EP-4295490-B1 - SECURE, EFFICIENT AND RELIABLE TRANSMISSION OF DATA IN MISSION CRITICAL SYSTEMS

Inventors

• LLOYD, CHAD, ANDREW

Dates

Publication Date

20260506

Application Date

20220304

Claims (17)

1. A method, comprising: receiving (310), within a mission-critical system, a plurality of data values to transmit to a remote non-mission critical system using a unidirectional data communications network (250), wherein the unidirectional data communications network (250) is configured to transmit data from a mission critical system to one or more external networks, and wherein the unidirectional data communications network (250) is configured not to allow the transmission of data into the mission critical system; prioritizing (315) the plurality of data values according to a plurality of priority levels; grouping (320) the prioritized plurality of data values into one or more data updates for each of the plurality of priority levels; enqueueing (325) the one or more data updates into a respective transmission queue corresponding to each of the plurality of priority levels; and transmitting (330) the data updates over the unidirectional data communications network (250) in an order determined based on the respective priority levels of the transmission queues, comprising: initiating transmission of a key frame of data over the unidirectional data communications network (250), wherein the key frame comprises a plurality of key frame fragments and wherein the key frame contains a snapshot of monitored data values at a given point in time; subsequent to transmitting at least one of the plurality of key frame fragments but prior to transmitting at least one remaining key frame fragment of the plurality of key frame fragments, receiving one or more data values corresponding to a high priority level; generating at least one data update containing the one or more data values corresponding to the high priority level; and transmitting the at least one data update ahead of the at least one remaining key frame fragment.
2. The method of claim 1, further comprising: receiving a first record containing one or more data values to be transmitted via the unidirectional data communications network (250); and determining that the first record is a high priority record, relative to other record priorities on a local system.
3. The method of claim 2, further comprising: upon determining that the first record is a high priority record: generating at least one high priority data update containing the one or more data values of the first record; and enqueueing the at least one high priority data update into a high priority transmission queue.
4. The method of claim 3, further comprising: transmitting the at least one high priority data update over the unidirectional data communications network (250) prior to transmitting at least one lower priority data update, wherein the at least one high priority data update was generated and enqueued subsequent to the generation and enqueueing of the at least one lower priority data update, wherein the at least one lower priority data update is associated with a lower priority record relative to the high priority record, and wherein the at least one lower priority data update was enqueued into a lower priority transmission queue relative to the high priority transmission queue.
5. The method of claim 1, wherein transmitting the data updates over the unidirectional data communications network (250) in an order determined based on the respective priority levels of the transmission queues further comprises: managing a transmission buffer for use in transmitting the data updates over the unidirectional data communications network (250), wherein data updates are added to the transmission buffer in an order and/or at a position based on their respective priority level.
6. The method of claim 5, wherein transmitting the data updates over the unidirectional data communications network (250) in an order determined based on the respective priority levels of the transmission queues further comprises: generating one or more data updates associated with a high priority level; determining that the transmission buffer is currently full; determining that the transmission buffer currently contains one or more lower priority data updates, relative to the high priority level; removing the one or more lower priority data updates from the transmission buffer; enqueueing the one or more lower priority data updates into a transmission queue corresponding to the lower priority level; adding the generated one or more data updates associated with the high priority level to the transmission buffer; and transmitting contents of the transmission buffer over the unidirectional data communications network to one or more servers.
7. A system, comprising: one or more computer processors (212); and a non-transitory computer-readable memory (215) containing computer program code that, when executed by operation of the one or more computer processors (212), performs an operation comprising: receiving a plurality of data values to transmit to a remote system using a unidirectional data communications network (250), wherein the unidirectional data communications network (250) is configured to transmit data from a mission critical system to one or more external networks, and wherein the unidirectional data communications network (250) is configured not to allow the transmission of data into the mission critical system; prioritizing the plurality of data values according to a plurality of priority levels; grouping the prioritized plurality of data values into one or more data updates for each of the plurality of priority levels; enqueueing the one or more data updates into a respective transmission queue corresponding to each of the plurality of priority levels; transmitting the data updates over the unidirectional data communications network (250) in an order determined based on the respective priority levels of the transmission queues; and transmitting a key frame containing a snapshot of monitored data values at a given point in time, wherein the key frame comprises a plurality of key frame fragments and wherein transmission at least one data update is interspersed between transmission of two or more of the plurality of key frame fragments, based on a priority level associated with the at least one data update.
