CN111740993A - Internal and external network safety data exchange method - Google Patents
Internal and external network safety data exchange method Download PDFInfo
- Publication number
- CN111740993A CN111740993A CN202010570392.0A CN202010570392A CN111740993A CN 111740993 A CN111740993 A CN 111740993A CN 202010570392 A CN202010570392 A CN 202010570392A CN 111740993 A CN111740993 A CN 111740993A
- Authority
- CN
- China
- Prior art keywords
- management area
- data exchange
- internal
- platform management
- external network
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
- H04L63/0442—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/06—Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/50—Network services
- H04L67/55—Push-based network services
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses an internal and external network safety data exchange method, which comprises an internal and external network safety data exchange platform, wherein the internal and external network safety data exchange platform carries out unified user authentication and unified routing management through an API interface based on data transmission of a big data middle station, the internal and external network safety data exchange platform comprises an internal network platform management area and an external network platform management area, data exchange is carried out between the internal network platform management area and the external network platform management area through a safety network gate, the internal and external network safety data exchange method is convenient for supporting interactive access through the external network platform management area and the internal network platform management area, a file exchange server and a safety authentication server in the internal and external network safety data exchange platform, the internal and external network safety data exchange method has reasonable overall system configuration and lower maintenance and management cost, and carries out unified user authentication and unified routing management through the API interface based on data transmission of the big data middle station, and the intelligent service analysis is convenient to realize.
Description
Technical Field
The invention relates to the technical field of data exchange, in particular to a secure data exchange method for an internal network and an external network.
Background
The State Council 7.2018 has issued guidance for accelerating the promotion of the construction of the nationwide integrated online government service platform (hereinafter referred to as guidance), which requires promotion of government governance modernization, improvement of government service level, convenience of the masses in conducting business, and further excitation of market vitality and social creativity. According to the 'guide opinion' requirement of a state institute, the policies require that each department takes a window of acceptance and integration services as a main holder and deep 'Internet + government affairs services' as a support, and comprehensively pushes examination and approval services 'immediate handling, online handling, nearby handling and one-time handling'. Because electronic government affair service data are often stored in a government affair internal network, the government affair internal network and the internet need to be physically isolated due to the safety of the government affair internal network, so that various threats from the internet are avoided, and for this reason, government departments in various regions need to build devices such as a network gate to perform the safe exchange of internal and external network data. As a physical security device, the high security offered by the security gatekeeper is obvious, but due to its characteristics in terms of operating principle, it is inevitably decided that the security gatekeeper has some drawbacks: 1. only static file exchange is supported, and interactive access is not supported; 2. the system configuration is complex, and the maintenance and management cost is high; 3. only the data ferry of the internal network and the external network is concerned, and the refined and intelligent service analysis cannot be realized.
Disclosure of Invention
The technical problem to be solved by the invention is to overcome the existing defects, and provide a method for exchanging internal and external network security data, which is convenient for interactive access, reasonable in system configuration, low in maintenance and management cost, convenient for realizing refined and intelligent service analysis, and capable of effectively solving the problems in the background technology.
In order to achieve the purpose, the invention provides the following technical scheme: a method for exchanging internal and external network safety data comprises an internal and external network safety data exchange platform, wherein the internal and external network safety data exchange platform carries out unified user authentication and unified routing management through an API (application program interface) based on data transmission of a big data middlebox, the internal and external network safety data exchange platform comprises an internal network platform management area and an external network platform management area, and data exchange is carried out between the internal network platform management area and the external network platform management area through a safety network gate;
the intranet platform management area comprises a data exchange server for data exchange and a security authentication server for security audit, the intranet platform management area is connected with other application servers A through the API interface and the FTP server for data transmission, the data transmission is carried out between the other application servers A and the intranet platform management area through the FTP, and the data transmission between the other application servers A and the intranet platform management area needs to be subjected to security authentication of the security authentication server;
the data transmission mode of the outer network platform management area is the same as that of the inner network platform management area, the outer network platform management area is connected with other application servers B for data transmission through the API interface and the FTP server, and the data transmission of the other application servers B and the outer network platform management area needs to be subjected to security authentication of a security authentication server.
As a preferred technical solution of the present invention, an MQ mechanism is adopted for data scheduling between the intranet platform management region and the extranet platform management region, and the MQ mechanism is used for the data transmission under the condition of high concurrency.
