message indicating the loss of the one or more files Alert message. The alert message includes the file identifier for the one or more files lost during transfer of files from the data diode transmitter to the data diode receiver. The alert message is delivered to a user device or monitoring unit communicatively coupled to the data diode using Simple Mail Transfer Protocol (SMTP) or Syslog.

在本發明的另一態樣中,所述警報消息是用於觸發對在將檔案自所述資料二極體發送器轉移至所述資料二極體接收器期間遺失的所述一或多個檔案的重新傳送。對所述一或多個檔案的所述重新傳送是利用所述一或多個檔案的所述檔案辨識符觸發。 In another aspect of the present invention, the alert message is used to trigger response to the one or more files lost during transfer of files from the data diode transmitter to the data diode receiver Retransmission of files. The retransmission of the one or more files is triggered using the file identifier of the one or more files.

結合以下說明及附圖,本發明的其他特征及態樣將顯而 易見。 Other features and aspects of the present invention will become apparent in conjunction with the following description and accompanying drawings easy to see.

100:單向檔案轉移系統 100: One-way file transfer system

102:資料二極體 102: Data Diode

104:發送器網路 104: Transmitter Network

106:接收器網路 106: Receiver Network

108:網路流量源 108: Network Traffic Sources

110:網路流量目的地 110: Network traffic destination

202:資料二極體發送器 202: Data Diode Transmitter

204:資料二極體接收器 204: Data Diode Receiver

302:檔案清單 302: File List

400:方法 400: Method

402、404、406:步驟 402, 404, 406: Steps

圖1是根據本發明的實施例,一種用於將資料自發送器網路單向性轉移至接收器網路的單向檔案轉移系統的示意圖。 1 is a schematic diagram of a one-way file transfer system for one-way transfer of data from a sender network to a receiver network, according to an embodiment of the present invention.

圖2是根據本發明的實施例,單向檔案轉移系統的組件的示意性表示。 Figure 2 is a schematic representation of the components of a one-way archive transfer system according to an embodiment of the present invention.

圖3是根據本發明的實施例,自資料二極體發送器發送的檔案清單的實例。 3 is an example of a file list sent from a data diode transmitter according to an embodiment of the present invention.

圖4是根據本發明的實施例,一種用於將檔案自發送器網路單向性轉移至接收器網路的方法的示意性流程圖。 4 is a schematic flow diagram of a method for unidirectional transfer of files from a sender network to a receiver network, according to an embodiment of the present invention.

在可能情況下,將在圖示通篇中使用相同的參考編號來指代相同或相似的部件。此外,當可能存在多於一個同一類型的元件時,本文中所述的對各種元件的提及是集體性地或個別性地作出。然而,此種提及在本質上僅為例示性的。可注意,除非在隨附申請專利範圍中明確陳述,否則對單數形式的元件的任意提及亦可被解釋為與複數相關,反之亦可,而未將本發明的範圍限制為確切數目或類型的此類元件。 Wherever possible, the same reference numbers will be used throughout the figures to refer to the same or like parts. Furthermore, references described herein to various elements are made collectively or individually when there may be more than one element of the same type. However, such references are merely exemplary in nature. It is noted that, unless expressly stated in the appended claims, any reference to an element in the singular may also be construed as referring to the plural and vice versa, without limiting the scope of the invention to the exact number or type of such elements.

圖1根據本發明的一個實施例,示意性地示出包括資料二極體102的單向檔案轉移系統100的實例。舉例而言,其在發 送器網路104與接收器網路106之間提供通訊,但亦設想額外的網路。發送器網路104可包括一或多個網路流量源108。接收器網路106可包括一或多個網路流量目的地110。資料二極體102被配置成使得能夠在發送器網路104與接收器網路106之間以單向性方式轉移檔案。具體而言,資料二極體102被配置成使得能夠將檔案自發送器網路104轉移至接收器網路106,並阻止將檔案自接收器網路106轉移至發送器網路104。因此,資料二極體102充當允許檔案的單向性轉移而不對經過其的資料進行修改的透明路由器。僅管資料二極體102在圖1中被示出為位於發送器網路104及接收器網路106外部,但資料二極體102的一或多個組件可設置於發送器網路104及/或接收器網路106中。 FIG. 1 schematically illustrates an example of a one-way file transfer system 100 including a data diode 102, according to one embodiment of the present invention. For example, it is Communication is provided between transmitter network 104 and receiver network 106, although additional networks are also contemplated. The sender network 104 may include one or more network traffic sources 108 . The receiver network 106 may include one or more web traffic destinations 110 . Data diode 102 is configured to enable transfer of files between sender network 104 and receiver network 106 in a unidirectional manner. Specifically, data diode 102 is configured to enable transfer of files from sender network 104 to receiver network 106 and to prevent transfer of files from receiver network 106 to sender network 104 . Thus, data diode 102 acts as a transparent router that allows one-way transfer of files without modification of the data passing through it. Although the data diode 102 is shown in FIG. 1 as being external to the transmitter network 104 and the receiver network 106, one or more components of the data diode 102 may be provided on the transmitter network 104 and the receiver network 106. and/or in the receiver network 106 .

