阅读说明：本技术 一种安全网络数据交互系统及方法 (Secure network data interaction system and method ) 是由 谭登峰 其他发明人请求不公开姓名 于 2018-08-10 设计创作，主要内容包括：本发明公开了提供一种安全网络数据交互系统，包括：控制指令输出单元、视频编码器、以及一个子网；所述子网中包括指令接收服务器以及至少一个客户端；所述控制指令输出单元用于输出控制指令；所述视频编码器用于将所述控制指令编码成图像数据；所述图像数据通过单向视频传输线路传输至所述子网的指令接收服务器；所述子网中的指令接收服务器用于接收所述图像数据并将所述图像数据解码成所述控制指令，并传输给控制指令相应的所述客户端。通过本发明，可以在不打破原有的子网的网络隔离或安全性的情况下，实现对子网内的计算机的安全、快速交互。整个交互过程不会导致该子网的信息流窜或泄露到子网外。(The invention discloses a secure network data interaction system, comprising: a control command output unit, a video encoder, and a subnet; the sub-network comprises an instruction receiving server and at least one client; the control instruction output unit is used for outputting a control instruction; the video encoder is used for encoding the control instruction into image data; the image data is transmitted to an instruction receiving server of the subnet through a unidirectional video transmission line; and the instruction receiving server in the subnet is used for receiving the image data, decoding the image data into the control instruction and transmitting the control instruction to the client corresponding to the control instruction. By the invention, the safe and quick interaction of the computers in the sub-network can be realized under the condition of not breaking the network isolation or the safety of the original sub-network. The whole interaction process can not cause the information flow of the sub-network to be fleed or leaked to the outside of the sub-network.)

1. A secure network data interaction system, comprising:

a control command output unit, a video encoder, and a subnet; the sub-network comprises an instruction receiving server and at least one client;

the control instruction output unit is used for outputting a control instruction;

the video encoder is used for encoding the control instruction into image data;

the image data is transmitted to an instruction receiving server of the subnet through a unidirectional video transmission line;

and the instruction receiving server in the subnet is used for receiving the image data, decoding the image data into the control instruction and transmitting the control instruction to the client corresponding to the control instruction.

2. The system of claim 1, wherein:

the unidirectional video transmission line comprises a display card;

the video encoder and the display card are connected in sequence through a video data line.

3. The system of claim 1, wherein:

the instruction receiving server further comprises a video capture card and a video decoder;

the video capture card is used for receiving the image data and transmitting the image data to the video decoder.

4. The system of claim 1, wherein:

the control instruction comprises an identification of the client;

and the instruction receiving server in the subnet is used for receiving the image data, decoding the image data into the control instruction and transmitting the control instruction to the corresponding client according to the identification of the client.

5. The system according to any one of claims 1-4, wherein:

the control instruction output unit is a touch screen.

6. The system according to any one of claims 1-4, wherein:

and the client is used for responding according to the control instruction.

7. A secure network data interaction device, comprising:

a control command output unit and a video encoder, and a command receiving server for one subnet;

the control instruction output unit is used for outputting a control instruction;

the video encoder is used for encoding the control instruction into image data;

the image data is transmitted to an instruction receiving server of the subnet through a unidirectional video transmission line;

and the instruction receiving server in the subnet is used for receiving the image data, decoding the image data into the control instruction and transmitting the control instruction to the client corresponding to the control instruction in the subnet.

8. A method of secure network data interaction, the network comprising a sub-network including at least one client, the method comprising:

outputting a control instruction to the client;

encoding the control instruction into image data;

transmitting the image data to the subnet through a unidirectional video transmission line;

and decoding the image data into the control instruction, and transmitting the control instruction to the client corresponding to the control instruction.

9. The method of claim 8, wherein:

the method also comprises the step of carrying out the following steps,

and the client side responds according to the control instruction.

10. The method of claim 8, wherein:

the control instruction comprises an identification of the client;

the method comprises the steps of decoding the image data into the control instruction, and transmitting the control instruction to the corresponding client according to the identification of the client.

Technical Field

The embodiment of the invention relates to the technical field of information transmission, in particular to a system and a method for realizing secure network data interaction.

