CN104363221A - Network safety isolation file transmission control method - Google Patents

Network safety isolation file transmission control method Download PDF

Info

Publication number
CN104363221A
CN104363221A CN201410629644.7A CN201410629644A CN104363221A CN 104363221 A CN104363221 A CN 104363221A CN 201410629644 A CN201410629644 A CN 201410629644A CN 104363221 A CN104363221 A CN 104363221A
Authority
CN
China
Prior art keywords
intranet
message
file
outer net
control end
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410629644.7A
Other languages
Chinese (zh)
Inventor
董晓春
刘培顺
赵长江
任传祥
高继鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
QINGDAO WEIZHIHUI INFORMATION Co Ltd
Original Assignee
QINGDAO WEIZHIHUI INFORMATION Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by QINGDAO WEIZHIHUI INFORMATION Co Ltd filed Critical QINGDAO WEIZHIHUI INFORMATION Co Ltd
Priority to CN201410629644.7A priority Critical patent/CN104363221A/en
Publication of CN104363221A publication Critical patent/CN104363221A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • H04L63/205Network architectures or network communication protocols for network security for managing network security; network security policies in general involving negotiation or determination of the one or more network security mechanisms to be used, e.g. by negotiation between the client and the server or between peers or by selection according to the capabilities of the entities involved
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L2209/00Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
    • H04L2209/72Signcrypting, i.e. digital signing and encrypting simultaneously
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0838Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention relates to a safety isolation file transmission control method, in particular to a file transmission control method between taxation network safety isolation systems. A transmission control system comprises an external network isolation firewall, an external network control end, an external network transmitting end, an external network receiving end, an internal network transmitting end, an internal network receiving end, an internal network control end and an internal network isolation firewall. A computer system, a virtual machine system and the isolation firewalls are combined to achieved a relatively universal safety data transmission manner, safe and reliable bidirectional data transmission is achieved by the control method with a special safety protocol, confidentiality, completeness and non-repudiation during information transmission are achieved by safety techniques such as data encryption, digital signatures and information authentication codes, data exchanging performance is increased while safety of internal and external network systems is guaranteed, and the whole system can work reliably and stably.

