Multi-channel unidirectional secure switching matrix for large data center and management method thereof

By using a multi-channel unidirectional secure exchange matrix, and leveraging API unidirectional gateways and asymmetric matrix units to separate data channels from management channels, high-security data can flow irreversibly at the physical level. This solves the problem that firewall devices cannot achieve strict security level transfers and reduces the risk of information leakage.

CN122394924APending Publication Date: 2026-07-14ZEN-AI TECH

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
ZEN-AI TECH
Filing Date
2026-04-30
Publication Date
2026-07-14

AI Technical Summary

Technical Problem

In existing technologies, firewall devices cannot implement strict rules for data transfer based on security level, which may result in sensitive data from high-security networks flowing illegally to low-security networks, posing a risk of information leakage. Furthermore, the lack of complete separation between control and data transmission creates a risk of reverse link issues due to misconfiguration.

Method used

A multi-channel unidirectional secure switching matrix is ​​adopted, including a policy execution engine, a channel control unit, and an asymmetric matrix unit. Through an API unidirectional gateway and a key service unit, the data channel and management channel are completely separated, and the "low-density to high-density" flow is ensured to be insurmountable at the physical level. Unidirectional data transmission is carried out using an electro-optical conversion unidirectional optical transmitter and unidirectional optical fiber.

Benefits of technology

It enables inter-domain isolation and controlled sharing of data exchange across domains and security levels in large data centers, preventing the unauthorized outflow of sensitive data, reducing the risk of information leakage, and avoiding the attack risks caused by the exposure of management interfaces.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122394924A_ABST
    Figure CN122394924A_ABST
Patent Text Reader

Abstract

The application discloses a kind of multi-channel unidirectional secure exchange matrix for large data center and its management and control method.The matrix includes policy execution engine, channel control unit and asymmetric matrix unit.Policy execution engine collects the gateway of each isolated management domain, network information and cross-domain rules by management terminal, and approves data transmission request.After approval, it instructs channel control unit to open corresponding physical switch in asymmetric matrix unit, and establishes unidirectional data channel from source side low-density business network to target side high-density business network.Meanwhile, the engine generates and distributes the configuration file of source / target API unidirectional gateway, and completes configuration by offline import or online distribution to source API unidirectional gateway and target API unidirectional gateway respectively.After configuration is completed, it obtains business data from business network and transmits.The application realizes high security, flexibility and controllability of data exchange between multi-density business networks in cross-domain isolated environment.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This invention relates to the field of information transmission technology, and in particular to a multi-channel unidirectional secure switching matrix for large data centers and its management and control methods and systems. Background Technology

[0002] In existing technologies, firewall isolation technology is used when exchanging cross-domain data between devices with different security levels. This technology deploys firewall devices across different network domains, using access control lists (ACLs) and security policy rules to logically filter and control the forwarding of cross-domain data flows. However, firewalls are essentially logical control mechanisms based on software policies, not physical one-way isolation. Misconfiguration or malicious tampering of policies can lead to the formation of reverse channels, posing a security risk of being bypassed. Furthermore, firewall devices cannot embed strict security level flow rules, making it difficult to meet the mandatory compliance requirements for data flow in high-security scenarios. This can lead to sensitive data from high-security networks flowing illegally to low-security networks, causing serious information leakage security incidents. Moreover, the lack of complete separation between control and data transmission, including the mixing of management commands and data flows and the sharing of networks between control and data interfaces, results in reverse link risks due to misconfiguration. Summary of the Invention

[0003] To address the problems in the prior art, this application proposes a multi-channel unidirectional secure switching matrix for large data centers, comprising:

[0004] Strategy execution engine, channel control unit, and asymmetric matrix unit;

[0005] The policy execution engine is configured as follows:

[0006] The management terminals within each management domain collect source-side and target-side API unidirectional gateways, source-side and target-side service network information, and configuration rules. These rules include low-density to high-density transmission rules and cross-domain legality rules. The networks between the management domains are isolated, and the source-side and target-side service networks within each management domain are connected to the asymmetric matrix unit through the source-side and target-side API unidirectional gateways, respectively.

[0007] Approve user-initiated business data transmission requests; if approved.

[0008] If approved, the channel control unit is instructed to activate the corresponding switch in the asymmetric matrix unit to connect the data channel between the specified source service network and the target service network.

[0009] Based on the specified source service network, target service network, source API one-way gateway, and target API one-way gateway, generate corresponding configuration files for the source API one-way gateway and the target API one-way gateway, and distribute the configuration file of the target API one-way gateway to the management terminal of the management domain where the target service network is located, and then distribute the configuration file offline to the target API one-way gateway; the configuration file of the source API one-way gateway is used for offline import of the source API one-way gateway, so that it can obtain service data from the source service network according to the configuration file;

[0010] The channel control unit is configured to control the asymmetric matrix unit to open or close a specified data channel;

[0011] The asymmetric matrix unit is constructed such that there is an openable data channel only between the low-density service network on the source side and the high-density service network on the target side.

[0012] According to some embodiments of the present invention, the multi-channel one-way secure exchange matrix further includes a key service unit, a source-side API one-way gateway, and a target-side API one-way gateway;

[0013] The key service unit is configured to generate and distribute key pairs, including sending the decryption key in the key pair to the management terminal of the management domain where the target business network is located, and the management terminal imports it online into the target API one-way gateway. The encryption key in the key pair is imported offline into the source API one-way gateway so that the source API one-way gateway can encrypt the obtained business data.

[0014] According to some embodiments of the present invention, a unidirectional transmission link includes: an electro-optical conversion unidirectional optical transmitter for converting an electrical signal into an optical signal; a unidirectional optical fiber; and an opto-optical conversion unidirectional optical receiver for converting the optical signal back into an electrical signal.

[0015] According to some embodiments of the present invention, the source-side API unidirectional gateway further includes a video transmission unit, which is used to map the service data to be transmitted into a video signal and to transmit the video signal to the unidirectional transmission link; the target-side API unidirectional gateway further includes a video receiving unit, which is used to convert the received video signal into service data; the unidirectional transmission link includes an HDMI cable, an electro-optical conversion unidirectional optical transmitter, a unidirectional optical fiber, and an opto-optical conversion unidirectional optical receiver.

[0016] According to some embodiments of the present invention, the multi-channel unidirectional secure exchange matrix further includes a monitoring service unit and a management terminal interface. The monitoring service unit monitors the connection status of the data channel in real time and outputs the status information to the management terminal interface.

[0017] This application also provides a management method for the aforementioned multi-channel unidirectional secure switching matrix, comprising:

[0018] S1. Collect source-side and target-side API one-way gateway, source-side and target-side business network information within each management domain;

[0019] S2. Approve user-initiated requests for business data transmission;

[0020] S3. If approved, activate the corresponding switch in the symmetric matrix unit to connect the data channel between the specified source service network and the target service network, and generate the corresponding configuration files for the source API unidirectional gateway and the target API unidirectional gateway based on the specified source service network, target service network, source API unidirectional gateway and target API unidirectional gateway.

