CN103634293B - Secure data transmission method based dual hardware and secure data transmission system based dual hardware - Google Patents
Secure data transmission method based dual hardware and secure data transmission system based dual hardware Download PDFInfo
- Publication number
- CN103634293B CN103634293B CN201310520541.2A CN201310520541A CN103634293B CN 103634293 B CN103634293 B CN 103634293B CN 201310520541 A CN201310520541 A CN 201310520541A CN 103634293 B CN103634293 B CN 103634293B
- Authority
- CN
- China
- Prior art keywords
- module
- router
- machine
- data
- functional modules
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Storage Device Security (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a secure data transmission method based dual hardware and a secure data transmission system based dual hardware. The method includes the following steps: (S1) a user downloads data into a mobile storage device from an unclassified network; (S2) the user connects the mobile storage device with an intermediate machine, and the security of the mobile storage device is checked by the intermediate machine; (S3) the intermediate machine stores the secure data passing detection into the cache of a main functional module; (S4) the user downloads the secure data into a secure mobile storage device; (S5) the user connects the secure mobile storage device with a classified network computer and uploads the data. The system comprises the mobile storage device, the intermediate machine and the secure mobile storage device. The invention physically isolates the unclassified network from the classified network and securely transmits data without threats to the classified network computer only after the intermediate machine analyzes the data and checks security, consequently, malicious users and malicious programs including viruses and Trojans are effectively prevented from intruding a classified network, and the data security of the classified network is ensured.
Description
Technical field
The present invention relates to the data safety in information security field and its safe transmission field, particularly to a kind of based on double
The data safe transmission method of hardware and system.
Background technology
How the raising requiring for Information Security with the secrecy department such as government, army, prevent secrecy network data from letting out
Important research direction that is close, preventing non-secure data attack privacy net from becoming information security enterprise and scientific research institution.Generally people
Think the safety that secrecy net and unclassified net are physically separated energy effective guarantee data.In this case, two kinds are ensured
Data transmission security between physical isolation network becomes particularly critical.
Currently, between the secrecy net existing and unclassified net, data safe transmission method mainly has:
First, using movable storage device, information is transferred to the computer of secrecy net from unclassified net, and in secrecy
Safety defense system is disposed, the data for movable storage device carries out virus scan, wooden horse killing, to movement on net computer
Storage device owner realizes access control, and carries out behavior auditing.But the method major defect is:Run into strong virus
Shi Keneng leads to secrecy net system for computer to collapse, or even impact secrecy nets other computers;Attacker can usurp other people
Username and password carry out illegal operation thus affecting whole secrecy net and ensureing that own identification is not detectable;Attacker's energy
Directly contact secrecy net, can steal the online data of secrecy by illegal means.
2nd, carry out data isolation data safe transmission using machine in the middle of tradition list hardware, movable storage device first will be non-
Secrecy network data safe transmission, to middle machine, treats the safety monitoring by middle machine(Checking and killing virus, wooden horse scans, Hole Detection
Deng)Afterwards by data copy to safe mobile memory apparatus, then Security Data Transmission is arrived by the calculating that secrecy is netted by this equipment
On machine.But party's law limitation is:When middle machine system produces fault, user is except using standby middle machine(Buy standby
User cost will be increased with middle machine)Additive method is not had outward to ensure safe, the timely transmission of information;When user needs to believe
Breath is transferred to it has to transmit data to objective using unclassified net during strange land, and data is in unclassified network transmission mistake
There is potential safety hazard in journey(As data may be stolen, distort);Cannot ensure to carry out data peace between secrecy net and middle machine
The safety of the special mobile equipment of full transmission itself.
3rd, the data needing transmission is carved into CD and carries out unclassified net and the information transfer maintaining secrecy between net, to be used
After the completion of CD is destroyed.Although this kind of method confidentiality is enough strong, but defect is also apparent from:Optical Disc Resources waste is serious, when
When transmitted data amount is larger, because capacity of optical storage is limited, therefore need using substantial amounts of CD, using inconvenience.