Description

A kind of network security off-limit file transfer control method
Technical field
The present invention relates to a kind of network security isolation control method, be specifically related to file transfer control method between a kind of tax network security shielding system.Be applicable to the transmitting data between networks different security classification, while guarantee network security, realize the high efficiency of transmission of file between heterogeneous networks.
Background technology
Isolation concept is when producing to protect when high safety grade network environment, period experienced by five generation isolation technology change.First generation isolation technology---isolate completely: the method makes network be in information island state, accomplish physical isolation completely, need at least two cover network and systems, the more important thing is the inconvenience of information interchange and the raising of cost, bring great inconvenience to like this maintenance and use.Second generation isolation technology---hardware card is isolated: increase by one piece of hardware card in client, first client hard disk or other memory devices are connected to this card, and then are transferred on mainboard, can control client hard disk or other memory devices by this card.And when selecting different hard disks, have selected network interfaces different on this card simultaneously, being connected to different networks.But what this isolated product had still needs network layout to be two net line structures, and product also exists larger potential safety hazard.Third generation isolation technology---data retransmission is isolated: utilize the approach of broadcast relay system timesharing xcopy to realize isolation, switching time very, even needs manual completing, not only slow down access speed significantly, more do not support common network application, lose the meaning that network exists.Forth generation isolation technology---air switch is isolated: it is by using single-pole double-throw switch (SPDT), makes inside and outside network timesharing access temporary buffer to complete exchanges data, but there is many problems in safety and performance.5th generation isolation technology---escape way is isolated: this technology is by the security mechanism such as private communication hardware and private secure protocol, realize isolation and the exchanges data of inside and outside network, isolation technology Problems existing before not only solving, and effectively inside and outside Network Isolation is come, and achieve the secure exchange of intranet and extranet data efficiently, transparent support multiple network application, becomes the developing direction of current isolation technology.
There are following distinct issues in current network isolation:
(1) Network Isolation adopts unresponsive mechanism when transmitting data, causes information or data integrity not to ensure.High and low level of confidentiality net only has one simultaneously and is connected with xegregating unit under Network Isolation condition, and like this, the communication protocol that " shaking hands " confirms cannot use, and therefore just must adopt unidirectional unresponsive transmission mechanism in isolation transmission.Although ensure that the fail safe of data like this, the problem brought be receiving terminal without feedback signal, cause user cannot find mistake, incomplete information.Therefore, how guarantee information transmission time the integrality of data, correctness become the critical problem of data no-feedback one-way transmission between different security level net.
(2) in Network Isolation situation, data are transmitted, High Security Level net and Low Security Level net have simultaneously and one can only be had to set up the connection of specialized protocol to reach the object transmitting data with xegregating unit, can not ensure that the data importing High Security Level net from Low Security Level net into can not cause High Security Level systemic breakdown or make it be destroyed like this, therefore High Security Level system safety problem is also a problem needing solution badly.
Therefore for Network Isolation, following requirement is proposed:
(1) data stably can be transferred to High Security Level net by Low Security Level net;
(2) message transmission rate should reach higher requirement;
(3) ensure that core classified network is not by the frontal attack of hacker;
(4) data received reach certain requirement in integrality.
Summary of the invention
Based on the 5th generation technology of network isolation, the object of the invention is to realize safe and reliable forward and reverse transfer of data by the control method of private secure protocol, thus while ensureing internal-external network system safety, the performance of exchanges data can be promoted again, and make the reliable and stable work of whole system.
The present invention is achieved through the following technical solutions: the technical solution realizing target of the present invention is information transmission and control system between a kind of network security shielding system, it is characterized in that: this system composition comprises outer net isolation fire compartment wall, outer net control end, external network sending end, outer net receiving terminal, Intranet transmitting terminal, Intranet receiving terminal, Intranet control end and Intranet isolation fire compartment wall.Transmission of messages is divided into: when 1, outer net sends file to Intranet, outer net main frame is transmitting terminal, and intranet host is receiving terminal, and first message be submitted to outer net control end, is responsible for data to submit to Intranet, carries out safety data transmission by outer net control end.2, when Intranet sends file to outer net, outer net main frame is receiving terminal, and intranet host is transmitting terminal, and first message be submitted to Intranet control end, is responsible for data to submit to outer net, carries out safety data transmission by Intranet control end.
The data transmission method utilizing above-mentioned data transmission system to implement, is characterized in that:
(1) utilize outer net isolation fire compartment wall and Intranet isolation fire compartment wall to realize the Network Isolation of Inside and outside network, isolation fire compartment wall, only to particular ip address and protocol open, ensures network security;
(2) utilize outer net control end and Intranet control end to realize the access authentication of outbound communication terminal and Intranet communication terminal, only have validated user ability usage data transmission system, control end also realizes the Content inspection to transfer files, ensures content safety;
(3) message that S/MIME encapsulate data transmits is utilized, the particular data of text, image, sound, video and other application program can be transmitted, receipt service is provided, there is provided following encryption safe service: certification, integrity protection, qualification and data confidentiality etc., ensure the confidentiality in message transmitting procedure, integrality and resisting denying;
(4) external network sending end and Intranet receiving terminal is utilized to realize the one-way transmission of outer net to Intranet, Intranet transmitting terminal and outer net receiving terminal realize the one-way transmission of Intranet to outer net, coordinate the proprietary message envelope format based on file, realize the information exchange of the safety between Inside and outside network.
(5) external network sending end and Intranet receiving terminal are two virtual machines on a physical machine, communicated by Microsoft Loopback Adapter between them, half Intel Virtualization Technology is utilized to set up by shared drive the high-speed communication that communication port realizes between virtual machine, outer net receiving terminal and Intranet transmitting terminal are two virtual machines on a physical machine, and communication mode is similar.
Advantage and effect:
The invention provides a kind of technology and method of network isolation system Data Transmission Controlling, this technology utilizes computer system, dummy machine system, isolation fire compartment wall combines achieves a kind of comparatively general safety data transmission mode, at hardware aspect, the present invention is made up of electronic equipments such as computer, isolation fire compartment wall, server, web-transporting device, data servers, the communication path redundant configuration safeguards system reliability of its visual plant; Utilize data encryption, digital signature ensures the confidentiality in message transmitting procedure, integrality and resisting denying; Between intranet and extranet, information exchange employs the safety that proprietary protocol ensures message.
The feature of this technology:
1, use S/MIME protocol encapsulation message format, and receipt service is provided, provide following encryption safe service: certification, integrity protection, qualification and data confidentiality etc., ensure the confidentiality in message transmitting procedure, integrality and resisting denying;
2, external network sending end and Intranet receiving terminal are two virtual machines on a physical machine, communicated by Microsoft Loopback Adapter between them, half Intel Virtualization Technology is utilized to set up by shared drive the high-speed communication that communication port realizes between virtual machine, coordinate proprietary communication protocol, realize the information exchange of the high-speed secure between Inside and outside network.
Accompanying drawing explanation
Fig. 1 is network architecture diagram of the present invention.
Fig. 2 is the network architecture of external network sending end of the present invention and Intranet receiving terminal.
Fig. 3 is outer net receiving terminal and Intranet transmitting terminal.
Fig. 4 be the present invention is based on file transfer Inside and outside network shielding system between message transmission mode.
Fig. 5 is transmission document flowchart of the present invention.
Embodiment
Below in conjunction with accompanying drawing, the present invention is described in further detail:
Fig. 1 is network architecture diagram of the present invention, comprises outer net control end, external network sending end, outer net receiving terminal, Intranet receiving terminal, Intranet transmitting terminal and Intranet control end and outer net isolation fire compartment wall and Intranet isolation fire compartment wall.
Outer net control end and Intranet control end are operated in the industrial computer of a Multi-netmouth, and as Core server, the parsing being specifically responsible for whole transmission control protocol performs, and bears storage and the forwarding work of shared file, make the mutual more controlled and efficient of file.