[0021] S4. Import the configuration file of the source API one-way gateway offline; send the configuration file of the target API one-way gateway offline to the management terminal where the target API one-way gateway is located, and then send it to the target API one-way gateway from the management terminal.

[0022] S5. The source API one-way gateway sends API requests to the specified source service network to obtain service data based on the configuration file imported offline;

[0023] S6. The source API one-way gateway transmits the acquired business data to the target API one-way gateway via the source API one-way gateway and the opened data channel;

[0024] S7. The target API one-way gateway receives service data and forwards it to the target service network.

[0025] According to some embodiments of the present invention, the control method further includes:

[0026] If approved, a key pair will be generated;

[0027] Import the encryption key from the key pair offline into the source API one-way gateway, and send the decryption key from the key pair online to the target API one-way gateway;

[0028] The source API one-way gateway also encrypts the acquired business data with an encryption key, and transmits the encrypted business data to the target API one-way gateway via the one-way transmission link in the source API one-way gateway and the corresponding channel opened in the asymmetric matrix unit.

[0029] The target API one-way gateway uses the decryption key to decrypt the received business data and forwards the decrypted business data to the target business network;

[0030] When the data transmission is complete, the target API one-way gateway promptly clears the decryption key from its memory.

[0031] According to some embodiments of the present invention, the control method further includes promptly clearing the decryption key in the memory of the target API one-way gateway when the data transmission ends.

[0032] According to some embodiments of the present invention, the control method further includes, for each data transmission request, ensuring that the configuration file of the source API one-way gateway, the configuration file of the target API one-way gateway, and the key pair have the same globally unique task identifier.

[0033] According to some embodiments of the present invention, the control method further includes ensuring that the configuration files of the source API one-way gateway, the configuration files of the target API one-way gateway, and the key pair contain valid timestamps. Once a preset valid time has elapsed, the encryption key and decryption key in the configuration files of the source API one-way gateway, the configuration files of the target API one-way gateway, and the key pair will be considered invalid by the source API one-way gateway and the target API one-way gateway.

[0034] The above embodiments of the present invention have the following technical effects:

[0035] 1. It can manage multiple isolated management domains simultaneously, resolving the contradiction in large data centers when exchanging data across domains and security levels, where it is necessary to maintain isolation between domains while achieving controlled sharing.

[0036] 2. Complete separation of data channels and management channels has been achieved. Management commands are no longer mixed with business data, avoiding the attack risks caused by the exposure of control interfaces.

[0037] 3. The transfer of "low-density to high-density" data has been transformed from a management-level issue into an inviolable red line at the physical level, effectively preventing security incidents caused by the unauthorized outflow of sensitive data. Attached Figure Description

[0038] To more clearly illustrate the technical solutions of the embodiments of this application, the accompanying drawings used are briefly described below:

[0039] Figure 1 A flowchart illustrating the information transmission process of a data transmission system based on a multi-channel unidirectional secure switching matrix according to some embodiments of the present invention is shown.

[0040] Figure 2 A schematic diagram of a multi-channel unidirectional secure switching matrix according to some embodiments of the present invention is shown.

[0041] Figure 3 A channel state switching diagram is shown in a data transmission system based on a multi-channel unidirectional secure switching matrix according to some embodiments of the present invention.

[0042] Figure 4A logical architecture diagram of a multi-channel unidirectional secure switching matrix for multiple network-isolated management domains is shown according to other embodiments of the present invention.

[0043] Figure 5 The diagram illustrates the control timing of a multi-channel unidirectional secure switching matrix according to some embodiments of the present invention.

[0044] Figure 6 A flowchart illustrating a management method for a multi-channel unidirectional secure switching matrix for a large data center, comprising multiple network-isolated management domains according to further embodiments of the present invention, is shown. Detailed Implementation

[0045] To make the objectives, technical solutions, and advantages of this application clearer, the embodiments of this application will be described in further detail below with reference to the accompanying drawings.

[0046] In this application, the source business system or business network refers to the data provider in the user-specified data exchange process. The source-side business system or business network refers to all data providers that may be specified by the user in the data exchange process. The source API one-way gateway refers to the API one-way gateway on the data provider side of the user-specified data exchange process. The source-side API one-way gateway refers to all API one-way gateways on the data provider side of the user-specified data exchange process. The target business system or business network refers to the data receiver in the user-specified data exchange process. The target-side business system or business network refers to all data receivers that may be specified by the user in the data exchange process. The target API one-way gateway refers to the API one-way gateway on the data receiver side of the user-specified data exchange process. The target-side API one-way gateway refers to all API one-way gateways on the data receiver side of all possible data exchange processes.

[0047] Figure 1 This diagram illustrates an information transmission flowchart of a data transmission system based on a multi-channel unidirectional secure exchange matrix (hereinafter referred to as a secure exchange matrix) according to some embodiments of the present invention. Each API unidirectional gateway and business system in the diagram is numbered i_j, where i represents a management domain (security level: business system i_1>business system i_2>...>business system i_N, i range: 1<=i<=M, assuming there are M management domains). Only one management domain is shown in the diagram; the following description uses the information transmission process within one management domain as an example.

[0048] As shown in the figure, the system mainly includes a management terminal 14 (the part within the red dashed box in the figure), an asymmetric matrix unit (also known as an asymmetric switching matrix unit) 15, a unidirectional input device group 31, and a unidirectional output device group 32. The unidirectional input device group 31 includes multiple source-side API unidirectional gateways 22-24. The unidirectional output device group 32 includes multiple target-side API unidirectional gateways 25-27. The asymmetric matrix unit includes an input matrix panel 16, which provides the input interface; and a unidirectional output matrix panel 17, which provides the output interface.

[0049] Management terminal 14 connects to each target-side API one-way gateway. Each one-way gateway in one-way input device group 31 connects to each input interface of input matrix panel 16. Each one-way gateway in one-way output device group 32 connects to each output interface of one-way output matrix panel 17. Each business system 32-34 connects to source-side API one-way gateways 22-24 respectively. Each business system 35-37 connects to target-side API one-way gateways 25-27 respectively.

[0050] The management terminal 14 includes a management terminal interface 11, a configuration service unit 12, a monitoring service unit 13, and a key service unit 18.

[0051] The management terminal interface 11 serves as the control entry point. It can define transmission rules (hereinafter referred to as rules) by accepting input, accept data transmission requests from users, and monitor the system status in real time.

[0052] The configuration service unit 12 dynamically establishes or cancels data channels on the asymmetric matrix unit 15 based on the approval status.

[0053] According to some embodiments of the present invention, after a user completes an operation on the terminal management interface (e.g., specifying business system 33 to transmit data to business system 35), the configuration service unit first approves the transmission request according to rules. Once approved, the configuration service unit 12 activates the corresponding switch in the asymmetric matrix unit to connect the data channel between business system 33 and business system 35, that is, to make the physical channel corresponding to the data channel open.

[0054] The rule-based approval process includes, but is not limited to, comprehensively evaluating the transmission request from dimensions such as data security compliance, business necessity, technical architecture feasibility, access control, or operation and maintenance management. The approval process may include manual approval, automated machine approval (e.g., approval based on a decision model), or a combination of manual and automated machine approval.

