Search

EP-4736462-A1 - FULL MOTION VIDEO (FMV) ROUTING IN ONE-WAY TRANSFER SYSTEMS USING MODIFIED ELEMENTARY STREAMS

EP4736462A1EP 4736462 A1EP4736462 A1EP 4736462A1EP-4736462-A1

Abstract

Systems and methods relating to full motion video (FMV) routing in one-way transfer (OWT) systems are described herein. The present technology modifies or adds packetized elementary streams (PESs) of video streams, that are sent from the low-trust side of the OWT system, with a global unique identifier (GUID) that is used as an identifier to determine a particular destination on the high-trust side of the OWT system. The enriched video stream is then transmitted through an OWT system that provide high reliability for the enriched video stream. When the enriched video stream is received on the high-trust side, the GUID from the PES is extracted and used to identify destination addresses for destination devices in the high-trust computing environment. The video stream is then delivered to the destination devices having the corresponding destination addresses.

Inventors

  • WEST, JEFFREY A.
  • SCHULDEN, William Harry

Assignees

  • Microsoft Technology Licensing, LLC

Dates

Publication Date
20260506
Application Date
20240626

Claims (15)

  1. 1. A system for routing video streams in a one-way transfer (OWT) system, the system comprising: a source video broker (104), in a source computing environment (101), that: receives a video stream on an ingress port at an ingress Internet Protocol (IP) address; accesses a mapping table storing unique identifiers for video streams based on the corresponding ingress IP addresses and ports of the video streams; based on the ingress port and IP address of the video stream, identifies a unique identifier for the video stream; demultiplexes the video stream to access packetized elementary streams (PESs) of the video stream, the PESs including a metadata PES and a video content PES; forms an enriched metadata PES by modifying the metadata PES to include the unique identifier; forms an enriched video stream by multiplexing the video content PES and the enriched metadata PES; and transmits the enriched video stream through the OWT system; and a destination video broker (110). in a destination computing environment (103) protected by the OWT system, that: receives the enriched video stream; accesses the enriched metadata PES by demultiplexing the enriched video stream; extracts the unique identifier from the enriched metadata PES; based on the extracted unique identifier, identifies a destination address for the video stream from a routing table that stores corresponding destination addresses for multiple unique identifiers; forms an unenriched video stream by multiplexing the metadata PES and the video content PES; and transmits the unenriched video stream to a destination device having the destination address.
  2. 2. The system of claim 1, wherein the destination video broker also removes the unique identifier from the enriched metadata PES.
  3. 3. The system of claim 1, wherein the source computing environment is a low-trust environment and destination computing environment is a high-trust computing environment.
  4. 4. The system of claim 1, wherein the metadata PES includes key -length-value (KLV) data.
  5. 5. The system of claim 4. wherein modifying the metadata PES includes modifying a value of the KLV data.
  6. 6. A method for routing video streams in a one-way transfer (OWT) system, the method comprising: receiving (402), by a source video broker in a source computing environment, a video stream; identifying (404), by the source video broker, a unique identifier for the video stream; accessing (406) packetized elementary' streams (PESs) of the video stream by demultiplexing the video stream; generating (410) a routing PES including the unique identifier; forming (412) an enriched video stream by multiplexing the PESs and the routing PES; transmitting (414), by the source video broker, the enriched video stream through the OWT system; receiving (416), by a destination video broker in a destination computing environment, the enriched video stream; accessing (418) the routing PES by demultiplexing the enriched video stream; extracting (420) the unique identifier from the routing PES; forming (424) an unenriched video stream by multiplexing the PESs without the routing PES; based on the extracted unique identifier, identifying (426), by the destination video broker, a destination address for the video stream; and transmitting (428), by the destination video broker, the unenriched video stream to a destination device having the destination address.
  7. 7. The method of claim 6, wherein identifying the unique identifier, by the source video broker, comprises: accessing a mapping table storing unique identifiers for video streams based on corresponding ingress IP addresses and ingress ports of the video streams; and identifying the unique identifier for the video stream based on an ingress address and ingress port for the video stream.
  8. 8. The method of claim 6, wherein identifying, by the destination video broker, the destination address, comprises: accessing a routing table that stores corresponding destination addresses for multiple unique identifiers; querying the routing table with the unique identifier; and receiving, in response to the query, the destination address.
  9. 9. The method of claim 6, wherein the routing PES includes key-length-value (KLV) data.
  10. 10. The method of claim 9, wherein the unique identifier is stored as a value in the KLV data.
  11. 1 1. The method of claim 6, wherein the source computing environment is a low-trust environment and destination computing environment is a high-trust computing environment.
  12. 12. The method of claim 6, wherein the video stream is in a Moving Picture Experts Group (MPEG)-Transport Stream (TS) format.
  13. 13. The method of claim 6, wherein the video stream received by the source video broker includes a metadata PES.
  14. 14. The method of claim 6, wherein the video stream received by the source video broker does not include a metadata PES.
  15. 15. A method for routing video streams in a one-way transfer (OWT) system, the method comprising: receiving (402), by a source video broker in a source computing environment, a video stream having a source address; based on the source address of the video stream (404), identifying, by the source video broker, a unique identifier for the video stream; accessing (406) packetized elementary' streams (PESs) of the video stream by demultiplexing the video stream; performing one of: generating a routing PES including the unique identifier; or forming an enriched metadata PES by modifying a metadata PES of the video stream; forming (412) an enriched video stream by multiplexing the routing PES or the enriched metadata PES with other PESs of the video stream; and transmitting (414), by the source video broker, the enriched video stream through the OWT system to a destination video broker.

