CN107070907A - Intranet and extranet data unidirectional transmission method and system - Google Patents
Intranet and extranet data unidirectional transmission method and system Download PDFInfo
- Publication number
- CN107070907A CN107070907A CN201710209673.1A CN201710209673A CN107070907A CN 107070907 A CN107070907 A CN 107070907A CN 201710209673 A CN201710209673 A CN 201710209673A CN 107070907 A CN107070907 A CN 107070907A
- Authority
- CN
- China
- Prior art keywords
- data
- communications protocol
- intranet
- secure data
- secure
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Signal Processing (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a kind of intranet and extranet data unidirectional transmission method and system, including outer network data progress data processing is received, be reduced into initial data, exported after being packaged according to the first own communications protocol to initial data;Data processing is carried out to the initial data received, and by the filtering inspection of application layer, while carrying out killing to malicious codes such as viruses obtains secure data, exported after being packaged according to the first own communications protocol to safety number;The secure data received is transmitted using ferry-boat mode;Data processing is carried out after secure data is received, is sent after being packaged according to standard communication protocol to secure data to Intranet.Intranet and extranet data unidirectional transmission method and system disclosed by the invention use Physical-separation Technology, realize that the data exchange between Intranet and outer net is complete, and application filters inspection is carried out to data, while carrying out killing to malicious codes such as viruses, it is ensured that the security of intranet and extranet data one-way transmission.
Description
Technical field
The present invention relates to field of network data transmission technology, more particularly to intranet and extranet data unidirectional transmission method and system.
Background technology
At present, with the development of development of Mobile Internet technology, various on-line off-line combination business has been promoted, that is, have been exactly
The mushroom development of internet+business model, the life and work every aspect given people brings networking conveniently, firmly gets society
It is widely recognized as.The net about business of hiring a car is a kind of mass consumption service of present commonplace property, and its information security issue is increasingly
It is taken seriously.Maintain the stable operation of total system, it is ensured that platform is unaffected using process, it is necessary to formulate and exercise effective
Security solution.
Current net is about hired a car in business platform, and the overwhelming majority is used as the barrier between intranet and extranet using fire wall.But
It is that fire wall has more obvious limitation:Fire wall is based on blacklist, can not take precautions against newest threat;Fire wall itself
Security breaches are likely to occur, the probability broken through by hacker is up to 50%;Fire wall can not provide consistent peace between intranet and extranet
Full strategy, it is impossible to which attack of the defence from computer network with standard network protocol well, the attack for server leak is also helpless;It is anti-
Wall with flues can also increase network delay while security service is provided.
Also have using technology of network isolation, the core of technology of network isolation is physical isolation, and by specialized hardware and
Security protocol ensures that the network that two link layers disconnect can realize that data message is interacted, altogether in trustable network environment
Enjoy.But this technology of network isolation is isolated and imperfection to information such as virus, malicious codes in application layer data exchange, especially
It is the isolation for application layer attack;And be most serious so far to the attack of application layer.Attack to application layer
Face widely, such as to application protocol bug attack, application protocol data is attacked, to attacking using operating system platform
Hit.
The content of the invention
It is an object of the invention to provide a kind of intranet and extranet data unidirectional transmission method, solve to be used as intranet and extranet using fire wall
Between barrier the problem that, virus, the malicious code etc. improved during technology of network isolation is exchanged application layer data is believed
Breath isolation, improves the security of intranet and extranet data one-way transmission.
To solve the above problems, the embodiment of the present invention provides a kind of intranet and extranet data unidirectional transmission method, including following step
Suddenly:
Outer network data is received, external network data carries out data processing, is reduced into initial data, according to the first own communication association
View is packaged to the initial data, and builds the own communications protocol passage in inside first, by the original number after encapsulation
Exported according to by the described first own communications protocol passage;
Data processing is carried out to the initial data received, and by the filtering inspection of application layer, while to disease
The malicious codes such as poison carry out killing and obtain secure data, and the safe number is packaged according to the first own communications protocol, and
The internal first own communications protocol passage is built, the secure data after encapsulation is led to by the described first own communications protocol
Road is exported;
The secure data received is transmitted using ferry-boat mode;
After the secure data is received, data processing is carried out, the secure data is carried out according to standard communication protocol
Encapsulation, and internal standard communication association passage is built, assist passage to send out by the standard traffic secure data after encapsulation
Deliver to Intranet.
