CN104486336A - Device for safely isolating and exchanging industrial control networks - Google Patents
Device for safely isolating and exchanging industrial control networks Download PDFInfo
- Publication number
- CN104486336A CN104486336A CN201410771706.8A CN201410771706A CN104486336A CN 104486336 A CN104486336 A CN 104486336A CN 201410771706 A CN201410771706 A CN 201410771706A CN 104486336 A CN104486336 A CN 104486336A
- Authority
- CN
- China
- Prior art keywords
- data
- security
- processor
- opc
- network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L49/00—Packet switching elements
- H04L49/10—Packet switching elements characterised by the switching fabric construction
- H04L49/102—Packet switching elements characterised by the switching fabric construction using shared medium, e.g. bus or ring
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/20—Network architectures or network communication protocols for network security for managing network security; network security policies in general
Abstract
The invention discloses a device for safely isolating and exchanging industrial control networks and belongs to the technical field of security of the industrial control networks. A '2+1' structure system is adopted; the device comprises an external network processor, an internal network processor and an isolating and exchanging unit, wherein the isolating and exchanging unit is of a two-channel structure based on a bus and is connected with the external network processor and the internal network processor by virtue of an PCI bus. According to the device, the bus-based two-channel isolation control technology is used for opening and closing two channels in real time; bidirectional data transmission of the internal network and the external network is converted to two unidirectional data transmissions; the safe isolation of the internal network and the external network is ensured from hardware and software; many security problems in the bidirectional transmission of the same system in the conventional security technology are solved; meanwhile, the hardware cost and the complexity are reduced; the system reliability and the data exchange rate can be increased; the switching time is shortened.
Description
Technical field
The invention belongs to industrial control network security technology area, particularly relate to a kind of industrial control network Secure isolation switch.
Background technology
Industrial control system is responsible for the continuous control to process units, has the high reliability request and not ductile high real-time requirement that can not be interrupted.At present for the security protection of part industrial control network, although have employed the guard technology of various complexity, as fire compartment wall, intruder detection system, viral wall etc., these mechanism are all a kind of protections of logic mechanism, owing to there is communication link, may be handled for logic entity; Meanwhile, the extreme complexity of logic mechanism and limitation, the on-line analysis technology formed also cannot meet demand and the requirement of real-time of high speed information exchange; The stability of many online killings, cloud killing technology meeting influential system, antivirus applet upgrading and software patch may cause system reboot, are not suitable for continuous flow procedure; The safety measure in application conventional information field, as VPNs, fire compartment wall, IDSs intrusion detection etc. mainly concentrate on network layer, for the protection of the external attack of business network from Internet, security threat can be reduced, but not real physical isolation, meanwhile, lack the filtration to application layer content, can not stop and internal attack, thoroughly can not block the attack for the leak such as operating system, ICP/IP protocol; For the attack of proprietary industry communications protocol leak, the safety device of traditional message area is also helpless.
Traditionally; static security defence policies is adopted to carry out Prevention-Security; as fire compartment wall, intrusion detection, information encryption, message authentication, authentication, access control and operating system protection etc.; these technology are all the protections based on software; it is a kind of logic mechanism; this may be handled for logic entity (i.e. hacker or internal user), and simultaneously the extreme complexity of these technology and limitation, make them cannot reach the requirement of higher data security.
From technology trends, effectively block known and unknown attack, take precautions against security breaches, isolating exterior network and internal network also can keep data high-speed to exchange, and are the developing direction of network security technology.The country that current technology of network isolation research grasps network security advanced technology in the U.S., Israel etc. obtains development and application, network safety filed at home, and technology of network isolation have also been obtained enough attention.But with regard to technical merit, also there is larger gap compared with abroad.What the matured product on domestic market was many is physical isolation card; this product also has many defects, can not meet the needs of application completely, as physical isolation card can only protect single computer; can not protecting network, and switching operating system needs to restart.The product of more existing physically based deformation isolation, as adopted the isolation interchanger of real-time exchange technology owing to can carry out the exchanges data of high-speed secure between network, is therefore with a wide range of applications and higher market value.
The firewall hardware platform that current most of gateway product adopts industrial PC company to produce is the hardware platform of self, mixes the product of the software simulating of oneself.Hardware platform is similar, and software systems vary, and cause these product ubiquity commercialization work poor, failure rate is high, the problem that exchanges data speed is low.Domestic gateway supports 100,000,000 networks, and as its exchange velocity of Leadsec SIS-3000 safety isolation network gate 35Mbps, Zhuhai Victory-idea ViGap exchange velocity is 90Mbps, and the fastest exchange velocity of current domestic gateway is 120Mbps.Therefore, the isolation gap of separate unit cannot adapt to the exigent application scenario of exchange velocity, as gigabit networking system.Faced with this situation, great majority adopt several isolation gaps to work simultaneously now, and such solution considerably increases the cost of system.
Gateway has good fail safe to static data, but just helpless for continuous print data flow; Price is high: generally several ten thousand-millions of; Application surface is narrow: domestic gateway product spreads unchecked very much, and seldom there is domestic similar gateway product in external large factory.Although propose the concept of gateway abroad for a long time, but this product one is directly subordinate to the single special product of application, is applied to Http as domestic these and browses online, database can be used for, the omnipotent product of file-sharing can be used for depart from the concept that so-called agreement is isolated completely.From present case, the gateway that market occurs much fails the disconnection of the data link layer realizing osi model.Any Data Interchange Technology based on communication protocol, all cannot eliminate the connection of link, is not therefore complete technology of network isolation.
Therefore for guaranteeing the information security of industrial control network; we intend the Physical-separation Technology adopting high safety, on claimed network channel, set up an independently physical security isolation switching system; cut off network by the approach attacked, really realize the protection of Cyberthreat.From technology trends, effectively block known and unknown attack, take precautions against security breaches, isolating exterior network and internal network also can keep data high-speed to exchange, and are the developing direction of network security technology.