As a preferred technical scheme of the invention, the data transmission adopts the security protection of an elliptic curve encryption algorithm and a TLS protocol in the whole process.
As a preferred technical scheme of the invention, the internal and external network security data exchange is based on a big data platform.
As a preferred technical solution of the present invention, a plurality of data exchange servers are disposed in both the intranet platform management area and the extranet platform management area.
As a preferred technical solution of the present invention, the data exchange of the intranet and extranet secure data exchange platform includes json and xml data formats.
Compared with the prior art, the invention has the beneficial effects that: 1. the interactive access is conveniently supported through an outer network platform management area and an inner network platform management area in the inner and outer network safety data exchange platform, a file exchange server and a safety authentication server; 2. the internal and external network safety data exchange method has reasonable overall system configuration and lower maintenance and management cost; 3. unified user authentication and unified routing management are carried out through an API (application programming interface) based on data transmission of a big data center station, and fine and intelligent service analysis is convenient to realize.
Drawings
FIG. 1 is a schematic block diagram of a secure data exchange method for internal and external networks according to the present invention;
fig. 2 is a flowchart of a secure data exchange method between an internal network and an external network according to the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1-2, the present invention provides a technical solution: a secure data exchange method for an internal network and an external network comprises an internal network and external network secure data exchange platform, wherein the internal network and external network secure data exchange platform carries out unified user authentication and unified routing management through an API (application program interface) based on data transmission of a big data middlebox, the internal network and external network secure data exchange platform comprises an internal network platform management area and an external network platform management area, and data exchange is carried out between the internal network platform management area and the external network platform management area through a secure gatekeeper;
the intranet platform management area comprises a data exchange server for data exchange and a security authentication server for security audit, the intranet platform management area is connected with other application servers A through API (application programming interface) interfaces and FTP (file transfer protocol) servers for data transmission, data transmission is carried out between the other application servers A and the intranet platform management area through FTP, and the data transmission between the other application servers A and the intranet platform management area needs to be subjected to security authentication of the security authentication server;
the data transmission mode of the outer network platform management area is the same as that of the inner network platform management area, the outer network platform management area is connected with other application servers B for data transmission through API interfaces and FTP servers, and the data transmission of the other application servers B and the outer network platform management area needs to be subjected to security authentication of the security authentication server.
Data scheduling between the intranet platform management area and the extranet platform management area adopts an MQ mechanism, the MQ mechanism is used for data transmission under the condition of high concurrency, the whole process of data transmission adopts safety protection of an elliptic curve encryption algorithm and a TLS protocol, the intranet and extranet safety data exchange is based on a big data platform, a plurality of data exchange servers are arranged in the intranet platform management area and the extranet platform management area, and the data exchange of the intranet and extranet safety data exchange platform comprises data formats of json and xm 1.
When in use: an intranet platform management area and an extranet platform management area are established at two ends of a security gateway based on a data exchange API interface of a big data middle platform, the data transmission modes of the intranet platform management area and the extranet platform management area are the same, not only static file exchange is supported between the intranet platform management area and the extranet platform management area, but also interactive access can be carried out, intranet data and extranet data and files are accessed interactively through the intranet platform management area and the extranet platform management area through the API interface, security audit is carried out through security authentication servers in the intranet platform management area and the extranet platform management area, one or more data exchange servers can be arranged in the intranet platform management area and the extranet platform management area, and data in other application servers A and other application servers B are transmitted through the API interface and an FTP server by the intranet platform management area and the extranet platform management area, the business process of the internal and external network safety data exchange method is that an internal network platform management area packages files through an interface of an internal network terminal by adopting an MA mechanism, then uploaded files are transmitted to the internal network platform management area through a network isolation middleware (such as a safety network gate), the internal network platform management area analyzes the data, the MA mechanism is adopted to upload the data to an external network terminal, the internal network terminal and the external network terminal carry out push service through Http, similarly, the external network terminal can simultaneously transmit the data to the internal network terminal by utilizing the method, the internal network terminal and the external network terminal can be computers, PADs, mobile phones and the like, the whole data transmission process between the internal network terminal and the external network terminal adopts an elliptic curve encryption algorithm and a TLS protocol to carry out safety protection, and data leakage and stealing events are prevented.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (6)
1. A secure data exchange method for internal and external networks is characterized in that: the system comprises an internal and external network safety data exchange platform, wherein the internal and external network safety data exchange platform carries out unified user authentication and unified routing management through an API (application programming interface) based on data transmission of a big data middlebox, the internal and external network safety data exchange platform comprises an internal network platform management area and an external network platform management area, and data exchange is carried out between the internal network platform management area and the external network platform management area through a safety gatekeeper;
the intranet platform management area comprises a data exchange server for data exchange and a security authentication server for security audit, the intranet platform management area is connected with other application servers A through the API interface and the FTP server for data transmission, the data transmission is carried out between the other application servers A and the intranet platform management area through the FTP, and the data transmission between the other application servers A and the intranet platform management area needs to be subjected to security authentication of the security authentication server;
the data transmission mode of the outer network platform management area is the same as that of the inner network platform management area, the outer network platform management area is connected with other application servers B for data transmission through the API interface and the FTP server, and the data transmission of the other application servers B and the outer network platform management area needs to be subjected to security authentication of a security authentication server.
