CN107819775A - Gateway device and data transmission method - Google Patents
Gateway device and data transmission method Download PDFInfo
- Publication number
- CN107819775A CN107819775A CN201711140677.5A CN201711140677A CN107819775A CN 107819775 A CN107819775 A CN 107819775A CN 201711140677 A CN201711140677 A CN 201711140677A CN 107819775 A CN107819775 A CN 107819775A
- Authority
- CN
- China
- Prior art keywords
- file
- user terminal
- gateway device
- encryption
- control module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/06—Network architectures or network communication protocols for network security for supporting key management in a packet data network
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0863—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving passwords or one-time passwords
Abstract
The present invention provides a kind of gateway device and data transmission method, is related to Network Security Device technical field.The encrypted message that first user terminal is sent is converted to the first file by scheme provided by the invention by modular converter, encryption/decryption element in control module to the first file decryption of reception and is encrypted according to preset-key strategy, reception/transmission unit in control module receives the first file after encryption, and the first file after encryption is forwarded into corresponding second user terminal in the network.The program has blocked the first user terminal and the agreement of second user terminal to be connected, and keeps the separation of physics, realizes switching for data, is favorably improved the security of data transfer between network.
Description
Technical field
The present invention relates to Network Security Device technical field, in particular to a kind of gateway device and transmission side data
Method.
Background technology
In contemporary information systems network, the security threat that different network domains face is different.Public access network is not due to
The reasons such as security control are carried out to access terminal, security threats more more than internal network be present.But in actual applications, no
Evitable there is public access network and inter access network and need the situation of data exchange.It is being strict with " physical isolation "
Network environment in, conventional implementation is that user's industry and traffic changes data.But with exchange data volume increase and new business
The deployment of application, traditional approach can not meet modern Application demand.And realize that data are handed over by the security gateway mode such as fire wall
Change, because it realizes that Protocol layer data interacts, it is difficult to identify malicious code feature in data segment and block.Therefore how to carry
For a kind of scheme to solve the above problems with the technical problem as those skilled in the art's urgent need to resolve.
The content of the invention
In order to overcome above-mentioned deficiency of the prior art, the present invention provides a kind of gateway device and data transmission method, led to
The interaction of blocking Protocol layer data is crossed, to improve the security of data transfer, and then is solved the above problems.
To achieve these goals, the technical scheme that present pre-ferred embodiments are provided is as follows:
Present pre-ferred embodiments provide a kind of gateway device, the gateway device by network and the first user terminal and
Second user terminal communicates to connect, and the gateway device includes control module and modular converter, wherein:
The modular converter is connected with the control module, for receiving the encrypted message of the first user terminal transmission
And the message received in the first preset period of time is converted into the first file to send to the control module;
The control module includes reception/transmission unit and the encryption/decryption list being connected with the reception/transmission unit
Member;
The encryption/decryption element is used to the first file decryption of reception and be encrypted according to preset-key strategy, described
Reception/transmission unit is used to receive the first file after encryption, and the first file after encryption is forwarded to it is right in the network
The second user terminal answered.
In the preferred embodiment, above-mentioned control module also includes point being connected with the encryption/decryption element
Cut unit and assembled unit;
The cutting unit is used for according to default subfile size threshold value, is corresponding by the first file division of reception
Multiple subfiles, and multiple subfiles are sent to the encryption/decryption element, so that the encryption/decryption element is to each Ziwen
Part is decrypted and encrypted according to preset-key strategy;
The assembled unit is connected with the reception/transmission unit, for receiving each subfile after encrypting, and is combined into
The first new file is to send to the reception/transmission unit, so that new first that the reception/transmission unit would be combined into
File sends into the network corresponding second user terminal.
In the preferred embodiment, above-mentioned gateway device also includes being used for what the control module was electrically connected with
Import or the input/output module of export data message, the data message include key corresponding to first user terminal
Key information, encryption/decryption rule, first file and/or the second file of transmission corresponding to information, second user terminal
At least one of size etc..
In the preferred embodiment, above-mentioned gateway device also includes the power supply mould being connected with the control module
Block, persistently to provide electric energy for the control module, the power module includes the first power subsystem and second source unit, its
In, the second source unit is used to take over power supply when first power subsystem can not provide electric energy for the control module
Work, so that the control module is continuously in power-up state.