Summary of the invention
The object of the present invention is to provide a kind of industrial control network Secure isolation switch, it is a kind of physical security spacer assembly truly, exchanges data at a high speed can also be ensured simultaneously, not only can the external attack based on ICP/IP protocol leak on protected network level, as Port Scan Attacks; And the security risk etc. that major part that is content-based, proprietary protocol internals attack, stops because operating system and procotol self leak bring to a certain extent can be processed.
The present invention adopts the structural system of 2+1, comprises outer net processor, Intranet processor and isolation crosspoint, wherein isolates crosspoint employing based on the channel structure of bus, is connected with outer net processor, Intranet processor by pci bus.
As a preferred version of the present invention, described outer net processor and Intranet processor are symmetrical structures, all at least comprise: processor, memory, Ethernet interface and associated security module; Wherein said processor is high-performance embedded processor, and Ethernet interface at least comprises a gigabit network interface and a 100-M network Ethernet, and described gigabit network interface is for connecting external network or internal network, and described 100-M network Ethernet is used for connection management configure host;
Described associated security module is installed in the device with plug-in unit pattern, at least comprises access control module, standard agreement checking module, proprietary protocol security engine, content filtering module.
Described proprietary protocol security engine, at least comprises OPC, Modbus/TCP protocol security engine that industrial control network is conventional.
The described engine-operated mode of OPC protocol security is as follows:
A. adopt the communication tracking technique of industrial protocol, dynamically follow the tracks of TCP or the udp port of opc server distribution, dynamic opening is opened port and is realized data communication; Simultaneously according to application scenarios data transmission scenarios, employing dynamic self-adapting switching algorithm arranges the time that port is opened, and the overtime upper limit, just assert invalid communication, carries out follow-up process;
B. adopt Protocol integrity inspection method, carry out degree of depth inspection according to OPC Classic reference format to the OPC data of catching, incongruent OPC request of data is prevented from;
C. adopt data encryption and checking algorithm, ensure the fail safe of OPC data.
Wherein, described OPC data encryption and checking algorithm comprise and add data CRC check position and cryptographic algorithm by RPC/OPC head and tail.
Described Modbus/TCP protocol security engine comprises Modbus/TCP protocol depth bag and detects.
Described content filtering module comprises the hybrid filtering model based on Keywords matching and semantic matches.
As another preferred version of the present invention, described isolation crosspoint comprises internal security control board and external security control plate, every block security control plate comprises respective fpga chip and dual-port cache chip, and two blocks of security control plates are connected by LVDS bus; Wherein FPGA inside has data integrity verifying module and/or data compression and/or encrypting module, and to user transparent, ensure that the fail safe of exchanges data.
As another preferred version of the present invention, in described isolation crosspoint, FPGA inside has data compression and encrypting module, to user transparent, further ensures the fail safe of exchanges data.
The described device course of work relates to two processing procedures, and namely agreement is peeled off and safe handling flow process and protocol encapsulation and session establishment flow process.Information needs the inspection through multiple security module by device transmission, to verify the legitimacy of exchanged information.When access request arrives intranet and extranet processor, first realize the termination that TCP connects, guarantee that ICP/IP protocol directly or by agent way can not penetrate network security isolation switch; Then, intranet and extranet processor can carry out preliminary treatment according to security strategy to access request, judge whether to meet access control policy, and according to RFC or custom strategies, application layer protocol inspection and information filtering are carried out to packet, check legitimacy and the fail safe of its payload.Once packet have passed safety inspection, intranet and extranet processor can format packet, converts the transmission information of each legal data packet and transmission data to proprietary format data respectively, leaves buffering area wait in and is isolated crosspoint process; The process of isolation crosspoint reads in data by pci bus, carries out the process such as data integrity check in FPGA inside, if verification is passed through, then by the storage chip read-write on hardware, completes exchanges data; After exchanges data, rebuild ICP/IP protocol and application protocol, set up session with intranet and extranet, realize transparent transmission.The transfer of data form of this " static state " can not perform, and does not rely on any puppy parc, can only be identified and process by the inter-process of system mechanism, therefore can avoid suffering utilizing the threat of various known or unknown network layer leak.
Wherein, clear data exchange scheme adopts structural data DIF, realizes the exchange continuously fast of the arbitrary structures data block that various different types of data (numeral, text, bit string) forms.Data are organized into data block, and data block arranges according to hierarchical structure.Block is made up of head and data volume (content).Block type can be atomicity block (content is clear data) or structuring block (content part comprises a block list), can construct the structured data of any stratification in this data block.Facilitate exchanges data and parsing, provide api function for application call, as read/write function.
The invention provides the industrial control network Secure isolation switch of a high-speed high-performance; by the composite defense of software and hardware; realize the Secure isolation of Intranet and outer net, protection internal network is attacked from outside invasion, and internal, external network can carry out exchanges data at a high speed simultaneously.
Compared with prior art, the present invention adopts the structural system of " 2+1 ", intranet and extranet processor respectively adopts independently operating system to manage, exchanges data adopts the exchanged form having peeled off the data block of the employing proprietary format of ICP/IP protocol, and the security strategy such as integrity checking and verification is provided, stop the potential safety hazard brought due to the fragility of TCP/IP procotol fragility and part operation system; Based on the binary channels isolated controlling technology of bus, realize binary channels Real-Time Switch, the bidirectional data transfers of internal, external network is converted to two one-way data transfer, ensure the Secure isolation of intranet and extranet from hardware and software, solve many safety problems that conventional security technology exists in same system bidirectional transmits; Transmitting data in physical layer adopts the high-speed bus scheme based on FPGA, compares, reduces hardware cost and complexity, improve system reliability and data exchange rate, reduce switching time with traditional GAP Technology based on SCSI with the scheme of air switch.
Accompanying drawing explanation
Fig. 1 is the industrial control network Secure isolation switch structure chart of a kind of embodiment of the present invention.
Fig. 2 is the isolation crosspoint structural representation of a kind of embodiment of the present invention.
Fig. 3 is the isolation crosspoint read-write logical schematic of a kind of embodiment of the present invention.
Fig. 4 is the workflow diagram of a kind of embodiment of the present invention.
Embodiment
Fig. 1 ~ Fig. 4 is the specific embodiment of the present invention.Below in conjunction with the drawings and specific embodiments, the present invention is further illustrated.