As a kind of embodiment, the data processing comprises the following steps:
External network data carries out authentication;
After certification is errorless, external network data is unsealed, agreement is peeled off, verified, encrypted;
By in the relevant information write-in tables of data of data processing.
As a kind of embodiment, the ferry-boat mode comprises the following steps:
The secure data, data table information and physical link are proofreaded, the secure data pressed by rear
Unsealed according to the first own communications protocol form, solution is honored as a queen and the data unlocked are decrypted, and obtains the secure data,
Export to database;
Switch the secure data in physical link, reading database, be encrypted, according to the second own communications protocol
The secure data is packaged, and builds the own communications protocol passage in inside second, by the secure data after encapsulation
Exported by the described second own communications protocol passage.
As a kind of embodiment, the physical link, including the outer network data to the secure data export to
Link of the secure data to transmission to Intranet in the link and reading database of database.
Present invention also offers a kind of intranet and extranet data unidirectional transmission system, including:
Outer net processing module, for receiving outer network data, external network data carries out data processing, is reduced into initial data,
The initial data is packaged according to the first own communications protocol, and builds the own communications protocol passage in inside first, will
The initial data after encapsulation is exported by the described first own communications protocol passage;
Arbitration modules, for carrying out data processing, and the filtering for passing through application layer to the initial data received
Check, while carrying out killing to malicious codes such as viruses obtains secure data, according to the first own communications protocol to the safety
Number is packaged, and builds the own communications protocol passage in inside first, and the secure data after encapsulation is passed through into described first
Own communications protocol passage is exported;
Ferry-boat module, is transmitted the secure data received using ferry-boat mode;
Intranet processing module, after the secure data is received, carries out data processing, according to standard communication protocol to described
Secure data is packaged, and builds internal standard communication association passage, and the secure data after encapsulation is passed through into the standard
Communication association passage is sent to Intranet.
As a kind of embodiment, the outer net processing module and Intranet module are additionally operable to:
External network data carries out authentication;
After certification is errorless, external network data is unsealed, agreement is peeled off, verified, encrypted;
By in the relevant information write-in tables of data of data processing.
As a kind of embodiment, the ferry-boat module is additionally operable to:
The secure data, data table information and physical link are proofreaded, the secure data pressed by rear
Unsealed according to the first own communications protocol form, solution is honored as a queen and the data unlocked are decrypted, and obtains the secure data,
Export to database;
Switch the secure data in physical link, reading database, be encrypted, according to the second own communications protocol
The secure data is packaged, and builds the own communications protocol passage in inside second, by the secure data after encapsulation
Exported by the described second own communications protocol passage.
Compared with prior art, the technical program has advantages below:
The present invention is by intranet and extranet data unidirectional transmission method and system, using Physical-separation Technology, realizes Intranet and outer
Data exchange between net is complete, facilitates intranet and extranet to carry out data exchange, completely cuts off anyone from inside using different communications protocol
Or the outside attack by general procotol, it is ensured that the peace of Intranet information;And application filters inspection is carried out to data
Look into, while carrying out killing to malicious codes such as viruses, it is ensured that the security of intranet and extranet data one-way transmission.
Brief description of the drawings
Fig. 1 is the schematic flow sheet of the intranet and extranet data unidirectional transmission method of one embodiment of the invention;
Fig. 2 is the schematic flow sheet to data processing in Fig. 1 of the present invention;
Fig. 3 is the schematic flow sheet of ferry-boat mode in Fig. 1 of the present invention;
Fig. 4 is the structural representation for the intranet and extranet data unidirectional transmission system that another embodiment of the present invention is provided;
In figure:1st, outer net processing module;2nd, arbitration modules;3rd, ferry-boat module;4th, Intranet processing module.
Embodiment
Below in conjunction with accompanying drawing, the technical characteristic above-mentioned and other to the present invention and advantage are clearly and completely described,
Obviously, described embodiment is only the section Example of the present invention, rather than whole embodiments.
Refer to 1, the intranet and extranet data unidirectional transmission method schematic flow sheet that the embodiment of invention one is provided, bag
Include following steps:
S100, the outer network data of reception, external network data carries out data processing, is reduced into initial data, own according to first
Communications protocol is packaged to initial data, and builds the own communications protocol passage in inside first, by the initial data after encapsulation
Exported by the first own communications protocol passage;
The present invention is handled by external network data, and initial data is sealed according to the first own communications protocol again
Dress, using another set of the first own communications protocol for being different from standard communication protocol, completely cuts off external attack, when improving data exchange
Security.