In the preferred embodiment, above-mentioned control module also includes the number being connected with the reception/transmission unit
According to converting unit, the Date Conversion Unit is additionally operable to be changed first file according to preset format strategy, so that
The first file after conversion is sent to corresponding second user terminal in the network by the reception/transmission unit.
In the preferred embodiment, what above-mentioned gateway device also included being connected with the control module is used for basis
Alarm signal sends the alarm module of alarm, wherein, the alarm signal includes the control module according to detecting
The first alarm signal generated during the power module power supply trouble, the control module is according to the modular converter and the control
Second alarm signal of the communication disruption generation of molding block.
Presently preferred embodiments of the present invention also provides a kind of data transmission method, applied to above-mentioned gateway device, the net
Equipment is closed to communicate to connect by network and the first user terminal and second user terminal;Methods described includes:
Receive the encrypted message of the first user terminal transmission and turn the message received in the first preset period of time
It is changed to the first file;
To first file decryption and encrypted according to preset-key strategy;
The first file after encryption is forwarded to corresponding second user terminal in the network.
In the preferred embodiment, above-mentioned the first file by after encryption be forwarded in the network corresponding to the
The step of two user terminals, including:
It is corresponding multiple subfiles by the first file division of reception according to default subfile size threshold value;
Each subfile is decrypted and encrypted according to preset-key strategy;
Each subfile after encryption is combined into the first new file, and the first new file that would be combined into is sent to institute
State corresponding second user terminal in network.
In the preferred embodiment, it is above-mentioned according to preset-key strategy to first file decryption and encrypt
Before step, methods described also includes:
Configuring cipher key strategy, using as the preset-key policy store in the gateway device, the key strategy bag
Include:
The key that the key that message is encrypted first user terminal is decrypted as the gateway device, by institute
State the key that the key for the first file that second user terminal deciphering is received is encrypted as the gateway device.
In the preferred embodiment, above-mentioned the first file by after encryption be forwarded in the network corresponding to the
The step of two user terminals, including:
First file is changed according to preset format strategy, so that the first file after conversion can be transmitted to institute
State corresponding second user terminal in network.
Compared with prior art, gateway device and data transmission method provided by the invention at least have below beneficial to effect
Fruit:The encrypted message that first user terminal is sent is converted to the first file by scheme provided by the invention by modular converter, control
Encryption/decryption element in molding block to the first file decryption of reception and is encrypted according to preset-key strategy, in control module
Reception/transmission unit receive the first file after encryption, and the first file after encryption is forwarded in the network corresponding
Second user terminal.The program has blocked the first user terminal and the agreement of second user terminal to be connected, and keeps point of physics
From realizing switching for data, be favorably improved the security of data transfer between network.
To enable the above objects, features and advantages of the present invention to become apparent, present pre-ferred embodiments cited below particularly,
And accompanying drawing appended by coordinating, it is described in detail below.
Brief description of the drawings
In order to illustrate the technical solution of the embodiments of the present invention more clearly, below by embodiment it is required use it is attached
Figure is briefly described.It should be appreciated that the following drawings illustrate only certain embodiments of the present invention, therefore it is not construed as pair
The restriction of scope, for those of ordinary skill in the art, on the premise of not paying creative work, can also be according to this
A little accompanying drawings obtain other related accompanying drawings.
Fig. 1 is that the present pre-ferred embodiments gateway device and the first user terminal that provide, second user terminal interact
Schematic diagram.
Fig. 2 is one of block diagram of gateway device that present pre-ferred embodiments provide.
Fig. 3 is the two of the block diagram for the gateway device that present pre-ferred embodiments provide.
Fig. 4 is the schematic flow sheet that present pre-ferred embodiments provide data transmission method.
Icon:The user terminals of 10- first;20- second user terminals;30- first networks;The networks of 40- second;100- gateways
Equipment;110- control modules;111- reception/transmission units;112- encryption/decryption elements;113- cutting units;114- combinations are single
Member;115- Date Conversion Units;120- modular converters;The converting units of 121- first;The converting units of 122- second;130- power supply moulds
Block;The power subsystems of 131- first;132- second source units;140- alarm modules;150- input/output modules.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is carried out clear, complete
Site preparation describes.Obviously, described embodiment is only the part of the embodiment of the present invention, rather than whole embodiments.It is logical
The component for the embodiment of the present invention being often described and illustrated herein in the accompanying drawings can be configured to arrange and design with a variety of.