在一個實施例中,檔案可包含各種類型的內容,例如文件、影像、網頁、圖形、視訊、聲音、程式及/或其他格式。僅管已使用檔案解釋了本發明,但本發明同樣適用於此項技術中已知的其他類型的數位資訊或數位資料。 In one embodiment, files may contain various types of content, such as documents, images, web pages, graphics, video, audio, programs, and/or other formats. Although the invention has been explained using files, the invention is equally applicable to other types of digital information or digital data known in the art.

圖2示意性地示出根據本發明的一個實施例的單向檔案轉移系統100的示例性組件。資料二極體102包括資料二極體發送器202以及資料二極體接收器204。資料二極體發送器202藉由單向光學資料鏈路連接至資料二極體接收器204。此種配置在將資料二極體發送器202連接至資料二極體接收器204的光纖的兩端處實體實施單向資料轉移,藉此生成自發送器網路104至接收器網路106的真正單向性的單向資料鏈路。 Figure 2 schematically illustrates exemplary components of a one-way archive transfer system 100 according to one embodiment of the present invention. The data diode 102 includes a data diode transmitter 202 and a data diode receiver 204 . The data diode transmitter 202 is connected to the data diode receiver 204 by a unidirectional optical data link. This configuration physically implements a unidirectional data transfer at both ends of the optical fiber connecting the data diode transmitter 202 to the data diode receiver 204 , thereby generating a data transfer from the transmitter network 104 to the receiver network 106 A true one-way data link.

資料二極體發送器202被配置成將多個檔案發送至資料二極體接收器204。在某些情景中,在自資料二極體發送器202轉移至資料二極體接收器204期間,可存在一些檔案的遺失。舉例而言,資料二極體接收器204可能無法跟上來自資料二極體發送器202的檔案流入。為解決此種情景,資料二極體發送器202被配置成發送檔案清單,所述檔案清單包括關於將經由資料二極體102發送的所有檔案的資訊。所述檔案清單可包括一或多個檔案辨識符,例如檔案名稱、檔案ID、時間戳等。圖3示出包括將經由資料二極體102傳送的50個檔案的資訊的檔案清單302的實例。檔案清單302包括檔案名稱及檔案編號作為檔案辨識符。 Data diode transmitter 202 is configured to transmit a plurality of files to data diode receiver 204 . In some scenarios, there may be some loss of files during the transfer from the data diode transmitter 202 to the data diode receiver 204 . For example, the data diode receiver 204 may not be able to keep up with the inflow of files from the data diode transmitter 202 . To address this scenario, the data diode sender 202 is configured to send a file list that includes information about all files to be sent via the data diode 102 . The file list may include one or more file identifiers, such as file name, file ID, timestamp, and the like. FIG. 3 shows an example of a file list 302 that includes information for 50 files to be transmitted via the data diode 102 . The file list 302 includes file names and file numbers as file identifiers.

在一個實施例中,資料二極體發送器202被配置成在自資料二極體發送器202發送每一檔案時編纂檔案的檔案清單。對檔案清單的編纂含有自資料二極體發送器202發送的所有檔案的歷史或在一段時間期間發送的檔案的編纂。 In one embodiment, the data diode sender 202 is configured to compile a file list of files as each file is sent from the data diode sender 202 . The compilation of the dossier list contains a history of all dossiers sent from the data diode transmitter 202 or a compilation of dossiers sent over a period of time.