Content of the invention
The first object of the present invention be for be currently present in unclassified net and secrecy net between data safe transmission method
Problem, by middle machine is carried out with hardware module innovative design, a kind of data safe transmission method based on double hardware is proposed.
Another object of the present invention is to, a kind of data safe transmission system based on double hardware is provided.
In order to reach above-mentioned first purpose, the present invention employs the following technical solutions:
A kind of data safe transmission method based on double hardware, comprises the steps:
Data off the net is downloaded to movable storage device by S1, user from unclassified;
S2, user make movable storage device be connected with middle machine, and middle machine carries out safety detection, described middle machine to it
Including main functional modules and router-module, described main functional modules are used for disposing access control system and virus, wooden horse killing
System and cache cleaner mechanism, described router-module is used for disposing access control system and intruding detection system, described master
Functional module and router-module are connected by netting twine, and arrange static IP;
S3, middle machine will be stored on the caching of main functional modules by the secure data of detection;
S4, user download to the data of safety on safe mobile memory apparatus;
Safe mobile memory apparatus are connected secrecy net computer, and data are uploaded by S5, user.
Preferably, in step S2, access control carried out by middle machine, concretely comprises the following steps:
Operating system prompting user input account number cipher in S21, main functional modules, then carries out authority judgement;
If it is determined that S22 super keepe then utilizes " unidirectional recognize mechanism " that administrator right is synchronized to router
Module, makes this user have the authority that router-module and main functional modules are managed for configuration;
If it is determined that S23 manager then utilizes " unidirectional recognize mechanism " that normal user permission is synchronized to router mould
Block, makes this user have configuration management main functional modules, using the authority of router-module;
If it is determined that S24 domestic consumer then utilizes " unidirectional recognize mechanism " that normal user permission is synchronized to router
Module, makes this user have the authority being used for main functional modules and router-module.
Preferably, in step S3, middle machine will be stored on the caching of main functional modules by the secure data of detection
Concretely comprise the following steps:
After S31, user normally log in, main functional modules operating system and router-module operating system all proceed by note
Record Operation Log, including information type, name of the information, information size, operator, operating time, operation structure, transmission sources
IP, transmission objectives IP, transmission take, transmit average speed;
S32, router-module, are carried out simply to user data using technology such as keywords in user after access control
Wooden horse and virus scan, and record Operation Log and error log, only just can add when scanning wooden horse or virus to
In error log;
S33, router-module will determine that by scanning the data of safety is transferred to main functional modules upwards, the now function of tonic chord
Module carries out second careful virus, wooden horse scanning using virus scan and Intrusion Detection Technique to data, and records behaviour
Make daily record and error log;
S34, main functional modules are by the middle claim tag name after the encryption of the data collaborative of safety inspection, user's signature, label
Name time, information effective time together write in safe mobile memory apparatus.
Preferably, after step S5, further include cache cleaner mechanism, specially step is:
After the completion of S41, user operation, main functional modules operating system asks the user whether to remove caching;
If S42 user select be; system remove main functional modules caching, and send a cache cleaner instruct to
Router-module, router-module clears up the caching on router-module after executing this instruction;If user selects otherwise main work(
Can send whether determine the inquiry instruction not removing caching again by module operating;
If it is that main functional modules and router-module are not all cleared up and cached and record potential malice that S43 user selects
User behaviors log, if user selects otherwise to restart to ask the user whether to remove caching;
The Operation Log of main functional modules and router-module and error log are carried out contrast and come by S44, super keepe
Judge whether manager has malicious act, when Operation Log Shi Ze identical with error log represents manager's not malice row
For, otherwise represent the daily record of manager's malicious modification main functional modules.