As shown in Figure 1, adopt the structural system of " 2+1 ", comprise outer net processor, Intranet processor and isolation crosspoint, wherein isolate crosspoint employing based on the channel structure of bus, be connected by pci bus with internal, external network processor.
Hardware structure adopts " 2+1 " structure, i.e. dual system+isolation crosspoint model, dual system has independently operating system respectively; In order to the shortcoming that the exchanges data speed overcoming legacy network Secure isolation product is low, time of delay is long, select pci bus to carry out transfer of data, utilize internal memory reflection technology, realize the storage forwarding of data.
Described outer net processor and Intranet processor are symmetrical structures, all at least comprise: processor, memory, Ethernet interface and associated security module; Wherein said processor is high-performance embedded processor, and Ethernet interface at least comprises a gigabit network interface and a 100-M network Ethernet, and described gigabit network interface is for connecting external network or internal network, and described 100-M network Ethernet is used for connection management configure host.
Described associated security module is installed in the device with plug-in unit pattern, at least comprises access control module, standard agreement checking module, proprietary protocol security engine, content filtering module.
Described proprietary protocol security engine, at least comprises OPC, Modbus/TCP protocol security engine that industrial control network is conventional.
Described OPC protocol security engine comprises following characteristics:
A. adopt the communication tracking technique of industrial protocol, dynamically follow the tracks of TCP or the udp port of opc server distribution, dynamic opening is opened port and is realized data communication; Simultaneously according to application scenarios data transmission scenarios, employing dynamic self-adapting switching algorithm arranges the time that port is opened, and the overtime upper limit, just assert invalid communication, carries out follow-up process;
B. adopt Protocol integrity inspection method, carry out degree of depth inspection according to OPC Classic reference format to the OPC data of catching, incongruent OPC request of data is prevented from;
C. adopt data encryption and checking algorithm, ensure the fail safe of OPC data.Wherein, described OPC data encryption and checking algorithm comprise and add data CRC check position and cryptographic algorithm by RPC/OPC head and tail.
Described Modbus/TCP protocol security engine comprises Modbus/TCP protocol depth bag and detects.The deep enough agreement of its energy is inner, specifies the Modbus order of permission, register and coil list, automatically stops and report the communication not meeting safety regulation, check and stop the Content of communciation not meeting Modbus communication protocol.
Described content filtering module comprises the hybrid filtering model based on Keywords matching and semantic matches.This filtering model, based on the application of concrete industrial control network, extracts relevant keyword and semantic table.
Described isolation crosspoint comprises internal security control board and external security control plate, and as shown in Figure 2, every block security control plate comprises respective fpga chip and dual-port cache chip, and two blocks of security control plates are connected by LVDS bus; Wherein FPGA inside has data integrity verifying module and/or data compression and/or encrypting module, and to user transparent, ensure that the fail safe of exchanges data.
Secure isolation technology all adopts the design of special isolation hardware to complete isolation features, and hardware designs ensures that internetwork link layer disconnects at any time, blocking TCP/IP agreement and other procotols; This hardware does not provide programming soft interface simultaneously, not by Systematical control, only provides control switch physically.Such hacker cannot from the long-range control obtaining hardware, and isolation hardware effort, at the bottom of system, also can not cause safety problem to produce even if ensure that system hardware breaks down.
The realization of bus control technology adopts the static memory DPRAM of dual-port, coordinate based on independently FPGA control circuit, the logic switch of two port controlling is realized by combinational logic circuit, dual-port is connected to independently on main frame each via logic switch, DPRAM provides 2 completely independently ports, and each port has oneself control line, address wire and I/O data wire respectively.2 CPU can read and write arbitrary DPRAM unit independently.Dual-port SRAM is unique passage of connection two pieces of mainboards.
Data retransmission is realized by the mode of pci bus shared memory.PCI equipment realizes controlling Signal transmissions in the mode of bus line command.It is as a translation interface that pci interface controls, and work between pci bus and the inner FIFO of user FPGA, its major function has been a function served as bridge, completes the memory in FPGA and the information transmission between pci bus.
The exploitation of pci bus interface adopts FPGA as development platform, and its advantage is programmability flexibly, and first pci interface can carry out optimization according to plug-in card function, and need not realize all PCI functions, can save the logical resource of system like this.And, user can by other user logics on PCI plug-in card and pci interface logic on a single die integrated, realize compact system.When system upgrade, only need to re-start logical design to programming device.
Binary channels design is the exchanges data speed in order to improve Secure isolation switch to greatest extent, and the present invention adopts two dual-port SRAM respectively as two buffering areas of inside and outside security control plate, realizes two one-way transmission, i.e. binary channels real-time Data Transmission.The isolation crosspoint of this Double buffer channel structure comprises inside and outside two blocks of security control plates, and every block security control plate comprises respective FPGA and buffer memory.Be connected by LVDS bus between two blocks of security control plates.LVDS is a kind of differential data transmission technology, has the features such as speed is fast, power consumption is little, strong interference immunity.Data throughout between outer net processor with Intranet processor is identical with pci bus, namely under 33MHz pci clock frequency, the theoretical peak data throughout of 32 PCI parallel data bus lines is 32bit*33MHz=1056Mbps, exceed 1Gbps, therefore apply the transmission bottleneck that LVDS technology can overcome physical layer, thus realize the high speed communication between two security domains.
As shown in Figure 2, flow to Intranet for data from outer net and its workflow is described: data carry out the operations such as access control, agreement stripping and inspection, information filtering, data format encapsulation at the software platform of outer net processor, then enter external security control plate by pci bus; Data flow in FIFO and the FPGA on external security control plate simultaneously, data integrity verifying is carried out in FPGA inside, if verification is passed through, data then in FIFO are by LVDS stringization chip, TTL signal data is turned to LVDS differential signal by string, then be sent in LVDS bus, arrived by balanced cable on the security control plate of Intranet.Be introduced into LVDS to unstring chip, data revert to TTL signal by LVDS differential signal, carry out date restoring and coding sending into the FPGA inside on internal security control board, the software platform entering internal processor by pci bus after coding carries out the operation such as Protocol reassembling and data processing.
