CN116471103A - Internal and external network data security exchange method, device and equipment based on boundary network - Google Patents
Internal and external network data security exchange method, device and equipment based on boundary network Download PDFInfo
- Publication number
- CN116471103A CN116471103A CN202310491947.6A CN202310491947A CN116471103A CN 116471103 A CN116471103 A CN 116471103A CN 202310491947 A CN202310491947 A CN 202310491947A CN 116471103 A CN116471103 A CN 116471103A
- Authority
- CN
- China
- Prior art keywords
- data
- network
- data transmission
- transmission
- exchange
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 44
- 230000005540 biological transmission Effects 0.000 claims abstract description 372
- 238000013524 data verification Methods 0.000 claims abstract description 18
- 239000013598 vector Substances 0.000 claims description 27
- 238000001514 detection method Methods 0.000 claims description 13
- 238000012216 screening Methods 0.000 claims description 11
- 238000011156 evaluation Methods 0.000 claims description 10
- 239000004973 liquid crystal related substance Substances 0.000 claims description 6
- 238000004806 packaging method and process Methods 0.000 claims description 6
- 230000011218 segmentation Effects 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 5
- 238000012163 sequencing technique Methods 0.000 claims description 3
- 238000004891 communication Methods 0.000 description 9
- 230000006870 function Effects 0.000 description 9
- 238000007726 management method Methods 0.000 description 9
- 238000005265 energy consumption Methods 0.000 description 8
- 230000008569 process Effects 0.000 description 7
- 238000002955 isolation Methods 0.000 description 6
- 238000010586 diagram Methods 0.000 description 5
- 238000005516 engineering process Methods 0.000 description 5
- 238000013473 artificial intelligence Methods 0.000 description 4
- 238000012545 processing Methods 0.000 description 4
- 230000002159 abnormal effect Effects 0.000 description 3
- 230000000903 blocking effect Effects 0.000 description 2
- 238000013480 data collection Methods 0.000 description 2
- 239000011159 matrix material Substances 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 230000002093 peripheral effect Effects 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000018109 developmental process Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000000802 evaporation-induced self-assembly Methods 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 230000000007 visual effect Effects 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L45/00—Routing or path finding of packets in data switching networks
- H04L45/12—Shortest path evaluation
- H04L45/124—Shortest path evaluation using a combination of metrics
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/70—Reducing energy consumption in communication networks in wireless communication networks
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention relates to the technical field of data exchange, and discloses an internal and external network data security exchange method based on a boundary network, which comprises the following steps: performing data verification on data to be exchanged to obtain target exchange data; encrypting the target exchange data to obtain encrypted data, and writing the encrypted data into a data exchange server of a boundary network corresponding to the internal network and the external network; acquiring a data transmission node in a boundary network, calculating the transmission distance between the data transmission node and a data exchange server, and selecting an optimal transmission path according to the transmission distance; calculating the data transmission efficiency of an optimal transmission path, and adjusting the data transmission rate of the optimal transmission path; and transmitting the encrypted data to a preset terminal of the internal network or the external network according to the optimal transmission path and the data transmission rate. The invention also provides an internal and external network data security switching device based on the boundary network and electronic equipment. The invention can improve the safety of the data exchange of the internal and external networks.
Description
Technical Field
The present invention relates to the field of data exchange technologies, and in particular, to a method, an apparatus, and a device for securely exchanging data between an internal network and an external network based on a boundary network.
Background
Along with the development of network technology, informatization service has become an important component of people's life, and people's life is closely connected with the internet, and data interaction between different systems in the internet becomes mainstream, especially the information data exchange between the internal and external networks, and the internal and external network data exchange refers to the sharing needs of data resources between different internal and external networks, can share the internal and external network data through data exchange, realizes the transmission of internal and external network data.
The existing internal and external network data exchange method mainly performs data exchange by a physical isolation method, for example, performs data copying on internal and external network data to be exchanged, and performs the internal and external network data exchange by a mobile hard disk, but the mobile hard disk is easy to cause data copying errors or the data is tampered during copying, so that the internal and external network data exchange security is poor; or two network cards are installed on one host, one network card is connected with an internal network, the other network card is installed on an external network, the internal and external network data exchange is carried out through the two network cards, viruses in the network can be found, the data are comprehensively managed, but the safety of the data transmission cannot be guaranteed, and the cost of the two network cards is high. Therefore, how to improve the security of the data exchange between the internal and external networks is a problem to be solved.