在一些情形中,檔案清單可在資料二極體發送器202與資料二極體接收器204之間的轉接中遺失。為解決此種擔憂,資料二極體發送器202可被配置成向資料二極體接收器204重覆地發送檔案清單。在一個實施例中,資料二極體發送器202被配置成發送檔案清單預定次數。在另一實施例中,資料二極體發送器202被配置成向資料二極體接收器204周期性地發送檔案清單。 In some cases, the file list may be lost in the transition between the data diode transmitter 202 and the data diode receiver 204 . To address this concern, the data diode transmitter 202 may be configured to repeatedly transmit the dossier list to the data diode receiver 204 . In one embodiment, the data diode transmitter 202 is configured to transmit the file list a predetermined number of times. In another embodiment, the data diode transmitter 202 is configured to periodically transmit the profile list to the data diode receiver 204 .

資料二極體接收器204被配置成接收由資料二極體發送器202發送的檔案。資料二極體接收器204可被配置成提取所接 收的檔案的檔案辨識符。資料二極體接收器204亦被配置成接收包括將經由資料二極體102轉移的所有檔案的檔案辨識符的檔案清單。在完成檔案轉移之後,資料二極體接收器204被配置成偵測是否存在一或多個檔案的遺失。具體而言,資料二極體接收器204被配置成使用所接收的檔案清單來將所接收的檔案的檔案辨識符與存在於檔案清單中的檔案辨識符進行比較。 Data diode receiver 204 is configured to receive files sent by data diode transmitter 202 . The data diode receiver 204 may be configured to extract the received The file identifier of the received file. Data diode receiver 204 is also configured to receive a file list including file identifiers for all files to be transferred via data diode 102 . After the file transfer is completed, the data diode receiver 204 is configured to detect whether there is a loss of one or more files. Specifically, the data diode receiver 204 is configured to use the received file list to compare the file identifier of the received file with the file identifiers present in the file list.

若一些檔案在資料二極體發送器202與資料二極體接收器204之間轉移期間遺失,則資料二極體接收器204將能夠基於對檔案辨識符的比較而辨識所遺失的檔案。換言之,所遺失的檔案可被辨識為檔案辨識符存在於檔案清單中但未在資料二極體接收器204處被接收的檔案。 If some files are lost during transfer between the data diode transmitter 202 and the data diode receiver 204, the data diode receiver 204 will be able to identify the lost files based on a comparison of the file identifiers. In other words, the missing files can be identified as files whose file identifiers are present in the file list but not received at the data diode receiver 204 .

在一個實施例中,資料二極體接收器204被配置成產生含有關於一或多個檔案的遺失的資訊的日誌。所述日誌可包括在資料二極體接收器204處未被接收到但被列於檔案清單中的檔案的檔案辨識符。視情況,所述日誌可包括時間及日期資訊以及與所遺失的檔案相關的資訊。 In one embodiment, the data diode receiver 204 is configured to generate a log containing missing information about one or more files. The log may include file identifiers for files not received at the data diode receiver 204 but listed in the file list. Optionally, the log may include time and date information and information related to missing files.

在各種實施例中,資料二極體接收器204被配置成產生指示一或多個檔案的遺失的警報消息。警報消息可為電子郵件、文字消息或此項技術中已知的任意其他警報消息。警報消息可包括在將檔案自資料二極體發送器202轉移至資料二極體接收器204期間遺失的一或多個檔案的檔案辨識符。警報消息可被傳遞至可通訊地耦合至資料二極體102的使用者裝置或遠端監測單元。 警報消息可利用簡單郵件轉移協定(SMTP)或系統日誌或此項技術中已知的其他報警協定進行傳遞。 In various embodiments, the data diode receiver 204 is configured to generate an alert message indicating the loss of one or more files. The alert message may be an email, text message, or any other alert message known in the art. The alert message may include file identifiers for one or more files that were lost during the transfer of files from the data diode transmitter 202 to the data diode receiver 204 . The alarm message may be communicated to a user device or a remote monitoring unit communicatively coupled to the data diode 102 . Alert messages may be delivered using Simple Mail Transfer Protocol (SMTP) or syslog or other alert protocols known in the art.

警報消息可用於觸發對在將檔案自資料二極體發送器202轉移至資料二極體接收器204期間遺失的一或多個檔案的重新傳送。對所遺失檔案的所述重新傳送可利用所遺失檔案的檔案辨識符觸發。 The alert message may be used to trigger the retransmission of one or more files that were lost during the transfer of files from the data diode transmitter 202 to the data diode receiver 204 . The retransmission of the lost file may be triggered using the file identifier of the lost file.