Fig. 2 is the network architecture of external network sending end and Intranet receiving terminal, external network sending end and Intranet receiving terminal are two virtual machines on a physical server, physical machine is installed multiple network interface card, one of them network interface card connects outer net, a network interface card connects Intranet, external network sending end virtual machine binds the network interface card of outer net by bridge joint mode, Intranet receiving terminal virtual machine binds Intranet network interface card by bridge joint mode, two virtual machines add second piece of network interface card respectively with the same Microsoft Loopback Adapter of Host-only pattern connection physical machine, and two virtual machines are communicated by this Microsoft Loopback Adapter.The network configuration signal of Fig. 3 two virtual machines that to be outer net receiving terminal and Intranet transmitting terminal be on a physical server, their internetwork connection mode and external network sending end and Intranet receiving terminal similar.Outer net control end two network interfaces, one is connected to outer net firewall configuration IP address is IP1, can with outer net terminal communication, another one is connected to external network sending end and outer net receiving terminal configuration of IP address is IP2.Intranet control end two network interfaces, one is connected to Intranet firewall configuration IP address is IP3, can with Intranet terminal communication, another one is connected to Intranet transmitting terminal and Intranet receiving terminal configuration of IP address is IP4.
Outer net fire compartment wall isolation the Internet and outer net control end, outer net firewall configuration is only allow the datagram of leading to outer net control end IP address ip 1 and designated port to pass through, and Intranet firewall configuration is only allow the data of leading to Intranet control end IP address ip 3 and designated port to pass through.
The network interface of outer net control end IP2, an internal network address section is configured with external network sending end and outer net receiving terminal, each network interface configuration of IP address, there is no gateway, arranging rule makes outer net receiving terminal can only send data to outer net control end by IP2, external network sending end can only send data to outer net control end, can not communicate between external network sending end and outer net receiving terminal.
The network interface of Intranet control end IP4, another one internal network address section is configured with Intranet transmitting terminal and Intranet receiving terminal, each network interface configuration of IP address, there is no gateway, arranging rule makes Intranet receiving terminal can only send data to Intranet control end by IP4, Intranet transmitting terminal can only send data to Intranet control end, can not communicate between Intranet transmitting terminal and Intranet receiving terminal.
Second network interface of external network sending end and Intranet receiving terminal is connected to Microsoft Loopback Adapter by Host-only pattern, the another one network segment is set, arranging rule makes Intranet receiving terminal can only be received from the data of external network sending end by this IP, and Intranet receiving terminal can not send data to external network sending end.
Second network interface of outer net receiving terminal and Intranet transmitting terminal is connected to Microsoft Loopback Adapter by Host-only pattern, the another one network segment is set, arranging rule makes outer net receiving terminal can only be received from the data of Intranet transmitting terminal by this IP, and outer net receiving terminal can not send data to Intranet transmitting terminal.
Fig. 4 describe this programme design based on file transfer Inside and outside network shielding system between message transmission mode.Transmit leg, document handling unit is for relevant treatment before file transfer, fail safe and the efficiency of file transfer can be improved, its course of work is as follows: first will receive message and split the multiple sequential file of generation by agreement prescribed level, finally add current time stamp and a HMAC file generated based on transmit leg and recipient's shared key, recipient can the source of authenticating documents by shared key, and the validity of authenticating documents, gives each file designation again according to naming rule.Fractionation file designation rule: the serial number of session id number+split total number of files order+this file.Then the file after fractionation is sent buffer directory.Recipient, document handling unit is used for finishing receiving rear associative operation, will split file access pattern to original according to configuration information file.
The method that HMAC generates: set shared key as K, number of files is n, and current time is Timestamp, and each file is set to F 1, F 2..., F n:
HMAC 1=HASH(K||F 1)
HMAC i=HASH(HMAC i-1||F i)(n>i>1),
HMAC=HASH(HMAC n-1||F n||Timestamp||K)。Last HMAC is the authentication information that this secondary data sends.
After recipient receives, first whether the proving time is in the error allowed, and the shared key K ' then utilizing it to preserve by the same way carries out same computing, and unanimously whether, if unanimously show, transmit leg identity is correct to more last HMAC.
In order to complete relevant operation and function, Inside and outside network has been come by the message of certain specific format, and message format adopts the form of S/MIME to encapsulate.Message carries order and file data, completes the mutual of intranet and extranet data.
Control end major function is the message that analyzing and processing intranet and extranet receive, and realizes relevant operation according to the order of message, and the result of operation is packaged into protocol massages feeds back to transmit leg.The mechanism for the treatment of and analysis is determined according to the form of message.
The human-computer interaction module of Inside and outside network works in the main frame of intranet and extranet respectively, and human-computer interaction module is responsible for the mutual of external user and Intranet system, is positioned at the periphery of system architecture.Human-computer interaction module mainly provides the functional interface based on window, for user provides order inputting interface, and user friendly operation.
According to Fig. 5 transmission document flowchart of the present invention, when outer net main frame to intranet host request send file time, namely by outer net main frame human-computer interaction module from human-computer interaction module to intranet host send file, the course of work of the present invention is as follows:
The each unit of step 1, start up system, outer net control end is the file transfer management server of extra-net part, be responsible for external user end, the certification of external network sending end and outer net receiving terminal, Intranet control end is the file transfer management server of internal network part, be responsible for Intranet user end, the certification of Intranet transmitting terminal and Intranet receiving terminal, certification can consult a session key by rear both sides;
First step 2, transmitting terminal user need log file transmission system, carry out certification by outer net control end to the identity of user, and certification can see contacts list after passing through, during certification and control end consult a session key.
The recipient of step 3, transmitting terminal user select File from contacts list, sends file or message, and user side generates and sends message packet, and message content comprises recipient information, sender information, current time information, type of message, message body.Message packet uses the session key of user to protect, and message packet form uses S/MIME encapsulation, and message sends to outer net control end.
After step 4, outer net control end receive message, the legitimacy of checking message, carry out security inspection (as used antivirus software) to message, forward the message to external network sending end after being verified, message uses session key to protect;
After step 5, external network sending end receipt message, first the legitimacy of session key checking message is used, by laggard row Document encapsulation, document handling unit process needs the file of transmission, if the size of file exceedes the threshold value of fractionation, then file declustering is become the file of multiple fixed size, by filename rule, each file is numbered, use pre-assigned key to carry out protection and generate HMAC file;
Step 6, file transfer: external network sending end main frame by split after data file, through Microsoft Loopback Adapter by being transferred to Intranet receiving terminal main frame;
Step 7, Piece file mergence: Intranet receiving terminal host receiving data file, and according to filename rule, file is merged, be repackaged into message, use session key to protect, and send Intranet control end to;
Step 8, message sink: after Intranet control end receives message, checking message legitimacy, to message carry out security inspection (as use antivirus software), by after forward the message to receiving terminal, message use session key protect.
Step 9, user check: user side receives prompting message user and checks, if transmitting terminal requires to provide receipt, automatically send receipt to sender when user opens message, receipt uses the private key attest validity of recipient.
Repeat above step, in the human-computer interaction module of request end main frame, increase the submodule of task scheduling function, multitask, the concurrent transmission file of multi-user and download file can be realized.
During the human-computer interaction module request download file of request end main frame, if the file of outer net is downloaded in request, directly download, do not need through network isolation system.If the file of request Intranet, first request end sends file request message to object contact person or systems share files folder (being controlled by Intranet control end), the transmitting procedure process described above of message, after object contact person or Intranet control end receipt message, whether allow to send file according to rule judgment, if allow, according to upper described process, file is sent to request end:
It is identical to the step of intranet host request download file with outer net main frame that the step that intranet host outside net host request sends file and intranet host outside net host request download file and outer net main frame send file to intranet host request.
The present invention can solve unilateral network safety insulating device can not be mutual, the shortcoming of data interchange poor performance, download file can be uploaded in batches, upload the bandwidth upper limit that speed of download reaches network isolating device, support concurrent, improve the intranet and extranet exchanges data efficiency of isolated device isolation, the present invention supports encryption, the safe practices such as signature, can ensure the confidentiality in message transmitting procedure, integrality and non-repudiation.