Disclosure of Invention
The invention provides a method, a device and equipment for safely exchanging internal and external network data based on a boundary network, and mainly aims to solve the problem of poor safety during internal and external network data exchange.
In order to achieve the above object, the present invention provides a method for safely exchanging data between an internal network and an external network based on a boundary network, comprising:
acquiring data to be exchanged of an internal network and an external network through a preset data exchange front-end processor, and performing data verification on the data to be exchanged to obtain target exchange data;
encrypting the target exchange data to obtain encrypted data, and writing the encrypted data into a data exchange server of a boundary network corresponding to the intranet and the extranet;
acquiring a data transmission node in the boundary network, calculating a transmission distance between the data transmission node and the data exchange server, and selecting an optimal transmission path according to the transmission distance;
calculating the data transmission efficiency of the optimal transmission path, and adjusting the data transmission rate of the optimal transmission path according to the data transmission efficiency;
and transmitting the encrypted data to a preset terminal of the internal network or the external network according to the optimal transmission path and the data transmission rate.
Optionally, the encrypting the target exchange data to obtain encrypted data includes:
digitally encoding the target exchange data to obtain encoded data of the target exchange data;
calculating the data length of the encoded data, generating a key sequence according to the data length, and dividing the encoded data based on the key sequence to obtain a divided data sequence corresponding to the key sequence;
generating an encryption vector sequence corresponding to the key sequence, and calculating ciphertext of the target exchange data according to the encryption vector sequence and a segmentation data sequence corresponding to the key sequence;
generating an encryption vector sequence corresponding to the key sequence by using the following formula:
wherein P is i Represents the ith encryption vector in the encryption vector sequence, n represents the sum of the key sequences, k represents the total number of keys in the key sequences, t i Representing the t-th vector element in the i-th encryption vector;
and encrypting the key sequence by using a preset encryption algorithm to obtain an encryption key, and packaging the encryption key and the ciphertext to obtain the encrypted data of the target exchange data.
Optionally, the selecting an optimal transmission path according to the transmission distance includes:
determining the transmission range of the data transmission nodes according to the transmission distance, and calculating the number of target data transmission nodes according to the transmission range and the transmission distance;
calculating the number of target data transmission nodes by using the following formula:
wherein K represents the number of target data transmission nodes, N represents the total number of data transmission nodes, epsilon fs ,ε mp Representing preset parameters, M represents the transmission range, and d represents the average value of the transmission distance;
selecting target data transmission nodes of the target data transmission node number from the data transmission nodes by using a preset data transmission node selection rule;
and generating an optimal transmission path according to the target data transmission node.
Optionally, the selecting the target data transmission node of the target data transmission node number from the data transmission nodes by using a preset data transmission node selection rule includes:
acquiring a configuration file of the data transmission node according to the node address of the data transmission node, and extracting evaluation index information of the data transmission node from the configuration file;
Grading the data transmission nodes according to the evaluation index information, and sequencing the data transmission nodes according to the grading result to obtain a data transmission node sequence;
and selecting target data transmission nodes with the number of target transmission nodes from the data transmission node sequence.
Optionally, the calculating the data transmission efficiency of the optimal transmission path includes:
detecting a first time packet loss rate and a second time packet loss rate of the optimal transmission route by using a preset detection command, and detecting a first time network delay and a second time network delay of the optimal transmission route by using the detection command;
calculating the real-time packet loss rate of the optimal data transmission path according to the first time packet loss rate and the second time packet loss rate;
calculating the real-time packet loss rate of the optimal data transmission path by using the following formula:
L=α×L 1 +(1-α)×L 2 ,(0<<α<<1)
wherein L represents real-time packet loss rate, alpha represents preset parameter (0 < alpha < 1), L 1 Representing the first time packet loss rate, L 2 Representing a second time packet loss rate;
calculating the real-time network delay of the optimal data transmission path according to the first time network delay and the second time network delay;
And determining the data transmission efficiency of the optimal transmission path according to the real-time packet loss rate and the real-time network delay.