本文中所揭露的各種實施例將以說明性及解釋性意義進行理解,而決不應被解釋為限制本發明的範圍。另外,所有數字性用語(例如但不限於:「初級」、「次級」、「第一」、「第二」、「第三」或任意其他普通及/或數字性用語)亦應僅被理解為辨識符來輔助讀者理解本發明的各種元件、實施例、變化及/或修改,且可不生成任意限制,尤其是對任一元件、實施例、變化及/或修改相對於或相比另一元件、實施例、變化及/或修改的次序或偏好的限制。 The various embodiments disclosed herein are to be understood in an illustrative and explanatory sense and should in no way be construed as limiting the scope of the invention. In addition, all numerical terms (such as, but not limited to, "primary," "secondary," "first," "second," "third," or any other common and/or numerical terms) shall also be used only by are understood as identifiers to assist the reader in understanding various elements, embodiments, variations and/or modifications of the invention, and may not create any limitations, especially with respect to or in comparison to any one element, embodiment, variation and/or modification An element, embodiment, variation and/or modification order or preferred limitation.

應理解,針對一個實施例示出或闡述的個別特征可與針對另一實施例示出或闡述的個別特征相結合。上述實施方式不以任何方式限制本發明的範圍。因此應理解,僅管在功能性組件的上下文中示出或闡述了一些特征來說明本發明的用途,但在不背離由隨附申請專利範圍界定的本發明的精神的條件下,可自本發明的範圍省略此類特征。 It should be understood that individual features shown or described for one embodiment can be combined with individual features shown or described for another embodiment. The above-described embodiments do not limit the scope of the present invention in any way. It is therefore to be understood that although some features have been shown or described in the context of functional components to illustrate the use of the invention, the invention may be The scope of the invention omits such features.

工業適用性 Industrial Applicability

本發明的實施例針對在單向檔案轉移系統100中偵測檔 案遺失的使用及實施中具有適用性。本發明的資料二極體102設置有檔案清單,所述檔案清單可有利地用於在將檔案自資料二極體發送器202轉移至資料二極體接收器204期間偵測檔案的遺失。此外,相較於在單向檔案轉移系統中偵測檔案遺失的傳統解決方案,藉由利用本文中所揭露的實施例,將容易並快速地偵測檔案遺失並進一步辨識檔案進行重新傳送。 Embodiments of the present invention are directed to detecting files in the one-way file transfer system 100 Applicability in the use and implementation of case loss. The data diode 102 of the present invention is provided with a file list which can be advantageously used to detect the loss of files during the transfer of files from the data diode transmitter 202 to the data diode receiver 204 . Furthermore, by utilizing the embodiments disclosed herein, it will be easier and faster to detect file loss and further identify the file for retransmission, as compared to conventional solutions for detecting file loss in a one-way file transfer system.

圖4示出在將檔案自發送器網路104單向性轉移至接收器網路106期間偵測一或多個檔案的遺失的方法400。在步驟402處,由資料二極體接收器204接收檔案清單。所述檔案清單包括將經由資料二極體102發送的所有檔案的檔案辨識符。在步驟404處,由資料二極體接收器204接收資料二極體發送器202發送的檔案。資料二極體接收器204被配置成提取由資料二極體接收器204接收的所有檔案的檔案辨識符。 FIG. 4 illustrates a method 400 of detecting the loss of one or more files during unidirectional transfer of files from sender network 104 to receiver network 106 . At step 402, a file list is received by the data diode receiver 204. The file list includes file identifiers for all files to be sent via data diode 102 . At step 404 , the file sent by the data diode transmitter 202 is received by the data diode receiver 204 . Data diode receiver 204 is configured to extract file identifiers for all files received by data diode receiver 204 .

在步驟406處,資料二極體接收器204被配置成在將檔案自資料二極體發送器202轉移至資料二極體接收器204期間偵測一或多個檔案的遺失。所述偵測是基於比較所接收的檔案的檔案辨識符與存在於檔案清單中的檔案辨識符而執行。因此,使用本文中所揭露的單向檔案轉移系統100可節省人工偵測檔案遺失或利用此項技術中傳統已知的其他檔案遺失偵測技術通常會導致的時間、成本及精力。 At step 406 , the data diode receiver 204 is configured to detect the loss of one or more files during the transfer of files from the data diode transmitter 202 to the data diode receiver 204 . The detection is performed based on comparing the file identifier of the received file with the file identifier present in the file list. Therefore, using the one-way file transfer system 100 disclosed herein can save the time, cost, and effort that would normally be incurred in manually detecting file loss or utilizing other file loss detection techniques conventionally known in the art.