Claims (5)

1. an information transmission and control system between network security shielding system, is characterized in that: this system composition comprises outer net isolation fire compartment wall, outer net control end, external network sending end, outer net receiving terminal, Intranet transmitting terminal, Intranet receiving terminal, Intranet control end and Intranet isolation fire compartment wall; Transmission of messages is divided into: when a. outer net sends file to Intranet, outer net main frame is transmitting terminal, and intranet host is receiving terminal, and first message be submitted to outer net control end, is responsible for data to submit to Intranet, carries out transfer of data by outer net control end; B., when Intranet sends file to outer net, outer net main frame is receiving terminal, and intranet host is transmitting terminal, and first message be submitted to Intranet control end, is responsible for data to submit to outer net, carries out transfer of data by Intranet control end.
2. the data transmission method implemented of data transmission system according to claim 1, is characterized in that:
(1) between outer net computer and outer net control end, isolated device is connected with; Connect between inner net computer and Intranet control end and be also provided with isolated device;
(2) net control end and Intranet control end realize the access authentication of outbound communication terminal and Intranet communication terminal outside, and control end realizes the Content inspection to transfer files, ensure content safety;
(4) external network sending end and Intranet receiving terminal realize the one-way transmission of outer net to Intranet, and Intranet transmitting terminal and outer net receiving terminal realize the one-way transmission of Intranet to outer net;
(5) external network sending end and Intranet receiving terminal are two virtual machines on a physical server, physical machine is installed multiple network interface card, one of them network interface card connects outer net, a network interface card connects Intranet, external network sending end virtual machine binds the network interface card of outer net by bridge joint mode, Intranet receiving terminal virtual machine binds Intranet network interface card by bridge joint mode, two virtual machines add second piece of network interface card respectively with the same Microsoft Loopback Adapter of Host-only pattern connection physical machine, and two virtual machines are communicated by this Microsoft Loopback Adapter; Outer net receiving terminal and Intranet transmitting terminal are two virtual machines on a physical machine, and communication mode is similar.
3. the data transmission method implemented of data transmission system according to claim 1, is characterized in that the message that system utilizes S/MIME encapsulate data and transmits, the particular data of transmission text, image, sound, video and other application program.
4. the data transmission method implemented of data transmission system according to claim 1, is characterized in that message transmission mode between the Inside and outside network shielding system that system uses based on file transfer; Its course of work is as follows: first will receive message and split the multiple sequential file of generation by agreement prescribed level, finally add current time stamp and a HMAC file generated based on transmit leg and recipient's shared key, recipient can the source of authenticating documents by shared key, the validity of authenticating documents, gives each file designation again according to naming rule; Fractionation file designation rule: the serial number of session id number+split total number of files order+this file; Then the file after fractionation is sent buffer directory; Recipient, document handling unit is used for finishing receiving rear associative operation, will split file access pattern to original according to configuration information file.
5. the data transmission method implemented of data transmission system according to claim 1, is characterized in that comprising the steps:
Outer net main frame to intranet host request send file time, namely by outer net main frame human-computer interaction module from human-computer interaction module to intranet host send file, step is as follows:
The each unit of step 1, start up system, outer net control end to external user end, the certification of external network sending end and outer net receiving terminal, Intranet control end is to Intranet user end, the certification of Intranet transmitting terminal and Intranet receiving terminal, certification can consult a session key by rear both sides;
First step 2, transmitting terminal user need log file transmission system, carry out certification by outer net control end to the identity of user, and certification can see contacts list after passing through;
The recipient of step 3, transmitting terminal user select File from contacts list, sends file or message, and user side generates and sends message packet, and message content comprises recipient information, sender information, current time information, type of message, message body; Message packet uses the session key of user to protect, and message packet form uses S/MIME encapsulation, and message sends to outer net control end;
After step 4, outer net control end receive message, the legitimacy of checking message, carries out security inspection to message, forwards the message to external network sending end after being verified, and message uses session key to protect;
After step 5, external network sending end receipt message, first the legitimacy of session key checking message is used, by laggard row Document encapsulation, document handling unit process needs the file of transmission, if the size of file exceedes the threshold value of fractionation, then file declustering is become the file of multiple fixed size, by filename rule, each file is numbered, use pre-assigned key to carry out protection and generate HMAC file;
Step 6, file transfer: external network sending end main frame by split after data file, through Microsoft Loopback Adapter by being transferred to Intranet receiving terminal main frame;
Step 7, Piece file mergence: Intranet receiving terminal host receiving data file, and according to filename rule, file is merged, be repackaged into message, use session key to protect, and send Intranet control end to;
Step 8, message sink: after Intranet control end receives message, checking message legitimacy, security inspection is carried out to message, by after forward the message to receiving terminal, message use session key protect;
Step 9, user check: user side receives prompting message user and checks, if transmitting terminal requires to provide receipt, automatically send receipt to sender when user opens message, receipt uses the private key attest validity of recipient;
When the outside net host request of intranet host sends file, namely send file by the human-computer interaction module of the outside host's machine of the human-computer interaction module of intranet host, step is as follows:
The each unit of step 1, start up system, outer net control end to external user end, the certification of external network sending end and outer net receiving terminal, Intranet control end is to Intranet user end, the certification of Intranet transmitting terminal and Intranet receiving terminal, certification can consult a session key by rear both sides;
First step 2, transmitting terminal user need log file transmission system, carry out certification by Intranet control end to the identity of user, and certification can see contacts list after passing through;
The recipient of step 3, transmitting terminal user select File from contacts list, sends file or message, and user side generates and sends message packet, and message content comprises recipient information, sender information, current time information, type of message, message body; Message packet uses the session key of user to protect, and message packet form uses S/MIME encapsulation, and message sends to Intranet control end;
After step 4, Intranet control end receive message, the legitimacy of checking message, carries out security inspection to message, is verified rear forwarding messages Intranet transmitting terminal, and message uses session key to protect;
After step 5, Intranet transmitting terminal receipt message, first the legitimacy of session key checking message is used, by laggard row Document encapsulation, document handling unit process needs the file of transmission, if the size of file exceedes the threshold value of fractionation, then file declustering is become the file of multiple fixed size, by filename rule, each file is numbered, use pre-assigned key to carry out protection and generate HMAC file;
Step 6, file transfer: Intranet transmitting terminal main frame by split after data file, through Microsoft Loopback Adapter by being transferred to outer net receiving terminal main frame;
Step 7, Piece file mergence: outer net receiving terminal host receiving data file, and according to filename rule, file is merged, be repackaged into message, use session key to protect, and send outer net control end to;
Step 8, message sink: after outer net control end receives message, checking message legitimacy, security inspection is carried out to message, by after forward the message to receiving terminal, message use session key protect;
Step 9, user check: user side receives prompting message user and checks, if transmitting terminal requires to provide receipt, automatically send receipt to sender when user opens message, receipt uses the private key attest validity of recipient.
CN201410629644.7A 2014-11-10 2014-11-10 Network safety isolation file transmission control method Pending CN104363221A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201410629644.7A CN104363221A (en) 2014-11-10 2014-11-10 Network safety isolation file transmission control method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410629644.7A CN104363221A (en) 2014-11-10 2014-11-10 Network safety isolation file transmission control method

