阅读说明：本技术 用于在两个网络之间传输数据的传输设备和方法 (Transmission device and method for transmitting data between two networks ) 是由 C.鲍尔 R.法尔克 M.赛费尔特 M.维默 于 2020-03-19 设计创作，主要内容包括：本发明涉及用于在具有高的安全要求的第一网络(NW1)和具有低的安全要求的第二网络(NW2)之间传输数据的计算机实现的方法和传输设备(500),其中在第一网络和第二网络之间构建(S1)第一会话,第一数据包由第一网络(NW1)中的发送单元(101)经由第一单向通信单元(301)传输(S2)给第二网络(NW2)中的接收单元(202),并且构建第二会话,并且第二数据包由第二网络(NW2)中的发送单元(201)经由第二单向通信单元(400)传输(S4)给验证单元(302),第二数据包根据预设的规则在验证单元(302)中验证(S5),在第二数据包的验证为肯定时,构建第三会话,并且第二数据包由验证单元(302)传输给第一网络(NW1)中的接收单元(102)。(The invention relates to a computer-implemented method and a transmission device (500) for transmitting data between a first network (NW 1) having high security requirements and a second network (NW 2) having low security requirements, wherein a first session is constructed (S1) between the first network and the second network, a first data packet is transmitted (S2) by a transmitting unit (101) in the first network (NW 1) via a first unidirectional communication unit (301) to a receiving unit (202) in the second network (NW 2) and a second session is constructed, and a second data packet is transmitted (S4) by a transmitting unit (201) in the second network (NW 2) via a second unidirectional communication unit (400) to a verification unit (302), the second data packet is verified (S5) in the verification unit (302) according to preset rules, a third session is constructed when the verification of the second data packet is positive, and the second data packet is transmitted by the verification unit (302) to the receiving unit (NW 1) in the first network (NW 1) .)

1. A computer-implemented method for transmitting data between a first network (NW 1) having a high security requirement and a second network (NW 2) having a low security requirement, wherein

a) For data transmission from the first network (NW 1) into the second network (NW 2), constructing (S1) a first session between the first network (NW 1) and the second network (NW 2), a first data packet being transmitted (S2) by a transmitting unit (101) in the first network (NW 1) via a first unidirectional communication unit (301) to a receiving unit (202) in the second network (NW 2), the first unidirectional communication unit being arranged between the first network (NW 1) and the second network (NW 2),

and

b) for data transmission from the second network (NW 2) into the first network (NW 1), a second session is constructed (S3) and a second data packet is transmitted (S4) from a sending unit (201) in the second network (NW 2) via a second unidirectional communication unit (400) to a verification unit (302) which is arranged between the first network (NW 1) and the second network (NW 2),

-verifying (S5) the second data packet in the verification unit (302) according to preset rules, and

-in case the verification of the second data packet is positive, constructing a third session and the second data packet is transmitted (S6) by the verification unit (302) to a receiving unit (102) in the first network (NW 1).

2. The computer-implemented method of claim 1,

wherein at least one data packet is transmitted between a receiving unit (102) and a transmitting unit (101) in said first network (NW 1) and/or between a receiving unit (202) and a transmitting unit (201) in said second network (NW 2).

3. The computer-implemented method of any of the above claims,

wherein the first or second data packet is constructed as a payload data packet (PDU 1) or as a control data packet (PDU 2).

4. The computer-implemented method of any of the above claims,

wherein if the verification of the second data packet in the verification unit yields a negative result, a control data packet is issued by the verification unit and the control data packet is transmitted via the first network to the second network.

5. The computer-implemented method of any of the above claims,

wherein an explicit Session Identifier (SID) is assigned to the active data packet (PDU 1) of the session.

6. The computer-implemented method of any of the above claims,

in which control packets (PDU 2) are assigned an explicit Session Identifier (SID), a packet identification identifier (POD) and sender and/or receiver information.

7. The computer-implemented method of any of the above claims,

wherein the control data packet (PDU 2) is transmitted before the valid data packet (PDU 1) is transmitted when transmitting data.

8. The computer-implemented method of claim 7,

wherein a valid data packet (PDU 1) is transmitted with acceptance of the control data packet (PDU 2) and data transmission is interrupted without acceptance of the control data packet (PDU 2) and only another control data packet (PDU 2) is transmitted back.