[0055] The data security compliance dimensions may include, for example, determining whether the data to be transmitted involves personal information, financial data, medical and health data, or data of regulated critical information infrastructure; verifying whether the transmission behavior complies with the Data Security Law, the Personal Information Protection Law, and the requirements for cross-border transmission security assessment; and confirming whether the transmission link meets the requirements for encrypted transmission and full-link audit traceability.

[0056] The business necessity dimension may include, for example, assessing the business rationality of the target business system receiving the data, determining whether the data range is the minimum data set necessary to complete a specific business function, confirming whether there is a possibility of replacing the original detailed data with anonymized or aggregated data, and verifying whether the data owner has authorized it.

[0057] The feasibility dimensions of the technical architecture may include, for example, assessing the technical security and performance impact of the proposed transmission method, which may include API interface, direct database connection, file exchange or message queue; analyzing the load impact of the transmission on the production environment of the source business system to determine whether the transmission window avoids business peaks; verifying whether the data consistency verification mechanism and the compensation mechanism when transmission fails are complete; and confirming whether circuit breaking, rate limiting and retry mechanisms are available.

[0058] The access control dimension may include, for example, verifying whether the data access permissions obtained by the target business system follow the principle of least privilege, assessing the key management strategy, permission rotation mechanism, and dedicated service account usage of the transmission account, and confirming the classification and hierarchical management measures, access control strategies, and data destruction period after the data is implemented in the target business system; the operation and maintenance management dimension includes: assessing the monitoring and alarm mechanism, emergency response plan, data leakage emergency handling process, and lifecycle management strategy of the transmission link, and confirming whether the transmission request is a temporary or long-term transmission and its corresponding expiration review mechanism.

[0059] According to some embodiments of the present invention, an approval decision can be generated based on the evaluation results of the above dimensions according to preset weight rules or hierarchical approval rules. When the evaluation results of all dimensions meet the corresponding threshold conditions, the transmission request is approved; otherwise, the request is rejected or supplementary evaluation materials are required before re-entering the approval process.

[0060] Furthermore, the configuration service unit 12 can also be configured to send an instruction to the key service unit 18. This instruction contains the characteristics and encryption requirements of the specified channel, such as the channel characteristics being from "Management Domain A" to "Management Domain B". The encryption requirements include whether encrypted transmission is required. Upon receiving the instruction, the key service unit will immediately generate a unique, logically bound pair of encryption and decryption keys and return them to the configuration service unit, or directly store them in the configuration package for later distribution.

[0061] The configuration service unit 12 is also used to generate a configuration file for the source API one-way gateway based on the specified source business system, target business system, source API one-way gateway, target API one-way gateway, and business data transmission request. This configuration file is then imported offline by the user into the source API one-way gateway corresponding to the specified source business system (e.g., API one-way gateway 33). The source API one-way gateway accesses the specified source business system based on the configuration file and retrieves the business data to be sent. The process of generating the configuration file for the source API one-way gateway based on the specified source business system, target business system, source API one-way gateway, target API one-way gateway, and the business data transmission request includes configuring the data request format, the target business system (e.g., the interface address of the business system), and a timed triggering strategy (e.g., configuring the gateway fetching frequency, specifying how often the API one-way gateway fetches data from the source business system).

[0062] The configuration service unit 12 is also used to generate a configuration file for the target API one-way gateway based on the specified source business system, target business system, source API one-way gateway, target API one-way gateway and the business data transmission request, and send it online to the target API one-way gateway (such as API one-way gateway 25) corresponding to the target business system, so that the target API one-way gateway can receive the business data sent by the specified source business system based on the configuration file and forward it to the target business system.

[0063] The key service unit 18, under the control of the configuration service unit, is responsible for the generation, distribution, and full lifecycle management of encryption and decryption keys. The encryption key is imported offline into the source API one-way gateway, which uses it to encrypt business data before pushing it onto the one-way transmission link. The decryption key is imported online into the target API one-way gateway, which uses it to decrypt and restore the encrypted business data upon receipt. Furthermore, the decryption key is imported when the channel is enabled and destroyed when the channel is closed; that is, decryption operations are only performed during the period when the management terminal confirms the validity of the secure channel connection.

[0064] To generate the above configuration file and key pair, the service configuration unit collects the following or some of the following information from the source-side business system, the target-side business system, the source-side API one-way gateway, and the target-side API one-way gateway:

[0065] Network addressing and location information: including the IP address, subnet mask, service port number, and MAC address of the business system (used to prevent IP spoofing and implement strict IP / MAC binding).

[0066] Security Level Label: The security level label of the business system within the entire data center (such as low security, medium security, high security).

[0067] Interface protocol and data specification information, including the API types provided by the business system (such as RESTful API, SOAP, or direct database middleware interfaces), supported data carrier formats (such as JSON, XML, or specific binary streams), and authentication credentials (such as tokens, API keys, or whitelist credentials). Crucially, in one-way, handshake-free transmission scenarios, a self-contained message contract needs to be further defined so that each independently issued data request carries complete parsing, verification, and business context without relying on bidirectional negotiation. Specifically, this includes:

[0068] (i) Message Protocol and Serialization Basis: The transport layer protocol used in the request and its invocation semantics—if it is HTTP / HTTPS, this includes the request method (POST / PUT / GET, etc.) and the URL endpoint path and interface version identifier; if it is gRPC, this includes the service name, method name, and interaction mode (Unary, Server Streaming, Client Streaming, or Bidirectional Streaming); if it is a message queue protocol (such as AMQP, MQTT, Kafka, etc.), this includes the Topic / Queue name, Exchange type, and message routing key; and the serialization format used by each of the above protocols (such as JSON, Protobuf, MessagePack, etc.).

[0069] (ii) Self-contained request header fields: Content-Type, Character set encoding, credential delivery method (Authorization header or custom authentication header), unique request identifier (X-Request-ID), and data compression identifier (Content-Encoding).

[0070] (iii) Request body structure specifications: mapping relationship between fields of data to be transmitted and parameters of target interface, field naming conventions, data type constraints, rules for required and optional fields, hierarchical relationship of nested objects, and array encapsulation method and maximum number of records per packet when transmitting in batches;

[0071] (iv) Dynamic parameters and business context injection: Metadata items that need to be dynamically populated in the message and their generation rules, including source system identifier, globally unique business serial number (GUID), timestamp, data version number, batch sequence number (Sequence ID), page cursor (Offset / Cursor), business type identifier, trigger reason code and data validity period declaration;

[0072] (v) Data integrity and tamper protection verification: Request body hash digest algorithm (such as SHA-256), cyclic redundancy check (CRC) rules, message authentication code (MAC) or digital signature header field based on asymmetric key to ensure that the target side can independently verify message integrity without reverse interaction;

[0073] (vi) Timing, version and idempotency control: Field definitions used to ensure data timing consistency, deduplication and out-of-order reordering, including precise timestamps, batch serial numbers and idempotency keys.