S200, the initial data progress data processing to receiving, and by the filtering inspection of application layer, while to disease
The malicious codes such as poison carry out killing and obtain secure data, and safety number is packaged according to the first own communications protocol, and builds
The own communications protocol passage in inside first, the secure data after encapsulation is exported by the first own communications protocol passage;
Data processing again is also carried out to initial data in this step, the disease in data exchange to application layer is thoroughly solved
The information such as poison, malicious code isolate incomplete defect;It should be noted that being most serious so far to the attack of application layer
, and to the face of the attack of application layer widely, such as, to application protocol bug attack, application protocol data is attacked,
Attack to application operating system platform etc..
S300, using ferry-boat mode the secure data received is transmitted;
Such as the schematic flow sheet that Fig. 3 is ferry-boat mode in Fig. 1 of the present invention, ferry-boat mode comprises the following steps:
S301, secure data, data table information and physical link are proofreaded, by it is rear to secure data according to
One own communications protocol form is unsealed, and solution is honored as a queen and the data unlocked are decrypted, and obtains secure data, output to number
According to storehouse;
Secure data in S302, switching physical link, reading database, is encrypted, according to the second own communication association
View is packaged to secure data, and builds the own communications protocol passage in inside second, and the secure data after encapsulation is passed through into the
Two own communications protocol passages are exported.
Data are transmitted using physical link switch mode, realize completely isolated between both links, are not in outer
The situation that net processing module directly communicates with Intranet processing module, it is ensured that data transmission security;Physical link includes outer netting index
Storage is read to the chain for being transferred to Intranet in being transmitted according to link and ferry-boat mode that storage is write into progress ferry-boat mode transmission
Road.Use between this two physical links is not both own communications protocol so that data safety is greatly ensured.
S400, after secure data is received, carry out data processing, secure data is sealed according to standard communication protocol
Dress, and internal standard communication association passage is built, assist passage to send to Intranet by standard traffic the secure data after encapsulation.
In summary, in each step to identity, deblocking, agreement stripping, school in data handling procedure, will be authenticated
Test, encrypt, Reseal, it is ensured that the security of data transfer, be also convenient for that data are further processed.
If Fig. 2 is, to the schematic flow sheet of data processing, data processing to be comprised the following steps in Fig. 1 of the present invention:
S101, external network data carry out authentication;
S102, external network data carry out authentication;
S103, by data processing relevant information write tables of data in.
After the general principle of the inventive method is described, lower mask body introduces intranet and extranet data one-way transmission of the present invention
System.
As shown in figure 4, the structural representation of the intranet and extranet data unidirectional transmission system provided for another embodiment of the present invention;
Including outer net processing module 1, for receiving outer network data, external network data carries out data processing, is reduced into initial data, according to
First own communications protocol is packaged to the initial data, and builds the own communications protocol passage in inside first, will be encapsulated
The initial data afterwards is exported by the described first own communications protocol passage;Arbitration modules 2, for receiving
The initial data carries out data processing, and by the filtering inspection of application layer, while looking into malicious codes such as viruses
Kill and obtain secure data, the safe number is packaged according to the first own communications protocol, and it is own logical to build inside first
Protocol channel is interrogated, the secure data after encapsulation is exported by the described first own communications protocol passage;Ferry-boat mould
Block 3, is transmitted the secure data received using ferry-boat mode;Intranet processing module 4, is receiving the safe number
According to rear, data processing is carried out, the safety is packaged according to standard communication protocol, and it is logical to build internal standard communication association
Road, assists passage to send to Intranet the secure data after encapsulation by the standard traffic.
Above-mentioned each module is illustrated below:
Outer net processing module 1, arbitration modules 2, ferry-boat module 3 and Intranet processing module 4 are completely independent, four modules it
Between by pci bus be connected.Pci bus can solve the problem of data exchange speed is slow, delay time is long.
Communication is using the first own communications protocol, agreement between outer net processing module 1, arbitration modules 2 and ferry-boat module 3
Including agreement stripping, verification, decryption, encryption, encapsulation process;Communication uses second between ferry-boat module 3 and Intranet processing module 4
Own communications protocol, agreement includes agreement stripping, verification, decryption, encryption, encapsulation process.