Publications (1)

Publication Number Publication Date
CN104363221A true CN104363221A (en) 2015-02-18

Family

ID=52530447

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410629644.7A Pending CN104363221A (en) 2014-11-10 2014-11-10 Network safety isolation file transmission control method

Country Status (1)

Country Link
CN (1) CN104363221A (en)

Cited By (49)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618214A (en) * 2015-03-06 2015-05-13 北京深思数盾科技有限公司 Method and system for transmitting information by constructing local area network
CN104639418A (en) * 2015-03-06 2015-05-20 北京深思数盾科技有限公司 Method and system for information transmission by constructing local area network
CN104753962A (en) * 2015-04-23 2015-07-01 厦门雅迅网络股份有限公司 OBD (On-board diagnostics) safety management method and system
CN105516094A (en) * 2015-11-27 2016-04-20 蓝网科技股份有限公司 Industrial computer based internal-external network data exchange method and apparatus
CN106230806A (en) * 2016-07-26 2016-12-14 中国南方电网有限责任公司信息中心 Blended data custom protocol communication system under tertiary-structure network environment and method
CN106685992A (en) * 2017-02-14 2017-05-17 厦门畅享信息技术有限公司 Over-network safe exchange and interactive application system based on unidirectional transmission technology, and method thereof
CN106790151A (en) * 2016-12-29 2017-05-31 中铁信安(北京)信息安全技术有限公司 A kind of data isolation Transmission system and method
CN106973050A (en) * 2017-03-23 2017-07-21 山东中创软件商用中间件股份有限公司 A kind of method and device of inter-network lock information sharing
CN106998333A (en) * 2017-05-24 2017-08-01 山东省计算中心(国家超级计算济南中心) A kind of bilateral network security isolation system and method
CN107026850A (en) * 2017-03-17 2017-08-08 江苏曙光信息技术有限公司 A kind of intranet and extranet document exchange method
CN107122474A (en) * 2017-05-02 2017-09-01 山东浪潮通软信息科技有限公司 System document docking technique implementation method under a kind of network physical isolation environment
CN107172020A (en) * 2017-04-28 2017-09-15 湖北微源卓越科技有限公司 A kind of network data security exchange method and system
CN107409139A (en) * 2015-03-31 2017-11-28 西门子公司 For feedback-less transmit single channel coupling device, inquiry mechanism and the method for data
CN107438082A (en) * 2017-09-04 2017-12-05 安徽爱她有果电子商务有限公司 A kind of network safety system based on intranet and extranet separation
CN108040122A (en) * 2017-12-26 2018-05-15 迈普通信技术股份有限公司 Document transmission method and device
CN108769076A (en) * 2018-07-06 2018-11-06 北京绪水互联科技有限公司 Data collecting system, method and device with network isolation function
CN108809975A (en) * 2018-06-07 2018-11-13 北京网迅科技有限公司杭州分公司 A kind of tertiary-structure network system and the method for realizing tertiary-structure network
CN108833395A (en) * 2018-06-07 2018-11-16 北京网迅科技有限公司杭州分公司 A kind of outer net access authentication system and authentication method based on hardware access card
CN108881270A (en) * 2018-07-02 2018-11-23 浪潮软件股份有限公司 A kind of software-based safety isolation network gate
CN109660829A (en) * 2018-12-20 2019-04-19 北京东土科技股份有限公司 Media transmission method and system between a kind of close network of height
CN109787986A (en) * 2019-01-29 2019-05-21 黄策 File fragmentation public network safe transmission method
CN109800050A (en) * 2018-11-22 2019-05-24 海光信息技术有限公司 A kind of EMS memory management process of virtual machine, device, relevant device and system
CN110166240A (en) * 2019-06-25 2019-08-23 南方电网科学研究院有限责任公司 A kind of Network Isolation password board
CN110535722A (en) * 2019-08-27 2019-12-03 江苏瑞中数据股份有限公司 A kind of full link operation and monitoring method of the micro services in cross-safety zone domain
CN111144159A (en) * 2019-12-11 2020-05-12 中国电子科技集团公司第三十研究所 One-way transmission system based on two-dimensional code
CN111901418A (en) * 2020-07-28 2020-11-06 北京中科麒麟信息工程有限责任公司 External terminal protection equipment and system based on one-way file transfer protocol
CN111935017A (en) * 2020-10-14 2020-11-13 腾讯科技(深圳)有限公司 Cross-network application calling method and device and routing equipment
CN112019542A (en) * 2020-08-28 2020-12-01 航天科工网络信息发展有限公司 Cross-network safety e-mail system
CN112218269A (en) * 2020-10-10 2021-01-12 中车青岛四方机车车辆股份有限公司 Train information security gateway system, data transmission method and locomotive
CN112367327A (en) * 2020-11-13 2021-02-12 国网冀北电力有限公司唐山供电公司 Power secondary equipment debugging safety access communication device and method
CN112383395A (en) * 2020-12-11 2021-02-19 海光信息技术股份有限公司 Key agreement method and device
CN112637114A (en) * 2019-09-24 2021-04-09 西门子股份公司 Method and device for monitoring data exchange of industrial edge equipment
CN112637149A (en) * 2020-12-11 2021-04-09 广东电力通信科技有限公司 Data communication method between asymmetric security policy partitions
CN112714124A (en) * 2020-12-28 2021-04-27 格美安(北京)信息技术有限公司 Cross-network and cross-border based data access security authentication method and system
CN112866351A (en) * 2020-12-31 2021-05-28 成都佳华物链云科技有限公司 Data interaction method, device, server and storage medium
CN113645248A (en) * 2021-08-17 2021-11-12 公安部交通管理科学研究所 Data exchange system and method under cross-network environment
CN113704781A (en) * 2021-07-23 2021-11-26 平安银行股份有限公司 File secure transmission method and device, electronic equipment and computer storage medium
CN113949523A (en) * 2021-08-30 2022-01-18 国网安徽省电力有限公司电力科学研究院 Cross-network transmission system and method for individual soldier
CN113965395A (en) * 2021-10-28 2022-01-21 绿盟科技集团股份有限公司 Method, system and device for safely accessing intranet in real time
CN113992372A (en) * 2021-10-20 2022-01-28 国网辽宁省电力有限公司盘锦供电公司 Optical isolation one-way network data transmission device
CN114301643A (en) * 2021-12-17 2022-04-08 苏州市保慧智能科技有限公司 Electronic data authentication encryption transmission method
CN114553528A (en) * 2022-02-22 2022-05-27 成都睿智兴华信息技术有限公司 Internal and external network data safety transmission system and transmission method thereof
WO2022174509A1 (en) * 2021-02-17 2022-08-25 黄策 Method for designing firewall
CN115065548A (en) * 2022-07-19 2022-09-16 西安热工研究院有限公司 Enhanced network security access area data management and control system and method
CN115314323A (en) * 2022-10-10 2022-11-08 深圳市华云中盛科技股份有限公司 Information transmission method and system
CN115834584A (en) * 2022-11-23 2023-03-21 重庆紫光华山智安科技有限公司 Cross-network data transmission method, device, equipment and medium
CN116346391A (en) * 2022-10-26 2023-06-27 广东省土地调查规划院 Method, device and storage medium for information interaction between home and abroad survey data and internet
CN116471103A (en) * 2023-05-04 2023-07-21 深圳市显科科技有限公司 Internal and external network data security exchange method, device and equipment based on boundary network
CN115834584B (en) * 2022-11-23 2024-05-24 重庆紫光华山智安科技有限公司 Cross-network data transmission method, device, equipment and medium