Therefore, below the detailed description of the embodiments of the invention to providing in the accompanying drawings be not intended to limit it is claimed
The scope of the present invention, but be merely representative of the present invention selected embodiment.Based on embodiments of the invention, people in the art
The every other embodiment that member is obtained on the premise of creative work is not made, belongs to the scope of protection of the invention.
It should be noted that:Similar label and letter represents similar terms in following accompanying drawing, therefore, once a certain Xiang Yi
It is defined, then it further need not be defined and explained in subsequent accompanying drawing in individual accompanying drawing.In addition, term " the
One ", " second " etc. is only used for distinguishing description, and it is not intended that instruction or hint relative importance.
In the description of the invention, it is necessary to illustrate, unless otherwise clearly defined and limited, term " setting ", " phase
Even ", " connection " should be interpreted broadly, for example, it may be being fixedly connected or being detachably connected, or be integrally connected.Can
To be mechanical connection or electric connection.Can be joined directly together, can also be indirectly connected by intermediary, can be with
It is the connection of two element internals.For the ordinary skill in the art, it can understand that above-mentioned term exists with concrete condition
Concrete meaning in the present invention.
Below in conjunction with the accompanying drawings, some embodiments of the present invention are elaborated.It is following in the case where not conflicting
Feature in embodiment and embodiment can be mutually combined.
First embodiment:
Fig. 1 is refer to, Fig. 1 is the user terminal 10, second of gateway device 100 and first that present pre-ferred embodiments provide
The interaction schematic diagram of user terminal 20.In the present embodiment, the gateway device 100 can pass through network and at least one first user
Terminal 10 and at least one second user terminal 20 communicate to connect, to form data transmission system.Wherein, the network can include
The network 40 of first network 30 and second.For example, at least one first user terminal 10 passes through first network 30 and gateway device 100
Connection, at least one second user terminal 20 are connected by the second network 40 with gateway device 100.
Further, the first network 30 can be identical with the second network 40, can also be different.For example, described first
Network 30 is inside and outside, and second network 40 is outer net, or the network 40 of first network 30 and second is outer net etc., right here
The type of the network 40 of first network 30 and second is not especially limited.
In the present embodiment, if the first user terminal 10 in first network 30 is needed into the second network 40 corresponding one
Individual second user terminal 20 sends data or carries out data interaction, and the encryption data that the first user terminal 10 is sent needs to pass through net
Close equipment 100 and be converted to the data of document form, and decrypt again re-encrypted and handle, by the file after re-encrypted transmit to
Second user, and the key of re-encrypted is the key associated in advance with second user so that second user can be to re-encrypted
File afterwards is decrypted, to improve safety of the data in transmitting procedure.
It refer to one of Fig. 2, the block diagram of gateway device 100 that present pre-ferred embodiments provide.The present invention's
The gateway device 100 that preferred embodiment provides can apply to above-mentioned data transmission system.The gateway device 100 passes through network
Communicated to connect with the first user terminal 10 and second user terminal 20, with the message that is sent to the first user terminal 10 of reception or
The message that second user terminal 20 is sent is handled, by blocking the first user terminal 10 and the agreement of second user terminal 20 to connect
Connect, to realize the exchange of clear data (or file), and then improve the security of output transmission data.Wherein, the gateway device 100
Control module 110 and modular converter 120 can be included, control module 110 can include reception/transmission unit 111 and encryption/solution
Close unit 112.
In the present embodiment, modular converter 120 is connected with control module 110, is transmitted for receiving the first user terminal 10
Encrypted message and the message received in the first preset period of time is converted into the first file to send to the control module
110.First preset time period can be configured according to actual conditions, be not especially limited here.
Understandably, the first user terminal 10 can improve peace of the message in transmitting procedure by transmitting encrypted message
Quan Xing.Wherein, key of first user terminal 10 to the message encryption is configured with gateway device 100 so that gateway device 100
The message can be decrypted.
Wherein, the first user terminal 10 and second user terminal 20 are relative, that is, the modular converter 120 can be with
For receiving the encrypted message of second user transmission and the message received in the second preset period of time being converted into the second file
To send to the control module 110.Second preset time period can be identical with the first preset time period, can also be different,
Here it is not especially limited.
In the present embodiment, encryption/decryption element 112 is used for the first file decryption according to preset-key strategy to reception
And encrypt.Reception/transmission unit 111 is used to receive the first file after encryption, and the first file after encryption is forwarded into institute
State corresponding second user terminal 20 in network.