Outer net processing module 1, Intranet processing module 4 are symmetrical structures, including:Processor, memory, RJ45 networks connect
Mouth, data security module etc..External network data is authenticated identity information;Externally network data is unsealed, assisted after certification is errorless
View is peeled off, verified, the data handling procedure of encryption;Data processing relevant information is write in tables of data.Processor is embedded
High-performance processor, Ethernet interface includes gigabit network interface, a 100-M network Ethernet.Data security module is present in dress with card format
In putting, including authentication module, standard communication protocol check module, content filtering module, own communications protocol processing module.
Standard communication protocol checks module, at least including TCP/IP, OPC, Modbus/TCP protocol testing etc..OPC protocol testings include
Industrial protocol communication tracking, Protocol integrity inspection, data encryption and checking algorithm.Modbus/TCP protocol testings include agreement
Deep-packet detection.It gos deep into inside agreement, checks Modbus, register and coil list, is automatically prevented from and reports not meeting peace
The communication of full agreement, checks and prevents not meeting the Content of communciation of Modbus communication protocols.Content filtering module includes keyword
Matching, the hybrid filtering model of semantic matches.Filtering model is based on specific industrial control network application data.Outer net handles mould
Own communications protocol processing module in block 1, Intranet processing module 4 can be as requested, build the first own communications protocol or
Second own communications protocol.
Initial data that 2 pairs of arbitration modules are received carries out data processing, and by the filtering inspection of application layer, simultaneously
Killing is carried out to malicious codes such as viruses, and is Resealed by the safe number after the first own communications protocol transmission killing
According to.
Ferry-boat module 3 is connected using different communications protocol with Intranet processing module 4, ferry-boat module 3, will not be by anyone
Either internally or externally reached by general procotol, therefore ferry-boat module 3 will not be attacked by hacker;Realize at outer net
Module 1 is managed with the connection of Intranet processing module 4 with isolating.Ferry module 3 include processor, logic circuit, the first memory cell,
Second memory cell.Processor receives the data that arbitration modules 2 are sent, and carries out authentication, verification, decryption, agreement point
Analyse, be packaged into the own communications protocol of ferry-boat first, write the first memory cell.Logic circuit is responsible for cutoff process device and arbitration mould
Contact between block 2, and notifier processes device fetches the data in the first memory cell, and data are carried out with authentication, verification, solution
Close, protocal analysis, the own communications protocol of ferry-boat second is packaged into, Intranet processing module 4 is transferred to by pci bus.
Two processes are related to the control logic of the first memory cell and the second memory cell in ferry-boat module 3.At outer net
Reason module 1 can only write data into the first memory cell and can only read data from the second memory cell.Intranet handles mould
Block 4 can only write data into the second memory cell and can only read data from the first memory cell.Two memory modules are only
An action, or " reading " or " writing " can be performed simultaneously, by also or logic control.
Intranet processing module 4 is responsible for receiving the data that ferry-boat module 3 is transmitted, and carries out authentication, verification, decryption, association
View is analyzed, is packaged into standard communication protocol, and is transferred to Intranet.
The workflow of the present invention is divided into two parts:
Respectively agreement is peeled off and flow chart of data processing and protocol encapsulation and data transfer flow.Data are out of outer net flow direction
Net needs to peel off and agreement process of reconstruction into excessively multiple agreement.Asked when Intranet processing module 4 or outer net processing module 1 receive to access
After asking, terminated TCP/IP connections first, it is ensured that the system will not be directed through by ICP/IP protocol.After cut-out connection, intranet and extranet
First time agreement stripping and security inspection can be carried out to data, verify its legitimacy.After inspection, outer net processing module 1
Data can be formatted, the legal effective information in data be Resealed into the first own communications protocol form, and lead to
Cross pci bus and read in arbitration modules 2.The initial data that 2 pairs of arbitration modules are received carries out data processing, and passes through application layer
Filtering inspection, while carrying out killing to malicious codes such as viruses, and Reseal into the first own communications protocol, and pass through
Pci bus write-in ferry-boat module 3.In module 3 of ferrying data are carried out with agreement stripping twice, safety inspection, agreement reconstruction.First
It is secondary to occur after cut-out and outer net are contacted, before write storage unit.Second of generation is after memory cell is read, transmission
Before Intranet processing module 4.The stripping of last time agreement and safety inspection are carried out in Intranet processing module 4, passes through post package
Into standard industry Control network protocols form, and ICP/IP protocol form is further packaged into, is sent to Intranet.