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101764768A (en) * 2010-01-19 2010-06-30 北京锐安科技有限公司 Data security transmission system
CN101977188A (en) * 2010-10-14 2011-02-16 中国科学院计算技术研究所 Malicious program detection system
CN102843352A (en) * 2012-05-15 2012-12-26 广东电网公司茂名供电局 Cross-physical isolation data transparent transmission system and method between intranet and extranet
CN103491072A (en) * 2013-09-06 2014-01-01 北京信息控制研究所 Boundary access control method based on double one-way separation gatekeepers
CN103812704A (en) * 2014-02-25 2014-05-21 国云科技股份有限公司 Public network IP (Internet Protocol) dynamic management method for virtual machine

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101764768A (en) * 2010-01-19 2010-06-30 北京锐安科技有限公司 Data security transmission system
CN101977188A (en) * 2010-10-14 2011-02-16 中国科学院计算技术研究所 Malicious program detection system
CN102843352A (en) * 2012-05-15 2012-12-26 广东电网公司茂名供电局 Cross-physical isolation data transparent transmission system and method between intranet and extranet
CN103491072A (en) * 2013-09-06 2014-01-01 北京信息控制研究所 Boundary access control method based on double one-way separation gatekeepers
CN103812704A (en) * 2014-02-25 2014-05-21 国云科技股份有限公司 Public network IP (Internet Protocol) dynamic management method for virtual machine

