Search

EP-4736463-A1 - FULL MOTION VIDEO (FMV) ROUTING IN ONE-WAY TRANSFER SYSTEMS

EP4736463A1EP 4736463 A1EP4736463 A1EP 4736463A1EP-4736463-A1

Abstract

The present disclosure describes systems and methods relating to full motion video (FMV) routing in one-way transfer (OWT) systems. The present technology enriches the datagrams of the video stream that are sent from the low-trust side of the OWT system with a global unique identifier (GUID) that is used as an identifier to determine a particular destination on the high-trust side of the OWT system. The enriched video stream is then transmitted through an OWT system that provide high reliability for the enriched video stream. When the enriched video stream is received on the high-trust side, the GUID in the datagram is extracted and used to identify destination addresses for destination devices in the high-trust computing environment. The video stream is then delivered to the destination devices having the corresponding destination addresses.

Inventors

  • WEST, JEFFREY A.
  • SCHULDEN, William Harry

Assignees

  • Microsoft Technology Licensing, LLC

Dates

Publication Date
20260506
Application Date
20240626

Claims (15)

  1. 1. A system for routing video streams in a one-way transfer (OWT) system, the system comprising: a source video broker (104), in a source computing environment (101), that: receives a video stream on an ingress port at an ingress Internet Protocol (IP) address; accesses a mapping table storing unique identifiers for video streams based on the corresponding ingress IP addresses and ports of the video streams; based on the ingress port and IP address of the video stream, identifies a unique identifier for the video stream; generates enhanced datagrams including video packets of the video stream and routing metadata including the unique identifier, wherein the enhanced datagrams form an enriched video stream; and transmits the enriched video stream through the OWT system; and a destination video broker (1 10), in a destination computing environment protected by the OWT system, that: receives the enriched video stream; extracts the unique identifier from the routing metadata of the enhanced datagrams of the enriched video stream; based on the extracted unique identifier, identifies a destination address for the video stream from a routing table that stores corresponding destination addresses for multiple unique identifiers; and transmits the video stream to a destination device having the destination address.
  2. 2. The system of claim 1, wherein the video stream transmitted from the destination video broker does not include the routing metadata added by the source video broker.
  3. 3. The system of claim 1, wherein the source computing environment is a low-trust environment and destination computing environment is a high-trust computing environment.
  4. 4. The system of claim 2, wherein the enhanced datagram comprises up to seven transport stream (TS) packets and a routing packet including the routing metadata.
  5. 5. The system of claim 4. wherein the routing packet further comprises a reference number and control data indicating whether the enhanced datagram is a start of the video stream, a middle of the video stream, or an end of the video stream.
  6. 6. The system of claim 4, wherein the routing packet is a modified null packet.
  7. 7. A method for routing video streams in a one-way transfer (OWT) system, the method comprising: receiving (402), by a source video broker in a source computing environment, a video stream having a source address; based on the source address of the video stream (404), identifying, by the source video broker, a unique identifier for the video stream; generating (406). by the source video broker, enhanced datagrams including video packets of the video stream and routing metadata including the unique identifier, wherein the enhanced datagrams form an enriched video stream; transmitting (408), by the source video broker, the enriched video stream through the OWT system; receiving (410), by a destination video broker in a destination computing environment, the enriched video stream; extracting (412), by the destination video broker, the unique identifier from the routing metadata of the enhanced datagrams of the enriched video stream; based on the extracted unique identifier, identifying (414), by the destination video broker, a destination address for the video stream; and transmitting (416), by the destination video broker, the video stream to a destination device having the destination address.
  8. 8. The method of claim 7. wherein identifying the unique identifier, by the source video broker, comprises: accessing a mapping table storing unique identifiers for video streams based on the corresponding ingress IP address and ingress port of the video streams; and identifying the unique identifier for the video stream based on the ingress address and ingress port for the video stream.
  9. 9. The method of claim 7, wherein identifying, by the destination video broker, the destination address comprises: accessing a routing table that stores corresponding destination addresses for multiple unique identifiers; querying the routing table with the unique identifier; and receiving, in response to the query, the destination address.
  10. 10. The method of claim 7, wherein the video stream transmitted from the destination video broker does not include the routing metadata added by the source video broker.
  11. 11. The method of claim 7, wherein the destination video broker receives the enriched video stream from a guard protecting the destination computing environment.
  12. 12. The method of claim 7, wherein the routing metadata is in a modified null packet.
  13. 13. The method of claim 12, wherein the enhanced datagram comprises seven TS packets and a routing packet including the routing metadata.
  14. 14. The method of claim 13, wherein the routing packet further comprises a reference number and control data indicating whether the enhanced datagram is a start of the video stream, a middle of the video stream, or an end of the video stream.
  15. 15. A method for routing video streams in a one-way transfer (OWT) system, the method comprising: receiving (410), by a destination video broker in a destination computing environment, an enriched video stream comprising enhanced datagrams including video packets of a video stream and routing metadata including a unique identifier; extracting (412), by the destination video broker, the unique identifier from the routing metadata of the enhanced datagrams of the enriched video stream; based on the extracted unique identifier, identifying (414), by the destination video broker, a destination address for the video stream; and transmitting (416), by the destination video broker, the video stream to a destination device having the destination address.