Preferably, access control system between main functional modules and router-module carries out " unidirectional recognize mechanism ", in
Between owner's functional module system operators be divided into three kinds of ranks:Super keepe, manager and domestic consumer, router-module
System operators are divided into two kinds of ranks:Manager and domestic consumer, are implemented as:When operator utilizes super keepe body
After part logs in main functional modules, it is manager that router-module gives tacit consent to this operator;When operator utilizes manager or user's body
After part logs in main functional modules, it is user that router-module gives tacit consent to this operator.
Preferably, also include the strange land transmission of data, it concretely comprises the following steps:
S51, super keepe log in main functional modules and send to enter row information and turn to router-module by operation
The order sent out and the signature of middle machine and operator message;
S52, router-module close the data communication with main functional modules after receiving this order, and middle machine enters with target
Row mutual identity authentication;
S53, in the middle of source machine router-module by by the information transfer of safety detection to machine in the middle of target router mould
Block, in the middle of target, the router-module of machine carries out safety detection after receiving information and uploads the information after detection to it
To main functional modules;
S54, it is transmitted machine router-module in the middle of opisthogenesis and sends one and terminate the order connecting to machine road in the middle of target
By device module, and close connectivity port, then cleaning caches automatically.
Further, in step S52, authentication procedures are as follows:
In the middle of S521, source, machine router-module machine router-module in the middle of target sends a connection request;
S522, machine router-module receives the MAC Address of oneself, middle claim tag name, current shape after request in the middle of target
State(This symbol can only be 1 or 0, represent this middle machine and be currently running if 1 and carry out Security Data Transmission and detection,
Represent this middle machine if 0 idle), in-local person's information package be sent to the router-module of machine in the middle of source;
In the middle of S523, source, machine router-module first judges to mode bit, if 0 by target after receiving reply
Between machine relevant information write operation daily record, and by the MAC Address of the machine, middle claim tag name and operator message transmit to
The router-module of machine in the middle of target;
In the middle of S524, target, the router-module of machine is written into Operation Log after receiving information, and returns confirmation connection
Router-module to machine in the middle of source;
If the mode bit during the router-module of machine finds to reply in the middle of S525 source in step S523 is 1, waiting
Connection request is resend after a cycle.
In order to reach above-mentioned another object, the present invention employs the following technical solutions:
A kind of data safe transmission system based on double hardware, including movable storage device, middle machine and safety moving
Storage device,
Described movable storage device, for off the net being downloaded to movable storage device by data from unclassified;
Described middle machine, for data to be transmitted is carried out with safety detection, and will be stored by the secure data of detection
On caching;
Described safe mobile memory apparatus connect secrecy net computer, for uploading the data of safety.
Preferably, described middle machine includes main functional modules and router-module, and described main functional modules are used for deployment and visit
Ask control system and virus, wooden horse killing system and cache cleaner mechanism, described router-module is used for disposing access control
System and intruding detection system, described main functional modules and router-module are connected by netting twine, and arrange static IP.
Preferably, described main functional modules include comprising two USB interface, and one of is data output interface, setting
For only write state, another one is spare interface, closes under normal circumstances, in emergency circumstances standby as data input or output
With interface, router-module comprises a USB interface, and is set to read-only status.
The present invention has such advantages as with respect to prior art and effect:
1st, unclassified net and secrecy net are physically separated by data safe transmission system proposed by the present invention, and in passing through
Between machine carry out data analysiss and safety detection after will no threat data safe transmission to secrecy net computer, so effectively prevent again
The rogue program such as malicious user and virus, wooden horse, for the invasion of secrecy net, ensure that the number of secrecy net from physical means
According to safety;
2nd, several big defect overcoming machine in the middle of tradition based on machine in the middle of double hardware by hardware configuration proposed by the present invention.