Although the present invention is disclosed as above with preferred embodiment, it is not for limiting the present invention, any this area
Technical staff without departing from the spirit and scope of the present invention, may be by the methods and techniques content of the disclosure above to this hair
Bright technical scheme makes possible variation and modification, therefore, every content without departing from technical solution of the present invention, according to the present invention
Any simple modifications, equivalents, and modifications made to above example of technical spirit, belong to technical solution of the present invention
Protection domain.
Claims (7)
1. a kind of intranet and extranet data unidirectional transmission method, it is characterised in that comprise the following steps:
Outer network data is received, external network data carries out data processing, is reduced into initial data, according to the first own communications protocol pair
The initial data is packaged, and builds the own communications protocol passage in inside first, and the initial data after encapsulation is led to
The described first own communications protocol passage is crossed to be exported;
Data processing is carried out to the initial data received, and by the filtering inspection of application layer, while to virus etc.
Malicious code carries out killing and obtains secure data, and the safe number is packaged according to the first own communications protocol, and builds
The own communications protocol passage in inside first, the secure data after encapsulation is entered by the described first own communications protocol passage
Row output;
The secure data received is transmitted using ferry-boat mode;
After the secure data is received, data processing is carried out, the secure data is packaged according to standard communication protocol,
And internal standard communication association passage is built, assist passage to send to interior by the standard traffic secure data after encapsulation
Net.
2. intranet and extranet data unidirectional transmission method according to claim 1, it is characterised in that the data processing include with
Lower step:
External network data carries out authentication;
After certification is errorless, external network data is unsealed, agreement is peeled off, verified, encrypted;
By in the relevant information write-in tables of data of data processing.
3. intranet and extranet data unidirectional transmission method according to claim 1, it is characterised in that the ferry-boat mode include with
Lower step:
The secure data, data table information and physical link are proofreaded, by it is rear to the secure data according to
One own communications protocol form is unsealed, and solution is honored as a queen and the data unlocked are decrypted, and obtains the secure data, output
To database;
Switch the secure data in physical link, reading database, be encrypted, according to the second own communications protocol to institute
State secure data to be packaged, and build the own communications protocol passage in inside second, the secure data after encapsulation is passed through
Described second own communications protocol passage is exported.
4. intranet and extranet data unidirectional transmission method according to claim 3, it is characterised in that the physical link, including
The outer network data exports the secure data into the link and reading database of database to hair to the secure data
Deliver to the link of Intranet.
5. a kind of intranet and extranet data unidirectional transmission system, it is characterised in that including:
Outer net processing module, for receiving outer network data, external network data carries out data processing, is reduced into initial data, according to
First own communications protocol is packaged to the initial data, and builds the own communications protocol passage in inside first, will be encapsulated
The initial data afterwards is exported by the described first own communications protocol passage;
Arbitration modules, for carrying out data processing to the initial data received, and by the filtering inspection of application layer,
Killing is carried out to malicious codes such as viruses simultaneously and obtains secure data, the safe number is carried out according to the first own communications protocol
Encapsulation, and the own communications protocol passage in inside first is built, the secure data after encapsulation is own logical by described first
News protocol channel is exported;
Ferry-boat module, is transmitted the secure data received using ferry-boat mode;
Intranet processing module, after the secure data is received, carries out data processing, according to standard communication protocol to the safety
Data are packaged, and build internal standard communication association passage, and the secure data after encapsulation is passed through into the standard traffic
Association's passage is sent to Intranet.
6. intranet and extranet data unidirectional transmission system according to claim 5, it is characterised in that the outer net processing module and
Intranet module is additionally operable to:
External network data carries out authentication;
After certification is errorless, external network data is unsealed, agreement is peeled off, verified, encrypted;
By in the relevant information write-in tables of data of data processing.