Optionally, the adjusting the data transmission rate of the optimal transmission path according to the data transmission efficiency includes:
determining whether the optimal transmission path is congested or not by using a preset packet loss rate parameter and the data transmission efficiency;
determining whether the optimal transmission path is congested using the following formula:
wherein L represents real-time packet loss rate, L r Representing preset packet loss rate parameters, J represents real-time network delay, J 1 Representing a second time network delay;
if the optimal transmission path is congested, reducing the data transmission rate of the optimal transmission path to a preset data transmission rate;
and if the optimal transmission path is not congested, keeping the current data transmission rate of the optimal transmission path unchanged.
Optionally, the performing data verification on the data to be exchanged to obtain target exchange data includes:
acquiring a data source of the data to be exchanged, and performing data screening on the data to be exchanged according to the data source by using a preset program white list to obtain screening data;
and checking the data format of the screening data, and obtaining target exchange data according to the checking result.
Optionally, the transmitting the encrypted data to a preset terminal of the intranet or the extranet according to the optimal transmission path and the data transmission rate includes:
packaging the target data to obtain a data packet of the target data;
and transmitting the data packet to a preset terminal through the optimal transmission path based on the data transmission rate.
In order to solve the above problems, the present invention further provides an internal and external network data security switching device based on a border network, the device comprising:
the data verification module is used for obtaining to-be-exchanged data of the internal network and the external network through a preset data exchange front-end processor, and carrying out data verification on the to-be-exchanged data to obtain target exchange data;
the data writing module is used for carrying out data encryption on the target exchange data to obtain encrypted data, and writing the encrypted data into the data exchange servers of the boundary networks corresponding to the internal network and the external network;
the optimal transmission path selection module is used for acquiring the data transmission nodes in the boundary network, calculating the transmission distance between the data transmission nodes and the data exchange server, and selecting an optimal transmission path according to the transmission distance;
The data transmission rate adjustment module is used for calculating the data transmission efficiency of the optimal transmission path and adjusting the data transmission rate of the optimal transmission path according to the data transmission efficiency;
and the data exchange module is used for transmitting the encrypted data to a preset terminal of the internal network or the external network according to the optimal transmission path and the data transmission rate.
In order to solve the above-mentioned problems, the present invention also provides an electronic apparatus including:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the above-described border-based internal and external network data security switching method.
According to the embodiment of the invention, the data to be exchanged is checked, so that abnormal data and data with illegal sources in the data to be exchanged are removed, the data interference on the data to be exchanged is avoided, and the safety of data exchange is improved; encrypting the target data to obtain encrypted data, converting the target exchange data into meaningless ciphertext, and restoring the encrypted data into plaintext only through a corresponding secret key, thereby improving the safety of the target exchange data; writing the encrypted data into a data exchange server of a boundary network corresponding to an inner network and an outer network, generating an optimal transmission path through the transmission distance between a data transmission node in the boundary network and the data exchange server, selecting the optimal transmission path with the minimum node energy consumption for data transmission, avoiding the energy exhaustion of a target data transmission node, and ensuring the safe exchange of the data of the inner network and the outer network; the data transmission rate of the optimal transmission path is adjusted, so that stable transmission of target exchange data is realized; and transmitting the encrypted data to a preset terminal of the internal network or the external network according to an optimal transmission path and data transmission rate, so as to realize safe transmission of the data of the internal network and the external network. Therefore, the internal and external network data safety exchange method and device based on the boundary network and the electronic equipment can solve the problem of poor safety during internal and external network data exchange.
Drawings
Fig. 1 is a flow chart of a method for securely exchanging data between an internal network and an external network based on a border network according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a boundary network according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating a process of calculating data transmission efficiency of an optimal transmission path according to an embodiment of the present invention;
fig. 4 is a functional block diagram of an internal and external network data security switching device based on a border network according to an embodiment of the present invention;
fig. 5 is a schematic structural diagram of an electronic device for implementing the secure exchange method of data between an internal network and an external network based on a border network according to an embodiment of the present invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The embodiment of the application provides an internal and external network data security exchange method based on a boundary network. The execution main body of the internal and external network data security exchange method based on the boundary network comprises at least one of a server, a terminal and the like which can be configured to execute the method provided by the embodiment of the application. In other words, the internal and external network data security exchanging method based on the boundary network may be performed by software or hardware installed in a terminal device or a server device, and the software may be a blockchain platform. The service end includes but is not limited to: a single server, a server cluster, a cloud server or a cloud server cluster, and the like. The server may be an independent server, or may be a cloud server that provides cloud services, cloud databases, cloud computing, cloud functions, cloud storage, network services, cloud communications, middleware services, domain name services, security services, content delivery networks (Content Delivery Network, CDN), and basic cloud computing services such as big data and artificial intelligence platforms.