, mainly in the middle of tradition during machine system generation fault, user normally cannot cause the time using Security Data Transmission function for this
It is delayed and using inconvenience;When secrecy net network failure, data cannot be transferred to strange land by user in time;Machine in the middle of tradition
In view of the stationarity of its hardware is it is impossible to carry out later stage functions expanding;In the middle of tradition, machine is likely to occur malice manager and forges mistake
Daily record affects the situation that super keepe judges.
3rd, the method for safe mobile memory apparatus write data proposed by the present invention has filled up the technological gap of this part, leads to
Cross in the middle of write claim tag name, user's signature, signature time, information effective time ensureing ageing, the reliability of source of data,
Carry out responsibility investigation after being easy to accident occurs.
Brief description
Fig. 1 is the schematic flow sheet of the data safe transmission method based on double hardware;
Fig. 2 is the middle machine structure chart based on double hardware;
Fig. 3 is middle machine access control flow chart;
Fig. 4 is the cache cleaner mechanism flow chart of main functional modules.
Specific embodiment
With reference to embodiment and accompanying drawing, the present invention is described in further detail, but embodiments of the present invention do not limit
In this.
Refer to Fig. 1, Fig. 1 is the flow chart of the data safe transmission method based on double hardware, implementing flow process is:
Data off the net is downloaded to movable storage device from unclassified by user(As USB flash disk, portable hard drive, SD card etc.)On;
Movable storage device is connected to based on the middle machine of double hardware user;
Access control carried out by middle machine, realizes flow process and may be referred to Fig. 3.Operating system prompting user in main functional modules
Input account number cipher, then carries out authority judgement.If it is determined that super keepe then utilizes " unidirectional recognize mechanism " will manage
Member's authority is synchronized to router-module, makes this user have the power that router-module and main functional modules are managed for configuration
Limit;If it is determined that manager then utilizes " unidirectional recognize mechanism " that normal user permission is synchronized to router-module, make this use
Family has configuration management main functional modules, using the authority of router-module;If it is determined that domestic consumer then utilizes " unidirectional holding
Recognize mechanism " normal user permission is synchronized to router-module, so that this user is had for main functional modules and router-module
The authority being used.
After user normally logs in, main functional modules operating system and router-module operating system all proceed by record behaviour
Make daily record, including information type, name of the information, information size, operator, operating time, operation structure, transmission sources IP, biography
Defeated Target IP, transmission take, transmission average speed.
Router-module carries out simple wood using technology such as keywords to user data in user after access control
Horse and virus scan, and record Operation Log and error log, only just can add to mistake when scanning wooden horse or virus
In daily record.
Router-module will determine that by scanning the data of safety is transferred to main functional modules upwards, now main functional modules
Using virus scan and Intrusion Detection Technique, data is carried out with second careful virus, wooden horse scanning, and record operation day
Will and error log.
Functional module by middle the claim tag name after the encryption of the data collaborative of safety inspection, user's signature, the time of signing,
Information effective time together writes in safe mobile memory apparatus.Main functional modules activate cache cleaner mechanism, with reference to Fig. 4, use
After the completion of the operation of family, main functional modules operating system asks the user whether to remove caching.If user selects, system is removed
The caching of main functional modules, and send a cache cleaner and instruct to router-module, router-module executes clear after this instruction
Caching on reason router-module.If user selects otherwise main functional modules operating system to send whether one determine not again
Remove the inquiry instruction of caching.If user select be; main functional modules and router-module all do not clear up cache and record latent
In malicious act daily record.If user selects otherwise to restart to ask the user whether to remove caching, super keepe is by main work(
Energy module and the Operation Log of router-module and error log carry out contrast to judge whether manager has malicious act, when
Operation Log Shi Ze identical with error log represents manager does not have malicious act, otherwise represents manager's malicious modification function of tonic chord
The daily record of module.
Secrecy net computer system is passed through to read the corresponding middle claim tag name of information, operator in safe mobile memory apparatus
Signature and signature time, the Data Source of this safe mobile memory apparatus can be known in detail, call to account after being easy to accident occurs.