9. The computer-implemented method of any of the above claims,

wherein upon transmission of data from the first network (NW 1) into the second network (NW 2),

-first control data packets are transmitted from the first network (NW 1) into the second network (NW 2),

-checking in the second network (NW 2) whether the first control packet is acceptable,

-wherein if the first control data packet is accepted, a second control data packet is transmitted from the second network (NW 2) to the verification unit (303), is verified there and is transmitted to the first network (NW 1) in the case of a positive verification, at least one valid data packet is transmitted from the first network (NW 1) to the second network (NW 2), and a third control data packet is transmitted from the first network (NW 1) to the second network (NW 2).

10. The computer-implemented method of claim 9,

wherein the integrity of the transmitted valid data packets is checked in the second network (NW 2) on the basis of the first control data packet and the third control data packet, and a fourth control data packet comprising the result of the check is transmitted to the first network (NW 1).

11. A transmission device (500) for transmitting data between a first network (NW 1) having a high security requirement and a second network (NW 2) having a low security requirement, the transmission device comprising:

-a first receiving unit (102) and a first transmitting unit (101), which are arranged in the first network (NW 1), respectively,

-a second receiving unit (202) and a second transmitting unit (201), which are arranged in the second network (NW 2), respectively,

-a first unidirectional communication unit (301) arranged between the first network (NW 1) and a second network (NW 2) and designed to transmit data packets upon data transmission from the first sending unit (101) to the second receiving unit (202),

-a second unidirectional communication unit (400) arranged between the second network (NW 2) and the first network (NW 1) for data transmission from the second network into the first network,

and

-a verification unit (302) arranged between the second network and the first network and designed to verify data packets according to preset rules in the data transmission from the second sending unit (201) to the first receiving unit (102).

12. The transmission apparatus (500) of claim 11, wherein

-the first receiving unit (102) and the first sending unit (101) are set up on a first component (100) in the first network (NW 1),

-the second receiving unit (202) and the second transmitting unit (201) are set up on a second component (200) in the second network (NW 2),

and

-said authentication unit (302) and said first unidirectional communication unit (301) are set up on a third component (300).

13. The transmission device (500) of claim 11 or 12,

wherein the first unidirectional communication unit (301) and the authentication unit (302) are set up on separate components (300 a, 300 b), respectively.

14. A computer program product loadable into a programmable computer, comprising program code portions adapted to perform the steps of the method according to any of claims 1 to 10.

Technical Field

The invention relates to a computer-implemented method and a transmission device for transmitting data between a first network having high security requirements and a second network having low security requirements, wherein the respective communication is carried out in particular in one direction.

Background

For secure communication between safety-critical networks and open networks, such as industrial control networks (or Operational networks in english) and typical IT networks, unidirectional communication units, such as data diodes, can be used, for example, in order to enable unidirectional data transmission. Data diodes with a feedback channel, also referred to as bidirectional network protection or security gateways, enable secure data transfer between two information areas with different security levels. Network defense is typically a combination of hardware and software and can perform more functions than a firewall.

Bidirectional network protection is usually designed to implement two mutually separate unidirectional data streams, each by means of a data diode, the data streams flowing in opposite directions. This allows data exchange in both directions, wherein a unidirectional function is ensured, respectively. For example, data can be transferred from a network with high security requirements into an open network with low security requirements or from a network with low security requirements into a network with high security requirements by means of a bidirectional network protection.

In the case that data transfers between networks with different security requirements are to be performed reliably, i.e. correctly, completely and with the security requirements, additional transfer confirmations are usually required, which are exchanged between the networks. A "reliable" or "trustworthy" data transfer is to be understood in particular as a complete and error-free data transfer.

In the data transfer from a network with low security requirements to a network with high security requirements, additional checks are generally required in order to ensure the security and/or integrity and/or network availability of the network with high security requirements.

Disclosure of Invention

The object of the invention is therefore to make possible a flexible unidirectional data transfer from one network into the other network, with and without acknowledgement of the data transfer, for the data exchange between two networks with different security requirements.

The object is achieved by the measures described in the independent claims. Advantageous developments of the invention are shown in the dependent claims.