Referring to fig. 1, a flow chart of a method for securely exchanging data between an internal network and an external network based on a border network according to an embodiment of the present invention is shown. In this embodiment, the method for securely exchanging data between an internal network and an external network based on a border network includes:
s1, acquiring data to be exchanged of an internal network and an external network through a preset data exchange front-end processor, and performing data verification on the data to be exchanged to obtain target exchange data.
In the embodiment of the invention, the data exchange front-end processor is software developed by an external enterprise, is used for separating an intranet from an extranet, isolating the intranet from the extranet, and connecting a computer terminal running the software to an extranet system through a special line isolation technology in the data exchange front-end processor, so as to acquire data to be exchanged to the data exchange front-end processor, wherein the data to be exchanged is data which needs to be shared with the extranet by the intranet, for example, files which need to be published such as a list, an enterprise bulletin file and the like in the intranet; and the external network needs data exchange with the internal network, for example, the internal network such as the network information of the XX enterprise, the public information of the XX personnel and the like needs data acquired in the external network, and the data sharing between the internal network and the external network is realized through the data to be exchanged.
In the embodiment of the invention, the data verification is to verify the data source of the data to be exchanged and the abnormal data in the data to be exchanged, so as to ensure the safety of the data to be exchanged in the data exchange process.
In the embodiment of the present invention, the data verification is performed on the data to be exchanged to obtain target exchange data, including:
acquiring a data source of the data to be exchanged, and performing data screening on the data to be exchanged according to the data source by using a preset program white list to obtain screening data;
and checking the data format of the screening data, and obtaining target exchange data according to the checking result.
In the embodiment of the invention, the data source of the data to be exchanged represents the process of the generation program of the data to be exchanged, the data source is checked through the preset program white list, the data exchange of illegal programs is avoided, the security of the data exchange of the internal and external networks is poor, and the embodiment of the invention can acquire the data source of the data to be exchanged through the program of the data to be exchanged.
In the embodiment of the invention, the data format of the screening data can be checked through a preset data format rule, for example, the format of a specified picture must be JPG, the format of a file must be Word or PDF and other data format rules, and the data format rule is converted into executable computer sentences so as to check the data format of the screening data. The embodiment of the invention can utilize the firewall in the boundary network to perform data verification, further ensure the data validity of the target exchange data, and further improve the security of the data exchange of the internal and external networks.
S2, data encryption is carried out on the target exchange data to obtain encrypted data, and the encrypted data is written into a data exchange server of a boundary network corresponding to the internal network and the external network.
In the embodiment of the invention, the data encryption is to convert the target exchange data into nonsensical ciphertext through the encryption key, and the receiver of the encrypted data can restore the encrypted data into plaintext only through the corresponding key, thereby improving the security of the target exchange data.
In the embodiment of the present invention, the data encryption is performed on the target exchange data to obtain encrypted data, including:
digitally encoding the target exchange data to obtain encoded data of the target exchange data;
calculating the data length of the encoded data, generating a key sequence according to the data length, and dividing the encoded data based on the key sequence to obtain a divided data sequence corresponding to the key sequence;
generating an encryption vector sequence corresponding to the key sequence, and calculating ciphertext of the target exchange data according to the encryption vector sequence and a segmentation data sequence corresponding to the key sequence;
and encrypting the key sequence by using a preset encryption algorithm to obtain an encryption key, and packaging the encryption key and the ciphertext to obtain the encrypted data of the target exchange data.
In the embodiment of the invention, the data type of the target exchange data is used for digital coding, for example, character data is used for single-hot coding, and image data is used for data coding by picture coding methods such as Huffman coding and the like, so that coded data is obtained.