[0074] (vii) Application layer security encapsulation: Field-level encryption identifiers, encryption algorithm declarations, and key indexes (Key IDs) for sensitive data, enabling the target side to independently call the corresponding key to complete decryption based on the Key ID.

[0075] Business cycle parameters include the data update frequency of the source business system, the maximum number of concurrent crawling requests allowed, and the transmission window strategy to avoid peak business periods. These parameters will be written into the configuration file to form a "timed triggering strategy" (e.g., gateway crawling frequency).

[0076] API one-way gateway hardware unique identifier: such as the gateway host serial number (SN) or motherboard UUID. Configuration files and key pairs can be cryptographically bound to this hardware identifier during generation to ensure "one key per device" and prevent the configuration file from being copied to unauthorized gateways for use.

[0077] Physical matrix port mapping relationship: This specifies which specific input interface of the "Input Matrix Panel" the source-side API unidirectional gateway is physically connected to, and which specific output interface of the "Unidirectional Output Matrix Panel" the target-side API unidirectional gateway is connected to. This serves as the coordinate basis for the "Channel Control Unit" to execute physical switching actions. This mapping relationship adheres to confidentiality transmission rules and cross-domain legality rules, including the following requirements:

[0078] 1. Low density → Medium density: Permitted. 2. Low density → High density: Permitted. 3. Medium density → High density: Permitted. 4. High density → Low density: Prohibited. 5. Same level → Same level: Permitted.

[0079] Gateway hardware and software status: current system version number, encryption algorithm support library version, and memory / load status, ensuring that the gateway has the ability to perform this encryption / decryption task.

[0080] In addition to collecting information related to the source-side business system, the target-side business system, the source-side API one-way gateway, and the target-side API one-way gateway, the service configuration unit should also collect task-level configuration information directly related to this data transmission request. This ensures that the generated configuration file and key pair can fully define the business semantics, security policies, reliability guarantees, and lifecycle governance of a one-way data transmission. This information includes, but is not limited to:

[0081] 1. Data content definition and transformation rules information

[0082] Clearly define the logical scope of the data to be transmitted, including the source data table or view identifier, field-level mapping relationships, primary key or unique business key definitions, data extraction conditions (such as the timestamp field or auto-incrementing identifier field used for incremental synchronization), data type conversion rules, character set conversion rules, and desensitization algorithms and parameters for sensitive fields (such as masking rules, hash salt values, and encrypted field lists). In one-way, feedback-free scenarios, this information ensures that the source gateway can independently and accurately construct a data payload that meets the expectations of the target system.

[0083] 2. Transmission strategy and flow control parameter information

[0084] Define the data transmission mode and rhythm, including synchronization mode (full, incremental, or changed data capture), triggering mechanism (timed polling, event triggering, or threshold triggering), batch size of a single transmission (maximum number of records or bytes), concurrent connection limit, transmission bandwidth limit, timeout threshold, retry strategy (fixed interval backoff or exponential backoff, maximum number of retries), and the criteria for determining whether a failed message enters the dead letter queue. These parameters are directly written into the "Timed Triggering Policy" and "Flow Control Policy" fields of the configuration file.

[0085] 3. Reliability Assurance and Consistency Parameter Information

[0086] Under one-way, no-handshake conditions, a pre-agreed baseline configuration for data reliability mechanisms is established. This includes the generation rules and checksum algorithm for globally unique business serial numbers, the components of idempotent keys and the duration of the idempotent window, the continuity check strategy for batch serial numbers, data integrity verification algorithms (such as hash algorithms and cyclic redundancy check standards), reconciliation trigger cycles and reconciliation fields (for post-event offline verification), and the handling strategy for data conflicts on the target side (source-side overwrite, ignore, or append version). This information enables the target gateway to achieve deduplication filtering, out-of-order reordering, and eventual consistency even without real-time reverse interaction.

[0087] 4. Security Enhancement and Key Management Policy Information

[0088] In addition to basic authentication credentials, further security policies bound to this transmission task are agreed upon, including transport layer and application layer encryption algorithms and key indexes, digital signature algorithms and distribution identifiers for private and public key pairs, constituent elements of the signature header field (signature content range, timestamp precision, random number length), key rotation cycle and historical key compatibility period, and random number buffer duration and effective time window to prevent replay attacks. This information is used to generate key pairs and encryption policy configurations strongly bound to the task.

[0089] 5. Compliance Authorization and Lifecycle Governance Information

[0090] This includes the approval work order number for this data transfer request, the electronic authorization identifier of the data owner, the data security classification and applicable regulatory provisions (such as personal information identifiers and cross-border transfer assessment numbers), the retention period for the target data and the automatic cleanup or archiving policy upon expiration, the start and end dates of the transmission channel's validity (supporting automatic expiration of temporary channels), and the retention duration and non-repudiation requirements for audit logs. This information ensures that the transmission task is executed within a compliant framework and supports automatic start / stop and lifecycle management of the channel.

[0091] 6. Operation and maintenance monitoring and emergency response parameter information

[0092] Define the observability baseline of the transmission link, including monitoring metrics (end-to-end latency, throughput, error code distribution), alarm trigger thresholds (number of consecutive failures, latency limit, percentage of abnormal data volume fluctuations), log levels and desensitization rules, circuit breaker conditions (error rate or response latency thresholds) and degradation schemes (such as switching to a backup channel or suspending transmission), as well as authentication tokens or physical switch coordinate verification information for issuing channel cut-off commands through the management plane in emergency situations.

[0093] To further ensure the accuracy and security of data transmission, the solution of this invention, which includes a one-way transmission scenario and an offline import stage, is implemented in some embodiments of the invention by ensuring that the configuration files of the source API one-way gateway, the configuration files of the target API one-way gateway, and the key pair all have the same globally unique task identifier, Task_ID, thereby effectively connecting each stage of offline and one-way transmission.

[0094] When the source API one-way gateway retrieves data based on the configuration file, it encapsulates the Task_ID in the packet header. When this data is forwarded to the target API one-way gateway, the target API one-way gateway extracts the Task_ID and retrieves the configuration file and decryption key with the same identifier from its memory. Only when the Task_ID matches exactly will the target API one-way gateway invoke the corresponding business logic to decrypt and forward the data.

[0095] To further ensure the security of data transmission, the configuration files of the source API one-way gateway, the configuration files of the target API one-way gateway, and the key pair are also equipped with valid timestamps. Once the preset validity period is exceeded, the encryption key and decryption key in the configuration files of the source API one-way gateway, the configuration files of the target API one-way gateway, and the key pair will be regarded as invalid by the source API one-way gateway and the target API one-way gateway, thereby preventing expired instructions from being maliciously used.

[0096] According to some embodiments of the present invention, the key can also be processed as part of a configuration file.