8. The system of claim 7, the operation further comprising: receiving a first record containing one or more data values to be transmitted via the unidirectional data communications network (250); and determining that the first record is a high priority record, relative to other record priorities on a local system.
9. The system of claim 8, the operation further comprising: upon determining that the first record is a high priority record: generating at least one high priority data update containing the one or more data values of the first record; and enqueueing the at least one high priority data update into a high priority transmission queue.
10. The system of claim 9, the operation further comprising: transmitting the at least one high priority data update over the unidirectional data communications network (250) prior to transmitting at least one lower priority data update, wherein the at least one high priority data update was generated and enqueued subsequent to the generation and enqueueing of the at least one lower priority data update, wherein the at least one lower priority data update is associated with a lower priority record relative to the high priority record, and wherein the at least one lower priority data update was enqueued into a lower priority transmission queue relative to the high priority transmission queue.
11. The system of claim 7, wherein transmitting the data updates over the unidirectional data communications network (250) in an order determined based on the respective priority levels of the transmission queues further comprises: managing a transmission buffer for use in transmitting the data updates over the unidirectional data communications network (250), wherein data updates are added to the transmission buffer in an order and/or at a position based on their respective priority level.
12. The system of claim 11, wherein transmitting the data updates over the unidirectional data communications network (250) in an order determined based on the respective priority levels of the transmission queues further comprises: generating one or more data updates associated with a high priority level; determining that the transmission buffer is currently full; determining that the transmission buffer currently contains one or more lower priority data updates, relative to the high priority level; removing the one or more lower priority data updates from the transmission buffer; enqueueing the one or more lower priority data updates into a transmission queue corresponding to the lower priority level; adding the generated one or more data updates associated with the high priority level to the transmission buffer; and transmitting contents of the transmission buffer over the unidirectional data communications network to one or more servers.
13. A non-transitory computer-readable memory containing computer program code that, when executed by operation of one or more computer processors, performs an operation comprising: receiving a plurality of data values to transmit to a remote system using a unidirectional data communications network (250), wherein the unidirectional data communications network (250) is configured to transmit data from a mission critical system to one or more external networks, and wherein the unidirectional data communications network (250) is configured not to allow the transmission of data into the mission critical system; prioritizing the plurality of data values according to a plurality of priority levels; grouping the prioritized plurality of data values into one or more data updates for each of the plurality of priority levels; enqueueing the one or more data updates into a respective transmission queue corresponding to each of the plurality of priority levels; initiating the transfer of a key frame containing a snapshot of monitored data values at a given point in time, wherein the key frame comprises a plurality of key frame fragments; and prior to completing the transfer of the key frame, transmitting at least one data update, based on a priority level associated with the at least one data update.
14. The non-transitory computer-readable memory of claim 13, the operation further comprising: receiving a first record containing one or more data values to be transmitted via the unidirectional data communications network (250); and determining that the first record is a high priority record, relative to other record priorities on a local system.
15. The non-transitory computer-readable memory of claim 14, the operation further comprising: upon determining that the first record is a high priority record: generating at least one high priority data update containing the one or more data values of the first record; and enqueueing the at least one high priority data update into a high priority transmission queue.
16. The non-transitory computer-readable memory of claim 15, the operation further comprising: transmitting the at least one high priority data update over the unidirectional data communications network (250) prior to transmitting at least one lower priority data update, wherein the at least one high priority data update was generated and enqueued subsequent to the generation and enqueueing of the at least one lower priority data update, wherein the at least one lower priority data update is associated with a lower priority record relative to the high priority record, and wherein the at least one lower priority data update was enqueued into a lower priority transmission queue relative to the high priority transmission queue.
17. The non-transitory computer-readable memory of claim 13, the operation further comprising: managing a transmission buffer for use in transmitting the data updates over the unidirectional data communications network (250), wherein data updates are added to the transmission buffer in an order and/or at a position based on their respective priority level; generating one or more data updates associated with a high priority level; determining that the transmission buffer is currently full; determining that the transmission buffer currently contains one or more lower priority data updates, relative to the high priority level; removing the one or more lower priority data updates from the transmission buffer; enqueueing the one or more lower priority data updates into a transmission queue corresponding to the lower priority level; adding the generated one or more data updates associated with the high priority level to the transmission buffer; and transmitting contents of the transmission buffer over the unidirectional data communications network to one or more servers.

