Search

EP-4736464-A1 - ROUTING OF FULL MOTION VIDEO (FMV) STREAMS IN ONE-WAY TRANSFER SYSTEMS USING OUT-OF-BAND ROUTING TABLES

EP4736464A1EP 4736464 A1EP4736464 A1EP 4736464A1EP-4736464-A1

Abstract

Examples of the present disclosure describe systems and methods relating to full motion video (FMV) routing in one-way transfer (OWT) systems. The present technology reserves a particular channel for transmission of a video stream, and then transmits the video stream from a low-trust computing environment to a high-trust computing environment along a data path defined by the channel. When the video stream is received on the high-trust side, the channel, on which the video stream is received, is determined and used to query a routing table that returns destination addresses of destination devices to which the video stream is to be transmitted. The video stream is then delivered to the destination devices having the corresponding addresses.

Inventors

  • WEST, JEFFREY A.
  • SCHULDEN, William Harry, JR.

Assignees

  • Microsoft Technology Licensing, LLC

Dates

Publication Date
20260506
Application Date
20240612

Claims (15)

  1. 1. A system for routing video streams in a one-way transfer (OWT) system, the system comprising: a source video broker (104), in a source computing environment (101), that: receives a video stream on an ingress port at an ingress Internet Protocol (IP) address; accesses a mapping table storing unique identifiers for video streams based on the corresponding ingress IP addresses and ports of the video streams; based on the ingress port and IP address of the video stream, identifies a unique identifier for the video stream; based on the unique identifier, identifies a reserved channel of a plurality of channels that define different data paths through the OWT system; and transmits the video stream through the OWT system along the data path defined by the reserved channel; and a destination video broker (1 10), in a destination computing environment (103) protected by the OWT system, that: receives the video stream on the reserved channel; based on the reserved channel, determines a destination address for the video stream from a routing table that stores corresponding destination addresses for multiple different channels of the plurality 7 of channels; and transmits the video stream to a destination device having the destination address.
  2. 2. The system of claim 1, wherein the source computing environment is a low-trust environment and destination computing environment is a high-trust computing environment.
  3. 3. The system of claim 1, wherein identifying the reserved channel includes querying the mapping table with the unique identifier for the video stream.
  4. 4. The system of claim 1, wherein the data path for the reserved channel identifies a particular guard in the OWT system and an output port of the particular guard.
  5. 5. The system of claim 1, wherein identifying the destination address includes querying the routing table with an identifier for the reserved channel, and in response, receiving the destination address.
  6. 6. The system of claim 1. wherein determining the destination address by the destination video broker comprises: performing a first query 7 of the routing table with the reserved channel; in response to the first query, receiving the unique identifier for the video stream; performing a second query of the routing table with the unique identifier; and in response to the second query, receiving the destination address.
  7. 7. A computer-implemented method for routing video streams in a one-way transfer (OWT) system, the method comprising: receiving (402) a new channel command to reserve a channel, of a plurality of channels, for a video stream associated with a unique identifier, the plurality of the channels defining different data paths through the OWT system; identifying an unused channel of the plurality of channels; reserving (404) the unused channel for the video stream associated with the unique identifier; receiving (406), by a source video broker, the video stream; identify ing, by the source video broker, a unique identifier for the video stream based on the source address of the video stream; based on the unique identifier, identifying (408) the reserved channel for the video stream; transmitting (410), by the source video broker, the video stream through the OWT system along the reserved channel; receiving (412), by a destination video broker in a destination computing environment, the video stream on the reserved channel; based on the reserved channel, determining (414) a destination address for the video stream; and transmitting (416), by the destination video broker, the video stream to a destination device having the destination address.
  8. 8. The method of claim 7, wherein identifying the unique identifier, by the source video broker, comprises: accessing a mapping table storing unique identifiers for video streams based on source addresses of the video streams; and identifying the unique identifier for the video stream based on source address for the video stream.
  9. 9. The method of claim 7, wherein reserving the reserved channel includes generating a corresponding entry in a source mapping table and a destination routing table.
  10. 10. The method of claim 9, wherein identifying the reserved channel by the source video broker includes querying the source mapping table with the unique identifier for the video stream.
  11. 11. The method of claim 9, wherein determining the destination address by the destination video broker includes querying the destination routing table with the reserved channel.
  12. 12. The method of claim 9, further comprising removing the reservation of the channel at the end of the video stream by removing the corresponding entry in the source mapping table and the destination routing table.
  13. 13. The method of claim 9, wherein determining the destination address by the destination video broker comprises: performing a first query of the destination routing table with the reserved channel; in response to the first query, receiving the unique identifier for the video stream; performing a second query of the destination routing table with the unique identifier; and in response to the second query, receiving the destination address.
  14. 14. The method of claim 13, further comprising generating a confirmation message that the reserved channel has been reserved.
  15. 15. A method for routing video streams in a one-way transfer (OWT) system, the method comprising: receiving (412), by a destination video broker in a destination computing environment, a first video stream on a first predefined channel of the OWT system and a second video stream on a second predefined channel of the OWT system; determining (414) a first destination address for the first video stream by querying a source routing table with an identifier for the first predefined channel, wherein the source routing table includes entries indicating at least one of unique identifiers or destination addresses associated wi th reserved channels; determining (414) a second destination address for the second video stream by querying the source routing table with an identifier for the second predefined channel; transmitting the (416) first video stream to a first destination device having the first destination address; and transmitting (416) the second video stream to a second destination device having the second destination address.