7. intranet and extranet data unidirectional transmission system according to claim 5, it is characterised in that the ferry-boat module is also used
In:
The secure data, data table information and physical link are proofreaded, by it is rear to the secure data according to
One own communications protocol form is unsealed, and solution is honored as a queen and the data unlocked are decrypted, and obtains the secure data, output
To database;
Switch the secure data in physical link, reading database, be encrypted, according to the second own communications protocol to institute
State secure data to be packaged, and build the own communications protocol passage in inside second, the secure data after encapsulation is passed through
Described second own communications protocol passage is exported.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710209673.1A CN107070907A (en) | 2017-03-31 | 2017-03-31 | Intranet and extranet data unidirectional transmission method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710209673.1A CN107070907A (en) | 2017-03-31 | 2017-03-31 | Intranet and extranet data unidirectional transmission method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107070907A true CN107070907A (en) | 2017-08-18 |
Family
ID=59602820
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710209673.1A Pending CN107070907A (en) | 2017-03-31 | 2017-03-31 | Intranet and extranet data unidirectional transmission method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107070907A (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107948209A (en) * | 2018-01-05 | 2018-04-20 | 宝牧科技(天津)有限公司 | A kind of network security partition method and device |
CN111131154A (en) * | 2019-11-19 | 2020-05-08 | 北京国铁盛阳技术有限公司 | Network management data ferrying method and system, storage medium and computer equipment |
CN111385280A (en) * | 2018-12-29 | 2020-07-07 | 方正国际软件(北京)有限公司 | Data transmission system and method and data ferry subsystem |
CN111711615A (en) * | 2020-05-29 | 2020-09-25 | 成都金隼智安科技有限公司 | Knowledge base information synchronization system and method for edge security computing node |
CN113411335A (en) * | 2021-06-18 | 2021-09-17 | 滁州学院 | Network security monitoring system based on big data |
CN114095184A (en) * | 2020-07-15 | 2022-02-25 | 中国航发上海商用航空发动机制造有限责任公司 | Data transmission system and transmission method thereof |
CN114520745A (en) * | 2022-04-15 | 2022-05-20 | 北京全路通信信号研究设计院集团有限公司 | Method and system for controlling read-write permission to realize data safety ferry and electronic equipment |
WO2022174509A1 (en) * | 2021-02-17 | 2022-08-25 | 黄策 | Method for designing firewall |
CN114945029A (en) * | 2022-03-25 | 2022-08-26 | 优跑汽车技术(上海)有限公司 | Complete vehicle Ethernet network framework and vehicle-mounted communication method |
CN115277262A (en) * | 2022-09-28 | 2022-11-01 | 湖南大佳数据科技有限公司 | Unidirectional data transmission method, system, equipment and storage medium |
CN115801452A (en) * | 2023-01-30 | 2023-03-14 | 北京万维盈创科技发展有限公司 | Data acquisition instrument with network security isolation function |
CN116319094A (en) * | 2023-05-19 | 2023-06-23 | 北京安帝科技有限公司 | Data safety transmission method, computer equipment and medium based on tobacco industry |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN202231742U (en) * | 2011-09-28 | 2012-05-23 | 辽宁国兴科技有限公司 | Network isolation device |
CN103944865A (en) * | 2013-01-22 | 2014-07-23 | 横河电机株式会社 | Isolation protection system and method for executing bidirectional data packet filtering inspection |
CN104486336A (en) * | 2014-12-12 | 2015-04-01 | 冶金自动化研究设计院 | Device for safely isolating and exchanging industrial control networks |
CN105656883A (en) * | 2015-12-25 | 2016-06-08 | 冶金自动化研究设计院 | Unidirectional transmission internal and external network secure isolating gateway applicable to industrial control network |
-
2017
- 2017-03-31 CN CN201710209673.1A patent/CN107070907A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN202231742U (en) * | 2011-09-28 | 2012-05-23 | 辽宁国兴科技有限公司 | Network isolation device |
CN103944865A (en) * | 2013-01-22 | 2014-07-23 | 横河电机株式会社 | Isolation protection system and method for executing bidirectional data packet filtering inspection |
CN104486336A (en) * | 2014-12-12 | 2015-04-01 | 冶金自动化研究设计院 | Device for safely isolating and exchanging industrial control networks |
CN105656883A (en) * | 2015-12-25 | 2016-06-08 | 冶金自动化研究设计院 | Unidirectional transmission internal and external network secure isolating gateway applicable to industrial control network |
Cited By (15)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107948209A (en) * | 2018-01-05 | 2018-04-20 | 宝牧科技(天津)有限公司 | A kind of network security partition method and device |