Alternatively, the preset-key strategy includes:The key that message is encrypted first user terminal 10 is as institute
The key of the decryption of gateway device 100 is stated, the second user terminal 20 is decrypted to the key of the first received file as institute
State the key of the encryption of gateway device 100.Namely the preset-key can be by encryption of the administrative staff based on the first user terminal 10
Key and the decruption key of second user terminal 20 configure to obtain.
Second user terminal 20 receives the first file encrypted through gateway device 100, because encryption key is made an appointment
The first file of reception can be decrypted for key, second user terminal 20, can also receive the first user transmission safely
Effective document, avoiding second user terminal 20, the situation of the first file decryption of reception can not occur.
Second embodiment:
Fig. 3 is refer to, is the two of the block diagram for the gateway device 100 that present pre-ferred embodiments provide.With first
The gateway device 100 for implementing to provide is compared, and the forwarding module in the gateway device 100 that second embodiment provides can include first
The converting unit 122 of converting unit 121 and second, control module 110 can also include cutting unit 113 and assembled unit 114.Its
In, in synchronization, user's end can received with only one in the first converting unit 121 and the second converting unit 122
The data sent, that is, synchronization are held, the direction of data transfer is unidirectional, to keep the separation of physics, realizes data
Switch, and then improve data transfer security.
In the present embodiment, control module 110, the first converting unit 121 and the second converting unit 122 can have with three
Same or similar hardware configuration.For example, control module 110 can set the adaptive RJ-45 ether pipes of 1 10/100/1000M
Interface, 1 RS232 management serial ports, 2 USB resource interfaces are managed, ensure that an only transmission direction is reachable in synchronization, with
Ensure the isolation of first network 30, the second network 40.First converting unit 121 or the second converting unit 122 can include 2
The adaptive RJ-45 Ethernet service interfaces of 10/100/1000M, the adaptive RJ-45 ether management interfaces of 1 10/100/1000M,
1 RS232 management serial ports, 2 USB resource interfaces.Wherein, the ether business interface is used to connect first network 30, receives the
The message of the first user terminal 10 transmission in one network 30 is simultaneously formatted as the first file with pending.
Further, control module 110, the first converting unit 121, the second converting unit 122 may each comprise processor
And the hardware such as memory, its hardware can be same model, or different model.For example, the processor is 1 Intel
CPU, the memory include the DDR3 memory grains and 4G electronic magnetic discs of 1G capacity.The processor is used for interaction data and (such as connect
The message of receipts, first file etc.) processing, the memory is used to store the first file, Password Policy etc..
Specifically, for example, the first converting unit 121 is connected with cutting unit 113, the first converting unit 121 can be used for connecing
Receive the encrypted message of the first user terminal 10 transmission and the message received in the first preset period of time is converted into the first file
To send to cutting unit 113, to carry out protocol terminations, realize that data are landed.The cutting unit 113 is used for according to default son
File size threshold value, it is corresponding multiple subfiles by the first file division of reception, and multiple subfiles is sent to described
Encryption/decryption element 112, so that the encryption/decryption element 112 is decrypted and encrypted according to preset-key strategy to each subfile.
The assembled unit 114 is connected with reception/transmission unit 111, for receiving each subfile after encrypting, and is combined into new first
File is to send to the reception/transmission unit 111, so that the first new text that the reception/transmission unit 111 would be combined into
Part sends into the network corresponding second user terminal 20.
For example default subfile size threshold value is 10MB, the first converting unit 121 receives in the first preset time period
The size for being converted into the first file is 100MB, then cutting unit 113 will be by the first file of 100MB sizes according to default
Segmentation regular partition is 10 subfiles, and each subfile size after segmentation is 10MB.Encryption/decryption element 112 will
According to preset password strategy, each subfile is decrypted and encrypted, then sent each subfile after encryption single to combination
Member 114.After assembled unit 114 receives each subfile after encryption, it is combined according to default rule of combination, forms new the
One file.Wherein, it is regular corresponding with default rule of combination to preset segmentation, for example can be will convert into according to the time sequencing of reception
The first file split, be then combined according to the time sequencing so that combination after the first file sequential with segmentation
The sequential of the first preceding file is identical.