According to a first aspect, the invention relates to a computer-implemented method for transmitting data between a first network having high security requirements and a second network having low security requirements, wherein

a) For data transmission from a first network into a second network, a first session is established between the first network and the second network, a first data packet is transmitted from a sending unit in the first network via a first unidirectional communication unit to a receiving unit in the second network, the first unidirectional communication unit being arranged between the first network and the second network,

and

b) for data transmission from the second network into the first network, a second session is constructed and the second data packet is transmitted from a sending unit in the second network via a second unidirectional communication unit to an authentication unit, which is arranged between the first network and the second network,

-validating the second data packet in a validation unit according to preset rules, and

-building a third session when the verification of the second data packet is positive, and the second data packet is transmitted from the verification unit to the receiving unit in the first network.

A "computer-implemented" in the context of the present invention is to be understood as an implementation of a method, in which at least one method step is executed, in particular by a processor.

According to a second aspect, the invention relates to a transmission device for transmitting data between a first network having high security requirements and a second network having low security requirements, comprising:

a first receiving unit and a first transmitting unit, which are arranged in a first network, respectively,

a second receiving unit and a second transmitting unit, which are arranged in a second network, respectively,

a first unidirectional communication unit arranged between the first and second networks and designed to transmit data packets in a data transmission from the first sending unit to the second receiving unit,

a second unidirectional communication unit arranged between the second network and the first network for data transmission from the second network to the first network,

and

a verification unit, which is arranged between the second network and the first network and is designed to verify the data packets according to preset rules in the data transmission from the second sending unit to the first receiving unit.

The advantage of the invention is that a flexible transmission device and transmission protocol are provided which enable data transmission and conversely secure data transmission from a network with high security requirements to a network with low security requirements, both with and without confirming the integrity or execution of the data transmission. In particular, the following requirements can be met: the first network is protected from undesired data transfer from the second network.

In particular, a check can be carried out for each Session (Session in english), which is also referred to as "conversation" in the following, during transmission, so that fewer control packets are transmitted. In this way, the overhead costs can be reduced. Another advantage of the invention is that a protocol is defined which can be used for both unidirectional and bidirectional data transmission.

The authentication unit enables to authenticate the data transfer from the second network into the first network and thereby to control it. The data transmission from the first network into the second network is performed via a unidirectional data connection and without authentication.

In the event of a negative verification of the data transmission from the second network to the first network, in particular only one data packet, for example a control data packet, can be created by the verification unit and transmitted back to the second network. Thereby, information about transmission errors or falsification of data can be transmitted to the original sender.

The first unidirectional communication unit is capable of unidirectional data transmission. The first unidirectional communication unit may be designed, for example, as a data diode or as an eavesdropping device which only passively eavesdrops on the data transmission and forwards the eavesdropped data.

The data transmission from the first network into the second network and from the second network into the first network is constructed unidirectionally.

At least one data packet or a plurality of data packets may be transmitted per session.

In an advantageous embodiment of the computer-implemented method, at least one data packet can be transmitted between a receiving unit and a transmitting unit in the first network and/or between a receiving unit and a transmitting unit in the second network.

In particular, acknowledgement messages can be transmitted between the respective transmitting and receiving units. This enables, in particular, a feedback channel without hindering the non-reactive nature of the various transmission paths between the networks. For example, feedback on data packets sent from the first network to the second network may be transmitted back to the first network via the authentication unit. The data transmission takes place in each case unidirectionally via a unidirectional communication unit.

In an advantageous embodiment of the computer-implemented method, the first or second data packet can be designed as a payload data packet or as a control data packet.

In particular, at least one control data packet and at least one payload data packet can be transmitted per session. The valid data packet comprises valid data and the control data packet comprises, for example, information for performing a receipt confirmation and/or an integrity check of the passed valid data. In addition, the control packets may facilitate session building.

In an advantageous embodiment of the computer-implemented method, the control data packet can be issued by the verification unit and transmitted to the second network via the first network if the verification of the second data packet in the verification unit yields a negative result.

In this way, the data transmission from the second network into the first network can be simply interrupted. The second data packet may be, in particular, a control or payload data packet. The control data packet issued by the authentication unit may for example comprise information about the authentication, such as the result of the check.

In an advantageous embodiment of the computer-implemented method, an unambiguous session flag can be assigned to the payload data packet of the session.