Isolation crosspoint reads and writes logic as shown in Figure 3: define two dual-port RAMs (DPRAM) and be respectively buffer memory 1, buffer memory 2.Outer net processor can only write data and sense data from buffer memory 2 by K1 in buffer memory 1, and Intranet processor can only by K2 sense data and write data from buffer memory 2 from buffer memory 1, namely the operation of " reading " or simultaneously " writing " while that two DPRAM can only performing, can be realized by XOR.
As shown in Figure 4, the described device course of work relates to two processing procedures, and namely agreement is peeled off and safe handling flow process and protocol encapsulation and session establishment flow process.Information needs the inspection through multiple security module by device transmission, to verify the legitimacy of exchanged information.When access request arrives intranet and extranet processor, first realize the termination that TCP connects, guarantee that ICP/IP protocol directly or by agent way can not penetrate network security isolation switch; Then, intranet and extranet processor can carry out preliminary treatment according to security strategy to access request, judge whether to meet access control policy, and according to RFC or custom strategies, application layer protocol inspection and information filtering are carried out to packet, check legitimacy and the fail safe of its payload.Once packet have passed safety inspection, intranet and extranet processor can format packet, converts the transmission information of each legal data packet and transmission data to proprietary format data respectively, leaves buffering area wait in and is isolated crosspoint process; The process of isolation crosspoint reads in data by pci bus, carries out the process such as data integrity check in FPGA inside, if verification is passed through, then by the storage chip read-write on hardware, completes exchanges data; After exchanges data, rebuild ICP/IP protocol and application protocol, set up session with intranet and extranet, realize transparent transmission.The transfer of data form of this " static state " can not perform, and does not rely on any puppy parc, can only be identified and process by the inter-process of system mechanism, therefore can avoid suffering utilizing the threat of various known or unknown network layer leak.
Wherein, clear data exchange scheme adopts structural data exchanged form, realizes the exchange continuously fast of the arbitrary structures data block that various different types of data (numeral, text, bit string) forms.Data are organized into data block, data block is by hierarchical structure arrangement, block is made up of head and data volume (content), block type can be atomicity block (content is clear data) or structuring block (content part comprises a block list), can construct the structured data of any stratification in this data block; Facilitate exchanges data and parsing, provide api function for application call, as read/write function.
Above the technical scheme that embodiment of the present invention provides is described in detail, apply principle that specific embodiment implements the present invention herein and execution mode is set forth, the explanation of above embodiment just understands principle of the invention process for helping; Meanwhile, for one of ordinary skill in the art, the embodiment of the present invention, embodiment and range of application all change part, and in sum, this description should not be construed as limitation of the present invention.
Claims (7)
1. an industrial control network Secure isolation switch, it is characterized in that: comprise outer net processor, Intranet processor and isolation crosspoint, wherein isolate crosspoint employing based on the channel structure of bus, be connected by pci bus with outer net processor, Intranet processor;
Described outer net processor and Intranet processor are symmetrical structures, all at least comprise: processor, memory, Ethernet interface and associated security module; Wherein, described processor is high-performance embedded processor, and Ethernet interface at least comprises a gigabit network interface and a 100-M network Ethernet, and described gigabit network interface is for connecting external network or internal network, and described 100-M network Ethernet is used for connection management configure host; Described associated security module is installed in the device with plug-in unit pattern, and described associated security module at least comprises access control module, standard agreement checking module, proprietary protocol security engine, content filtering module;
Described isolation crosspoint comprises internal security control board and external security control plate, and described security control plate comprises respective fpga chip and dual-port cache chip, and described two blocks of security control plates are connected by LVDS bus; Described FPGA inside has data integrity verifying module and/or data compression and/or encrypting module, and to user transparent.
2. industrial control network Secure isolation switch according to claim 1, is characterized in that: described proprietary protocol security engine, at least comprises OPC, Modbus/TCP protocol security engine that industrial control network is conventional.
3. industrial control network Secure isolation switch according to claim 2, is characterized in that: the described engine-operated mode of OPC protocol security is as follows:
A. adopt the communication tracking technique of industrial protocol, dynamically follow the tracks of TCP or the udp port of opc server distribution, dynamic opening is opened port and is realized data communication; Simultaneously according to application scenarios data transmission scenarios, employing dynamic self-adapting switching algorithm arranges the time that port is opened, and the overtime upper limit, just assert invalid communication, carries out follow-up process;
B. adopt Protocol integrity inspection method, carry out degree of depth inspection according to OPC Classic reference format to the OPC data of catching, incongruent OPC request of data is prevented from;
C. adopt data encryption and checking algorithm, ensure the fail safe of OPC data.
4. industrial control network Secure isolation switch according to claim 3, is characterized in that: described OPC data encryption and checking algorithm comprise and add data CRC check position and cryptographic algorithm by RPC/OPC head and tail.
5. industrial control network Secure isolation switch according to claim 2, is characterized in that: described Modbus/TCP protocol security engine comprises Modbus/TCP protocol depth bag and detects.
6. industrial control network Secure isolation switch according to claim 1, is characterized in that: described content filtering module comprises the hybrid filtering model based on Keywords matching and semantic matches.
