CN107070907A - Intranet and extranet data unidirectional transmission method and system - Google Patents

Intranet and extranet data unidirectional transmission method and system Download PDF

Info

Publication number
CN107070907A
CN107070907A CN201710209673.1A CN201710209673A CN107070907A CN 107070907 A CN107070907 A CN 107070907A CN 201710209673 A CN201710209673 A CN 201710209673A CN 107070907 A CN107070907 A CN 107070907A
Authority
CN
China
Prior art keywords
data
communications protocol
intranet
secure data
secure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710209673.1A
Other languages
Chinese (zh)
Inventor
赵鹏
王总辉
张浩晨
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Tong Tong Technology Co Ltd
Original Assignee
Hangzhou Tong Tong Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Tong Tong Technology Co Ltd filed Critical Hangzhou Tong Tong Technology Co Ltd
Priority to CN201710209673.1A priority Critical patent/CN107070907A/en
Publication of CN107070907A publication Critical patent/CN107070907A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Small-Scale Networks (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a kind of intranet and extranet data unidirectional transmission method and system, including outer network data progress data processing is received, be reduced into initial data, exported after being packaged according to the first own communications protocol to initial data;Data processing is carried out to the initial data received, and by the filtering inspection of application layer, while carrying out killing to malicious codes such as viruses obtains secure data, exported after being packaged according to the first own communications protocol to safety number;The secure data received is transmitted using ferry-boat mode;Data processing is carried out after secure data is received, is sent after being packaged according to standard communication protocol to secure data to Intranet.Intranet and extranet data unidirectional transmission method and system disclosed by the invention use Physical-separation Technology, realize that the data exchange between Intranet and outer net is complete, and application filters inspection is carried out to data, while carrying out killing to malicious codes such as viruses, it is ensured that the security of intranet and extranet data one-way transmission.