Can determine whether by identifying information effect duration whether the data in this equipment is latest data.
Above procedure describes user in detail using the single process carrying out data upload based on the middle machine of double hardware.And
If the strange land transmission of data to be carried out, implementing flow process is:
Super keepe logs in main functional modules and will enter row information forwarding by operation to router-module transmission
The signature of order and middle machine and operator message.
Router-module closes the data communication with main functional modules after receiving this order, and middle machine carries out phase with target
Mutually authentication.Authentication procedures are as follows:1. in the middle of source, machine router-module machine router-module in the middle of target sends one
Individual connection request;2. machine router-module receives the MAC Address of oneself, middle claim tag name, current shape after request in the middle of target
State(This symbol can only be 1 or 0, represent this middle machine and be currently running if 1 and carry out Security Data Transmission and detection,
Represent this middle machine if 0 idle), in-local person's information package be sent to the router-module of machine in the middle of source;3. source
Middle machine router-module first judges to mode bit after receiving reply, writes machine relevant information in the middle of target if 0
Enter Operation Log, and the MAC Address of the machine, middle claim tag name and operator message are transmitted to the road of machine in the middle of target
By device module;4. the router-module of machine is written into Operation Log after receiving information in the middle of target, and return confirmation connection to
The router-module of machine in the middle of source;If the mode bit during 5. the router-module of machine finds to reply in the middle of source in the 3rd step is 1
Then after waiting a cycle, resend connection request.
In the middle of source machine router-module by by the information transfer of safety detection to machine in the middle of target router-module, mesh
In the middle of mark, the router-module of machine carries out safety detection after receiving information and the information after detection is uploaded to master to it
Functional module.
It is transmitted machine router-module in the middle of opisthogenesis and send the order of a termination connection to machine router in the middle of target
Module, and close connectivity port, then cleaning caches automatically.
Middle machine based on double hardware proposed by the present invention also can be under specific circumstances in addition to normal data safe transmission
Play following advantage:
Refer to Fig. 2, Fig. 2 describes the internal structure of middle machine.Based on the structure of this pair of hardware, the centre of the type
Machine has the advantage of continuous firing free of discontinuities.Under normal circumstances, user data is to first pass through router-module inspection to upload to again
Main functional modules carry out security sweep and detection, are finally delivered in secrecy net.Due to the operating system phase between two modules
Mutually independent, the operating system of main functional modules is not interfered with when router-module operating system produces fault.Now, by
Manager opens the standby USB interface of main functional modules, and is set to only receive the pattern not sending data, is become user
Data input pin.So user movable storage device pass through coupled, data directly can be transmitted right into main functional modules
Exported the normal transmission it is ensured that data after scanning afterwards.When main functional modules operating system produces fault, user will
Data uploads in router-module, and then router-module is transmitted to using netting twine after the scanning of the technology such as keyword
On machine in the middle of another specifying, by the main functional modules of machine in the middle of another, safety detection is carried out to it, then be uploaded to guarantor
Close net computer.Operation under both of these case has ensured the middle function continuous firing free of discontinuities based on double hardware.
Refer to Fig. 1, be attached by the netting twine of router-module between middle machine, this is easy to strange land data safety and passes
Defeated.When user wants Security Data Transmission to strange land, have two methods, one kind is first data to be passed through machine in the middle of locally
It is transferred to secrecy online, then the transmission of data strange land is carried out by secrecy net, another kind is the router that data is passed through middle machine
Module transfer on the middle machine of objective, then by upper strata main functional modules scan after by Security Data Transmission to secrecy net
On computer.Second method effective guarantee the strange land transmission promptness of data and secrecy in the case that secrecy net interrupts
Property.
Above-described embodiment is the present invention preferably embodiment, but embodiments of the present invention are not subject to above-described embodiment
Limit, other any spirit without departing from the present invention and the change made under principle, modification, replacement, combine, simplify,
All should be equivalent substitute mode, be included within protection scope of the present invention.