Cited By (77)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104618214A (en) * 2015-03-06 2015-05-13 北京深思数盾科技有限公司 Method and system for transmitting information by constructing local area network
CN104639418A (en) * 2015-03-06 2015-05-20 北京深思数盾科技有限公司 Method and system for information transmission by constructing local area network
CN104618214B (en) * 2015-03-06 2018-07-06 北京深思数盾科技股份有限公司 The method and system that structure LAN is transmitted into row information
CN104639418B (en) * 2015-03-06 2018-04-27 北京深思数盾科技股份有限公司 The method and system that structure LAN is transmitted into row information
CN107409139A (en) * 2015-03-31 2017-11-28 西门子公司 For feedback-less transmit single channel coupling device, inquiry mechanism and the method for data
CN107409139B (en) * 2015-03-31 2020-08-21 西门子交通有限责任公司 Single-path coupling device, interrogation device and method for the feedback-free transmission of data
US11223657B2 (en) 2015-03-31 2022-01-11 Siemens Aktiengesellschaft One-way coupling device, request apparatus and method for feedback-free transmission of data
CN104753962A (en) * 2015-04-23 2015-07-01 厦门雅迅网络股份有限公司 OBD (On-board diagnostics) safety management method and system
CN105516094A (en) * 2015-11-27 2016-04-20 蓝网科技股份有限公司 Industrial computer based internal-external network data exchange method and apparatus
CN106230806A (en) * 2016-07-26 2016-12-14 中国南方电网有限责任公司信息中心 Blended data custom protocol communication system under tertiary-structure network environment and method
CN106790151A (en) * 2016-12-29 2017-05-31 中铁信安(北京)信息安全技术有限公司 A kind of data isolation Transmission system and method
CN106790151B (en) * 2016-12-29 2023-02-10 中铁信安(北京)信息安全技术有限公司 Data isolation transmission system and method
CN106685992A (en) * 2017-02-14 2017-05-17 厦门畅享信息技术有限公司 Over-network safe exchange and interactive application system based on unidirectional transmission technology, and method thereof
CN107026850A (en) * 2017-03-17 2017-08-08 江苏曙光信息技术有限公司 A kind of intranet and extranet document exchange method
CN107026850B (en) * 2017-03-17 2018-07-31 中科曙光南京研究院有限公司 A kind of intranet and extranet document exchange method
CN106973050A (en) * 2017-03-23 2017-07-21 山东中创软件商用中间件股份有限公司 A kind of method and device of inter-network lock information sharing
CN107172020A (en) * 2017-04-28 2017-09-15 湖北微源卓越科技有限公司 A kind of network data security exchange method and system
CN107122474A (en) * 2017-05-02 2017-09-01 山东浪潮通软信息科技有限公司 System document docking technique implementation method under a kind of network physical isolation environment
CN106998333A (en) * 2017-05-24 2017-08-01 山东省计算中心(国家超级计算济南中心) A kind of bilateral network security isolation system and method
CN107438082A (en) * 2017-09-04 2017-12-05 安徽爱她有果电子商务有限公司 A kind of network safety system based on intranet and extranet separation
CN108040122A (en) * 2017-12-26 2018-05-15 迈普通信技术股份有限公司 Document transmission method and device
CN108040122B (en) * 2017-12-26 2020-06-19 迈普通信技术股份有限公司 File transmission method and device
CN108833395A (en) * 2018-06-07 2018-11-16 北京网迅科技有限公司杭州分公司 A kind of outer net access authentication system and authentication method based on hardware access card
CN108809975B (en) * 2018-06-07 2021-06-04 北京网迅科技有限公司杭州分公司 Internal and external network isolation system and method for realizing internal and external network isolation
CN108809975A (en) * 2018-06-07 2018-11-13 北京网迅科技有限公司杭州分公司 A kind of tertiary-structure network system and the method for realizing tertiary-structure network
CN108881270A (en) * 2018-07-02 2018-11-23 浪潮软件股份有限公司 A kind of software-based safety isolation network gate
CN108769076A (en) * 2018-07-06 2018-11-06 北京绪水互联科技有限公司 Data collecting system, method and device with network isolation function
CN108769076B (en) * 2018-07-06 2023-12-05 北京绪水互联科技有限公司 Data acquisition system, method and device with network isolation function
CN109800050A (en) * 2018-11-22 2019-05-24 海光信息技术有限公司 A kind of EMS memory management process of virtual machine, device, relevant device and system
CN109660829A (en) * 2018-12-20 2019-04-19 北京东土科技股份有限公司 Media transmission method and system between a kind of close network of height
CN109660829B (en) * 2018-12-20 2021-08-17 北京东土科技股份有限公司 Method and system for transmitting media between high-density and low-density networks
CN109787986A (en) * 2019-01-29 2019-05-21 黄策 File fragmentation public network safe transmission method
CN110166240A (en) * 2019-06-25 2019-08-23 南方电网科学研究院有限责任公司 A kind of Network Isolation password board
CN110166240B (en) * 2019-06-25 2024-05-03 南方电网科学研究院有限责任公司 Network isolation password board card
CN110535722A (en) * 2019-08-27 2019-12-03 江苏瑞中数据股份有限公司 A kind of full link operation and monitoring method of the micro services in cross-safety zone domain
CN112637114B (en) * 2019-09-24 2023-04-11 西门子股份公司 Method and device for monitoring data exchange of industrial edge equipment
US11652796B2 (en) 2019-09-24 2023-05-16 Siemens Aktiengesellschaft Method and arrangement for control data exchange of an industrial edge device
CN112637114A (en) * 2019-09-24 2021-04-09 西门子股份公司 Method and device for monitoring data exchange of industrial edge equipment
CN111144159A (en) * 2019-12-11 2020-05-12 中国电子科技集团公司第三十研究所 One-way transmission system based on two-dimensional code
CN111901418A (en) * 2020-07-28 2020-11-06 北京中科麒麟信息工程有限责任公司 External terminal protection equipment and system based on one-way file transfer protocol
CN112019542A (en) * 2020-08-28 2020-12-01 航天科工网络信息发展有限公司 Cross-network safety e-mail system
CN112019542B (en) * 2020-08-28 2022-09-30 航天科工网络信息发展有限公司 Cross-network safe e-mail system
CN112218269B (en) * 2020-10-10 2022-12-30 中车青岛四方机车车辆股份有限公司 Train information security gateway system, data transmission method and locomotive
CN112218269A (en) * 2020-10-10 2021-01-12 中车青岛四方机车车辆股份有限公司 Train information security gateway system, data transmission method and locomotive
CN111935017B (en) * 2020-10-14 2021-01-15 腾讯科技(深圳)有限公司 Cross-network application calling method and device and routing equipment
CN111935017A (en) * 2020-10-14 2020-11-13 腾讯科技(深圳)有限公司 Cross-network application calling method and device and routing equipment
CN112367327B (en) * 2020-11-13 2022-05-27 国网冀北电力有限公司唐山供电公司 Power secondary equipment debugging safety access communication device and method
CN112367327A (en) * 2020-11-13 2021-02-12 国网冀北电力有限公司唐山供电公司 Power secondary equipment debugging safety access communication device and method
CN112383395A (en) * 2020-12-11 2021-02-19 海光信息技术股份有限公司 Key agreement method and device
CN112637149A (en) * 2020-12-11 2021-04-09 广东电力通信科技有限公司 Data communication method between asymmetric security policy partitions
CN112637149B (en) * 2020-12-11 2023-09-01 广东电力通信科技有限公司 Data communication method between asymmetric security policy partitions
CN112383395B (en) * 2020-12-11 2024-01-23 海光信息技术股份有限公司 Key negotiation method and device
CN112714124B (en) * 2020-12-28 2023-04-18 格美安(北京)信息技术有限公司 Cross-network and cross-border based data access security authentication method and system
CN112714124A (en) * 2020-12-28 2021-04-27 格美安(北京)信息技术有限公司 Cross-network and cross-border based data access security authentication method and system
CN112866351B (en) * 2020-12-31 2023-08-04 成都佳华物链云科技有限公司 Data interaction method, device, server and storage medium
CN112866351A (en) * 2020-12-31 2021-05-28 成都佳华物链云科技有限公司 Data interaction method, device, server and storage medium
WO2022174509A1 (en) * 2021-02-17 2022-08-25 黄策 Method for designing firewall
CN113704781A (en) * 2021-07-23 2021-11-26 平安银行股份有限公司 File secure transmission method and device, electronic equipment and computer storage medium
CN113704781B (en) * 2021-07-23 2023-05-26 平安银行股份有限公司 File secure transmission method and device, electronic equipment and computer storage medium
CN113645248A (en) * 2021-08-17 2021-11-12 公安部交通管理科学研究所 Data exchange system and method under cross-network environment
CN113949523A (en) * 2021-08-30 2022-01-18 国网安徽省电力有限公司电力科学研究院 Cross-network transmission system and method for individual soldier
CN113992372A (en) * 2021-10-20 2022-01-28 国网辽宁省电力有限公司盘锦供电公司 Optical isolation one-way network data transmission device
CN113965395A (en) * 2021-10-28 2022-01-21 绿盟科技集团股份有限公司 Method, system and device for safely accessing intranet in real time
CN113965395B (en) * 2021-10-28 2024-02-09 绿盟科技集团股份有限公司 Method, system and device for safely accessing intranet in real time
CN114301643A (en) * 2021-12-17 2022-04-08 苏州市保慧智能科技有限公司 Electronic data authentication encryption transmission method
CN114553528A (en) * 2022-02-22 2022-05-27 成都睿智兴华信息技术有限公司 Internal and external network data safety transmission system and transmission method thereof
CN114553528B (en) * 2022-02-22 2024-04-19 成都睿智兴华信息技术有限公司 Internal and external network data safety transmission system and transmission method thereof
CN115065548B (en) * 2022-07-19 2024-04-26 西安热工研究院有限公司 Enhanced network security access area data management and control system and method
CN115065548A (en) * 2022-07-19 2022-09-16 西安热工研究院有限公司 Enhanced network security access area data management and control system and method
CN115314323B (en) * 2022-10-10 2023-02-10 深圳市华云中盛科技股份有限公司 Information transmission method and system
CN115314323A (en) * 2022-10-10 2022-11-08 深圳市华云中盛科技股份有限公司 Information transmission method and system
CN116346391A (en) * 2022-10-26 2023-06-27 广东省土地调查规划院 Method, device and storage medium for information interaction between home and abroad survey data and internet
CN116346391B (en) * 2022-10-26 2023-11-10 广东省土地调查规划院 Method, device and storage medium for information interaction between home and abroad survey data and internet
CN115834584A (en) * 2022-11-23 2023-03-21 重庆紫光华山智安科技有限公司 Cross-network data transmission method, device, equipment and medium
CN115834584B (en) * 2022-11-23 2024-05-24 重庆紫光华山智安科技有限公司 Cross-network data transmission method, device, equipment and medium
CN116471103A (en) * 2023-05-04 2023-07-21 深圳市显科科技有限公司 Internal and external network data security exchange method, device and equipment based on boundary network
CN116471103B (en) * 2023-05-04 2023-09-22 深圳市显科科技有限公司 Internal and external network data security exchange method, device and equipment based on boundary network