Description

Intranet and extranet data unidirectional transmission method and system
Technical field
The present invention relates to field of network data transmission technology, more particularly to intranet and extranet data unidirectional transmission method and system.
Background technology
At present, with the development of development of Mobile Internet technology, various on-line off-line combination business has been promoted, that is, have been exactly The mushroom development of internet+business model, the life and work every aspect given people brings networking conveniently, firmly gets society It is widely recognized as.The net about business of hiring a car is a kind of mass consumption service of present commonplace property, and its information security issue is increasingly It is taken seriously.Maintain the stable operation of total system, it is ensured that platform is unaffected using process, it is necessary to formulate and exercise effective Security solution.
Current net is about hired a car in business platform, and the overwhelming majority is used as the barrier between intranet and extranet using fire wall.But It is that fire wall has more obvious limitation:Fire wall is based on blacklist, can not take precautions against newest threat;Fire wall itself Security breaches are likely to occur, the probability broken through by hacker is up to 50%;Fire wall can not provide consistent peace between intranet and extranet Full strategy, it is impossible to which attack of the defence from computer network with standard network protocol well, the attack for server leak is also helpless;It is anti- Wall with flues can also increase network delay while security service is provided.
Also have using technology of network isolation, the core of technology of network isolation is physical isolation, and by specialized hardware and Security protocol ensures that the network that two link layers disconnect can realize that data message is interacted, altogether in trustable network environment Enjoy.But this technology of network isolation is isolated and imperfection to information such as virus, malicious codes in application layer data exchange, especially It is the isolation for application layer attack;And be most serious so far to the attack of application layer.Attack to application layer Face widely, such as to application protocol bug attack, application protocol data is attacked, to attacking using operating system platform Hit.
The content of the invention
It is an object of the invention to provide a kind of intranet and extranet data unidirectional transmission method, solve to be used as intranet and extranet using fire wall Between barrier the problem that, virus, the malicious code etc. improved during technology of network isolation is exchanged application layer data is believed Breath isolation, improves the security of intranet and extranet data one-way transmission.
To solve the above problems, the embodiment of the present invention provides a kind of intranet and extranet data unidirectional transmission method, including following step Suddenly:
Outer network data is received, external network data carries out data processing, is reduced into initial data, according to the first own communication association View is packaged to the initial data, and builds the own communications protocol passage in inside first, by the original number after encapsulation Exported according to by the described first own communications protocol passage;
Data processing is carried out to the initial data received, and by the filtering inspection of application layer, while to disease The malicious codes such as poison carry out killing and obtain secure data, and the safe number is packaged according to the first own communications protocol, and The internal first own communications protocol passage is built, the secure data after encapsulation is led to by the described first own communications protocol Road is exported;
The secure data received is transmitted using ferry-boat mode;
After the secure data is received, data processing is carried out, the secure data is carried out according to standard communication protocol Encapsulation, and internal standard communication association passage is built, assist passage to send out by the standard traffic secure data after encapsulation Deliver to Intranet.
As a kind of embodiment, the data processing comprises the following steps:
External network data carries out authentication;
After certification is errorless, external network data is unsealed, agreement is peeled off, verified, encrypted;
By in the relevant information write-in tables of data of data processing.
As a kind of embodiment, the ferry-boat mode comprises the following steps:
The secure data, data table information and physical link are proofreaded, the secure data pressed by rear Unsealed according to the first own communications protocol form, solution is honored as a queen and the data unlocked are decrypted, and obtains the secure data, Export to database;
Switch the secure data in physical link, reading database, be encrypted, according to the second own communications protocol The secure data is packaged, and builds the own communications protocol passage in inside second, by the secure data after encapsulation Exported by the described second own communications protocol passage.
As a kind of embodiment, the physical link, including the outer network data to the secure data export to Link of the secure data to transmission to Intranet in the link and reading database of database.
Present invention also offers a kind of intranet and extranet data unidirectional transmission system, including:
Outer net processing module, for receiving outer network data, external network data carries out data processing, is reduced into initial data, The initial data is packaged according to the first own communications protocol, and builds the own communications protocol passage in inside first, will The initial data after encapsulation is exported by the described first own communications protocol passage;
Arbitration modules, for carrying out data processing, and the filtering for passing through application layer to the initial data received Check, while carrying out killing to malicious codes such as viruses obtains secure data, according to the first own communications protocol to the safety Number is packaged, and builds the own communications protocol passage in inside first, and the secure data after encapsulation is passed through into described first Own communications protocol passage is exported;
Ferry-boat module, is transmitted the secure data received using ferry-boat mode;
Intranet processing module, after the secure data is received, carries out data processing, according to standard communication protocol to described Secure data is packaged, and builds internal standard communication association passage, and the secure data after encapsulation is passed through into the standard Communication association passage is sent to Intranet.
As a kind of embodiment, the outer net processing module and Intranet module are additionally operable to:
External network data carries out authentication;
After certification is errorless, external network data is unsealed, agreement is peeled off, verified, encrypted;
By in the relevant information write-in tables of data of data processing.
As a kind of embodiment, the ferry-boat module is additionally operable to:
The secure data, data table information and physical link are proofreaded, the secure data pressed by rear Unsealed according to the first own communications protocol form, solution is honored as a queen and the data unlocked are decrypted, and obtains the secure data, Export to database;