CN111385280A (en) * | 2018-12-29 | 2020-07-07 | 方正国际软件(北京)有限公司 | Data transmission system and method and data ferry subsystem |
CN111131154A (en) * | 2019-11-19 | 2020-05-08 | 北京国铁盛阳技术有限公司 | Network management data ferrying method and system, storage medium and computer equipment |
CN111711615A (en) * | 2020-05-29 | 2020-09-25 | 成都金隼智安科技有限公司 | Knowledge base information synchronization system and method for edge security computing node |
CN114095184A (en) * | 2020-07-15 | 2022-02-25 | 中国航发上海商用航空发动机制造有限责任公司 | Data transmission system and transmission method thereof |
WO2022174509A1 (en) * | 2021-02-17 | 2022-08-25 | 黄策 | Method for designing firewall |
CN113411335B (en) * | 2021-06-18 | 2022-03-08 | 滁州学院 | Network security monitoring system based on big data |
CN113411335A (en) * | 2021-06-18 | 2021-09-17 | 滁州学院 | Network security monitoring system based on big data |
CN114945029A (en) * | 2022-03-25 | 2022-08-26 | 优跑汽车技术(上海)有限公司 | Complete vehicle Ethernet network framework and vehicle-mounted communication method |
CN114520745A (en) * | 2022-04-15 | 2022-05-20 | 北京全路通信信号研究设计院集团有限公司 | Method and system for controlling read-write permission to realize data safety ferry and electronic equipment |
CN114520745B (en) * | 2022-04-15 | 2022-08-09 | 北京全路通信信号研究设计院集团有限公司 | Method and system for controlling read-write permission to realize data safety ferry and electronic equipment |
CN115277262A (en) * | 2022-09-28 | 2022-11-01 | 湖南大佳数据科技有限公司 | Unidirectional data transmission method, system, equipment and storage medium |
CN115801452A (en) * | 2023-01-30 | 2023-03-14 | 北京万维盈创科技发展有限公司 | Data acquisition instrument with network security isolation function |
CN116319094A (en) * | 2023-05-19 | 2023-06-23 | 北京安帝科技有限公司 | Data safety transmission method, computer equipment and medium based on tobacco industry |
CN116319094B (en) * | 2023-05-19 | 2023-08-11 | 北京安帝科技有限公司 | Data safety transmission method, computer equipment and medium based on tobacco industry |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107070907A (en) | Intranet and extranet data unidirectional transmission method and system | |
CN108965215B (en) | Dynamic security method and system for multi-fusion linkage response | |
CN106941494A (en) | A kind of security isolation gateway and its application method suitable for power information acquisition system | |
CN100556031C (en) | Intelligent integrated network security device | |
CN104486336A (en) | Device for safely isolating and exchanging industrial control networks | |
CN106060003A (en) | Network boundary unidirectional isolated transmission device | |
CN110351287A (en) | A kind of mobile application security analysis method based on block chain technology | |
CN105812387A (en) | Unidirectional safe data exchange device | |
EP4163183A1 (en) | Information security protection method and apparatus | |
CN106027358A (en) | Network security management and control system for accessing social video networks to video private network | |
CN103916384A (en) | Penetration testing method for GAP isolation and exchange device | |
Chen et al. | Bookworm game: Automatic discovery of lte vulnerabilities through documentation analysis | |
CN103139058A (en) | Internet of things security access gateway | |
CN105007272A (en) | Information exchange system with safety isolation | |
CN104994094B (en) | Virtual platform safety protecting method based on virtual switch, device and system | |
CN101778099A (en) | Architecture accessing trusted network for tolerating untrusted components and access method thereof | |
EP4044546A1 (en) | Message processing method, device and apparatus as well as computer readable storage medium | |
CN109561091A (en) | A kind of network security protection system for civil air defense constructions and installations | |
CN101997700A (en) | Internet protocol version 6 (IPv6) monitoring equipment based on deep packet inspection and deep flow inspection | |
JP2002533792A (en) | Method and system for protecting the operation of a trusted internal network | |
CN116055254A (en) | Safe and trusted gateway system, control method, medium, equipment and terminal | |
CN108337219A (en) | A kind of method and storage medium of Internet of Things anti-intrusion | |
CN104539600B (en) | A kind of industry control method of realizing fireproof wall for supporting to filter IEC104 agreements | |
CN111770071A (en) | Method and device for gateway authentication of trusted device in network stealth scene | |
Groza et al. | Highly efficient authentication for CAN by identifier reallocation with ordered CMACs |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170818 |
|
RJ01 | Rejection of invention patent application after publication |