Claims (8)
1. a kind of data safe transmission method based on double hardware is it is characterised in that comprise the steps:
Data off the net is downloaded to movable storage device by S1, user from unclassified;
S2, user make movable storage device be connected with middle machine, and middle machine carries out safety detection to it, and described middle machine includes
Main functional modules and router-module, described main functional modules are used for disposing access control system and virus, wooden horse killing system
And cache cleaner mechanism, described router-module is used for disposing access control system and intruding detection system, the described function of tonic chord
Module and router-module are connected by netting twine, and arrange static IP;
S3, middle machine will be stored on the caching of main functional modules by the secure data of detection;
S4, user download to the data of safety on safe mobile memory apparatus;
Safe mobile memory apparatus are connected secrecy net computer, and data are uploaded by S5, user;
In step S2, access control carried out by middle machine, concretely comprises the following steps:
Operating system prompting user input account number cipher in S21, main functional modules, then carries out authority judgement;
If it is determined that S22 super keepe then utilizes " unidirectional recognize mechanism " that administrator right is synchronized to router-module,
This user is made to have the authority that router-module and main functional modules are managed for configuration;
If it is determined that S23 manager then utilizes " unidirectional recognize mechanism " that normal user permission is synchronized to router-module, make
This user has configuration management main functional modules, using the authority of router-module;
If it is determined that S24 domestic consumer then utilizes " unidirectional recognize mechanism " that normal user permission is synchronized to router-module,
This user is made to have the authority being used for main functional modules and router-module.
2. the data safe transmission method based on double hardware according to claim 1 is it is characterised in that in step S3, in
Between machine will by detection secure data be stored in concretely comprising the following steps on the caching of main functional modules:
After S31, user normally log in, main functional modules operating system and router-module operating system all proceed by record behaviour
Make daily record, including information type, name of the information, information size, operator, operating time, operation structure, transmission sources IP, biography
Defeated Target IP, transmission take, transmission average speed;
S32, router-module carry out simple wood using technology such as keywords to user data in user after access control
Horse and virus scan, and record Operation Log and error log, only just can add to mistake when scanning wooden horse or virus
In daily record;
S33, router-module will determine that by scanning the data of safety is transferred to main functional modules upwards, now main functional modules
Using virus scan and Intrusion Detection Technique, data is carried out with second careful virus, wooden horse scanning, and record operation day
Will and error log;
When S34, main functional modules are by the middle claim tag name after the data collaborative encryption of safety inspection, user's signature, signature
Between, information effective time together writes in safe mobile memory apparatus.
3. the data safe transmission method based on double hardware according to claim 1 is it is characterised in that after step S5,
Further include cache cleaner mechanism, specially step is:
After the completion of S41, user operation, main functional modules operating system asks the user whether to remove caching;
If S42 user selects to be that system removes the caching of main functional modules, and sends a cache cleaner and instruct to route
Device module, router-module clears up the caching on router-module after executing this instruction;If user selects otherwise function of tonic chord mould
Block operating system sends whether determine the inquiry instruction not removing caching again;
If it is that main functional modules and router-module are not all cleared up and cached and record potential malicious act that S43 user selects
Daily record, if user selects otherwise to restart to ask the user whether to remove caching;
The Operation Log of main functional modules and router-module and error log are carried out contrasting judging by S44, super keepe
Whether manager has malicious act, does not have malicious act when Operation Log Shi Ze identical with error log represents manager, instead
The daily record representing manager's malicious modification main functional modules.
4. the data safe transmission method based on double hardware according to claim 1 it is characterised in that main functional modules and
Access control system between router-module carries out " unidirectional recognize mechanism ", and middle owner's functional module system operators are divided
For three kinds of ranks:Super keepe, manager and domestic consumer, router-module system operators are divided into two kinds of ranks:Pipe
Reason person and domestic consumer, are implemented as:After operator logs in main functional modules using super keepe identity, router mould
It is manager that block gives tacit consent to this operator;After operator logs in main functional modules using manager or user identity, router mould
It is user that block gives tacit consent to this operator.