Switch the secure data in physical link, reading database, be encrypted, according to the second own communications protocol The secure data is packaged, and builds the own communications protocol passage in inside second, by the secure data after encapsulation Exported by the described second own communications protocol passage.
Compared with prior art, the technical program has advantages below:
The present invention is by intranet and extranet data unidirectional transmission method and system, using Physical-separation Technology, realizes Intranet and outer Data exchange between net is complete, facilitates intranet and extranet to carry out data exchange, completely cuts off anyone from inside using different communications protocol Or the outside attack by general procotol, it is ensured that the peace of Intranet information;And application filters inspection is carried out to data Look into, while carrying out killing to malicious codes such as viruses, it is ensured that the security of intranet and extranet data one-way transmission.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the intranet and extranet data unidirectional transmission method of one embodiment of the invention;
Fig. 2 is the schematic flow sheet to data processing in Fig. 1 of the present invention;
Fig. 3 is the schematic flow sheet of ferry-boat mode in Fig. 1 of the present invention;
Fig. 4 is the structural representation for the intranet and extranet data unidirectional transmission system that another embodiment of the present invention is provided;
In figure:1st, outer net processing module;2nd, arbitration modules;3rd, ferry-boat module;4th, Intranet processing module.
Embodiment
Below in conjunction with accompanying drawing, the technical characteristic above-mentioned and other to the present invention and advantage are clearly and completely described, Obviously, described embodiment is only the section Example of the present invention, rather than whole embodiments.
Refer to 1, the intranet and extranet data unidirectional transmission method schematic flow sheet that the embodiment of invention one is provided, bag Include following steps:
S100, the outer network data of reception, external network data carries out data processing, is reduced into initial data, own according to first Communications protocol is packaged to initial data, and builds the own communications protocol passage in inside first, by the initial data after encapsulation Exported by the first own communications protocol passage;
The present invention is handled by external network data, and initial data is sealed according to the first own communications protocol again Dress, using another set of the first own communications protocol for being different from standard communication protocol, completely cuts off external attack, when improving data exchange Security.
S200, the initial data progress data processing to receiving, and by the filtering inspection of application layer, while to disease The malicious codes such as poison carry out killing and obtain secure data, and safety number is packaged according to the first own communications protocol, and builds The own communications protocol passage in inside first, the secure data after encapsulation is exported by the first own communications protocol passage;
Data processing again is also carried out to initial data in this step, the disease in data exchange to application layer is thoroughly solved The information such as poison, malicious code isolate incomplete defect;It should be noted that being most serious so far to the attack of application layer , and to the face of the attack of application layer widely, such as, to application protocol bug attack, application protocol data is attacked, Attack to application operating system platform etc..
S300, using ferry-boat mode the secure data received is transmitted;
Such as the schematic flow sheet that Fig. 3 is ferry-boat mode in Fig. 1 of the present invention, ferry-boat mode comprises the following steps:
S301, secure data, data table information and physical link are proofreaded, by it is rear to secure data according to One own communications protocol form is unsealed, and solution is honored as a queen and the data unlocked are decrypted, and obtains secure data, output to number According to storehouse;
Secure data in S302, switching physical link, reading database, is encrypted, according to the second own communication association View is packaged to secure data, and builds the own communications protocol passage in inside second, and the secure data after encapsulation is passed through into the Two own communications protocol passages are exported.
Data are transmitted using physical link switch mode, realize completely isolated between both links, are not in outer The situation that net processing module directly communicates with Intranet processing module, it is ensured that data transmission security;Physical link includes outer netting index Storage is read to the chain for being transferred to Intranet in being transmitted according to link and ferry-boat mode that storage is write into progress ferry-boat mode transmission Road.Use between this two physical links is not both own communications protocol so that data safety is greatly ensured.
S400, after secure data is received, carry out data processing, secure data is sealed according to standard communication protocol Dress, and internal standard communication association passage is built, assist passage to send to Intranet by standard traffic the secure data after encapsulation.
In summary, in each step to identity, deblocking, agreement stripping, school in data handling procedure, will be authenticated Test, encrypt, Reseal, it is ensured that the security of data transfer, be also convenient for that data are further processed.
If Fig. 2 is, to the schematic flow sheet of data processing, data processing to be comprised the following steps in Fig. 1 of the present invention:
S101, external network data carry out authentication;
S102, external network data carry out authentication;
S103, by data processing relevant information write tables of data in.
After the general principle of the inventive method is described, lower mask body introduces intranet and extranet data one-way transmission of the present invention System.
As shown in figure 4, the structural representation of the intranet and extranet data unidirectional transmission system provided for another embodiment of the present invention; Including outer net processing module 1, for receiving outer network data, external network data carries out data processing, is reduced into initial data, according to First own communications protocol is packaged to the initial data, and builds the own communications protocol passage in inside first, will be encapsulated The initial data afterwards is exported by the described first own communications protocol passage;Arbitration modules 2, for receiving The initial data carries out data processing, and by the filtering inspection of application layer, while looking into malicious codes such as viruses Kill and obtain secure data, the safe number is packaged according to the first own communications protocol, and it is own logical to build inside first Protocol channel is interrogated, the secure data after encapsulation is exported by the described first own communications protocol passage;Ferry-boat mould Block 3, is transmitted the secure data received using ferry-boat mode;Intranet processing module 4, is receiving the safe number According to rear, data processing is carried out, the safety is packaged according to standard communication protocol, and it is logical to build internal standard communication association Road, assists passage to send to Intranet the secure data after encapsulation by the standard traffic.