In the embodiment of the invention, a string of random numbers with the data length of the encoded data is generated and used as a key sequence, meanwhile, the encoded data is segmented according to the number of the key sequence to obtain a segmented data sequence corresponding to the key sequence, an encrypted vector sequence corresponding to the key sequence is generated, and corresponding point multiplication is carried out on the encrypted vector sequence and the segmented data sequence, so that ciphertext of the target data is calculated.
In the embodiment of the invention, the encryption vector sequence corresponding to the key sequence is generated by using the following formula:
generating an encryption vector sequence corresponding to the key sequence by using the following formula:
wherein P is i Represents the ith encryption vector in the encryption vector sequence, n represents the sum of the key sequences, k represents the total number of keys in the key sequences, t i Representing the t-th vector element in the i-th encryption vector.
In the embodiment of the invention, the encryption vector sequence and the segmentation data vector sequence are subjected to corresponding point multiplication to obtain a segmentation data matrix, the segmentation data matrix is converted into row vectors and added to generate the ciphertext of the target exchange data, and the key sequence is encrypted through a preset encryption algorithm, for example, the key sequence is encrypted through an asymmetric encryption algorithm or a symmetric encryption algorithm, so that the accuracy of the encrypted data is further ensured.
In the embodiment of the invention, the process of decrypting the encrypted data is the reverse process of encryption, and the receiver of the encrypted data can only acquire the decryption key of the correct encryption key to carry out the key on the encrypted data, thereby realizing the safe exchange of the internal and external network data.
In the embodiment of the present invention, referring to fig. 2, the border network is a network mechanism that separates an internal network and an external network through a firewall, a gateway, etc., and in the embodiment of the present invention, the border network includes a route protection area, a border protection area, a security isolation area, and a security detection and management area, where the route protection area includes an application service area formed by the data exchange front end processor and the terminal computer in the above S1, and accesses a data server storing data to be exchanged through a dedicated line isolation technology in the data exchange front end processor, so as to obtain the data to be exchanged; the boundary protection area comprises a firewall and three layers of data switches, data verification is carried out through the firewall, and the switches write encrypted data into a data exchange server in the security isolation area so as to store the data; the safety isolation area comprises two data exchange servers isolated by a gateway, the data exchange servers are isolated by the gateway, so that no physical connection, logical connection and information transmission protocol of communication exist among the data exchange servers, no information exchange according to the protocol exists, and no protocol ferry is only performed in the form of a data file, therefore, the encrypted data can be further isolated by the gateway, and the safety of the encrypted data is ensured; the security detection and management area is used for completing data exchange through the switch and the database server, transmitting the encrypted data to a preset management terminal and completing the exchange of the data of the internal and external networks.
S3, acquiring a data transmission node in the boundary network, calculating the transmission distance between the data transmission node and the data exchange server, and selecting an optimal transmission path according to the transmission distance.
In the embodiment of the invention, the data node in the boundary network is the node for data transmission of the boundary network, and the encrypted data is transmitted to the destination address through the data transmission node, but the energy consumption of the data transmission node is minimum according to the distance between the data transmission node and the data exchange server due to the problems of the distribution density of the data transmission node, the energy consumption of the data transmission node and the like, so that the exchange energy consumption of the data of the internal and external networks can be reduced, and the data exchange performance of the internal and external networks is improved.
In the embodiment of the invention, the transmission distance represents the distance between the node address of each data transmission node and the network card address of the data exchange server, and each data transmission node obtains a unique node address through the network card. Each network card is solidified by a manufacturer with a globally unique media access layer (Media Access Control) address when leaving the factory, so that the Euclidean distance between the data transmission node and the data exchange server is calculated through the node address of each data transmission node and the network card address of the data exchange server, and the transmission distance between the data transmission node and the data exchange server is obtained.
In the embodiment of the present invention, the selecting an optimal transmission path according to the transmission distance includes:
determining the transmission range of the data transmission nodes according to the transmission distance, and calculating the number of target data transmission nodes according to the transmission range and the transmission distance;
selecting target data transmission nodes of the target data transmission node number from the data transmission nodes by using a preset data transmission node selection rule;
and generating an optimal transmission path according to the target data transmission node.
In the embodiment of the invention, the range enclosed by the data transmission nodes can be determined through the data distance of each data transmission node, and then the transmission range of the data transmission nodes is further determined. The number of the target data transmission nodes is used for carrying out data exchange between the internal network and the external network, and the target data transmission nodes are selected according to the number of the target data transmission nodes, so that the period of data exchange can be reduced, and the safety of data exchange is improved.