[0097] Asymmetric matrix unit 15 is used to open a data channel between a specified low-density source business system and a high-density target business system under the control of the configuration service unit. The channel status is unconnected by default. An asymmetric matrix unit refers to a matrix that is not a conventional matrix that can connect any two points, but rather a matrix with a controlled connection possibility only between two preset points. For example, asymmetric matrix unit 15 can be used as follows: Figure 2 The configuration is as follows: a data channel exists between the low-density service system on the source side and the high-density service system on the target side, which can be opened and closed by a switch; however, there is no connectable channel between the high-density service system on the source side and the low-density service system on the target side. The switch is open in the default initial state.

[0098] The monitoring service unit 13 monitors the connection status of each channel in real time (such as connected or not connected) and reports the feedback information to the management terminal.

[0099] The API one-way gateway includes a gateway host and a one-way transmission link.

[0100] A unidirectional transmission link (or channel) refers to a physical channel that supports only unidirectional data flow. According to some embodiments of the present invention, this unidirectional transmission link may include: an electro-optical conversion unidirectional optical transmitter for converting electrical signals into optical signals; a unidirectional optical fiber; and an opto-optical conversion unidirectional optical receiver for converting optical signals back into electrical signals. This structure ensures unidirectionality at the physical layer. In this application, the electro-optical conversion unidirectional optical transmitter can convert electrical signals into optical signals, but cannot convert optical signals back into electrical signals. The opto-optical conversion unidirectional optical receiver can convert optical signals into electrical signals, but cannot convert electrical signals back into optical signals. Depending on the actual situation, there may be a video cable (such as an HDMI cable) or other connection line before the electro-optical conversion unidirectional optical transmitter to connect the electro-optical conversion unidirectional optical transmitter and the preceding component (such as a video transmission unit) that transmits electrical signals to it. Therefore, the unidirectional transmission link of the present invention also includes some necessary connection lines. The unidirectional transmission link can also be any link that can realize physically unidirectional signal transmission, including but not limited to unidirectional serial cables.

[0101] According to some embodiments of the present invention, the source-side API unidirectional gateway further includes a video transmission unit, which is used to map the file to be sent into a video signal and to send the video signal to a unidirectional transmission link. The unidirectional transmission link may include an HDMI cable, an electro-optical conversion unidirectional optical transmitter, a unidirectional optical fiber, and an opto-optical conversion unidirectional optical receiver. According to some embodiments of the present invention, this unit directly carries the service data to be sent using the pixel channel values ​​of the video frame and outputs it to the unidirectional transmission link. The target API unidirectional gateway further includes: a decoding and re-timing unit, which is used to decode and re-timing the received signal and restore the signal to a byte stream; and a data reassembler, which is used to reassemble the byte stream into service data.

[0102] The business data may include real-time event notifications, log synchronization, alarm push notifications, and files.

[0103] Figure 2 A schematic diagram of a multi-channel unidirectional secure switching matrix according to some embodiments of the present invention is shown.

[0104] As shown in the figure, the multi-channel unidirectional secure exchange matrix includes a management terminal interface 11, a configuration service unit 12, a monitoring service unit 13, a key service unit 18, and an asymmetric matrix unit. The management terminal interface 11, configuration service unit 12, monitoring service unit 13, and key service unit 18 have already been described in detail. As shown in the figure, the asymmetric matrix unit only allows the input interface of the low-density input matrix panel on the left to connect with the output interface of the same high-density or high-density unidirectional output matrix panel on the right. Furthermore, there is no physical connection channel or switch between the input interface of the high-density input matrix panel on the left and the output interface of the low-density unidirectional output matrix panel on the right.

[0105] According to some embodiments of the present invention, the multi-channel unidirectional secure switching matrix may further include an input matrix panel and a unidirectional output matrix panel.

[0106] According to some embodiments of the present invention, the multi-channel unidirectional secure switching matrix may further include a unidirectional input device group and a unidirectional output device group.

[0107] Each unidirectional gateway in the unidirectional input device group is connected to each input interface of the input matrix panel. Each unidirectional gateway in the unidirectional output device group is connected to each output interface of the unidirectional output matrix panel.

[0108] This application also provides a method for unidirectional secure data transmission based on a multi-channel unidirectional secure switching matrix. According to some embodiments of the present invention, the method includes the following steps:

[0109] S1. Approve business data transmission requests initiated by users.

[0110] S2. If approved, activate the corresponding switch in the symmetric matrix unit to connect the data channel between the specified source business system and the target business system, and generate the corresponding source API one-way gateway configuration file, target API one-way gateway configuration file and key pair according to the specified source business system and target business system. The key pair contains an encryption key and a decryption key.

[0111] To ensure the accuracy and security of data transmission, the configuration files of the source API one-way gateway, the configuration files of the target API one-way gateway, and the key pair should all have the same globally unique task identifier, Task_ID.

[0112] When the source API one-way gateway retrieves data based on the configuration file, it encapsulates the Task_ID in the packet header. When this data is forwarded to the target API one-way gateway, the target API one-way gateway extracts the Task_ID and retrieves the configuration file and decryption key with the same identifier from its memory. Only when the Task_ID matches exactly will the target API one-way gateway invoke the corresponding business logic to decrypt and forward the data.

[0113] To further ensure the security of data transmission, the configuration files of the source API one-way gateway, the configuration files of the target API one-way gateway, and the key pair are also equipped with valid timestamps. Once the preset validity period is exceeded, the encryption key and decryption key in the configuration files of the source API one-way gateway, the configuration files of the target API one-way gateway, and the key pair will be regarded as invalid by the source API one-way gateway and the target API one-way gateway, thereby preventing expired instructions from being maliciously used.

[0114] S3. Import the configuration file and encryption key of the source API one-way gateway offline, and send the configuration file and decryption key of the target API one-way gateway offline to the target one-way API gateway.

[0115] S4. The source API one-way gateway sends API requests to the source business system to obtain business data based on the configuration file of the source API one-way gateway source imported offline.

[0116] Here, the corresponding data transmission path or method can also be set in advance before step S1, and the corresponding configuration file can be generated in advance and imported into the source API one-way gateway and the target API one-way gateway. After receiving the data transmission request corresponding to the data transmission path or method and after the data transmission request is approved, the source API one-way gateway sends an API request to the source business system to obtain business data according to the configuration file.

[0117] S5. The source API one-way gateway encrypts the acquired business data using an encryption key, and transmits the encrypted business data to the target API one-way gateway via the one-way transmission link in the source API one-way gateway and the data channel connected in the asymmetric matrix unit.

[0118] As described above, the source API one-way gateway sends API requests to the source business system to obtain business data in an active pull mode, while the target API one-way gateway obtains data in an active push mode.

[0119] S6. The target API one-way gateway receives encrypted business data, decrypts it using a decryption key to obtain the business data, and forwards it to the target business system.

[0120] S7. When the data transmission ends, the target API one-way gateway promptly clears the decryption key from its memory.

[0121] The end of data transmission includes either the completion of data transmission or the receipt of a message indicating that the channel has been closed.

[0122] S8. Restore the asymmetric matrix elements to their unconnected state.

[0123] According to some embodiments of the present invention, the method may further include: a monitoring service unit monitoring the connection status of the data channel in real time and outputting feedback information to the management terminal interface to achieve full visibility of the transmission process.