Above-mentioned each module is illustrated below:
Outer net processing module 1, arbitration modules 2, ferry-boat module 3 and Intranet processing module 4 are completely independent, four modules it Between by pci bus be connected.Pci bus can solve the problem of data exchange speed is slow, delay time is long.
Communication is using the first own communications protocol, agreement between outer net processing module 1, arbitration modules 2 and ferry-boat module 3 Including agreement stripping, verification, decryption, encryption, encapsulation process;Communication uses second between ferry-boat module 3 and Intranet processing module 4 Own communications protocol, agreement includes agreement stripping, verification, decryption, encryption, encapsulation process.
Outer net processing module 1, Intranet processing module 4 are symmetrical structures, including:Processor, memory, RJ45 networks connect Mouth, data security module etc..External network data is authenticated identity information;Externally network data is unsealed, assisted after certification is errorless View is peeled off, verified, the data handling procedure of encryption;Data processing relevant information is write in tables of data.Processor is embedded High-performance processor, Ethernet interface includes gigabit network interface, a 100-M network Ethernet.Data security module is present in dress with card format In putting, including authentication module, standard communication protocol check module, content filtering module, own communications protocol processing module. Standard communication protocol checks module, at least including TCP/IP, OPC, Modbus/TCP protocol testing etc..OPC protocol testings include Industrial protocol communication tracking, Protocol integrity inspection, data encryption and checking algorithm.Modbus/TCP protocol testings include agreement Deep-packet detection.It gos deep into inside agreement, checks Modbus, register and coil list, is automatically prevented from and reports not meeting peace The communication of full agreement, checks and prevents not meeting the Content of communciation of Modbus communication protocols.Content filtering module includes keyword Matching, the hybrid filtering model of semantic matches.Filtering model is based on specific industrial control network application data.Outer net handles mould Own communications protocol processing module in block 1, Intranet processing module 4 can be as requested, build the first own communications protocol or Second own communications protocol.
Initial data that 2 pairs of arbitration modules are received carries out data processing, and by the filtering inspection of application layer, simultaneously Killing is carried out to malicious codes such as viruses, and is Resealed by the safe number after the first own communications protocol transmission killing According to.
Ferry-boat module 3 is connected using different communications protocol with Intranet processing module 4, ferry-boat module 3, will not be by anyone Either internally or externally reached by general procotol, therefore ferry-boat module 3 will not be attacked by hacker;Realize at outer net Module 1 is managed with the connection of Intranet processing module 4 with isolating.Ferry module 3 include processor, logic circuit, the first memory cell, Second memory cell.Processor receives the data that arbitration modules 2 are sent, and carries out authentication, verification, decryption, agreement point Analyse, be packaged into the own communications protocol of ferry-boat first, write the first memory cell.Logic circuit is responsible for cutoff process device and arbitration mould Contact between block 2, and notifier processes device fetches the data in the first memory cell, and data are carried out with authentication, verification, solution Close, protocal analysis, the own communications protocol of ferry-boat second is packaged into, Intranet processing module 4 is transferred to by pci bus.
Two processes are related to the control logic of the first memory cell and the second memory cell in ferry-boat module 3.At outer net Reason module 1 can only write data into the first memory cell and can only read data from the second memory cell.Intranet handles mould Block 4 can only write data into the second memory cell and can only read data from the first memory cell.Two memory modules are only An action, or " reading " or " writing " can be performed simultaneously, by also or logic control.
Intranet processing module 4 is responsible for receiving the data that ferry-boat module 3 is transmitted, and carries out authentication, verification, decryption, association View is analyzed, is packaged into standard communication protocol, and is transferred to Intranet.
The workflow of the present invention is divided into two parts:
Respectively agreement is peeled off and flow chart of data processing and protocol encapsulation and data transfer flow.Data are out of outer net flow direction Net needs to peel off and agreement process of reconstruction into excessively multiple agreement.Asked when Intranet processing module 4 or outer net processing module 1 receive to access After asking, terminated TCP/IP connections first, it is ensured that the system will not be directed through by ICP/IP protocol.After cut-out connection, intranet and extranet First time agreement stripping and security inspection can be carried out to data, verify its legitimacy.After inspection, outer net processing module 1 Data can be formatted, the legal effective information in data be Resealed into the first own communications protocol form, and lead to Cross pci bus and read in arbitration modules 2.The initial data that 2 pairs of arbitration modules are received carries out data processing, and passes through application layer Filtering inspection, while carrying out killing to malicious codes such as viruses, and Reseal into the first own communications protocol, and pass through Pci bus write-in ferry-boat module 3.In module 3 of ferrying data are carried out with agreement stripping twice, safety inspection, agreement reconstruction.First It is secondary to occur after cut-out and outer net are contacted, before write storage unit.Second of generation is after memory cell is read, transmission Before Intranet processing module 4.The stripping of last time agreement and safety inspection are carried out in Intranet processing module 4, passes through post package Into standard industry Control network protocols form, and ICP/IP protocol form is further packaged into, is sent to Intranet.
Although the present invention is disclosed as above with preferred embodiment, it is not for limiting the present invention, any this area Technical staff without departing from the spirit and scope of the present invention, may be by the methods and techniques content of the disclosure above to this hair Bright technical scheme makes possible variation and modification, therefore, every content without departing from technical solution of the present invention, according to the present invention Any simple modifications, equivalents, and modifications made to above example of technical spirit, belong to technical solution of the present invention Protection domain.