2. The intranet and extranet secure data exchange method of claim 1, wherein: and data scheduling between the internal network platform management area and the external network platform management area adopts an MQ mechanism, and the MQ mechanism is used for data transmission under the condition of high concurrency.
3. The intranet and extranet secure data exchange method of claim 1, wherein: and the whole data transmission process adopts the security protection of an elliptic curve encryption algorithm and a TLS protocol.
4. The intranet and extranet secure data exchange method of claim 1, wherein: the internal and external network safety data exchange is based on a big data platform.
5. The intranet and extranet secure data exchange method of claim 1, wherein: and a plurality of data exchange servers are arranged in the intranet platform management area and the extranet platform management area.
6. The intranet and extranet secure data exchange method of claim 1, wherein: the data exchange of the internal and external network safety data exchange platform comprises json and xml data formats.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010570392.0A CN111740993A (en) | 2020-06-18 | 2020-06-18 | Internal and external network safety data exchange method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010570392.0A CN111740993A (en) | 2020-06-18 | 2020-06-18 | Internal and external network safety data exchange method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN111740993A true CN111740993A (en) | 2020-10-02 |
Family
ID=72651931
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010570392.0A Pending CN111740993A (en) | 2020-06-18 | 2020-06-18 | Internal and external network safety data exchange method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111740993A (en) |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113112356A (en) * | 2021-03-05 | 2021-07-13 | 浙江华云信息科技有限公司 | Block chain universal service system based on national network security architecture |
| CN113382012A (en) * | 2021-06-18 | 2021-09-10 | 广州中爆数字信息科技股份有限公司 | Internal and external network data exchange method, device, equipment and storage medium |
| CN113724048A (en) * | 2021-09-02 | 2021-11-30 | 国泰新点软件股份有限公司 | Expert extraction system |
| CN113965395A (en) * | 2021-10-28 | 2022-01-21 | 绿盟科技集团股份有限公司 | Method, system and device for safely accessing intranet in real time |
| CN115456101A (en) * | 2022-09-23 | 2022-12-09 | 马建家 | Data security transmission method and system based on data center station |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030081617A1 (en) * | 2000-03-10 | 2003-05-01 | Liming Network Systems Co., Ltd. | Information switching platform |
| CN104683332A (en) * | 2015-02-10 | 2015-06-03 | 杭州优稳自动化系统有限公司 | Security isolation gateway in industrial control network and security isolation method thereof |
| CN106209801A (en) * | 2016-06-28 | 2016-12-07 | 广东电网有限责任公司信息中心 | Mobile solution platform and inner-external network data safety switching plane integrated system |
| CN109685628A (en) * | 2018-12-27 | 2019-04-26 | 北京百佑科技有限公司 | Information sharing apparatus and system |
| CN110503555A (en) * | 2019-08-28 | 2019-11-26 | 中国工商银行股份有限公司 | The review method, apparatus and server of transaction data |
-
2020
- 2020-06-18 CN CN202010570392.0A patent/CN111740993A/en active Pending
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20030081617A1 (en) * | 2000-03-10 | 2003-05-01 | Liming Network Systems Co., Ltd. | Information switching platform |
| CN104683332A (en) * | 2015-02-10 | 2015-06-03 | 杭州优稳自动化系统有限公司 | Security isolation gateway in industrial control network and security isolation method thereof |
| CN106209801A (en) * | 2016-06-28 | 2016-12-07 | 广东电网有限责任公司信息中心 | Mobile solution platform and inner-external network data safety switching plane integrated system |
| CN109685628A (en) * | 2018-12-27 | 2019-04-26 | 北京百佑科技有限公司 | Information sharing apparatus and system |
| CN110503555A (en) * | 2019-08-28 | 2019-11-26 | 中国工商银行股份有限公司 | The review method, apparatus and server of transaction data |