What deserves to be explained is if the size into the first file is not default subfile size threshold value, just will last deficiency
The file of the subfile size threshold value size is as the file being individually divided.Such as if the size of the first file is 99MB, that
Cutting unit 113 will be by subfile and 9MB subfile that first file division is 9 10MB.
In another example the second converting unit 122 is connected with cutting unit 113, the second converting unit 122 can be used for receiving second
The message received in the second preset period of time is simultaneously converted to the second file to send to segmentation by the encrypted message of user's transmission
Unit 113, to carry out protocol terminations, realize that data are landed.The cutting unit 113 is used for according to default subfile size threshold
Value, it is corresponding multiple subfiles by the second file division of reception, and multiple subfiles is sent to the encryption/decryption list
Member 112, so that the encryption/decryption element 112 is decrypted and encrypted according to preset-key strategy to each subfile.The assembled unit
114 are connected with reception/transmission unit 111, for receiving each subfile after encrypting, and are combined into the second new file to send
To the reception/transmission unit 111, so that the second new file that the reception/transmission unit 111 would be combined into is sent to institute
First user terminal 10 corresponding to stating in network.
In the present embodiment, the control module 110 can also include Date Conversion Unit 115.The data conversion module
120 can be connected with reception/transmission unit 111 and assembled unit 114, for literary to first after combination according to preset format strategy
Part is changed.
For example, the destination address group of the first file after combination can be entered first file by the Date Conversion Unit 115, should
Destination address namely needs the address information of the second user terminal 20 in the second network 40 for sending.By by destination address
Group enters the first file so that it is whole that gateway device 100 can send first file into the second network 40 corresponding second user
End 20.
In the present embodiment, gateway device 100 also includes being used to import or lead with what the control module 110 was electrically connected with
Go out the input/output module 150 of data message, the data message, which includes key corresponding to first user terminal 10, to be believed
Key information, encryption/decryption rule, first file and/or the second file of transmission corresponding to breath, second user terminal 20
At least one of size etc..
In the present embodiment, the gateway device 100 can also include the input/output mould being connected with the control module 110
Block 150.The input/output module 150 is electrically connected with control module 110, for importing or exporting data message.For example, pipe
Reason person can import Password Policy as preset password strategy, can lead by input/output module 150 to gateway device 100
Go out the file record of the transmission of gateway device 100, the record includes but is not limited to size, transmission time, the source address for transmitting file
And the information such as destination address, transmission success, bust this.The input/output module 150 can include but is not limited to USB interface,
RJ-45 management and data-interface etc., are not especially limited here.
In the present embodiment, gateway device 100 can also include the power module 130 being connected with control module 110, be used for
Electric energy is persistently provided for control module 110.The power module 130 can include the first power subsystem 131 and second source unit
132, wherein, it can not be that the control module 110 carries that the second source unit 132, which is used in first power subsystem 131,
Adapter powered operation during power supply energy, so that the control module 110 is continuously in power-up state, to keep gateway device 100 to continue
Power supply.Wherein, the first power subsystem 131 and second source unit 132 can be model identical power management chip, can also
For the power management chip of different model, it is not especially limited here.
Understandably, the first power subsystem 131 and the power management chip collaborative work of second source unit 132, with reality
Existing dual power supply redundancy backup.For example, it regard power network (common civil power, such as 220 volts of alternating current or direct current etc.) as the net
Close the power supply of equipment 100, the power supply handles (such as rectification, filtering, lifting/voltage reducing by the first power subsystem 131
Deng) power supply that is used for control module 110 is formed, if the first power subsystem 131 breaks down, just by second source unit 132
Processing work of the first power subsystem of adapter 131 to the power supply.
In the present embodiment, the gateway device 100 can also include being connected alarm module 140 with the control module 110.
The alarm module 140 is used to send corresponding alarm according to alarm signal.Wherein, the alarm signal includes but is not limited to control
(for example the hardware damage of power module 130, radiating are abnormal according to when detecting 130 power supply trouble of power module for molding block 110
Cause temperature to be crossed more than threshold value, the threshold value can be configured according to actual conditions) generation the first alarm signal, control module
110 the second alarm signals generated according to the communication disruption of modular converter 120 and control module 110.For example detect that gateway is set
Hardware or software failure, file bust this, the failure of power module 130 in standby 100 etc., just generation is corresponding reports
Alert signal, so that alarm module 140 sends alarm.