7. industrial control network Secure isolation switch according to claim 1, is characterized in that:
Described device adopts structural data exchanged form, realizes various different types of data, comprises numeral, text, bit string, the continuous exchange of the arbitrary structures data block of composition; Described data block is by hierarchical structure arrangement, and be made up of head and data volume, described data block type is atomicity block or structuring block, can construct the structured data of any stratification in described data block.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410771706.8A CN104486336A (en) | 2014-12-12 | 2014-12-12 | Device for safely isolating and exchanging industrial control networks |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410771706.8A CN104486336A (en) | 2014-12-12 | 2014-12-12 | Device for safely isolating and exchanging industrial control networks |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104486336A true CN104486336A (en) | 2015-04-01 |
Family
ID=52760840
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410771706.8A Pending CN104486336A (en) | 2014-12-12 | 2014-12-12 | Device for safely isolating and exchanging industrial control networks |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104486336A (en) |
Cited By (51)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105022335A (en) * | 2015-07-03 | 2015-11-04 | 北京科技大学 | Method and device for filtering link command of PLC upper computer based on RS232 communication protocol |
| CN105208352A (en) * | 2015-10-16 | 2015-12-30 | 杭州中威电子股份有限公司 | Safe monitoring system and physical isolation method for network video |
| CN105204583A (en) * | 2015-10-16 | 2015-12-30 | 杭州中威电子股份有限公司 | Physical isolation system and isolation method constructed based on embedded type system |
| CN105391613A (en) * | 2015-11-19 | 2016-03-09 | 四川中鼎自动控制有限公司 | Hydropower station Ethernet-type security isolation device inside-outside universal data bridge |
| CN105516094A (en) * | 2015-11-27 | 2016-04-20 | 蓝网科技股份有限公司 | Industrial computer based internal-external network data exchange method and apparatus |
| CN105592107A (en) * | 2016-03-01 | 2016-05-18 | 南京富岛信息工程有限公司 | Device and method for safely collecting industrial process data on basis of FPGA |
| CN105656883A (en) * | 2015-12-25 | 2016-06-08 | 冶金自动化研究设计院 | Unidirectional transmission internal and external network secure isolating gateway applicable to industrial control network |
| CN105791265A (en) * | 2016-01-08 | 2016-07-20 | 国家电网公司 | Network element security detection method and system |
| CN106330973A (en) * | 2016-10-27 | 2017-01-11 | 国网江苏省电力公司南京供电公司 | Data security exchange method based on black list and white list |
| CN106549969A (en) * | 2016-11-21 | 2017-03-29 | 英赛克科技(北京)有限公司 | Data filtering method and device |
| CN106843058A (en) * | 2017-03-03 | 2017-06-13 | 南京富岛信息工程有限公司 | A kind of the secure data harvester and acquisition method of hiding control system IP address |
| CN106941494A (en) * | 2017-03-30 | 2017-07-11 | 中国电力科学研究院 | A kind of security isolation gateway and its application method suitable for power information acquisition system |
| CN106998333A (en) * | 2017-05-24 | 2017-08-01 | 山东省计算中心(国家超级计算济南中心) | A kind of bilateral network security isolation system and method |
| CN107070907A (en) * | 2017-03-31 | 2017-08-18 | 杭州通悟科技有限公司 | Intranet and extranet data unidirectional transmission method and system |
| CN107360134A (en) * | 2017-06-08 | 2017-11-17 | 杭州谷逸网络科技有限公司 | Safety long-distance controls the implementation method and its security system of terminal |
| CN107786404A (en) * | 2017-09-20 | 2018-03-09 | 北京东土科技股份有限公司 | The security implementation method and device of industry internet field layer wideband bus framework |
| CN107948209A (en) * | 2018-01-05 | 2018-04-20 | 宝牧科技(天津)有限公司 | A kind of network security partition method and device |
| CN108055244A (en) * | 2017-11-27 | 2018-05-18 | 珠海市鸿瑞信息技术股份有限公司 | A kind of dual processor system network security partition method based on SRIO interfacings |
| CN108337328A (en) * | 2018-05-17 | 2018-07-27 | 广东铭鸿数据有限公司 | A kind of data exchange system, data uploading method and data download method |
| CN108494672A (en) * | 2018-04-17 | 2018-09-04 | 上海振华重工(集团)股份有限公司 | A kind of industrial communication gateway, industrial data security isolation system and method |
| CN108881302A (en) * | 2018-08-02 | 2018-11-23 | 浙江中控研究院有限公司 | Industrial Ethernet and BLVDS bus bar communication device and industrial control system |
| CN109347885A (en) * | 2018-12-05 | 2019-02-15 | 华北理工大学 | A kind of network authentication system and its authentication method |
| CN109495509A (en) * | 2018-12-27 | 2019-03-19 | 北京奇安信科技有限公司 | Data transmission method, equipment, system and the medium of gateway |
| CN109508551A (en) * | 2018-11-08 | 2019-03-22 | 成都卫士通信息产业股份有限公司 | A kind of safe system switching method, device, electronic equipment and storage medium |
| CN109561091A (en) * | 2018-11-30 | 2019-04-02 | 冶金自动化研究设计院 | A kind of network security protection system for civil air defense constructions and installations |
| CN109617866A (en) * | 2018-11-29 | 2019-04-12 | 英赛克科技(北京)有限公司 | Industrial control system host session data filtering method and device |
| CN109660565A (en) * | 2019-02-18 | 2019-04-19 | 安徽励图信息科技股份有限公司 | A kind of isolation gap equipment and implementation method |
| CN109698826A (en) * | 2018-12-06 | 2019-04-30 | 贵州电网有限责任公司 | In a kind of electrical power services device between exchange system port security isolation implementation method |
| CN110247924A (en) * | 2019-06-25 | 2019-09-17 | 深圳市利谱信息技术有限公司 | Transmitted in both directions and control system and data transmission method based on physical transfer |