Background

At present, complex command center interaction systems of governments, military and the like need to build a plurality of subnetworks and carry out data interaction on the subnetworks through a unified command management system. Because of the need of security, many subnets have various isolations from the external network environment, when interacting with each computer in the subnet through a unified interaction terminal, the interaction terminal and the subnet need to be connected through network, so as to expose the subnet to other network environments additionally, thereby sacrificing the original security or isolation effect.

To build a secure network environment, some technologies use unidirectional transmission lines for instruction and information transmission. However, if instructions and information are transmitted using a serial port line, although the transmission real-time performance is high, the transmission speed of the serial port line cannot meet the requirement of the transmission speed when a large amount of data is processed.

Disclosure of Invention

In order to solve the above problem, a first aspect of the present invention provides a secure network data interaction system, including:

a control command output unit, a video encoder, and a subnet; the sub-network comprises an instruction receiving server and at least one client;

the control instruction output unit is used for outputting a control instruction;

the video encoder is used for encoding the control instruction into image data;

the image data is transmitted to an instruction receiving server of the subnet through a unidirectional video transmission line;

and the instruction receiving server in the subnet is used for receiving the image data, decoding the image data into the control instruction and transmitting the control instruction to the client corresponding to the control instruction.

According to some embodiments of the invention, the unidirectional video transmission line comprises a graphics card;

the video encoder and the display card are connected in sequence through a video data line.

According to some embodiments of the invention, the instruction receiving server further comprises a video capture card, a video decoder;

the video capture card is used for receiving the image data and transmitting the image data to the video decoder.

According to some embodiments of the invention, the control instruction comprises an identification of the client;

and the instruction receiving server in the subnet is used for receiving the image data, decoding the image data into the control instruction and transmitting the control instruction to the corresponding client according to the identification of the client.

According to some embodiments of the present invention, the control instruction output unit is a touch screen.

According to some embodiments of the invention, the client is configured to respond according to the control instruction.

A second aspect of the present invention provides a secure network data interaction device, including:

a control command output unit and a video encoder, and a command receiving server for one subnet;

the control instruction output unit is used for outputting a control instruction;

the video encoder is used for encoding the control instruction into image data;

the image data is transmitted to an instruction receiving server of the subnet through a unidirectional video transmission line;

and the instruction receiving server in the subnet is used for receiving the image data, decoding the image data into the control instruction and transmitting the control instruction to the client corresponding to the control instruction in the subnet.

A third aspect of the present invention provides a method for secure network data interaction, where the network includes a subnet including at least one client, the method including:

outputting a control instruction to the client;

encoding the control instruction into image data;

transmitting the image data to the subnet through a unidirectional video transmission line;

and decoding the image data into the control instruction, and transmitting the control instruction to the client corresponding to the control instruction.

According to some embodiments of the invention, the method further comprises the step of,

and the client side responds according to the control instruction.

According to some embodiments of the invention, the control instruction comprises an identification of the client;

the method comprises the steps of decoding the image data into the control instruction, and transmitting the control instruction to the corresponding client according to the identification of the client.

By the invention, the safe and quick interaction of the computers in the sub-network can be realized under the condition of not breaking the network isolation or the safety of the original sub-network. The whole interaction process can not cause the information flow of the sub-network to be fleed or leaked to the outside of the sub-network.

Drawings

FIG. 1 is a schematic diagram of a secure network data interaction system in accordance with an embodiment of the present invention;

FIG. 2 is a flowchart illustrating a control command transmission method according to an embodiment of the present invention;

FIG. 3 is a block diagram of an apparatus included in an instruction receiving server according to an embodiment of the present invention;

fig. 4 is a schematic diagram of an apparatus structure of a unidirectional video data line according to an embodiment of the present invention.

Detailed Description

The present invention will be described in further detail with reference to the accompanying drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention. It should be further noted that, for the convenience of description, only some of the structures related to the present invention are shown in the drawings, not all of the structures.

In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention are described in further detail below with reference to the accompanying drawings. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting of the invention.