僅管已參照以上實施例特別示出並闡述了本發明的態樣,但熟習此項技術者將理解,在不背離所揭露的精神及範圍的 條件下,可藉由修改所揭露的機器、系統及方法而設想各種額外的實施例。此類實施例應被理解為落於基於申請專利範圍及其任意等效形式而確定的本發明的範圍內。 While aspects of the invention have been specifically shown and described with reference to the above embodiments, those skilled in the art will understand that Various additional embodiments can be envisaged by modifying the disclosed machines, systems, and methods, subject to circumstances. Such embodiments should be understood to fall within the scope of the invention as determined based on the claimed scope and any equivalents thereof.

100:單向檔案轉移系統 100: One-way file transfer system

102:資料二極體 102: Data Diode

104:發送器網路 104: Transmitter Network

106:接收器網路 106: Receiver Network

108:網路流量源 108: Network Traffic Sources

110:網路流量目的地 110: Network traffic destination

Claims (18)

一種用於將檔案自發送器網路單向性轉至接收器網路的單向性資料網路系統,所述系統包括:資料二極體,被配置成在所述發送器網路與所述接收器網路之間提供單向鏈路,以將檔案自所述發送器網路單向性轉至所述接收器網路的單向性資料網路系統,所述資料二極體包括:資料二極體發送器;以及資料二極體接收器,所述資料二極體接收器通訊地耦合至所述資料二極體發送器用於將檔案自所述資料二極體發送器單向性轉移至所述資料二極體接收器,其中每一檔案利用檔案辨識符進行辨識;其中所述資料二極體發送器被配置成向所述資料二極體接收器發送檔案清單,所述檔案清單包括將經由所述資料二極體發送的所有檔案的檔案辨識符,且所述資料二極體接收器被配置成基於將所接收檔案的所述檔案辨識符與存在於所述檔案清單中的所述檔案辨識符進行比較而偵測一或多個檔案的遺失,所述資料二極體發送器更被配置成向所述資料二極體接收器以預定次數發送所述檔案清單。 A unidirectional data network system for unidirectional transfer of files from a sender network to a receiver network, the system comprising: a data diode configured to communicate between the sender network and all A unidirectional data network system providing a unidirectional link between the receiver networks to unidirectionally transfer files from the sender network to the receiver network, the data diodes comprising : a data diode transmitter; and a data diode receiver communicatively coupled to the data diode transmitter for unidirectional transfer of files from the data diode transmitter to the data diode receiver, wherein each file is identified using a file identifier; wherein the data diode transmitter is configured to send a list of files to the data diode receiver, the The file list includes file identifiers for all files to be sent via the data diode, and the data diode receiver is configured to be based on comparing the file identifiers of the received files with those present in the file list The file identifiers in are compared to detect the loss of one or more files, and the data diode transmitter is further configured to send the file list to the data diode receiver a predetermined number of times. 如申請專利範圍第1項所述的系統,其中所述資料二極體發送器被配置成向所述資料二極體接收器周期性地發送所述檔案清單。 The system of claim 1, wherein the data diode transmitter is configured to periodically transmit the profile list to the data diode receiver. 如申請專利範圍第1項所述的系統,其中所述檔案辨識 符是檔案名稱及檔案編號中的至少一者。 The system of claim 1, wherein the file identification The character is at least one of a file name and a file number. 如申請專利範圍第1項所述的系統,其中所述資料二極體接收器在偵測到所述一或多個檔案的遺失時更被配置成產生含有遺失的所述一或多個檔案的所述檔案辨識符的日誌。 The system of claim 1, wherein the data diode receiver is further configured to generate the one or more files containing the loss upon detecting the loss of the one or more files of the file identifier of the log. 如申請專利範圍第1項所述的系統,其中所述資料二極體接收器在偵測到所述一或多個檔案的遺失時更被配置成產生指示所述一或多個檔案的所述遺失的警報消息。 The system of claim 1, wherein the data diode receiver is further configured to generate all data indicative of the one or more files upon detecting the loss of the one or more files the missing alert message. 如申請專利範圍第5項所述的系統,其中所述警報消息包括在將檔案自所述資料二極體發送器轉移至所述資料二極體接收器期間遺失的所述一或多個檔案的所述檔案辨識符。 The system of claim 5, wherein the alert message includes the one or more files lost during transfer of files from the data diode transmitter to the data diode receiver The file identifier of . 如申請專利範圍第5項所述的系統,其中所述警報消息利用簡單郵件轉移協定或系統日誌被傳遞至可通訊地耦合至所述資料二極體的使用者裝置或監測單元。 