| CN110351220A (en) * | 2018-04-02 | 2019-10-18 | 蓝盾信息安全技术有限公司 | One kind realizing gateway efficient data scanning technique based on packet filtering |
| CN110417756A (en) * | 2019-07-11 | 2019-11-05 | 北京百度网讯科技有限公司 | Across a network data transmission method and device |
| CN110800269A (en) * | 2017-07-05 | 2020-02-14 | 西门子交通有限责任公司 | Device and method for the reaction-free unidirectional transmission of data to a remote application server |
| CN110971621A (en) * | 2020-01-09 | 2020-04-07 | 四川卫士通信息安全平台技术有限公司 | Embedded multi-CPU interconnection circuit based on SDIO interface, interconnection method and driving method |
| CN111104458A (en) * | 2019-11-12 | 2020-05-05 | 杭州创谐信息技术股份有限公司 | Distributed data exchange system and method based on RK3399Pro |
| CN111314383A (en) * | 2020-03-22 | 2020-06-19 | 国网浙江省电力有限公司绍兴供电公司 | System for realizing data synchronous acquisition and network blocking isolation based on internal bus |
| CN111399463A (en) * | 2019-12-24 | 2020-07-10 | 上海可鲁系统软件有限公司 | Industrial network data one-way isolation method and device |
| CN111679640A (en) * | 2020-06-05 | 2020-09-18 | 深圳融安网络科技有限公司 | Industrial data acquisition and isolation device based on virtualization technology and data transmission method |
| CN111970256A (en) * | 2020-07-31 | 2020-11-20 | 深圳市研锐智能科技有限公司 | Intelligent isolation and information exchange network brake system |
| CN112073375A (en) * | 2020-08-07 | 2020-12-11 | 中国电力科学研究院有限公司 | Isolation device and isolation method suitable for power Internet of things client side |
| CN112134742A (en) * | 2020-10-14 | 2020-12-25 | 合肥中科泛再物联网科技有限公司 | Equipment system and method for on-line monitoring end of energy consumption of key energy consumption unit |
| CN112787974A (en) * | 2019-11-05 | 2021-05-11 | 杭州海康威视数字技术股份有限公司 | Gateway, data transmission method and electronic equipment |
| CN112783117A (en) * | 2020-12-29 | 2021-05-11 | 浙江中控技术股份有限公司 | Method and device for data isolation between security and conventional control applications |
| CN113110268A (en) * | 2021-05-28 | 2021-07-13 | 国家计算机网络与信息安全管理中心 | Monitoring system, data acquisition equipment and method for rail transit control network |
| CN113271301A (en) * | 2021-05-12 | 2021-08-17 | 大连交通大学 | Network gate system communication method based on embedded multi-core processing mode |
| CN114095184A (en) * | 2020-07-15 | 2022-02-25 | 中国航发上海商用航空发动机制造有限责任公司 | Data transmission system and transmission method thereof |
| CN114465821A (en) * | 2022-04-02 | 2022-05-10 | 浙江国利网安科技有限公司 | Data transmission system and data transmission method |
| CN114513444A (en) * | 2022-02-15 | 2022-05-17 | 南京鑫蓝优图信息技术有限公司 | Inspection gateway with network gate function and data uploading and issuing method |
| CN114766086A (en) * | 2019-12-19 | 2022-07-19 | 西门子交通有限责任公司 | Transmission device for transmitting data |
| CN115086083A (en) * | 2022-08-19 | 2022-09-20 | 中孚信息股份有限公司 | FPGA-based network gate isolation switching system and method |
| CN115801452A (en) * | 2023-01-30 | 2023-03-14 | 北京万维盈创科技发展有限公司 | Data acquisition instrument with network security isolation function |
| CN116471103A (en) * | 2023-05-04 | 2023-07-21 | 深圳市显科科技有限公司 | Internal and external network data security exchange method, device and equipment based on boundary network |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102438026A (en) * | 2012-01-12 | 2012-05-02 | 冶金自动化研究设计院 | Industrial control network security protection method and system |
| CN202856781U (en) * | 2012-08-29 | 2013-04-03 | 广东电网公司电力科学研究院 | Industrial control system main station safety device |
| CN103401756A (en) * | 2013-08-21 | 2013-11-20 | 北京华烽泰特科技有限公司 | Security protection system used for industrial network |
-
2014
- 2014-12-12 CN CN201410771706.8A patent/CN104486336A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102438026A (en) * | 2012-01-12 | 2012-05-02 | 冶金自动化研究设计院 | Industrial control network security protection method and system |
| CN202856781U (en) * | 2012-08-29 | 2013-04-03 | 广东电网公司电力科学研究院 | Industrial control system main station safety device |
| CN103401756A (en) * | 2013-08-21 | 2013-11-20 | 北京华烽泰特科技有限公司 | Security protection system used for industrial network |
Non-Patent Citations (3)
| Title |
|---|
| 宋士贵: "应用Tofino技术实现工业OPC通讯安全解决方案", 《黑龙江科技信息》 * |
| 郑炜等: "物理隔离网闸的设计与实现", 《微计算机信息》 * |
| 韩晓波: "企业工业控制网络安全技术探讨及实现", 《化工自动化及仪表》 * |
Cited By (70)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105022335A (en) * | 2015-07-03 | 2015-11-04 | 北京科技大学 | Method and device for filtering link command of PLC upper computer based on RS232 communication protocol |
| CN105204583B (en) * | 2015-10-16 | 2018-11-02 | 杭州中威电子股份有限公司 | A kind of Physical Disconnection System and partition method based on embedded system structure |
| CN105208352A (en) * | 2015-10-16 | 2015-12-30 | 杭州中威电子股份有限公司 | Safe monitoring system and physical isolation method for network video |
| CN105204583A (en) * | 2015-10-16 | 2015-12-30 | 杭州中威电子股份有限公司 | Physical isolation system and isolation method constructed based on embedded type system |
| CN105208352B (en) * | 2015-10-16 | 2018-07-31 | 杭州中威电子股份有限公司 | A kind of network video safety monitoring system and physical isolation method |
| CN105391613A (en) * | 2015-11-19 | 2016-03-09 | 四川中鼎自动控制有限公司 | Hydropower station Ethernet-type security isolation device inside-outside universal data bridge |
| CN105516094A (en) * | 2015-11-27 | 2016-04-20 | 蓝网科技股份有限公司 | Industrial computer based internal-external network data exchange method and apparatus |
| CN105656883A (en) * | 2015-12-25 | 2016-06-08 | 冶金自动化研究设计院 | Unidirectional transmission internal and external network secure isolating gateway applicable to industrial control network |
| CN105791265A (en) * | 2016-01-08 | 2016-07-20 | 国家电网公司 | Network element security detection method and system |