[0124] Furthermore, the order of the above steps can be adjusted. For example, the order of establishing a channel connection and distributing the configuration file can be reversed, or they can be performed simultaneously.

[0125] Figure 3 A channel state switching diagram is shown in a data transmission system based on a multi-channel unidirectional secure switching matrix according to some embodiments of the present invention.

[0126] The data transmission channel is initially in a disconnected state. Once a user submits a transmission request and it is approved by the configuration service unit and confirmed to comply with the approval rules (i.e., the policy is approved), the data channel is established.

[0127] Once a connection is established, if the business requirement involves encrypted transmission, the channel will enter an encrypted state after the key is approved, and then proceed to the data room transmission stage. If the transmission is unencrypted, data can be transmitted directly through the established data channel.

[0128] When data transmission is complete or the management terminal issues a shutdown command to trigger the transmission completion / channel closure action, the key enters the destruction state, and the decryption key in the target-side gateway's memory is immediately cleared.

[0129] Figure 4 A logical architecture diagram of a multi-channel unidirectional secure switching matrix for multiple network-isolated management domains is shown according to other embodiments of the present invention.

[0130] The management domain set 51 is located on the left side of the diagram, containing M mutually isolated management domains (e.g., management domains M1, M2...Mn). The service network set (target side) contains N service networks (e.g., service networks N1, N2...Nn), each of which can also be considered to belong to a different management domain (e.g., management domains M1, M2...Mn). Source-side service networks within each management domain have the same or different security levels; target service networks within each management domain also have the same or different security levels. Normally, for confidentiality and other requirements, management domains (including service networks) maintain network isolation. However, in practice, there are data exchange needs, for example, the need to transmit the content of a low-security source service network N1 in management domain M1 to a high-security target service network N2 in management domain M2. This invention can complete data transmission while ensuring the security of data within each management domain.

[0131] The source-side service networks within each management domain are uniformly connected to one of the input interfaces in the asymmetric matrix unit 15 shown in the diagram (not shown in the diagram; management domains M1, etc., shown in the diagram can be considered as management terminals corresponding to each management domain) via API unidirectional gateways. The target-side API unidirectional gateways within each management domain are connected to the management terminals within that management domain to receive configuration files issued by their respective management terminals (each management terminal obtains the configuration files generated from the security exchange matrix shown in the diagram). Users initiate data transmission requests through the management terminal interface of the security exchange matrix shown in the diagram.

[0132] The management terminals of each management domain aggregate information on the source-side and target-side service networks, source API one-way gateways, and target API one-way gateways within their jurisdiction into the security exchange matrix 52 shown in the diagram. To generate the aforementioned configuration files and key pairs, the service configuration unit collects the following or some of the following information from the source-side service network, target-side service network, source-side API one-way gateway, and target-side API one-way gateway:

[0133] 1. Network addressing and location information, including the IP address, subnet mask, service port number, and MAC address of the business network (used to prevent IP spoofing and implement strict IP / MAC binding). Confidentiality level identifier:

[0134] 2. Security level labels (e.g., low-security, medium-security, high-security) for the business network throughout the data center.

[0135] 3. Interface protocol and data specification information, including the type of API provided by the business network (such as RESTful API, SOAP or direct database middleware interface), the supported data carrying format (such as JSON, XML or specific binary stream), and authentication credentials (such as Token, API Key or whitelist credentials).

[0136] 4. Business cycle parameters, including the data update frequency of the source business network or the maximum allowed concurrent crawling requests. These parameters will be written into the configuration file to form a "timed triggering strategy" (e.g., gateway crawling frequency).

[0137] 5. Unique hardware identifier for the API one-way gateway: such as the gateway host's serial number (SN) or motherboard UUID. Configuration files and key pairs can be cryptographically bound to this hardware identifier during generation to ensure "one key per device," preventing the configuration file from being copied to unauthorized gateways.

[0138] 6. Physical matrix port mapping relationship, to clarify which specific input interface of the "Input Matrix Panel" the source-side API unidirectional gateway is physically connected to, and which specific output interface of the "Unidirectional Output Matrix Panel" the target-side API unidirectional gateway is connected to. This is the coordinate basis for the "Channel Control Unit" to execute physical switching actions.

[0139] 7. Gateway hardware and software status: Current system version number, encryption algorithm support library version, and memory / load status, ensuring that the gateway has the ability to perform this encryption / decryption task.

[0140] 8. Cross-domain management mapping information belongs to the management domain identifier: the management domain ID to which each gateway and business network belongs. When the policy enforcement engine distributes configuration files, it needs to rely on this identifier to accurately route the configuration file of the target API to the management terminal of the corresponding management domain.

[0141] The secure exchange matrix 52 includes: a channel control unit 520, an asymmetric matrix unit 521, a policy execution engine 522, a key service unit 523, and a monitoring service unit 524. The channel control unit and the policy execution engine can be regarded as components of the aforementioned configuration service unit.

[0142] The policy execution engine is responsible for configuring rules, such as rules for low-density to high-density transmission and cross-domain legality rules, such as stipulating that the source-side service network in management domain M1 can transmit data to the target service network in management domain M2.

[0143] The policy execution engine can also be responsible for approving security level transmission rules and cross-domain legality rules. It intercepts any operations that violate the rules. For example, if a user requests to transfer "core security level (high security)" business network data to "ordinary office (low security)" business network, the policy execution engine will directly intercept it according to the rule (high security → low security: prohibited) and report an error on the management terminal interface 11.

[0144] If approved, the policy execution engine instructs the channel control unit to activate the corresponding switch in the asymmetric matrix unit 15 according to the data channel between the source service network and the target service network indicated in the data transmission request. The policy execution engine 522 also generates configuration files for the source API unidirectional gateway and for the target API unidirectional gateway based on the source and target service networks, and distributes them. This distribution is, for example, as follows: first, the configuration file for the source API unidirectional gateway is sent to the management terminal of the management domain where the source service network is located; then, the user obtains the configuration file offline through the management terminal and imports it into the source API unidirectional gateway. The policy execution engine also sends the configuration file for the target API unidirectional gateway to the management terminal of the management domain where the target service network is located; then, the management terminal sends the configuration file offline to the target API unidirectional gateway. This eliminates the need to establish a network connection between the target API unidirectional gateways in different management domains and the management terminal where the illustrated security exchange matrix is ​​located, thereby further ensuring the security of data within each management domain and avoiding changes to the original network connection relationships within the management domains.

[0145] The key service unit is responsible for the generation, distribution, and full lifecycle management of key pairs (encryption / decryption keys). Encryption keys can be imported offline into the source API one-way gateway corresponding to a specified source business network, and decryption keys can be imported online into the target API one-way gateway corresponding to the target business network.

[0146] According to some embodiments of the present invention, the secure exchange matrix may further include a monitoring service unit 524 and a management terminal interface (not shown in the figure). The monitoring service unit is used to monitor the connection status of the data channel in real time and output feedback information to the management terminal interface to achieve full visibility of the transmission process.