Description

FULL MOTION VIDEO (FMV) ROUTING IN ONE-WAY TRANSFER SYSTEMS BACKGROUND [0001] In data transfer and communications systems, communication is generally be performed in a two-way manner. For instance, two devices in communication with one another exchange data in both directions. This ability allows for confirmations or acknowledgements that data has been received and processed correctly. In cases where the data is not received or processed correctly, such as due to dropped packets or corrupted data, the receiving device is able to request that the data be retransmitted. In systems where only one-way communication is implemented, no such acknowledgements or requests for the resending of data are available. [0002] It is with respect to these and other general considerations that the aspects disclosed herein have been made. Also, although relatively specific problems may be described, it should be understood that the examples should not be limited to solving the specific problems identified in the background or elsewhere in this disclosure. SUMMARY [0003] Examples of the present disclosure describe systems and methods relating to full motion video (FMV) routing in one-way transfer (OWT) systems. The OWT systems include components that restrict the flow of data in a single direction through the system while providing additional reliability' enhancements to help ensure that the video stream is handled correctly and is tolerant to faults in the devices of the systems. For example, the system may include a transmitting computing device with an optical transmitter limited to transmit-only functions. The present technology enriches the datagrams of the video stream that are sent from the low-trust side of the OWT system with a global unique identifier (GUID) that is used as an identifier to determine a particular destination on the high-trust side of the OWT system. The enriched video stream is then transmitted through an OWT system that provide high reliability for the enriched video stream. When the enriched video stream is received on the high-trust side, the GUID in the datagram is extracted and used to identify destination addresses for destination devices in the high-trust computing environment. The video stream is then delivered to the destination devices having the corresponding destination addresses. As a result, even where the source devices in the low-trust computing environment have no knowledge of destination addresses, video streams can still be properly routed through the OWT and into and within the high-trust computing environment. [0004] This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter. Additional aspects, features, and/or advantages of examples will be set forth in part in the description which follows and, in part, will be apparent from the description, or may be learned by practice of the disclosure. BRIEF DESCRIPTION OF THE DRAWINGS [0005] Examples are described with reference to the following figures. [0006] FIG. 1 depicts an example one-way transfer (OWT) system for full-motion video routing. [0007] FIG. 2 depicts an example datagram of an enriched video stream. [0008] FIG. 3 depicts an example fault-tolerant video streaming core in a one-way transfer system. [0009] FIG. 4 depicts an example method for full-motion video routing. [0010] FIG. 5 is a block diagram illustrating example physical components of a computing device for practicing aspects of the disclosure. DETAILED DESCRIPTION [0011] A one-way transfer system (OWT) refers to a computing system which uses one or more data diodes to ensure that data can only be transferred unidirectionally through the respective computing devices of the computing system. In examples, the data diodes ensure unidirectional data packet transfer through implementation of hardware and/or software components, such as a transmit-only network interface card (NIC). [0012] OWT systems may be used to protect a network or endpoints against outbound data transmissions, malicious inbound data transmissions (e.g., viruses and malware), and cyberattacks. As one example, OWT systems facilitate the transfer of data between an endpoint in a low-trust computing environment (such as the public Internet or other high-threat environment) and an endpoint in a high-trust computing environment (or a higher-security computing environment relative to the low-trust computing environment). In such an example, an OWT system spans or includes multiple computing environments that are separated by one or more boundaries between the low-trust computing environment and the high-trust computing environment. [0013] In examples, a high-trust environment may be a system or network where the devices, applications, and