In the embodiment of the invention, the number of the target data transmission nodes is calculated by using the following formula:
wherein K represents the number of target data transmission nodes, N represents the total number of data transmission nodes, epsilon fs ,ε mp And representing a preset parameter, M represents the transmission range, and d represents the average value of the transmission distance.
In the embodiment of the invention, the data transmission node selection rule is to select the target data transmission node from the data transmission nodes according to the initial energy of each data transmission node, the data collection period, the node density around the data transmission node and other evaluation indexes, the higher the initial energy is, the higher the node density around the data transmission node is, the higher the grade rating corresponding to the data transmission node is, the larger the data collection period is, the slower the energy consumption of the node is, the higher the grade rating corresponding to the data transmission node is, and the target data transmission node is selected according to the grade evaluation result.
In the embodiment of the present invention, the selecting, by using a preset data transmission node selection rule, the target data transmission node of the target data transmission node number from the data transmission nodes includes:
acquiring a configuration file of the data transmission node according to the node address of the data transmission node, and extracting evaluation index information of the data transmission node from the configuration file;
grading the data transmission nodes according to the evaluation index information, and sequencing the data transmission nodes according to the grading result to obtain a data transmission node sequence;
And selecting target data transmission nodes with the number of target transmission nodes from the data transmission node sequence.
In the embodiment of the invention, the configuration file is a file required by the data transmission node to successfully transmit the data, wherein the information in the configuration file is configurable by a user, so that the configured initial energy, the data acquisition period and other evaluation index information can be acquired according to the configuration file, and the data transmission node is classified according to the evaluation index, for example, the higher the initial energy is, the higher the grade of the data transmission node is; the larger the data acquisition period is, the higher the grade of the data transmission nodes is, and the data transmission nodes are ordered to obtain a data transmission node sequence.
In the embodiment of the invention, the target data node with the closest transmission distance is selected as the optimal transmission path according to the transmission distance between the target data node and the data exchange server, and the optimal transmission path is the path with the minimum energy consumption of the selected node for data transmission, so that the energy consumption of the target data transmission node is avoided, the target data cannot be transmitted in time, the data loss occurs, and the safety of the data exchange of the internal and external networks is further improved.
S4, calculating the data transmission efficiency of the optimal transmission path, and adjusting the data transmission rate of the optimal transmission path according to the data transmission efficiency.
In the embodiment of the invention, the data transmission efficiency represents the blocking condition of the network during data transmission, and the network blocking can cause low data transmission efficiency and even data transmission interruption, so that the data transmission rate needs to be adjusted according to the data transmission efficiency of the optimal transmission path, the data loss in the data transmission process is avoided, and the safety of the data exchange of the internal and external networks is further improved.
In an embodiment of the present invention, referring to fig. 3, the calculating the data transmission efficiency of the optimal transmission path includes:
s31, detecting a first time packet loss rate and a second time packet loss rate of the optimal transmission route by using a preset detection command, and detecting a first time network delay and a second time network delay of the optimal transmission route by using the detection command;
s32, calculating the real-time packet loss rate of the optimal data transmission path according to the first time packet loss rate and the second time packet loss rate;
s33, calculating the real-time network delay of the optimal data transmission path according to the first time network delay and the second time network delay;
And S34, determining the data transmission efficiency of the optimal transmission path according to the real-time packet loss rate and the real-time network delay.
In the embodiment of the present invention, the detection command may be a ping (Packet Internet Groper, internet packet explorer) command, a plurality of ICMPs (Internet Control Message Protocol internet control message protocols) are sent to the optimal transmission path through the ping command, a packet loss rate is calculated according to the number of the sent detection commands and the ratio of the difference between the number of the received detection commands to the number of the sent detection commands, the probability of data loss is represented, a first time packet loss rate and a second time packet loss rate of the optimal transmission path are detected at two time points respectively, and a real-time packet loss rate of the optimal transmission path is calculated according to the first time packet loss rate and the second time packet loss rate.