The structure of the valid data packet or data structure includes valid data and a session flag. The structure may furthermore comprise, inter alia, a packet identification tag, a checksum of the packet, type information and/or an application identification.

In an advantageous embodiment of the computer-implemented method, a session identifier, a packet identifier and sender and/or receiver information can be assigned to the control packet.

The structure of the control data packet may furthermore comprise, inter alia, a checksum of the control data packet, a data packet identification Flag assigned to the control data packet, type information, at least one Flag (Flag in english) and/or information about the size of the data transmission of the respective session.

In an advantageous embodiment of the computer-implemented method, the control data packet can be transmitted before the payload data packet is transmitted during the data transmission.

The data transmission between the first and second network can be carried out in particular in the case of a correctly executed data transmission, wherein at least one control data packet is transmitted per session. The control data packet may comprise, inter alia, information for constructing or ending a session. More than one active packet may be transmitted per session. The transmission with acknowledgement has the advantage, inter alia, that a reliable transmission can be ensured.

In an advantageous embodiment of the computer-implemented method, a payload data packet can be transmitted in the case of an acceptance of a control data packet, and the data transmission can be interrupted and only a further control data packet can be transmitted back in the case of an non-acceptance of a control data packet.

The control data packet may comprise, inter alia, a flag for constructing a session. In case of acceptance of the control data packet by the receiver, a session can be constructed and at least one valid data packet is transmitted. In case no control data packet is accepted, another control data packet may be transmitted back to the respective sender. The check whether a data packet is accepted can be performed in particular in a receiving unit of the network.

In an advantageous embodiment of the computer-implemented method, in the data transmission from the first network to the second network,

the first control data packet may be transmitted from the first network into the second network,

-it is possible to check in the second network whether the first control data packet is acceptable,

and if the first control data packet is accepted, the second control data packet can be transmitted from the second network to the authentication unit, where it is authenticated and, if the authentication is positive, to the first network, and at least one valid data packet can be transmitted from the first network to the second network, and a third control data packet can be transmitted from the first network to the second network.

The third control data packet is in particular transmitted after all valid data packets of the session have been sent. If the first control data packet is not accepted, the data transmission can be interrupted and only control data packets, for example, comprising information about transmission errors or tampering of the data, are transmitted to the first network.

In an advantageous embodiment of the computer implementation, the integrity of the transmitted payload data packets can be checked in the second network on the basis of the first and third control data packets, and a fourth control data packet comprising the result of the check can be transmitted to the first network.

In particular, after the transmission of the useful data, an integrity check and a check for transmission errors or distortions can be performed on the basis of the control data packets transmitted at the beginning and end of the session. For example, it can be checked whether the receiver has already received the amount of transfer data indicated in the first control packet, i.e. the same amount of transfer data is indicated in the third control packet. In this way, for example, transmission errors can be detected and transmitted back to the initial sender.

In an advantageous embodiment of the transmission device,

the first receiving unit and the first transmitting unit may be set up on a first component in the first network,

the second receiving unit and the second transmitting unit may be set up at a second component in the second network,

and

the authentication unit and the first unidirectional communication unit may be set up on the third component.

In an advantageous embodiment of the transmission device, the first unidirectional communication unit and the authentication unit can each be set up on separate components.

The components, in particular the network components, can be designed as hardware components. The component may comprise, inter alia, a processor.

The processor may be, inter alia, a main processor (CPU), a microprocessor or microcontroller, such as an application specific integrated circuit or a digital signal processor, possibly in combination with a memory Unit for storing program instructions, etc. The Processor may also be, for example, an IC (Integrated Circuit) or a multi-Chip module, in particular an FPGA (Field Programmable Gate Array) or an ASIC (Application-Specific Integrated Circuit), an SoC (System on Chip), a gpu (graphics Processing Unit), a Processor for analyzing a neural network, such as a TPU (temporal Processing Unit) or a DSP (digital signal Processor), for example. A processor may have one or more compute cores (multi-core). Further, the processor may be understood as a virtual processor or a soft core CPU. For example, a programmable processor may also be provided, which is equipped with the configuration steps for carrying out the method according to the invention or which is configured by means of the configuration steps such that the programmable processor implements the features according to the invention of the method according to the invention or of other aspects and sub-aspects. The processor may have tamper-protection for protection against physical tampering, such as a tamper-resistant sensor for detecting physical attacks.