5. the data safe transmission method based on double hardware according to claim 1 is it is characterised in that also include data
Strange land is transmitted, and it concretely comprises the following steps:
S51, super keepe log in main functional modules and will enter row information forwarding by operation to router-module transmission
The signature of order and middle machine and operator message;
S52, router-module close the data communication with main functional modules after receiving this order, and middle machine carries out phase with target
Mutually authentication;
S53, in the middle of source machine router-module by by the information transfer of safety detection to machine in the middle of target router-module, mesh
In the middle of mark, the router-module of machine carries out safety detection after receiving information and the information after detection is uploaded to master to it
Functional module;
S54, it is transmitted machine router-module in the middle of opisthogenesis and sends one and terminate the order connecting to machine router in the middle of target
Module, and close connectivity port, then cleaning caches automatically.
6. the data safe transmission method based on double hardware according to claim 5 is it is characterised in that in step S52, body
Part verification process is as follows:
In the middle of S521, source, machine router-module machine router-module in the middle of target sends a connection request;
S522, machine router-module receives the MAC Address of oneself, middle claim tag name, current state, basis after request in the middle of target
Machine operator message transmits to the router-module of machine in the middle of source;
S523, machine router-module first judges to mode bit after receiving reply in the middle of source, if 0 by machine in the middle of target
Relevant information write operation daily record, and the MAC Address of the machine, middle claim tag name and operator message are transmitted to target
The router-module of middle machine;
In the middle of S524, target, the router-module of machine is written into Operation Log after receiving information, and returns confirmation connection to source
The router-module of middle machine;
If the mode bit during the router-module of machine finds to reply in the middle of S525 source in step S523 is 1, waiting one
Connection request is resend after the individual cycle.
7. the data safe transmission method based on double hardware according to claim 1 is it is characterised in that described middle machine bag
Include main functional modules and router-module, described main functional modules are used for disposing access control system and virus, wooden horse killing system
System and cache cleaner mechanism, described router-module is used for disposing access control system and intruding detection system, described main work(
Energy module and router-module are connected by netting twine, and arrange static IP.
8. the data safe transmission method based on double hardware according to claim 1 is it is characterised in that described function of tonic chord mould
Block includes comprising two USB interface, and one of is data output interface, is set to a write state, and another one is standby connecing
Mouthful, close under normal circumstances, in emergency circumstances as the spare interface of data input or output, router-module comprises one
USB interface, and it is set to read-only status.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310520541.2A CN103634293B (en) | 2013-10-29 | 2013-10-29 | Secure data transmission method based dual hardware and secure data transmission system based dual hardware |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310520541.2A CN103634293B (en) | 2013-10-29 | 2013-10-29 | Secure data transmission method based dual hardware and secure data transmission system based dual hardware |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103634293A CN103634293A (en) | 2014-03-12 |
| CN103634293B true CN103634293B (en) | 2017-02-08 |
Family
ID=50214921
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310520541.2A Active CN103634293B (en) | 2013-10-29 | 2013-10-29 | Secure data transmission method based dual hardware and secure data transmission system based dual hardware |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103634293B (en) |