Similar Documents

Publication Publication Date Title
CN104363221A (en) Network safety isolation file transmission control method
US11368437B2 (en) Method and apparatus for repercussion-free unidirectional transfer of data to a remote application server
CN107018134B (en) Power distribution terminal safety access platform and implementation method thereof
BR112017016047A2 (en) methods of transmitting a packet and packets containing digital data through a cloud and digital data transmission through a cloud.
CN110798471B (en) Air conditioner management method and related device
EP3387781A1 (en) Key exchange through partially trusted third party
CN108243143B (en) Web agent-based gatekeeper penetration method and system
EP3424178A1 (en) Deterministic reproduction of client/server computer state or output sent to one or more client computers
US9237125B1 (en) System and associated methods for secure communications
CN109413060A (en) Message processing method, device, equipment and storage medium
CN102710759A (en) Web server, business logging method and system
TW200841682A (en) Key exchange verification
US20210176223A1 (en) Apparatus and method for transmitting data between a first and a second network
CN108306872B (en) Network request processing method and device, computer equipment and storage medium
WO2014173365A1 (en) Ftp application layer packet filtering method, device and computer storage medium
EP4270867A1 (en) Secure communication method, apparatus, and system for dc interconnection
CN105282095A (en) Login verification method and device of virtual desktop
CN104270347B (en) The methods, devices and systems of security control
US20170223045A1 (en) Method of forwarding data between computer systems, computer network infrastructure and computer program product
Nowlan et al. Reducing latency in Tor circuits with unordered delivery
CN104394171A (en) Data operating method and device
CN112261002B (en) Data interface docking method and device
CN110474884B (en) Ethernet network system, communication method, communication equipment and computer readable storage medium
CN105721274A (en) Method and device for integrating variety of instant messaging
CN111953742B (en) Page redirection method, terminal equipment, intermediate equipment and server

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
WD01 Invention patent application deemed withdrawn after publication

Application publication date: 20150218

WD01 Invention patent application deemed withdrawn after publication