[0147] According to further embodiments of the present invention, the process of the service configuration unit and the key generation unit distributing the configuration file of the target API one-way gateway offline to the management terminal where the target API one-way gateway is located, and then the management terminal distributing it to the target API one-way gateway, can also be a process of distributing the configuration file of the target API one-way gateway to the management terminal where the target API one-way gateway is located through a one-way transmission link, and then the management terminal distributing it to the target API one-way gateway, and a process of distributing the decryption key in the key pair to the management terminal where the target API one-way gateway is located through a one-way transmission link, and then the management terminal distributing it to the target API one-way gateway, and so on. The aforementioned one-way transmission link can be the same one-way transmission link. Therefore, the formation of any loop can be avoided, further ensuring that the service configuration unit and the key generation unit will not steal any exchanged data through the network.

[0148] Figure 5 A timing diagram for the control of a multi-channel unidirectional secure exchange matrix according to some embodiments of the present invention is shown, which illustrates the interaction timing relationship of each core component when completing a data exchange task.

[0149] The management terminal submits a data exchange policy (or data transmission request) to the policy execution engine through its interface. This policy includes the identifiers of the source and target business systems and their transmission requirements. Upon receiving the request, the policy execution engine performs an approval process, using a built-in algorithm to logically approve the request and ensure that it strictly adheres to the low-security to high-security transmission rules. After approval, the policy execution engine issues a channel establishment command to the lower-level channel control unit.

[0150] Upon receiving a command, the channel control unit performs a physical action to control the unidirectional data channel to open the corresponding switch, establish a unidirectional data link, and enable unidirectional data transmission from the source to the target business system.

[0151] Figure 6 A flowchart illustrating a management method for a multi-channel unidirectional secure switching matrix for a large data center, comprising multiple network-isolated management domains according to further embodiments of the present invention, is shown.

[0152] A multi-channel unidirectional secure switching matrix can be configured as described above, such as around... Figure 4 Therefore, the description of the secure switching matrix will not be repeated here. The control method for the multi-channel unidirectional secure switching matrix includes:

[0153] S1. Collect source-side and target-side API one-way gateway, source-side and target-side business network information within each management domain.

[0154] The multi-channel unidirectional secure exchange matrix will subsequently generate API configuration files for the source and target side based on the collected source and target side API unidirectional gateways, source and target side business network information.

[0155] According to some embodiments of the present invention, the policy execution engine connects to the management terminals of each management domain, and collects source-side and target-side API unidirectional gateways, as well as source-side and target-side business network information, through the management terminals.

[0156] S2. Approve business data transmission requests initiated by users.

[0157] S3. If approved, activate the corresponding switch in the symmetric matrix unit to connect the data channel between the specified source service network and the target service network, and generate the corresponding source API unidirectional gateway configuration file, target API unidirectional gateway configuration file, and key pair based on the specified source service network, target service network, source API unidirectional gateway, and target API unidirectional gateway.

[0158] S4. Import the encryption key from the configuration file and key pair of the source API one-way gateway offline into the source API one-way gateway. Send the decryption key from the configuration file and key pair of the target API one-way gateway offline to the management terminal where the target API one-way gateway is located, and then send it to the target API one-way gateway from the management terminal.

[0159] S5. The source API one-way gateway sends API requests to the specified source service network to obtain service data based on the configuration file imported offline.

[0160] S6. The source API one-way gateway encrypts the acquired business data using an encryption key, and transmits the encrypted business data to the target API one-way gateway via the source API one-way gateway and the opened data channel.

[0161] S7. The target API one-way gateway receives encrypted service data, decrypts it using the decryption key, and forwards the decrypted service data to the target service network.

[0162] According to some embodiments of the present invention, the method may further include promptly clearing the decryption key in the memory of the target API one-way gateway when the data transmission ends; and restoring the asymmetric matrix unit to an unconnected state; the end of data transmission includes data transmission completion or receiving a message that the channel has been closed.

[0163] According to some embodiments of the present invention, the method may further include real-time monitoring of the connection status of each channel (e.g., connected, not connected) and reporting the feedback information to the management terminal.

[0164] Based on the implementation described above around the figures, it can be seen that steps S1-S4 can be executed through the policy execution engine, channel control unit, or service configuration unit in the aforementioned security exchange matrix.

[0165] The configuration file for generating the source API one-way gateway based on the specified source service network, target service network, source API one-way gateway, target API one-way gateway, and the service data transmission request includes configuring the data request format, the target service network (such as the interface address of the service network), and the timed triggering strategy (such as configuring the gateway crawling frequency, so that the API one-way gateway crawls data from the source service network every so often).

[0166] The API one-way gateway includes a gateway host and a one-way transmission link.

[0167] A unidirectional transmission link (or channel) refers to a physical channel that supports only unidirectional data flow. According to some embodiments of the present invention, this unidirectional transmission link may include: an electro-optical conversion unidirectional optical transmitter for converting electrical signals into optical signals; a unidirectional optical fiber; and an opto-optical conversion unidirectional optical receiver for converting optical signals back into electrical signals. This structure ensures unidirectionality at the physical layer. In this application, the electro-optical conversion unidirectional optical transmitter can convert electrical signals into optical signals, but cannot convert optical signals back into electrical signals. The opto-optical conversion unidirectional optical receiver can convert optical signals into electrical signals, but cannot convert electrical signals back into optical signals. Depending on the actual situation, there may be a video cable (such as an HDMI cable) or other connection line before the electro-optical conversion unidirectional optical transmitter to connect the electro-optical conversion unidirectional optical transmitter and the preceding component (such as a video transmission unit) that transmits electrical signals to it. Therefore, the unidirectional transmission link of the present invention also includes some necessary connection lines. The unidirectional transmission link can also be any link that can realize physically unidirectional signal transmission, including but not limited to unidirectional serial cables.

[0168] According to some embodiments of the present invention, the method further includes mapping the file to be sent to a video signal and sending the video signal to a unidirectional transmission link, wherein the unidirectional transmission link may include an HDMI cable, an electro-optical conversion unidirectional optical transmitter, a unidirectional optical fiber, and an opto-optical conversion unidirectional optical receiver. According to some embodiments of the present invention, the method may include directly carrying the service data to be sent using the pixel channel values ​​of the video frame and outputting it to the unidirectional transmission link. Accordingly, the target API unidirectional gateway decodes the received signal, re-timing it and restoring the signal to a byte stream, and performs data reassembly to reassemble the byte stream into service data.

[0169] To further ensure the accuracy and security of data transmission, according to some embodiments of the present invention, the configuration files of the source API one-way gateway, the configuration files of the target API one-way gateway, and the key pair are made to have the same globally unique task identifier, Task_ID.

[0170] When the source API one-way gateway retrieves data based on the configuration file, it encapsulates the Task_ID in the packet header. When this data is forwarded to the target API one-way gateway, the target API one-way gateway extracts the Task_ID and retrieves the configuration file and decryption key with the same identifier from its memory. Only when the Task_ID matches exactly will the target API one-way gateway invoke the corresponding business logic to decrypt and forward the data.