Families Citing this family (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN103943119B (en) * | 2014-04-29 | 2016-10-19 | 乌鲁木齐新太博软件信息技术有限公司 | Intranet and extranet data two-stage physical isolation ferry device |
| CN105282097A (en) * | 2014-06-20 | 2016-01-27 | 北京瑞星信息技术有限公司 | Method and device for route safety management |
| CN105447386B (en) * | 2014-07-16 | 2019-02-22 | 阿里巴巴集团控股有限公司 | A kind of blocking-up method and device of hardware rootkit malicious act |
| CN104461978B (en) * | 2014-10-24 | 2021-02-19 | 厦门市美亚柏科信息股份有限公司 | Method and device for unidirectional data transmission |
| CN117272329A (en) * | 2023-11-21 | 2023-12-22 | 明阳时创(北京)科技有限公司 | Distributed virtualization vulnerability-based scanning method and system |
Family Cites Families (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20040260812A1 (en) * | 2003-06-20 | 2004-12-23 | Neil Rhodes | Ethernet-based fire system network |
| CN100373867C (en) * | 2005-01-14 | 2008-03-05 | 北邮英科(北京)信息技术研究所有限公司 | Massive parallel processing apparatus and method for network isolation and information exchange module |
| EP1975830A1 (en) * | 2007-03-30 | 2008-10-01 | British Telecommunications Public Limited Company | Distributed computer system |
| CN101697180B (en) * | 2009-11-06 | 2012-07-04 | 深圳市优特普科技有限公司 | Computer data communication isolation management system and data monitoring method |
-
2013
- 2013-10-29 CN CN201310520541.2A patent/CN103634293B/en active Active
Also Published As
| Publication number | Publication date |
|---|---|
| CN103634293A (en) | 2014-03-12 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Nguyen et al. | {FLAME}: Taming backdoors in federated learning | |
| Lohachab et al. | Critical analysis of DDoS—An emerging security threat over IoT networks | |
| Moudoud et al. | Prediction and detection of fdia and ddos attacks in 5g enabled iot | |
| CN103634293B (en) | Secure data transmission method based dual hardware and secure data transmission system based dual hardware | |
| CN103283202B (en) | System and Method for Network Level Protection Against Malicious Software | |
| KR101939078B1 (en) | Apparatus and method for enhancing security of data on a host computing device and a peripheral device | |
| CN103391216A (en) | Alarm and blocking method for illegal external connections | |
| CN202795383U (en) | Device and system for protecting data | |
| US11303653B2 (en) | Network threat detection and information security using machine learning | |
| Jayasinghe et al. | A survey of attack instances of cryptojacking targeting cloud infrastructure | |
| Pattewar et al. | Detection of SQL injection using machine learning: a survey | |
| Ikrissi et al. | A study of smart campus environment and its security attacks | |
| Ariyapala et al. | A host and network based intrusion detection for android smartphones | |
| Tsow et al. | Warkitting: the drive-by subversion of wireless home routers | |
| Suo et al. | Research on the application of honeypot technology in intrusion detection system | |
| Borys et al. | An evaluation of IoT DDoS cryptojacking malware and Mirai botnet | |
| Makrakis et al. | Vulnerabilities and attacks against industrial control systems and critical infrastructures | |
| Hwoij et al. | SIEM architecture for the Internet of Things and smart city | |
| CN107169363A (en) | A kind of network security terminal | |
| CN101408919A (en) | Method and system for monitoring computer espionage behavior | |
| Gu et al. | IoT security and new trends of solutions | |
| Sharma et al. | Smartphone security and forensic analysis | |
| CN107944260A (en) | A kind of Behavior blocking device and method of Malware | |
| Tom et al. | Cyberspace: Mitigating Against Cyber Security Threats and Attacks | |
| Asan | Data security |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CB03 | Change of inventor or designer information |
Inventor after: Weng Jian Inventor after: Wei Linfeng Inventor after: Yao Guoxiang Inventor after: Luo Weiqi Inventor after: Hu Shun Inventor after: Guan Quanlong Inventor after: Zhu Shuhua Inventor after: Zhang Huanming Inventor before: Yao Guoxiang Inventor before: Luo Weiqi Inventor before: Hu Shun Inventor before: Wei Linfeng Inventor before: Weng Jian Inventor before: Guan Quanlong Inventor before: Zhu Shuhua Inventor before: Zhang Huanming |
|
| COR | Change of bibliographic data |