Description

ROUTING OF FULL MOTION VIDEO (FMV) STREAMS IN ONE-WAY TRANSFER SYSTEMS USING OUT-OF-BAND ROUTING TABLES BACKGROUND [0001] In data transfer and communications systems, communication is generally be performed in a two-way manner. For instance, two devices in communication with one another exchange data in both directions. This ability allows for confirmations or acknowledgements that data has been received and processed correctly. In cases where the data is not received or processed correctly, such as due to dropped packets or corrupted data, the receiving device is able to request that the data be retransmitted. In systems where only one-way communication is implemented, no such acknowledgements or requests for the resending of data are available. [0002] It is with respect to these and other general considerations that the aspects disclosed herein have been made. Also, although relatively specific problems may be described, it should be understood that the examples should not be limited to solving the specific problems identified in the background or elsewhere in this disclosure. SUMMARY [0003] Examples of the present disclosure describe systems and methods relating to full motion video (FMV) routing in one-way transfer (OWT) systems. The OWT systems include components that restrict the flow of data in a single direction through the system while providing additional reliability' enhancements to help ensure that the video stream is handled correctly and is tolerant to faults in the devices of the systems. For example, the system may include a transmitting computing device with an optical transmitter limited to transmit-only functions. The present technology reserves a particular channel for transmission of a video stream, and then transmits the video stream from a low-trust computing environment to a high-trust computing environment along a data path defined by the channel. When the video stream is received on the high-trust side, the channel, on which the video stream is received, is determined and used to query a routing table that returns destination addresses of destination devices to which the video stream is to be transmitted. The video stream is then delivered to the destination devices having the corresponding addresses. As a result, even where the source devices in the low-trust computing environment have no knowledge of destination addresses, video streams can still be properly routed through the OWT and into and within the high-trust computing environment. [0004] This Summary is provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used to limit the scope of the claimed subject matter. Additional aspects, features, and/or advantages of examples will be set forth in part in the description which follows and, in part, will be apparent from the description, or may be learned by practice of the disclosure. BRIEF DESCRIPTION OF THE DRAWINGS [0005] Examples are described with reference to the following figures. [0006] FIG. 1 depicts an example one-way transfer (OWT) system for full-motion video routing. [0007] FIG. 2 depicts an example data flow of multiple video streams through an example OWT system. [0008] FIG. 3 depicts an example fault-tolerant video streaming core in a one-way transfer system. [0009] FIG. 4 depicts an example method for full-motion video routing using out-of-band routing tables. [0010] FIG. 5 is a block diagram illustrating example physical components of a computing device for practicing aspects of the disclosure. DETAILED DESCRIPTION [0011] A one-way transfer system (OWT) refers to a computing system which uses one or more data diodes to ensure that data can only be transferred unidirectionally through the respective computing devices of the computing system. In examples, the data diodes ensure unidirectional data packet transfer through implementation of hardware and/or software components, such as a transmit-only network interface card (NIC). [0012] OWT systems may be used to protect a network or endpoints against outbound data transmissions, malicious inbound data transmissions (e.g., viruses and malware), and cyberattacks. As one example, OWT systems facilitate the transfer of data between an endpoint in a low-trust computing environment (such as the public Internet or other high-threat environment) and an endpoint in a high-trust computing environment (or a higher-security computing environment relative to the low-trust computing environment). In such an example, an OWT system spans or includes multiple computing environments that are separated by one or more boundaries between the low-trust computing environment and the high-trust computing environment. [0013] In examples, a high-trust environment may be a system or network where the devices, applications, and users are