The system of claim 5, wherein the alert message is delivered to a user device or monitoring unit communicatively coupled to the data diode using a Simple Mail Transfer Protocol or a syslog. 如申請專利範圍第5項所述的系統,其中所述警報消息是用於觸發對在將檔案自所述資料二極體發送器轉移至所述資料二極體接收器期間遺失的所述一或多個檔案的重新傳送。 The system of claim 5, wherein the alert message is used to trigger response to the one lost during transfer of a file from the data diode transmitter to the data diode receiver or retransmission of multiple files. 如申請專利範圍第8項所述的系統,其中對遺失的所述一或多個檔案的所述重新傳送是利用遺失的所述一或多個檔案的所述檔案辨識符觸發。 The system of claim 8, wherein the retransmission of the missing one or more files is triggered using the file identifier of the missing one or more files. 一種利用資料二極體將檔案自發送器網路單向性轉移至接收器網路的方法,所述資料二極體包括資料二極體發送器以及資料二極體接收器,所述方法包括: 由所述資料二極體接收器接收檔案清單,所述檔案清單包括將經由所述資料二極體發送的所有檔案的檔案辨識符;由所述資料二極體接收器在單向鏈路上自所述資料二極體發送器接收所述檔案;以及由所述資料二極體接收器基於將所接收檔案的所述檔案辨識符與存在於所述檔案清單中的所述檔案辨識符進行比較而偵測一或多個檔案的遺失,其中接收所述檔案清單包括以預定次數接收所述檔案清單。 A method for unidirectional transfer of files from a transmitter network to a receiver network using data diodes, the data diodes comprising a data diode transmitter and a data diode receiver, the method comprising : A file list is received by the data diode receiver, the file list including file identifiers for all files to be sent via the data diode; the data diode transmitter receives the file; and the data diode receiver is based on comparing the file identifier of the received file with the file identifier present in the file list and detecting the loss of one or more files, wherein receiving the file list includes receiving the file list a predetermined number of times. 如申請專利範圍第10項所述的方法,其中接收所述檔案清單包括周期性地接收所述檔案清單。 The method of claim 10, wherein receiving the dossier list includes periodically receiving the dossier list. 如申請專利範圍第10項所述的方法,其中所述檔案辨識符是檔案名稱及檔案編號中的至少一者。 The method of claim 10, wherein the file identifier is at least one of a file name and a file number. 如申請專利範圍第10項所述的方法,更包括在偵測到所述一或多個檔案的遺失時產生含有遺失的所述一或多個檔案的所述檔案辨識符的日誌。 The method of claim 10, further comprising generating a log containing the file identifiers of the one or more files lost when the loss of the one or more files is detected. 如申請專利範圍第10項所述的方法,更包括在偵測到所述一或多個檔案的遺失時產生指示所述一或多個檔案的所述遺失的警報消息。 The method of claim 10, further comprising generating an alert message indicating the loss of the one or more files when the loss of the one or more files is detected. 如申請專利範圍第14項所述的方法,其中所述警報消息包括在將檔案自所述資料二極體發送器轉移至所述資料二極體接收器期間遺失的所述一或多個檔案的所述檔案辨識符。 The method of claim 14, wherein the alert message includes the one or more files lost during transfer of files from the data diode transmitter to the data diode receiver The file identifier of . 如申請專利範圍第14項所述的方法,其中所述警報消 息利用簡單郵件轉移協定或系統日誌被傳遞至可通訊地耦合至所述資料二極體的使用者裝置或監測單元。 The method of claim 14, wherein the alarm cancels The information is delivered to a user device or monitoring unit communicatively coupled to the data diode using a Simple Mail Transfer Protocol or a syslog. 如申請專利範圍第14項所述的方法,其中所述警報消息是用於觸發對在將檔案自所述資料二極體發送器轉移至所述資料二極體接收器期間遺失的所述一或多個檔案的重新傳送。 14. The method of claim 14, wherein the alert message is used to trigger response to the one lost during the transfer of a file from the data diode transmitter to the data diode receiver or retransmission of multiple files. 如申請專利範圍第17項所述的方法,其中對遺失的所述一或多個檔案的所述重新傳送是利用遺失的所述一或多個檔案的所述檔案辨識符觸發。 The method of claim 17, wherein the retransmission of the lost one or more files is triggered using the file identifier of the lost one or more files.
TW107140467A 2018-01-05 2018-11-14 System and method for unidirectional transfer of file TWI771523B (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
SG10201800126VA SG10201800126VA (en) 2018-01-05 2018-01-05 Detection of file loss in a one-way file transfer system
SG10201800126V 2018-01-05