| CN105592107A (en) * | 2016-03-01 | 2016-05-18 | 南京富岛信息工程有限公司 | Device and method for safely collecting industrial process data on basis of FPGA |
| CN105592107B (en) * | 2016-03-01 | 2018-10-23 | 南京富岛信息工程有限公司 | A kind of safe harvester of industrial process data based on FPGA and method |
| CN106330973A (en) * | 2016-10-27 | 2017-01-11 | 国网江苏省电力公司南京供电公司 | Data security exchange method based on black list and white list |
| CN106330973B (en) * | 2016-10-27 | 2021-09-24 | 国网江苏省电力公司南京供电公司 | Data security exchange method based on black and white list |
| CN106549969B (en) * | 2016-11-21 | 2019-10-22 | 英赛克科技(北京)有限公司 | Data filtering method and device |
| CN106549969A (en) * | 2016-11-21 | 2017-03-29 | 英赛克科技(北京)有限公司 | Data filtering method and device |
| CN106843058A (en) * | 2017-03-03 | 2017-06-13 | 南京富岛信息工程有限公司 | A kind of the secure data harvester and acquisition method of hiding control system IP address |
| CN106941494A (en) * | 2017-03-30 | 2017-07-11 | 中国电力科学研究院 | A kind of security isolation gateway and its application method suitable for power information acquisition system |
| CN107070907A (en) * | 2017-03-31 | 2017-08-18 | 杭州通悟科技有限公司 | Intranet and extranet data unidirectional transmission method and system |
| CN106998333A (en) * | 2017-05-24 | 2017-08-01 | 山东省计算中心(国家超级计算济南中心) | A kind of bilateral network security isolation system and method |
| CN107360134A (en) * | 2017-06-08 | 2017-11-17 | 杭州谷逸网络科技有限公司 | Safety long-distance controls the implementation method and its security system of terminal |
| CN107360134B (en) * | 2017-06-08 | 2020-04-17 | 杭州谷逸网络科技有限公司 | Method for realizing safety remote control terminal and safety system thereof |
| US11368437B2 (en) | 2017-07-05 | 2022-06-21 | Siemens Mobility GmbH | Method and apparatus for repercussion-free unidirectional transfer of data to a remote application server |
| CN110800269A (en) * | 2017-07-05 | 2020-02-14 | 西门子交通有限责任公司 | Device and method for the reaction-free unidirectional transmission of data to a remote application server |
| CN107786404A (en) * | 2017-09-20 | 2018-03-09 | 北京东土科技股份有限公司 | The security implementation method and device of industry internet field layer wideband bus framework |
| CN108055244A (en) * | 2017-11-27 | 2018-05-18 | 珠海市鸿瑞信息技术股份有限公司 | A kind of dual processor system network security partition method based on SRIO interfacings |
| CN108055244B (en) * | 2017-11-27 | 2020-09-08 | 珠海市鸿瑞信息技术股份有限公司 | SRIO interface technology-based network security isolation method for dual-processing system |
| CN107948209A (en) * | 2018-01-05 | 2018-04-20 | 宝牧科技(天津)有限公司 | A kind of network security partition method and device |
| CN110351220A (en) * | 2018-04-02 | 2019-10-18 | 蓝盾信息安全技术有限公司 | One kind realizing gateway efficient data scanning technique based on packet filtering |
| CN108494672A (en) * | 2018-04-17 | 2018-09-04 | 上海振华重工(集团)股份有限公司 | A kind of industrial communication gateway, industrial data security isolation system and method |
| CN108337328A (en) * | 2018-05-17 | 2018-07-27 | 广东铭鸿数据有限公司 | A kind of data exchange system, data uploading method and data download method |
| CN108881302A (en) * | 2018-08-02 | 2018-11-23 | 浙江中控研究院有限公司 | Industrial Ethernet and BLVDS bus bar communication device and industrial control system |
| CN109508551A (en) * | 2018-11-08 | 2019-03-22 | 成都卫士通信息产业股份有限公司 | A kind of safe system switching method, device, electronic equipment and storage medium |
| CN109617866A (en) * | 2018-11-29 | 2019-04-12 | 英赛克科技(北京)有限公司 | Industrial control system host session data filtering method and device |
| CN109617866B (en) * | 2018-11-29 | 2021-10-12 | 英赛克科技(北京)有限公司 | Industrial control system host session data filtering method and device |
| CN109561091A (en) * | 2018-11-30 | 2019-04-02 | 冶金自动化研究设计院 | A kind of network security protection system for civil air defense constructions and installations |
| CN109347885A (en) * | 2018-12-05 | 2019-02-15 | 华北理工大学 | A kind of network authentication system and its authentication method |
| CN109347885B (en) * | 2018-12-05 | 2020-12-08 | 华北理工大学 | Authentication method of network authentication system |
| CN109698826A (en) * | 2018-12-06 | 2019-04-30 | 贵州电网有限责任公司 | In a kind of electrical power services device between exchange system port security isolation implementation method |
| CN109698826B (en) * | 2018-12-06 | 2021-07-27 | 贵州电网有限责任公司 | Method for realizing safety isolation between ports of switching system in power server |
| CN109495509A (en) * | 2018-12-27 | 2019-03-19 | 北京奇安信科技有限公司 | Data transmission method, equipment, system and the medium of gateway |
| CN109660565A (en) * | 2019-02-18 | 2019-04-19 | 安徽励图信息科技股份有限公司 | A kind of isolation gap equipment and implementation method |
| CN110247924A (en) * | 2019-06-25 | 2019-09-17 | 深圳市利谱信息技术有限公司 | Transmitted in both directions and control system and data transmission method based on physical transfer |
| CN110417756B (en) * | 2019-07-11 | 2022-09-27 | 北京百度网讯科技有限公司 | Cross-network data transmission method and device |
| CN110417756A (en) * | 2019-07-11 | 2019-11-05 | 北京百度网讯科技有限公司 | Across a network data transmission method and device |
| CN112787974A (en) * | 2019-11-05 | 2021-05-11 | 杭州海康威视数字技术股份有限公司 | Gateway, data transmission method and electronic equipment |
| CN112787974B (en) * | 2019-11-05 | 2024-01-02 | 杭州海康威视数字技术股份有限公司 | Gateway, data transmission method and electronic equipment |
| CN111104458A (en) * | 2019-11-12 | 2020-05-05 | 杭州创谐信息技术股份有限公司 | Distributed data exchange system and method based on RK3399Pro |
| CN111104458B (en) * | 2019-11-12 | 2024-04-05 | 杭州创谐信息技术股份有限公司 | Distributed data exchange system and method based on RK3399Pro |
| CN114766086A (en) * | 2019-12-19 | 2022-07-19 | 西门子交通有限责任公司 | Transmission device for transmitting data |
| CN111399463B (en) * | 2019-12-24 | 2023-10-20 | 上海可鲁系统软件有限公司 | Industrial network data unidirectional isolation method and device |