Further, the alarm module 140 can be one or more indicator lamps, can be carried out by sending different colors
Alarm.The alarm module 140 can also include phonation unit, such as loudspeaker or buzzer etc., can be different by sending
Sound carries out alarm.
3rd embodiment:
Fig. 4 is refer to, is the schematic flow sheet for the data transmission method that present pre-ferred embodiments provide.The present invention provides
The gateway device 100 that can apply in above-described embodiment of data transmission method, the gateway device 100 passes through network and first
User terminal 10 and second user terminal 20 communicate to connect.This method is by blocking the first user terminal 10 and second user terminal
20 agreement connection, the separation of physics is kept, to improve the security of data transfer.Understandably, at through gateway device 100
Reason, the first user terminal 10 is only exchanging for clear data with the data transfer of second user terminal 20, that is, passes through agreement point
From data are landed to improve the security of data transfer.
Each step of data transmission method shown in Fig. 4 will be described in detail below, in present pre-ferred embodiments
In, the data transmission method may comprise steps of:
Step S210, receive the encrypted message of the first user terminal 10 transmission and be somebody's turn to do what is received in the first preset period of time
Message is converted to the first file.
In the present embodiment, step S210 can be performed by the first above-mentioned converting unit 121, and the specific content that performs can join
According to the detailed description to the first converting unit 121, repeat no more here.
Step S220, to first file decryption and encrypted according to preset-key strategy.
In the present embodiment, step S220 can be performed by above-mentioned encryption/decryption element 112, and specific execution content can
With reference to the detailed description to encryption/decryption element 112, repeat no more here.
In the present embodiment, before step S220, this method can also include:Configuring cipher key strategy, using as described
Preset-key policy store is in the gateway device 100.The key strategy includes:By first user terminal 10 to message
The key that the key being encrypted is decrypted as the gateway device 100, the second user terminal 20 is decrypted what is received
The key that the key of first file is encrypted as the gateway device 100.Specifically, the step can be by above-mentioned input/output
Module 150 performs, and specific execution content can refer to the detailed description to input/output module 150, repeat no more here.
Further, the key strategy also includes enciphering and deciphering algorithm.Such as the file that the first user terminal 10 can be received
It is encrypted/decrypts using data ciphering and deciphering (Data Encryption Algorithm, DES) algorithm, will sends to second
The file of user terminal 20 is entered using superencipherment decryption standard (Advanced Encryption Standard, AES) algorithm
Row encryption/decryption.
Step S230, the first file after encryption is forwarded to corresponding second user terminal 20 in the network.
In the present embodiment, step S230 can include:According to default subfile size threshold value, by the first text of reception
Part is divided into corresponding multiple subfiles;Each subfile is decrypted and encrypted according to preset-key strategy;By each son after encryption
File is combined into the first new file, and the first new file that would be combined into sends into the network corresponding second user
Terminal 20.
Further, step S230 can also include:First file is changed according to preset format strategy, with
Make the first file after conversion that corresponding second user terminal 20 can be transmitted into the network.Specifically, the step can be by upper
The Date Conversion Unit 115 stated performs, the specific detailed description for performing content and can refer to data conversion unit 115, here
Repeat no more.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can lead to
Hardware realization is crossed, the mode of necessary general hardware platform can also be added by software to realize, based on such understanding, this hair
Bright technical scheme can be embodied in the form of software product, and the software product can be stored in a non-volatile memories
In medium (can be CD-ROM, USB flash disk, mobile hard disk etc.), including some instructions are causing gateway device 100 to perform the present invention
Method described in each implement scene.
In summary, the present invention provides a kind of gateway device and data transmission method, by modular converter by the first user
The encrypted message that terminal is sent is converted to the first file, and the encryption/decryption element in control module is according to preset-key strategy pair
First file decryption of reception is simultaneously encrypted, and the reception/transmission unit in control module receives the first file after encryption, and will add
The first file after close is forwarded to corresponding second user terminal in network.The program has blocked the first user terminal and second to use
The agreement connection of family terminal, keeps the separation of physics, realizes switching for data, be favorably improved the peace of data transfer between network
Quan Xing.
The preferred embodiments of the present invention are the foregoing is only, are not intended to limit the invention, for the skill of this area
For art personnel, the present invention can have various modifications and variations.Within the spirit and principles of the invention, that is made any repaiies
Change, equivalent substitution, improvement etc., should be included in the scope of the protection.