It should be further noted that, for the convenience of description, only some but not all of the relevant aspects of the present invention are shown in the drawings. Before discussing exemplary embodiments in more detail, it should be noted that some exemplary embodiments are described as processes or methods depicted as flowcharts. Although a flowchart may describe the operations (or steps) as a sequential process, many of the operations can be performed in parallel, concurrently or simultaneously. In addition, the order of the operations may be re-arranged. The process may be terminated when its operations are completed, but may have additional steps not included in the figure. The processes may correspond to methods, functions, procedures, subroutines, and the like.

Fig. 1 is a schematic block diagram of a system for client interaction within a subnet, in accordance with one embodiment of the present invention.

Including the control instruction output unit 1, the video encoder 2, and the subnet 32, as indicated by the oval-shaped line box in the figure. In practical situations, the network environment within the subnet may be isolated from the outside world due to security or privacy concerns. The invention can realize the uniform interaction of the client in the sub-network under the condition of not increasing the network exposure risk of the original sub-network.

One or more clients may be included in the subnet 32, such as three clients 321, 322, 323, etc. in the subnet, and so on.

The subnet 32 further includes an instruction receiving server for receiving control instructions.

The client in the subnet is identified by setting ID, for example, the client in the subnet 32 may be identified as 21, 22, 23, and so on, or may be identified by some identifiers already carried by the client itself, for example, a client computer network card ID.

Wherein, for the purpose of network security, the subnet of the present invention may be isolated from the outside world so as not to allow the data in the subnet to flow out to the outside.

The control instruction output unit 1 is used for sending out a control instruction for a client in a subnet;

the video encoder 2 is used for encoding the control command into image data suitable for transmission of a video data line and then transmitting the image data to a command receiving server in a subnet through a unidirectional video transmission line; the control instruction comprises id information of a client to be controlled;

the control command may be, but is not limited to, a power-on command, a power-off command, a play command, a fast-forward command, a pause command, and the like.

The video data line includes, but is not limited to, any one of the following: audio and Video data lines (AV lines), S terminal lines, tristimulus lines, Video Graphics Array (VGA), Digital Video Interface (DVI), High Definition Multimedia Interface (HDMI), and the like.

FIG. 2 is a schematic diagram of an image data encoding and decoding method according to an embodiment of the invention.

In step 101, performing quantization processing on the content included in the control instruction, and taking a corresponding quantization value as a first image pixel value; specifically, the control instruction information is converted into a long character string, the whole character string is converted into corresponding binary bits, one byte corresponds to 8 binary bits, the total number of the binary bits is 8 times of the total number of the bytes, the total number of the bytes of the character string is calculated, a binary sequence is formed, and each binary number (namely 0 or 1) in the binary sequence is used as a first image pixel value. Wherein the quantization may represent each character with 0 or 1, or with 0 or 255. Or, normalizing the numerical value corresponding to each character between 0 and 255 to make the quantization value corresponding to each character be any numerical value between 0 and 255, and the like.

Then, in step 202, a blank image (i.e. an image with all pixel values of 0 or 1) is created, the total number of bytes of pixels of the blank image is greater than or equal to the calculated total number of bytes, and the pixel value of the first image is written into the corresponding position of the blank image, so as to obtain the image data.

Specifically, a blank image can be created by using an opencv open source library, and then the converted binary sequence is sequentially written into the blank image, one binary bit occupies one pixel value, and 8 continuous 1 s are used as binary sequence end marks.

In this embodiment, a fault-tolerant mechanism is considered, i.e. when encoding, 0 and 1 are not directly stored, but 0 is stored if the value is 0, 255 is stored if the value is 1, after transmission, even if the pixel value is slightly changed, for example, some 0 is changed into 3 or 5, some 255 is changed into 245 or 251, etc., the image received by the receiving end is binarized, for example, the binarization threshold value is 128, if the value is less than 128, 0 is set, and if the value is greater than 128, 1 is set, so that the loss in the transmission process is accommodated, and the original information can be completely recovered.

Then, in step 103, the image data is transmitted using the video data line.

Accordingly, an embodiment of the present invention provides a graphic data decoding method. After the device receiving the control instruction receives the image data, for example, the instruction receiving server in fig. 1 may decode the image data by using an encoding method corresponding to the sending device to obtain corresponding information, traverse the pixel values from the beginning for the image data, parse each obtained 8 values into one byte, store the byte into the byte array, and if the end flags are consecutive 8 1, indicate that all the encoded methods have been obtained, stop the traversal, and convert the byte array into a character string, that is, complete the entire encoding- > transmission- > decoding process.