| CN111399463A (en) * | 2019-12-24 | 2020-07-10 | 上海可鲁系统软件有限公司 | Industrial network data one-way isolation method and device |
| CN110971621A (en) * | 2020-01-09 | 2020-04-07 | 四川卫士通信息安全平台技术有限公司 | Embedded multi-CPU interconnection circuit based on SDIO interface, interconnection method and driving method |
| CN111314383A (en) * | 2020-03-22 | 2020-06-19 | 国网浙江省电力有限公司绍兴供电公司 | System for realizing data synchronous acquisition and network blocking isolation based on internal bus |
| CN111679640A (en) * | 2020-06-05 | 2020-09-18 | 深圳融安网络科技有限公司 | Industrial data acquisition and isolation device based on virtualization technology and data transmission method |
| CN114095184A (en) * | 2020-07-15 | 2022-02-25 | 中国航发上海商用航空发动机制造有限责任公司 | Data transmission system and transmission method thereof |
| CN111970256A (en) * | 2020-07-31 | 2020-11-20 | 深圳市研锐智能科技有限公司 | Intelligent isolation and information exchange network brake system |
| CN112073375A (en) * | 2020-08-07 | 2020-12-11 | 中国电力科学研究院有限公司 | Isolation device and isolation method suitable for power Internet of things client side |
| CN112073375B (en) * | 2020-08-07 | 2023-09-26 | 中国电力科学研究院有限公司 | Isolation device and isolation method suitable for client side of electric power Internet of things |
| CN112134742A (en) * | 2020-10-14 | 2020-12-25 | 合肥中科泛再物联网科技有限公司 | Equipment system and method for on-line monitoring end of energy consumption of key energy consumption unit |
| CN112783117A (en) * | 2020-12-29 | 2021-05-11 | 浙江中控技术股份有限公司 | Method and device for data isolation between security and conventional control applications |
| CN113271301A (en) * | 2021-05-12 | 2021-08-17 | 大连交通大学 | Network gate system communication method based on embedded multi-core processing mode |
| CN113271301B (en) * | 2021-05-12 | 2023-04-25 | 大连交通大学 | Communication method of network gate system based on embedded multi-core processing mode |
| CN113110268A (en) * | 2021-05-28 | 2021-07-13 | 国家计算机网络与信息安全管理中心 | Monitoring system, data acquisition equipment and method for rail transit control network |
| CN114513444A (en) * | 2022-02-15 | 2022-05-17 | 南京鑫蓝优图信息技术有限公司 | Inspection gateway with network gate function and data uploading and issuing method |
| CN114513444B (en) * | 2022-02-15 | 2024-01-23 | 南京鑫蓝优图信息技术有限公司 | Patrol gateway with gateway function and data uploading and issuing method |
| CN114465821A (en) * | 2022-04-02 | 2022-05-10 | 浙江国利网安科技有限公司 | Data transmission system and data transmission method |
| CN115086083A (en) * | 2022-08-19 | 2022-09-20 | 中孚信息股份有限公司 | FPGA-based network gate isolation switching system and method |
| CN115801452A (en) * | 2023-01-30 | 2023-03-14 | 北京万维盈创科技发展有限公司 | Data acquisition instrument with network security isolation function |
| CN116471103B (en) * | 2023-05-04 | 2023-09-22 | 深圳市显科科技有限公司 | Internal and external network data security exchange method, device and equipment based on boundary network |
| CN116471103A (en) * | 2023-05-04 | 2023-07-21 | 深圳市显科科技有限公司 | Internal and external network data security exchange method, device and equipment based on boundary network |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104486336A (en) | Device for safely isolating and exchanging industrial control networks | |
| CN109698837B (en) | Internal and external network isolation and data exchange device and method based on unidirectional transmission physical medium | |
| CN104683352B (en) | A kind of industrial communication isolation gap with binary channels ferry-boat | |
| CN106022080B (en) | A kind of data ciphering method based on the cipher card of PCIe interface and the cipher card | |
| CN105656883A (en) | Unidirectional transmission internal and external network secure isolating gateway applicable to industrial control network | |
| CN110943913A (en) | Industrial safety isolation gateway | |
| US8891546B1 (en) | Protocol splitter | |
| WO2021253366A1 (en) | Switch encryption system | |
| CN103139058A (en) | Internet of things security access gateway | |
| CN104363231A (en) | Network security isolation and information exchange method and system based on one-way channel | |
| CN105099711A (en) | ZYNQ-based small-sized cipher machine and data encryption method | |
| CN110351233A (en) | A kind of two-way transparent transmission technology based on safety isolation network gate | |
| CN212850561U (en) | Network safety isolation device for realizing intranet information safety | |
| KR101290963B1 (en) | System and method for separating network based virtual environment | |
| CN116055254A (en) | Safe and trusted gateway system, control method, medium, equipment and terminal | |
| KR101472685B1 (en) | Network connection gateway, a network isolation method and a computer network system using such a gateway | |
| CN105282172A (en) | Uniprocessing system based on hardware data transformation technology and network security isolation method thereof | |
| CN101127760A (en) | Bidirectional protocol isolation method and its device in network | |
| KR101076683B1 (en) | Apparatus and method for splitting host-based networks | |
| CN104735071A (en) | Network access control implementation method between virtual machines | |
| CN103888446A (en) | Protocol security isolation system oriented to railway signal control network | |
| KR20220125251A (en) | Programmable Switching Device for Network Infrastructures | |
| CN104539600A (en) | Industrial control firewall implementing method for supporting filtering IEC 104 protocol | |
| CN110730170A (en) | Internal and external network isolation method and system | |
| CN110278185A (en) | A kind of isolation of network security and data exchange electric power networks application system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150401 |