Furthermore, the invention relates to a computer program product directly loadable into a programmable computer, comprising computer code portions adapted to perform the steps of the computer implemented method according to the invention.

The computer program product, such as the computer program mechanism, may be provided or supplied, for example, as a memory medium or data carrier, such as a memory card, a USB stick, a CD-ROM, a DVD, or also in the form of a file downloadable from a server in a network.

Drawings

Embodiments of a computer-implemented method and a transmission device according to the invention are shown by way of example in the drawings and are explained in detail in the following description. Wherein:

FIG. 1 shows a flow chart of a method according to the invention;

fig. 2 shows a schematic view of a transmission device according to the invention;

fig. 3 shows a schematic view of another transmission device according to the invention;

FIG. 4 shows a schematic diagram of a valid data packet;

FIG. 5 shows a schematic diagram of a control packet;

FIG. 6 illustrates, as a timing diagram, one embodiment of a method in accordance with the present invention; and

fig. 7 shows a further exemplary embodiment of the method according to the present invention as a timing diagram.

Parts corresponding to each other are provided with the same reference numerals throughout the figures.

Detailed Description

In particular, the following embodiments merely show exemplary implementation possibilities, in particular how such implementation solutions according to the teachings of the present invention may emerge, since it is not possible and is not essential or not necessary for understanding the invention to mention all these implementation possibilities.

All possibilities of implementation of the invention, which are conventional in the prior art, are of course known to the person skilled in the art, in particular when learning the method claim/s, so that in particular no separate disclosure in the description is necessary. In particular, these common and implementation variants known to the skilled worker can be implemented exclusively via hardware (components) or exclusively via software (components). Alternatively and/or additionally, the skilled person can select, within the scope of his expert knowledge, as arbitrary a combination according to the invention of hardware (components) and software (components) as possible in order to implement implementation variants according to the invention.

Fig. 1 shows a flow diagram of a computer-implemented method for transmitting data between a first network with high security requirements, such as an industrial control network, and a second network with low security requirements, such as a monitoring network, according to the invention. The method can be carried out by means of a transmission device according to the invention, as is shown by way of example in fig. 2 and 3.

For example, sensor data may be transmitted from an industrial control network into a monitoring network for monitoring or analyzing the control network. In this case, the communication between the networks should be unidirectional in particular, so that in particular only a permissible data transfer from the monitoring network to the industrial control network is permitted.

In step S1, a first session for transmitting data between the first network and the second network is constructed. In particular, a first session is established between a sending unit of a first network and a receiving unit of a second network.

In step S2, a first data packet, for example a control data packet, is transmitted from a transmitting unit of the first network to a first unidirectional communication unit arranged between the first and second network and from there forwarded to the second network. The control data packet contains, for example, information for transmission, for carrying out a receipt confirmation and/or an integrity check of the transmitted useful data.

The first unidirectional communication unit may be designed, in particular, as a data diode or as a tapping device and is used to enable unidirectional data transmission from the first network into the second network.

After the transmission of the first control data packet, at least one payload data packet comprising payload data can be transmitted from the first network to the second network, in the event of acceptance of the first control data packet by a receiving unit in the second network. In this case, a second session and a third session are first established between the first and second networks in step S3 of the method, wherein in step S4 a further data packet, for example a control data packet, is transmitted to the second network via the unidirectional communication unit and the authentication unit.

The second session is established between a transmitting unit in the second network and a receiving unit which is assigned to the authentication unit and which can be set up in particular on a common component. If all data packets of the session are received, the data packets are forwarded by the receiving unit to the authentication unit. In this way, the verification of the data packet is only achieved for each session.

In the authentication unit, the control packet is authenticated according to a preset rule, step S5. Only data transfer from the second network into the first network is checked. It is determined according to the rules whether the packet is allowed and allowed to pass, i.e. positive verification, or rejected, i.e. negative verification. In the case of a positive authentication, step S6, a third session is set up between the transmitting unit and the receiving unit assigned to the authentication unit and which may be set up in particular on a common component, and the control data packet is transmitted from the authentication unit to the receiving unit in the first network.

For example, a positively validated control packet may include information about an accepted data transmission. The information is transmitted back to the first network. Subsequently, data transmission of the valid data from the first network into the second network may be started, step S7. The useful data can then be forwarded by the receiving unit in the second network to the application.