Claims (7)

1. a kind of intranet and extranet data unidirectional transmission method, it is characterised in that comprise the following steps:
Outer network data is received, external network data carries out data processing, is reduced into initial data, according to the first own communications protocol pair The initial data is packaged, and builds the own communications protocol passage in inside first, and the initial data after encapsulation is led to The described first own communications protocol passage is crossed to be exported;
Data processing is carried out to the initial data received, and by the filtering inspection of application layer, while to virus etc. Malicious code carries out killing and obtains secure data, and the safe number is packaged according to the first own communications protocol, and builds The own communications protocol passage in inside first, the secure data after encapsulation is entered by the described first own communications protocol passage Row output;
The secure data received is transmitted using ferry-boat mode;
After the secure data is received, data processing is carried out, the secure data is packaged according to standard communication protocol, And internal standard communication association passage is built, assist passage to send to interior by the standard traffic secure data after encapsulation Net.
2. intranet and extranet data unidirectional transmission method according to claim 1, it is characterised in that the data processing include with Lower step:
External network data carries out authentication;
After certification is errorless, external network data is unsealed, agreement is peeled off, verified, encrypted;
By in the relevant information write-in tables of data of data processing.
3. intranet and extranet data unidirectional transmission method according to claim 1, it is characterised in that the ferry-boat mode include with Lower step:
The secure data, data table information and physical link are proofreaded, by it is rear to the secure data according to One own communications protocol form is unsealed, and solution is honored as a queen and the data unlocked are decrypted, and obtains the secure data, output To database;
Switch the secure data in physical link, reading database, be encrypted, according to the second own communications protocol to institute State secure data to be packaged, and build the own communications protocol passage in inside second, the secure data after encapsulation is passed through Described second own communications protocol passage is exported.
4. intranet and extranet data unidirectional transmission method according to claim 3, it is characterised in that the physical link, including The outer network data exports the secure data into the link and reading database of database to hair to the secure data Deliver to the link of Intranet.
5. a kind of intranet and extranet data unidirectional transmission system, it is characterised in that including:
Outer net processing module, for receiving outer network data, external network data carries out data processing, is reduced into initial data, according to First own communications protocol is packaged to the initial data, and builds the own communications protocol passage in inside first, will be encapsulated The initial data afterwards is exported by the described first own communications protocol passage;
Arbitration modules, for carrying out data processing to the initial data received, and by the filtering inspection of application layer, Killing is carried out to malicious codes such as viruses simultaneously and obtains secure data, the safe number is carried out according to the first own communications protocol Encapsulation, and the own communications protocol passage in inside first is built, the secure data after encapsulation is own logical by described first News protocol channel is exported;
Ferry-boat module, is transmitted the secure data received using ferry-boat mode;
Intranet processing module, after the secure data is received, carries out data processing, according to standard communication protocol to the safety Data are packaged, and build internal standard communication association passage, and the secure data after encapsulation is passed through into the standard traffic Association's passage is sent to Intranet.
6. intranet and extranet data unidirectional transmission system according to claim 5, it is characterised in that the outer net processing module and Intranet module is additionally operable to:
External network data carries out authentication;
After certification is errorless, external network data is unsealed, agreement is peeled off, verified, encrypted;
By in the relevant information write-in tables of data of data processing.
7. intranet and extranet data unidirectional transmission system according to claim 5, it is characterised in that the ferry-boat module is also used In:
The secure data, data table information and physical link are proofreaded, by it is rear to the secure data according to One own communications protocol form is unsealed, and solution is honored as a queen and the data unlocked are decrypted, and obtains the secure data, output To database;
Switch the secure data in physical link, reading database, be encrypted, according to the second own communications protocol to institute State secure data to be packaged, and build the own communications protocol passage in inside second, the secure data after encapsulation is passed through Described second own communications protocol passage is exported.
CN201710209673.1A 2017-03-31 2017-03-31 Intranet and extranet data unidirectional transmission method and system Pending CN107070907A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710209673.1A CN107070907A (en) 2017-03-31 2017-03-31 Intranet and extranet data unidirectional transmission method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710209673.1A CN107070907A (en) 2017-03-31 2017-03-31 Intranet and extranet data unidirectional transmission method and system