The unidirectional video transmission line may be configured to transmit a video data line through an image adapter (e.g., a video card), and at the instruction receiving server, for example, the receiving server 310, the video capture card 3101 may be configured to receive image data, and decode the received image data through the video decoder 3102 according to the decoding method described above, as shown in fig. 3. In the embodiment of the invention, the unidirectional transmission of the image adapter and the video acquisition card is utilized, so that the unidirectional video transmission line is realized, and the safety of the system is ensured.

As shown in fig. 4, a corresponding graphic card, such as graphic card 42, may be provided for connection to the video data line and then transfer the image data to the sub-network.

After the instruction receiving server 320 sends the control instruction to the client to be controlled, the client to be controlled responds to the control instruction.

In another embodiment of the present invention, the client id may be set in the control instruction and encoded in the image data. And after reading and decoding the image data, the instruction receiving server sends the control instruction to a corresponding client according to the client id, and the client responds according to the control instruction.

In the embodiment, the control instruction is encoded into the image data suitable for transmission, the image data is transmitted through the one-way video transmission line, received and correspondingly decoded through the instruction receiving server, and sent to the corresponding client according to the acquired control instruction, so that the control operation of the client in the subnet can be realized, the network environment of the original subnet can be protected, and the safety of the network interaction system is improved.

In accordance with the foregoing description, the present invention further provides a secure network data interaction device, including:

a control command output unit and a video encoder, and a command receiving server for one subnet;

the control instruction output unit is used for outputting a control instruction;

the video encoder is used for encoding the control instruction into image data;

the image data is transmitted to an instruction receiving server of the subnet through a unidirectional video transmission line;

and the instruction receiving server in the subnet is used for receiving the image data, decoding the image data into the control instruction and transmitting the control instruction to the client corresponding to the control instruction in the subnet.

The above-mentioned contents related to the control command output unit, the video encoder and the command receiving server described in the above figures are also applicable to this, and this apparatus can be applied to the above-mentioned secure network data interaction system, wherein the components and the connection manner are as mentioned above in the description of the secure network data interaction system, and are not described again here.

In other embodiments of the present invention, the control command output unit 1 may be a touch screen, such as an infrared light screen type touch screen, an infrared vector pressure sensing type touch screen, a capacitive type touch screen, a resistive type touch screen, an infrared frame type touch screen, a near field imaging type touch screen, an electromagnetic induction type touch screen, a surface acoustic wave type touch screen, and the like.

In some embodiments of the present invention, the control instruction may be input through a touch action, or an action of writing "M", "O", or the like on the screen, or a motion sensing action, or the like.

In some embodiments of the invention, the control instructions may include: open a file, close a file, etc.; the response may include, for example: output a file to be opened to a display unit, or close the file, etc.

In other embodiments of the present invention, the control instruction output unit 1 in the system may be a large touch screen composed of a plurality of sub-screens, and a user may input a control instruction to the plurality of sub-screens to control different clients.

In addition, the instruction receiving server and the client computer are connected via a network, and for example, a router and/or a switch, a gateway, or the like transmits a control instruction to a computer to be controlled.

In addition, the transmission of the image data provided by the embodiment of the invention can be realized in a software and/or hardware mode. The client may be, but is not limited to, a tablet computer, a smart phone, a desktop computer, and the like.

The information transmission device according to the above embodiments is also used to perform the information transmission method according to the above embodiments, and the technical principle and the technical effect thereof are similar, and will not be described in detail herein.

It is to be noted that the foregoing is only illustrative of the preferred embodiments of the present invention and the technical principles employed. It will be understood by those skilled in the art that the present invention is not limited to the particular embodiments described herein, but is capable of various obvious changes, rearrangements and substitutions as will now become apparent to those skilled in the art without departing from the scope of the invention. Therefore, although the present invention has been described in greater detail by the above embodiments, the present invention is not limited to the above embodiments, and may include other equivalent embodiments without departing from the spirit of the present invention, and the scope of the present invention is determined by the scope of the appended claims.