In the case where the verification of the control packet transmitted from the first network is negative, the verification unit may issue another control packet, which may be transmitted to the first and second networks.

Fig. 2 shows a block diagram of a variant of a transmission device 500 according to the invention. The transmission device 500 may in particular be composed of three separate hardware components 100, 200 and 300, wherein the first component 100 is arranged in a first network NW1 with high security requirements, the second component 200 is arranged in a second network NW2 with low security requirements, and the third component 300 is arranged between the two networks NW1, NW 2.

The first component 100 comprises a first receiving unit 102 and a first sending unit 101, e.g. a server 102 and a client 101. The receiving unit 102 and the first sending unit 101 may exchange data. In particular, this allows the transmission of the acknowledgement message 10. The first receiving unit 102 and the first transmitting unit 101 may communicate with an application a1 in a first network NW 1. Application a1 may, for example, generate valid data or call valid data. In particular, the useful data, for example sensor data, can be transmitted from application a1 to transmitting unit 101.

The second component 200 comprises a second receiving unit 202 and a second sending unit 201, e.g. a server 202 and a client 201. They may exchange, inter alia, acknowledgement messages 10. Furthermore, the second receiving unit 202 and the second sending unit 201 may exchange data packets with the application a2 in the second network.

The third member 300 includes: a first unidirectional communication unit 301, which may be realized in particular as a data diode; a third receiving unit 303, a third transmitting unit 304 and an authentication unit 302. The third receiving unit 303 and the third transmitting unit 304 are particularly assigned to the verification unit 302.

The first unidirectional communication unit 301 is configured to realize data transfer unidirectionally from the first network NW1 into the second network NW 2. The first unidirectional communication unit 301 forwards only the data packet, preferably without changing said data packet.

The verification unit 302 verifies the data packets transmitted from the second network NW2 to the first network NW1 according to at least one preset rule. The transmission of the data packets from the second network NW2 to the first network NW1 takes place furthermore via a second unidirectional communication unit 400, for example a data diode, which may be arranged, for example, between the second component and the third component.

Alternatively (not shown), a second unidirectional communication unit 400 may be arranged between the third component 300 and the first component 100, wherein said second unidirectional communication unit manages the data transmission from the second network NW2 into the first network NW 1. As a further alternative, two unidirectional communication units may also be used for data transmission from the second network NW2 into the first network NW1, wherein one unidirectional communication unit may be arranged between the second unit 200 and the third unit 300 and the other unidirectional communication unit may be arranged between the third unit 300 and the first unit 100.

In another variant, the second unidirectional communication unit 400 may comprise the third receiving unit 303 and/or the third sending unit 304 and/or the verification unit 302 (not shown) or the units may be implemented in one unit.

The transmission of data from the first network NW1 to the second network NW2 with a receipt acknowledgement is shown for example by means of an arrow and is explained in detail according to fig. 7, wherein the acknowledgement is transmitted back via the authentication unit.

Fig. 3 shows another embodiment of a transmission apparatus 500 according to the present invention. The third component is here realized as two separate components 300a, 300 b. Said separation of the two unidirectional links is advantageous because no communication is provided between the two components 300a, 300 b. In this way, unidirectional data transmission from the first network NW1 into the second network NW2 may take place via a separate third component 300b, and unidirectional data transmission from the second network NW2 into the first network NW1 may take place via another separate third component 300 a.

Fig. 4 schematically shows an exemplary construction of a payload packet PDU 1. The valid data packet PDU1 includes valid data D and a session identifier SID. Further, the valid packet PDU1 may include a packet identification flag PID, a checksum CRC of the packet, type information TYP and/or an application identification code AID.

The session id assigns the packet to the determined session. The packet identification tag PID identifies the packet explicitly in the packet sequence of the session. The checksum CRC may be a checksum of the entire data packet. The type information TYP specifies the type of the data packet, in particular the "data" for a "valid data packet". The application identification code AID specifies the type of application, which is associated with valid data.