Publications (1)

Publication Number Publication Date
CN107070907A true CN107070907A (en) 2017-08-18

Family

ID=59602820

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710209673.1A Pending CN107070907A (en) 2017-03-31 2017-03-31 Intranet and extranet data unidirectional transmission method and system

Country Status (1)

Country Link
CN (1) CN107070907A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107948209A (en) * 2018-01-05 2018-04-20 宝牧科技(天津)有限公司 A kind of network security partition method and device
CN111131154A (en) * 2019-11-19 2020-05-08 北京国铁盛阳技术有限公司 Network management data ferrying method and system, storage medium and computer equipment
CN111385280A (en) * 2018-12-29 2020-07-07 方正国际软件(北京)有限公司 Data transmission system and method and data ferry subsystem
CN111711615A (en) * 2020-05-29 2020-09-25 成都金隼智安科技有限公司 Knowledge base information synchronization system and method for edge security computing node
CN113411335A (en) * 2021-06-18 2021-09-17 滁州学院 Network security monitoring system based on big data
CN114095184A (en) * 2020-07-15 2022-02-25 中国航发上海商用航空发动机制造有限责任公司 Data transmission system and transmission method thereof
CN114520745A (en) * 2022-04-15 2022-05-20 北京全路通信信号研究设计院集团有限公司 Method and system for controlling read-write permission to realize data safety ferry and electronic equipment
WO2022174509A1 (en) * 2021-02-17 2022-08-25 黄策 Method for designing firewall
CN114945029A (en) * 2022-03-25 2022-08-26 优跑汽车技术(上海)有限公司 Complete vehicle Ethernet network framework and vehicle-mounted communication method
CN115277262A (en) * 2022-09-28 2022-11-01 湖南大佳数据科技有限公司 Unidirectional data transmission method, system, equipment and storage medium
CN115801452A (en) * 2023-01-30 2023-03-14 北京万维盈创科技发展有限公司 Data acquisition instrument with network security isolation function
CN116319094A (en) * 2023-05-19 2023-06-23 北京安帝科技有限公司 Data safety transmission method, computer equipment and medium based on tobacco industry

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202231742U (en) * 2011-09-28 2012-05-23 辽宁国兴科技有限公司 Network isolation device
CN103944865A (en) * 2013-01-22 2014-07-23 横河电机株式会社 Isolation protection system and method for executing bidirectional data packet filtering inspection
CN104486336A (en) * 2014-12-12 2015-04-01 冶金自动化研究设计院 Device for safely isolating and exchanging industrial control networks
CN105656883A (en) * 2015-12-25 2016-06-08 冶金自动化研究设计院 Unidirectional transmission internal and external network secure isolating gateway applicable to industrial control network

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202231742U (en) * 2011-09-28 2012-05-23 辽宁国兴科技有限公司 Network isolation device
CN103944865A (en) * 2013-01-22 2014-07-23 横河电机株式会社 Isolation protection system and method for executing bidirectional data packet filtering inspection
CN104486336A (en) * 2014-12-12 2015-04-01 冶金自动化研究设计院 Device for safely isolating and exchanging industrial control networks
CN105656883A (en) * 2015-12-25 2016-06-08 冶金自动化研究设计院 Unidirectional transmission internal and external network secure isolating gateway applicable to industrial control network