[0171] To further ensure the security of data transmission, the configuration files of the source API one-way gateway, the configuration files of the target API one-way gateway, and the key pair are also equipped with valid timestamps. Once the preset validity period is exceeded, the encryption key and decryption key in the configuration files of the source API one-way gateway, the configuration files of the target API one-way gateway, and the key pair will be regarded as invalid by the source API one-way gateway and the target API one-way gateway, thereby preventing expired instructions from being maliciously used.

[0172] Furthermore, the details described above regarding the figures also apply to the steps described above, or can be adapted accordingly. For simplicity, they will not be repeated here.

[0173] It should be noted that, for ease of understanding, this application has broken down each step in the method and each unit in the system in detail. However, those skilled in the art will understand that, depending on the actual implementation needs, each step and unit can be further broken down or reorganized, and these are all within the scope of the present invention.

[0174] The above embodiments of the present invention have the following technical effects:

[0175] 1. It can manage multiple isolated management domains simultaneously, resolving the contradiction in large data centers where cross-domain and cross-security level data exchange requires both maintaining inter-domain isolation and achieving controlled sharing;

[0176] 2. Complete separation of data channels and management channels has been achieved. Management commands are no longer mixed with business data, avoiding the attack risks caused by the exposure of control interfaces.

[0177] 3. The transfer of "low-density to high-density" data has been transformed from a management-level issue into an inviolable red line at the physical level, effectively preventing security incidents caused by the unauthorized outflow of sensitive data.

Claims

1. A multi-channel unidirectional secure switching matrix for large data centers, including: Strategy execution engine, channel control unit, and asymmetric matrix unit; The policy execution engine is configured as follows: The management terminals within each management domain collect source-side and target-side API unidirectional gateways, source-side and target-side service network information, and configuration rules. These rules include low-density to high-density transmission rules and cross-domain legality rules. The networks between the management domains are isolated, and the source-side and target-side service networks within each management domain are connected to the asymmetric matrix unit through the source-side and target-side API unidirectional gateways, respectively. Approving user-initiated requests for business data transmission; If approved, the channel control unit is instructed to activate the corresponding switch in the asymmetric matrix unit to connect the data channel between the specified source service network and the target service network. Based on the specified source service network, target service network, source API one-way gateway, target API one-way gateway, and the service data transmission request, generate corresponding configuration files for the source API one-way gateway and the target API one-way gateway. Then, distribute the configuration file of the target API one-way gateway to the management terminal of the management domain where the target service network is located, and have the management terminal distribute the configuration file offline to the target API one-way gateway. The configuration file of the source API one-way gateway is available for offline import into the source API one-way gateway, allowing it to obtain service data from the source service network based on the configuration file. The channel control unit is configured to control the asymmetric matrix unit to open or close a specified data channel; The asymmetric matrix unit is constructed such that there is an openable data channel only between the low-density service network on the source side and the high-density service network on the target side.

2. The multi-channel unidirectional secure exchange matrix according to claim 1 further includes a key service unit, a source-side API unidirectional gateway, and a target-side API unidirectional gateway; The key service unit is configured to generate and distribute key pairs, including sending the decryption key in the key pair to the management terminal of the management domain where the target business network is located, and the management terminal imports it online into the target API one-way gateway. The encryption key in the key pair is imported offline into the source API one-way gateway so that the source API one-way gateway can encrypt the obtained business data.

3. The multi-channel unidirectional secure switching matrix according to claim 1 or 2, wherein, A unidirectional transmission link includes: an electro-optical conversion unidirectional optical transmitter for converting electrical signals into optical signals; a unidirectional optical fiber; and an opto-optical conversion unidirectional optical receiver for converting optical signals back into electrical signals.

4. The multi-channel unidirectional secure switching matrix according to claim 3, wherein, The source-side API unidirectional gateway also includes a video transmission unit, which is used to map the service data to be sent into a video signal and to send the video signal to the unidirectional transmission link; the target-side API unidirectional gateway also includes a video receiving unit, which is used to convert the received video signal into service data; the unidirectional transmission link includes an HDMI cable, an electro-optical conversion unidirectional optical transmitter, a unidirectional optical fiber, and an opto-optical conversion unidirectional optical receiver.

5. The multi-channel unidirectional secure exchange matrix according to claim 1 further includes a monitoring service unit and a management terminal interface, wherein the monitoring service unit monitors the connection status of the data channel in real time and outputs the status information to the management terminal interface.

6. A control method for the multi-channel unidirectional secure switching matrix according to any one of claims 1-5, comprising: S1. Collect source-side and target-side API one-way gateway, source-side and target-side business network information within each management domain; S2. Approve user-initiated requests for business data transmission; S3. If approved, activate the corresponding switch in the asymmetric matrix unit to connect the data channel between the specified source service network and the target service network, and generate the corresponding configuration files for the source API unidirectional gateway and the target API unidirectional gateway based on the specified source service network, target service network, source API unidirectional gateway and target API unidirectional gateway. S4. Import the configuration file of the source API one-way gateway offline into the source API one-way gateway; The configuration file of the target API one-way gateway is sent offline to the management terminal where the target API one-way gateway is located, and then the management terminal sends it back to the target API one-way gateway. S5. The source API one-way gateway sends API requests to the specified source service network to obtain service data based on the configuration file imported offline; S6. The source API one-way gateway transmits the acquired business data to the target API one-way gateway via the source API one-way gateway and the opened data channel; S7. The target API one-way gateway receives service data and forwards it to the target service network.

7. The control method according to claim 6 further includes: If approved, a key pair will be generated; Import the encryption key from the key pair offline into the source API one-way gateway, and send the decryption key from the key pair online to the target API one-way gateway; The source API one-way gateway also encrypts the acquired business data with an encryption key, and transmits the encrypted business data to the target API one-way gateway via the one-way transmission link in the source API one-way gateway and the corresponding channel opened in the asymmetric matrix unit. The target API one-way gateway uses the decryption key to decrypt the received business data and forwards the decrypted business data to the target business network; When the data transmission is complete, the target API one-way gateway promptly clears the decryption key from its memory.

8. The control method according to claim 7 further includes, before step S1, setting the corresponding data transmission path or method in advance, generating the corresponding configuration file in advance and importing it into the source API one-way gateway and the target API one-way gateway, and after receiving the data transmission request corresponding to the data transmission path or method and after the data transmission request is approved, the source API one-way gateway sends an API request to the source service network to obtain service data according to the configuration file.

9. The control method according to claim 6, 7 or 8 further includes, for each data transmission request, ensuring that the configuration file of the source API one-way gateway, the configuration file of the target API one-way gateway and the key pair have the same globally unique task identifier.

10. The control method according to claim 9 further includes making the configuration file of the source API one-way gateway, the configuration file of the target API one-way gateway, and the key pair contain a valid timestamp. Once a preset valid time is exceeded, the encryption key and decryption key in the configuration file of the source API one-way gateway, the configuration file of the target API one-way gateway, and the key pair will be regarded as invalid by the source API one-way gateway and the target API one-way gateway.