Fig. 5 schematically shows an exemplary construction of a control packet PDU 2. The control packet PDU2 includes a session identity SID, a packet identification identity PID and sender and/or receiver information DST. Furthermore, the control packet PID2 may comprise a checksum CRC of the control packet, a packet identification Flag PID, type information TYP, at least one Flag FL (Flag in english) and/or information SZ about the size of the data transmission of the corresponding session. The type information may comprise, inter alia, "control" for "control packets". The flag may be placed, among other things, "S" representing the construction of a new session, "F" representing the ending of a session, "a" representing the confirmation of a session, or "R" representing the interruption of a session. By means of the flag, the receiving unit or the transmitting unit can identify what type of control packet PDU2 is. The flags "S" and "F" may be used by the sender, among other things. The flags "a" and "R" may be used by both the sender and the receiver. The information SZ about the size of the data transmission of the respective session is present in particular only when the session is constructed.

Fig. 6 shows a timing diagram for data transfer without an acknowledgement of the data transfer. The invention, in particular the transfer protocol according to the invention, enables data transmission from one network to another network to be carried out, wherein only one session is constructed and only at least one payload data packet is transmitted.

Data transmission without acknowledgement is realized in particular without transmission of control data packets. In this variant, the payload data packet can be transmitted from one network into the other without a preceding transmission of a control data packet.

After the session is constructed, the valid packet PDU1 may be delivered directly to the recipient. Without confirmation, for example, an integrity check cannot be performed on the transferred valid data. For example, a client 101 in a first network constructs a first session to a second network. The valid data packet is transmitted to the second network via the server 102. For this purpose, the data packets are transmitted to the client 303 on the third component, forwarded from the first unidirectional communication unit 301 to the server 304 of the third component, and transmitted from said server via the server 201 of the second network to the client 202 of the second network. In other words, the client 101 in the first network starts transmitting valid data to the client 202 without transmitting a control packet. The first unidirectional communication unit 301 forwards the valid data packet without inspection or alteration.

For transmission from the second network into the first network without acknowledgement (not shown), the data packet is checked in the authentication unit. To this end, two separate sessions are constructed by means of intermediate steps: a session from the client 201 in the second network to the client 303 on the third component, an authentication in the authentication unit 302 and another session from the server 304 of the third component to the server 102 of the second network.

Fig. 7 shows a timing diagram for an efficient data transmission from a first network into a second network with acknowledgement of the data transmission. First, after a session is constructed by the client 101 of the first network, a first control data group PDU2a with data transmission information "SYN" is transmitted to the server 202 of the second network. The inquiry is checked by the server 202 as to acceptance or not and a second control packet PDU2b comprising an acknowledgement flag "a" or "ACK" is transmitted from the server 202 to the client 102 of the first network upon acceptance. In this regard, the second control packet PDU2b is first forwarded from the server 202 to the client 201 of the second network and from the client 201 to the server 304 of the third component. The second control packet PDU2b passes the verification unit 301 and is verified there according to the rules. Upon successful authentication, a second control packet PDU2b is transmitted from the client 303 of the third component to the server 102 of the first network. The server 102 of the first network forwards the second control packet PDU2b to the client 101 of the first network.

As long as there is an acknowledgement at the client 101 in the first network, the at least one valid data packet PDU1 may be transmitted to the server 202 of the second network via the first unidirectional communication unit. In particular, only the following valid data packet PDU1 is transmitted, to which valid data packet PDU1 the correct session flag for the existing session is assigned. As soon as all the valid packets of the session have been transmitted, the client 101 sends a third control packet PDU2c comprising information about the end of the session, i.e. with the flag "F" or "FIN", to the server 202 in the second network. As soon as the server 202 has received the third control data packet PDU2c, the server 202 transmits a fourth control data packet PDU2d to the client 101 in the first network. From the first control packet PDU2a and the third control packet PDU2c, the integrity of the transmitted valid packet PDU1 may be determined by the server 202 in the second network. This may be checked, for example, from the respective checksums of the control packets PDU1a, PDU1 c. The result of said check may be transmitted to the first network, for example, in a fourth control packet PDU2 d. This may start a retransmission if, for example, the transmitted valid packet PDU1 is incomplete or has errors.

The client or server may interrupt the transmission at any time by: a control packet PDU2 is transmitted which includes the corresponding session flag and, if necessary, additional information. The reception of the control data packet and thus the end of the session must be acknowledged by the receiver in such a way that: additional control data packets are transmitted back to the sender.

All described and/or depicted features can be advantageously combined with each other within the scope of the invention. The invention is not limited to the described embodiments.