Cited By (15)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107948209A (en) * 2018-01-05 2018-04-20 宝牧科技(天津)有限公司 A kind of network security partition method and device
CN111385280A (en) * 2018-12-29 2020-07-07 方正国际软件(北京)有限公司 Data transmission system and method and data ferry subsystem
CN111131154A (en) * 2019-11-19 2020-05-08 北京国铁盛阳技术有限公司 Network management data ferrying method and system, storage medium and computer equipment
CN111711615A (en) * 2020-05-29 2020-09-25 成都金隼智安科技有限公司 Knowledge base information synchronization system and method for edge security computing node
CN114095184A (en) * 2020-07-15 2022-02-25 中国航发上海商用航空发动机制造有限责任公司 Data transmission system and transmission method thereof
WO2022174509A1 (en) * 2021-02-17 2022-08-25 黄策 Method for designing firewall
CN113411335B (en) * 2021-06-18 2022-03-08 滁州学院 Network security monitoring system based on big data
CN113411335A (en) * 2021-06-18 2021-09-17 滁州学院 Network security monitoring system based on big data
CN114945029A (en) * 2022-03-25 2022-08-26 优跑汽车技术(上海)有限公司 Complete vehicle Ethernet network framework and vehicle-mounted communication method
CN114520745A (en) * 2022-04-15 2022-05-20 北京全路通信信号研究设计院集团有限公司 Method and system for controlling read-write permission to realize data safety ferry and electronic equipment
CN114520745B (en) * 2022-04-15 2022-08-09 北京全路通信信号研究设计院集团有限公司 Method and system for controlling read-write permission to realize data safety ferry and electronic equipment
CN115277262A (en) * 2022-09-28 2022-11-01 湖南大佳数据科技有限公司 Unidirectional data transmission method, system, equipment and storage medium
CN115801452A (en) * 2023-01-30 2023-03-14 北京万维盈创科技发展有限公司 Data acquisition instrument with network security isolation function
CN116319094A (en) * 2023-05-19 2023-06-23 北京安帝科技有限公司 Data safety transmission method, computer equipment and medium based on tobacco industry
CN116319094B (en) * 2023-05-19 2023-08-11 北京安帝科技有限公司 Data safety transmission method, computer equipment and medium based on tobacco industry

Similar Documents

Publication Publication Date Title
CN107070907A (en) Intranet and extranet data unidirectional transmission method and system
CN108965215B (en) Dynamic security method and system for multi-fusion linkage response
CN106941494A (en) A kind of security isolation gateway and its application method suitable for power information acquisition system
CN100556031C (en) Intelligent integrated network security device
CN104486336A (en) Device for safely isolating and exchanging industrial control networks
CN106060003A (en) Network boundary unidirectional isolated transmission device
CN110351287A (en) A kind of mobile application security analysis method based on block chain technology
CN105812387A (en) Unidirectional safe data exchange device
EP4163183A1 (en) Information security protection method and apparatus
CN106027358A (en) Network security management and control system for accessing social video networks to video private network
CN103916384A (en) Penetration testing method for GAP isolation and exchange device
Chen et al. Bookworm game: Automatic discovery of lte vulnerabilities through documentation analysis
CN103139058A (en) Internet of things security access gateway
CN105007272A (en) Information exchange system with safety isolation
CN104994094B (en) Virtual platform safety protecting method based on virtual switch, device and system
CN101778099A (en) Architecture accessing trusted network for tolerating untrusted components and access method thereof
EP4044546A1 (en) Message processing method, device and apparatus as well as computer readable storage medium
CN109561091A (en) A kind of network security protection system for civil air defense constructions and installations
CN101997700A (en) Internet protocol version 6 (IPv6) monitoring equipment based on deep packet inspection and deep flow inspection
JP2002533792A (en) Method and system for protecting the operation of a trusted internal network
CN116055254A (en) Safe and trusted gateway system, control method, medium, equipment and terminal
CN108337219A (en) A kind of method and storage medium of Internet of Things anti-intrusion
CN104539600B (en) A kind of industry control method of realizing fireproof wall for supporting to filter IEC104 agreements
CN111770071A (en) Method and device for gateway authentication of trusted device in network stealth scene
Groza et al. Highly efficient authentication for CAN by identifier reallocation with ordered CMACs

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170818

RJ01 Rejection of invention patent application after publication