Claims (10)
1. a kind of gateway device, the gateway device is communicated to connect by network and the first user terminal and second user terminal,
Characterized in that, the gateway device includes control module and modular converter, wherein:
The modular converter is connected with the control module, for receiving the encrypted message of the first user terminal transmission and inciting somebody to action
The message received in the first preset period of time is converted to the first file to send to the control module;
The control module includes reception/transmission unit and the encryption/decryption element being connected with the reception/transmission unit;
The encryption/decryption element is used to the first file decryption of reception and be encrypted according to preset-key strategy, and the reception/
Transmitting element is used to receiving the first file after encryption, and by the first file after encryption be forwarded in the network corresponding to the
Two user terminals.
2. gateway device according to claim 1, it is characterised in that the control module also includes and the encryption/solution
The cutting unit and assembled unit of close unit connection;
The cutting unit is used for according to default subfile size threshold value, is corresponding multiple by the first file division of reception
Subfile, and multiple subfiles are sent to the encryption/decryption element, so that the encryption/decryption element is to each subfile root
Decrypt and encrypt according to preset-key strategy;
The assembled unit is connected with the reception/transmission unit, for receiving each subfile after encrypting, and is combined into new
First file is to send to the reception/transmission unit, so that the first new file that the reception/transmission unit would be combined into
Send the corresponding second user terminal into the network.
3. gateway device according to claim 1, it is characterised in that the control module also includes transmitting/receiving with described connect
The Date Conversion Unit for sending unit to connect, the Date Conversion Unit are additionally operable to first file according to preset format strategy
Changed, used so that the first file after conversion is sent in the network corresponding second by the reception/transmission unit
Family terminal.
4. gateway device according to claim 1, it is characterised in that the gateway device also includes and the control module
What is be electrically connected with is used to import or export the input/output module of data message, and the data message includes first user
Key information corresponding to terminal, key information, encryption/decryption rule, first text of transmission corresponding to second user terminal
At least one of size of part and/or the second file etc..
5. gateway device according to claim 1, it is characterised in that the gateway device also includes and the control module
The power module of connection, persistently to provide electric energy for the control module, the power module includes the first power subsystem and the
Two power subsystems, wherein, the second source unit is used to not providing for the control module in first power subsystem
Adapter powered operation during electric energy, so that the control module is continuously in power-up state.
6. gateway device according to claim 5, it is characterised in that the gateway device also includes and the control module
The alarm module for being used to send alarm according to alarm signal of connection, wherein, the alarm signal includes the control mould
Root tuber turns according to the first alarm signal generated when detecting the power module power supply trouble, the control module according to described
Change the mold block and the second alarm signal of the communication disruption generation of the control module.
7. a kind of data transmission method, it is characterised in that set applied to the gateway as described in any one in claim 1-6
Standby, the gateway device is communicated to connect by network and the first user terminal and second user terminal;Methods described includes:
Receive the encrypted message of the first user terminal transmission and be converted to the message received in the first preset period of time
First file;
To first file decryption and encrypted according to preset-key strategy;
The first file after encryption is forwarded to corresponding second user terminal in the network.
8. according to the method for claim 7, it is characterised in that first file by after encryption is forwarded to the network
In corresponding second user terminal the step of, including:
It is corresponding multiple subfiles by the first file division of reception according to default subfile size threshold value;
Each subfile is decrypted and encrypted according to preset-key strategy;
Each subfile after encryption is combined into the first new file, and the first new file that would be combined into is sent to the net
Corresponding second user terminal in network.
9. according to the method for claim 7, it is characterised in that it is described according to preset-key strategy to the first file solution
It is close and the step of encrypt before, methods described also includes:
Configuring cipher key strategy, to include as the preset-key policy store in the gateway device, the key strategy:
The key that the key that message is encrypted first user terminal is decrypted as the gateway device, by described
Two user terminals decrypt the key that the key of the first received file is encrypted as the gateway device.