Description

TECHNICAL FIELD The present disclosure relates to computer networking, and more particularly, to an improved data transmissions technique for sending data in a mission critical system. BACKGROUND While many systems today collect and transmit performance data, mission critical systems have specific requirements and security constraints that impose additional technical challenges and limitations on the transmission of data from these systems. In particular, many mission critical systems are connected with non-mission critical systems using a unidirectional data communications network, where data can flow from the mission critical systems to the non-mission critical systems but cannot flow the other direction (i.e., from the non-mission critical systems to the mission critical systems). As such, many conventional data communications protocols are inapplicable to these networks (e.g., because acknowledgements cannot be sent back to the mission critical systems, indicating that the data was successfully received). US 8,139,581 B1 describes a data transfer application for concurrent transfer of data streams based on two or more transport layer protocols via a single one-way data link. CN 104 836 745 B relates to a network layer tunneling method based on one-way transmission equipment. US 6, 125,398 A, describes a communications subsystem for a computer conferencing system, which solves the problem of real-time audio, video, and data conferencing between personal computer (PC) systems operating in non-real-time windowed environments. US 2020/0059776 A1, discusses systems and methods for intelligently managing multimedia for emergency response. BRIEF DESCRIPTION OF THE DRAWINGS A more detailed description of the disclosure, briefly summarized above, may be had by reference to various embodiments, some of which are illustrated in the appended drawings. While the appended drawings illustrate select embodiments of this disclosure, these drawings are not to be considered limiting of its scope, for the disclosure may admit to other equally effective embodiments. Identical reference numerals have been used, where possible, to designate identical elements that are common to the figures. However, elements disclosed in one embodiment may be beneficially utilized on other embodiments without specific recitation. FIG. 1A is a block diagram illustrating a data communications system for transmitting data from an internal server to an outside server using a unidirectional data communications network, according to one embodiment described herein.FIG. 1B is a diagram illustrating a data communications system for transmitting data from an internal server to multiple outside servers using unidirectional data communications networks, according to one embodiment described herein.FIG. 2 is a block diagram illustrating a more detailed view of a data communications system shown in FIG. 1, according to one embodiment described herein.FIG. 3 is a flow diagram illustrating a method for transmitting prioritized data over a unidirectional data communications network, according to one embodiment described herein.FIG. 4 is a diagram illustrating the transmission of keyframes containing data values of various priority levels from a mission critical system, according to one embodiment described herein.FIG. 5 is a block diagram illustrating a transmission of key frame fragments of a key frame with interspersed high priority data updates, according to one embodiment described herein. DETAILED DESCRIPTION Embodiments described herein provide techniques for secure, efficient and reliable data transmission in mission critical systems. Data exchange is becoming common in even the most critical of systems. Historically critical systems have been isolated and designed to work with no need for data exchange with third party systems. However, critical systems are changing to react to the new demands of the connected world. Some of the connections are a result of centralized control (e.g., an oil field with multiple pump-and-rod installations miles apart communicating over Global System for Mobiles (GSM) modems) while others are related to the specific customer needs (e.g., sharing energy savings data or tracking weather data to determine if a data center should move virtual loads to another region to avoid a natural disaster). These new connections are commonly established using generic IT-centric security appliances. As described herein, embodiments provide a secure, efficient and reliable means of transferring mission critical data in systems which transmit process-style data (e.g., tags, or points, coupled with alarms and other complex data structures). Embodiments can work with guaranteed delivery systems as well as telemetry based (non-guaranteed) delivery mechanisms. The data transmission is also unidirectional in nature (no acknowledgements of receipt are allowed according to the security policy and procedures typically in place in mission critical