Description

FULL MOTION VIDEO (FMV) ROUTING IN ONE-WAY TRANSFER SYSTEMS USING MODIFIED ELEMENTARY STREAMS BACKGROUND [0001] In data transfer and communications systems, communication is generally be performed in a two-way manner. For instance, two devices in communication with one another exchange data in both directions. This ability allows for confirmations or acknowledgements that data has been received and processed correctly. In cases where the data is not received for processed correctly, such as due to dropped packets or corrupted data, the receiving device is able to request that the data be retransmitted. In systems where only one-way communication is implemented, no such acknowledgements or requests for the resending of data are available. [0002] It is with respect to these and other general considerations that the aspects disclosed herein have been made. Also, although relatively specific problems may be described, it should be understood that the examples should not be limited to solving the specific problems identified in the background or elsewhere in this disclosure. SUMMARY [0003] Examples of the present disclosure describe systems and methods relating to full motion video (FMV) routing in one-way transfer (OWT) systems. The OWT systems include components that restrict the flow of data in a single direction through the system while providing additional reliability' enhancements to help ensure that the video stream is handled correctly and is tolerant to faults in the devices of the systems. For example, the system may include a transmitting computing device with an optical transmitter limited to transmit-only functions. The present technology modifies or adds packetized elementary streams (PESs) of video streams, that are sent from the low-trust side of the OWT system, with a global unique identifier (GUID). The GUID is used as an identifier to determine a particular destination on the high-trust side of the OWT system. The enriched video stream is then transmitted through an OWT system that provides high reliability’ for the enriched video stream. When the enriched video stream is received on the high- trust side, the GUID in the PES is extracted and used to identify destination addresses for destination devices in the high-trust computing environment. The video stream is then delivered to the destination devices having the corresponding destination addresses. As a result, even where the source devices in the low-trust computing environment have no knowledge of destination addresses, video streams can still be properly routed through the OWT and into and within the high-trust computing environment. [0004] This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identity’ key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter. Additional aspects, features, and/or advantages of examples will be set forth in part in the description which follows and, in part, will be apparent from the description, or may be learned by practice of the disclosure. BRIEF DESCRIPTION OF THE DRAWINGS [0005] Examples are described with reference to the following figures. [0006] FIG. 1 depicts an example one-way transfer (OWT) system for full-motion video routing. [0007] FIGS. 2A-2B depicts an example system for modifying elementary streams of a video stream with routing data. [0008] FIGS. 2C-2D depicts an example system for adding a packetized elementary stream (PES) with routing data to a video stream. [0009] FIG. 3 depicts an example fault-tolerant video streaming core in a one-way transfer system. [0010] FIGS. 4A-4B depict an example method for full-motion video routing by modifying elementary' streams of video streams. [0011] FIG. 5 is a block diagram illustrating example physical components of a computing device for practicing aspects of the disclosure. DETAILED DESCRIPTION [0012] A one-way transfer system (OWT) refers to a computing system which uses one or more data diodes to ensure that data can only be transferred unidirectionally through the respective computing devices of the computing system. In examples, the data diodes ensure unidirectional data packet transfer through implementation of hardware and/or software components, such as a transmit-only network interface card (NIC). [0013] OWT sy stems may be used to protect a network or endpoints against outbound data transmissions, malicious inbound data transmissions (e.g., viruses and malware), and cyberattacks. As one example. OWT systems facilitate the transfer of data between an endpoint in a low-trust computing environment (such as the public Internet or other high-threat environment) and an endpoint in a high-trust computing environment (or a higher-security computing environment relative to the low-trust computing environment). In such an example, an OW