Publications (2)

Publication Number Publication Date
TW201931833A TW201931833A (en) 2019-08-01
TWI771523B true TWI771523B (en) 2022-07-21

Family

ID=67144223

Family Applications (1)

Application Number Title Priority Date Filing Date
TW107140467A TWI771523B (en) 2018-01-05 2018-11-14 System and method for unidirectional transfer of file

Country Status (3)

Country Link
SG (1) SG10201800126VA (en)
TW (1) TWI771523B (en)
WO (1) WO2019135708A1 (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111107536B (en) * 2019-12-30 2022-07-26 联想(北京)有限公司 User plane function forwarding method, device, system and storage medium

Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130254878A1 (en) * 2012-03-21 2013-09-26 Owl Computing Technologies, Inc. Method and apparatus for data transfer reconciliation

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
KR101334240B1 (en) * 2012-09-20 2013-11-28 한국전력공사 System for transferring data only in one direction
US9575987B2 (en) * 2014-06-23 2017-02-21 Owl Computing Technologies, Inc. System and method for providing assured database updates via a one-way data link

Patent Citations (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20130254878A1 (en) * 2012-03-21 2013-09-26 Owl Computing Technologies, Inc. Method and apparatus for data transfer reconciliation

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
網路文獻 Malcolm W. Stevens "An Implementation of an Optical Data Diode"Information Technology Division Electronics and Surveillance Research Laboratory, DSTO-TR-0785 19991231 Information Technology Division Electronics and Surveillance Research Laboratory, DSTO-TR-0785, 1999 ,http://citeseerx.ist.psu.edu/viewdoc/download?doi=10.1.1.83.8650&rep=rep1&type=pdf. *

Also Published As

Publication number Publication date
TW201931833A (en) 2019-08-01
WO2019135708A1 (en) 2019-07-11
SG10201800126VA (en) 2019-08-27

Similar Documents

Publication Publication Date Title
US11368437B2 (en) Method and apparatus for repercussion-free unidirectional transfer of data to a remote application server
Lonvick The BSD syslog protocol
CN105282138B (en) Interest return control message
CN107852415B (en) Method and apparatus for non-reactive transfer of data between networks
CN112839083B (en) Data transmission method and device and readable storage medium
CN101707608A (en) Method and device for automatically testing application layer protocol
CN105814861B (en) Devices and methods for transferring data
US20160043917A1 (en) Monitoring sms messages related to server/customer interactions
TWI771523B (en) System and method for unidirectional transfer of file
CN104935551A (en) Device and method for preventing web page tampering
CN106603464A (en) Network detection method, system and device
US20160080301A1 (en) Information processing apparatus, method of restricting email viewing, and computer program
CN104081421A (en) Method of pairing electronic apparatus and user account within on-line service
US8938511B2 (en) Method and apparatus for detecting unauthorized bulk forwarding of sensitive data over a network
WO2018047410A1 (en) Data diode system and data transmission method in data diode system
JP4170301B2 (en) DoS attack detection method, DoS attack detection system, and DoS attack detection program
JP5011136B2 (en) Information leak detection system
US20180376328A1 (en) Passive wireless electronics detection system
CN112449237B (en) Method, device and system for detecting video code stream
US12199889B2 (en) Unidirectional gateway mediated delivery of data messages
JP2014021509A (en) Fraudulence detection system, terminal unit, fraudulence sensing device, computer program, and fraudulence detection method
KR100249850B1 (en) How to Check Message Receipt Including Message Contents
JP6095718B2 (en) Loop mail detection system, loop mail detection device, loop mail detection method, and program
JP2008198166A (en) Mail delivery system
CN119341813A (en) A message queue response method and system for a one-way network environment