10. according to the method for claim 7, it is characterised in that first file by after encryption is forwarded to the net
In network the step of corresponding second user terminal, including:
First file is changed according to preset format strategy, so that the first file after conversion can be transmitted to the net
Corresponding second user terminal in network.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711140677.5A CN107819775A (en) | 2017-11-16 | 2017-11-16 | Gateway device and data transmission method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201711140677.5A CN107819775A (en) | 2017-11-16 | 2017-11-16 | Gateway device and data transmission method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN107819775A true CN107819775A (en) | 2018-03-20 |
Family
ID=61609931
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201711140677.5A Pending CN107819775A (en) | 2017-11-16 | 2017-11-16 | Gateway device and data transmission method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN107819775A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111901418A (en) * | 2020-07-28 | 2020-11-06 | 北京中科麒麟信息工程有限责任公司 | External terminal protection equipment and system based on one-way file transfer protocol |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020042875A1 (en) * | 2000-10-11 | 2002-04-11 | Jayant Shukla | Method and apparatus for end-to-end secure data communication |
| CN101155183A (en) * | 2006-09-29 | 2008-04-02 | 松下电器产业株式会社 | Method and network device for processing nest-shaped internet security protocol channel |
| CN103828414A (en) * | 2011-07-20 | 2014-05-28 | 维萨国际服务协会 | Security gateway communication |
| CN105681253A (en) * | 2014-11-18 | 2016-06-15 | 北京海尔广科数字技术有限公司 | Data encryption transmission method, equipment and gateway in centralized network |
| CN106664311A (en) * | 2014-09-10 | 2017-05-10 | 思科技术公司 | Supporting differentiated secure communications among heterogeneous electronic devices |
-
2017
- 2017-11-16 CN CN201711140677.5A patent/CN107819775A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20020042875A1 (en) * | 2000-10-11 | 2002-04-11 | Jayant Shukla | Method and apparatus for end-to-end secure data communication |
| CN101155183A (en) * | 2006-09-29 | 2008-04-02 | 松下电器产业株式会社 | Method and network device for processing nest-shaped internet security protocol channel |
| CN103828414A (en) * | 2011-07-20 | 2014-05-28 | 维萨国际服务协会 | Security gateway communication |
| CN106664311A (en) * | 2014-09-10 | 2017-05-10 | 思科技术公司 | Supporting differentiated secure communications among heterogeneous electronic devices |
| CN105681253A (en) * | 2014-11-18 | 2016-06-15 | 北京海尔广科数字技术有限公司 | Data encryption transmission method, equipment and gateway in centralized network |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111901418A (en) * | 2020-07-28 | 2020-11-06 | 北京中科麒麟信息工程有限责任公司 | External terminal protection equipment and system based on one-way file transfer protocol |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN105610706B (en) | A kind of intelligent gateway platform of internet of things oriented control system | |
| US9603012B2 (en) | Secure wireless device connection using power line messages | |
| EP3713147B1 (en) | Railway signal security encryption method and system | |
| CN109586908A (en) | A kind of safe packet transmission method and its system | |
| CN103746815B (en) | Safety communicating method and device | |
| CN105656655B (en) | A kind of network safety managing method, device and system | |
| CN114422115A (en) | Power grid data encryption transmission method, system, equipment and readable storage medium | |
| Fuloria et al. | The protection of substation communications | |
| CN104333547B (en) | A kind of method for security protection of two-way interaction intelligent electric energy meter | |
| CN205787791U (en) | Network relay and network system | |
| CN208675215U (en) | Secure communication module | |
| CN107819775A (en) | Gateway device and data transmission method | |
| CN106603499A (en) | Safety communication reconstruction method and system for power distribution terminal | |
| CN102970134B (en) | Method and system for encapsulating PKCS#7 (public-key cryptography standard #7) data by algorithm of hardware password equipment | |
| CN106899545B (en) | A kind of system and method for terminal security communication | |
| Parvez et al. | Framework for implementation of AGA 12 for secured SCADA operation in Oil and Gas Industry | |
| CN101616004B (en) | Emergency response processing method of 4A management platform | |
| CN206533391U (en) | Main website type special line encryption authentication device | |
| CN103200191B (en) | Communicator and wireless communications method | |
| CN103647654B (en) | A kind of power distribution terminal key management method based on trust computing | |
| CN113329018A (en) | Novel security isolation IPsec VPN processing architecture | |
| CN206533393U (en) | Special line encrypted authentication system | |
| CN105162253A (en) | Wireless communication system for intellectualization of primary equipment | |
| CN109361684A (en) | A kind of dynamic encrypting method and system in the tunnel VXLAN | |
| CN206533390U (en) | Transformer substation-type special line encrypts authentication device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20180320 |
|
| RJ01 | Rejection of invention patent application after publication |