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113112356A (en) * | 2021-03-05 | 2021-07-13 | 浙江华云信息科技有限公司 | Block chain universal service system based on national network security architecture |
| CN113112356B (en) * | 2021-03-05 | 2022-09-09 | 浙江华云信息科技有限公司 | Block chain universal service system based on national network security architecture |
| CN113382012A (en) * | 2021-06-18 | 2021-09-10 | 广州中爆数字信息科技股份有限公司 | Internal and external network data exchange method, device, equipment and storage medium |
| CN113382012B (en) * | 2021-06-18 | 2022-11-15 | 广州中爆数字信息科技股份有限公司 | Internal and external network data exchange method, device, equipment and storage medium |
| CN113724048A (en) * | 2021-09-02 | 2021-11-30 | 国泰新点软件股份有限公司 | Expert extraction system |
| CN113965395A (en) * | 2021-10-28 | 2022-01-21 | 绿盟科技集团股份有限公司 | Method, system and device for safely accessing intranet in real time |
| CN113965395B (en) * | 2021-10-28 | 2024-02-09 | 绿盟科技集团股份有限公司 | Method, system and device for safely accessing intranet in real time |
| CN115456101A (en) * | 2022-09-23 | 2022-12-09 | 马建家 | Data security transmission method and system based on data center station |
| CN115456101B (en) * | 2022-09-23 | 2023-09-12 | 上海豹云网络信息服务有限公司 | Data security transmission method and system based on data center |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN111740993A (en) | Internal and external network safety data exchange method | |
| US11061929B2 (en) | Replication of resource type and schema metadata for a multi-tenant identity cloud service | |
| US9838376B1 (en) | Microservices based multi-tenant identity and data security management cloud service | |
| US20220014421A1 (en) | Data Replication Conflict Detection and Resolution for a Multi-Tenant Identity Cloud Service | |
| JP6491774B2 (en) | Multi-tenant identity and data security management cloud service | |
| US10218705B2 (en) | Multi-tenant identity and data security management cloud service | |
| US10261836B2 (en) | Dynamic dispatching of workloads spanning heterogeneous services | |
| US10095676B2 (en) | Systems and methods for populating online applications using third party platforms | |
| Masek et al. | Implementation of true IoT vision: survey on enabling protocols and hands-on experience | |
| US20210084031A1 (en) | Multi-Tenant Identity Cloud Service with On-Premise Authentication Integration | |
| US20190149592A1 (en) | Security Tokens for a Multi-Tenant Identity and Data Security Management Cloud Service | |
| US11687378B2 (en) | Multi-tenant identity cloud service with on-premise authentication integration and bridge high availability | |
| US20200264860A1 (en) | Automated Database Upgrade for a Multi-Tenant Identity Cloud Service | |
| WO2020171902A1 (en) | Tenant replication bootstrap for a multi-tenant identity cloud service | |
| US11082419B2 (en) | System and method for cloud-based analytics | |
| CN109067728A (en) | Access control method, device, server and the storage medium of application programming interfaces | |
| US20150193774A1 (en) | System and method for fraud detection using social media | |
| US20200125542A1 (en) | Dynamic Database Schema Allocation on Tenant Onboarding for a Multi-Tenant Identity Cloud Service | |
| US20200106763A1 (en) | Gateway Device for Authentication and Authorization of Applications and/or Servers for Data Transfer Between Applications and/or Servers | |
| CN102496203A (en) | System and method using cellphones to acquire queue numbers | |
| CN110519750A (en) | Message processing method, equipment and system | |
| CN110519185A (en) | A kind of method of novel across a network data exchange | |
| CN102932269A (en) | Method and device for balancing load | |
| US11411954B1 (en) | Access control policy for proxy services | |
| CN115297164A (en) | Network proxy method, device, electronic equipment and computer readable storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20201002 |
|
| RJ01 | Rejection of invention patent application after publication |