In the embodiment of the invention, the real-time packet loss rate of the optimal data transmission path is calculated by using the following formula:
L=α×L 1 +(1-α)×L 2 ,(0<<α<<1)
wherein L represents real-time packet loss rate, alpha represents preset parameter (0 < alpha < 1), L 1 Representing the first time packet loss rate, L 2 And the second time packet loss rate is represented.
In the embodiment of the present invention, the network delay represents the time required for data to pass through the optimal transmission path, and when the network delay is too large, the greater the possibility of congestion in data transmission is, the real-time network delay can be calculated according to the method for calculating the real-time packet loss rate, which is not described herein. The data transmission efficiency of the optimal transmission path is determined through the network packet loss rate and the network delay, the smaller the real-time packet loss rate is, the smaller the real-time network delay is, the higher the data transmission efficiency is, and on the contrary, the larger the real-time packet loss rate is, the larger the real-time network delay is, the lower the data transmission efficiency is, and the data transmission efficiency of the optimal transmission path is determined according to the real-time packet loss rate and the real-time network delay.
In the embodiment of the present invention, the adjusting the data transmission rate of the optimal transmission path according to the data transmission efficiency includes:
determining whether the optimal transmission path is congested or not by using a preset packet loss rate parameter and the data transmission efficiency;
if the optimal transmission path is congested, reducing the data transmission rate of the optimal transmission path to a preset data transmission rate;
and if the optimal transmission path is not congested, keeping the current data transmission rate of the optimal transmission path unchanged.
In the embodiment of the invention, the following formula is utilized to determine whether the optimal transmission path is congested:
wherein L represents real-time packet loss rate, L r Representing preset packet loss rate parameters, J represents real-time network delay, J 1 Representing a second time network delay.
In the embodiment of the invention, the data transmission efficiency rate is adjusted by judging whether the optimal transmission path is congested, so that uninterrupted data exchange of the internal network and the external network can be ensured, data loss is avoided, and the safety of the data exchange is ensured.
S5, transmitting the encrypted data to a preset terminal of the internal network or the external network according to the optimal transmission path and the data transmission rate.
In the embodiment of the invention, the optimal transmission path exchanges encrypted data at the data transmission rate, and the target data is transmitted to the preset management terminals of the internal network and the external network to complete the data exchange of the internal network and the external network.
In the embodiment of the present invention, the transmitting the encrypted data to the preset terminal of the intranet or the extranet according to the optimal transmission path and the data transmission rate includes:
packaging the encrypted data to obtain a data packet of the encrypted data;
and transmitting the data packet to a preset terminal through the optimal transmission path based on the data transmission rate.
In the embodiment of the invention, the encrypted data is transmitted in the form of the data packet, the data packet is transmitted to the preset terminal by the optimal transmission path at the data transmission rate, and the exchange of the data of the internal and external networks is completed, so that the encrypted data can be continuously and completely exchanged, the data leakage or the data loss is avoided, and the safety of the data exchange of the internal and external networks is further improved.
According to the embodiment of the invention, the data to be exchanged is checked, so that abnormal data and data with illegal sources in the data to be exchanged are removed, the data interference on the data to be exchanged is avoided, and the safety of data exchange is improved; encrypting the target data to obtain encrypted data, converting the target exchange data into meaningless ciphertext, and restoring the encrypted data into plaintext only through a corresponding secret key, thereby improving the safety of the target exchange data; writing the encrypted data into a data exchange server of a boundary network corresponding to an inner network and an outer network, generating an optimal transmission path through the transmission distance between a data transmission node in the boundary network and the data exchange server, selecting the optimal transmission path with the minimum node energy consumption for data transmission, avoiding the energy exhaustion of a target data transmission node, and ensuring the safe exchange of the data of the inner network and the outer network; the data transmission rate of the optimal transmission path is adjusted, so that stable transmission of target exchange data is realized; and transmitting the encrypted data to a preset terminal of the internal network or the external network according to an optimal transmission path and data transmission rate, so as to realize safe transmission of the data of the internal network and the external network. Therefore, the internal and external network data safety exchange method based on the boundary network can solve the problem of poor safety during internal and external network data exchange.
Fig. 4 is a functional block diagram of an internal and external network data security switching device based on a border network according to an embodiment of the present invention.
The internal and external network data security switching device 400 based on the boundary network can be installed in electronic equipment. The internal and external network data security switching device 400 based on the boundary network may include a data verification module 401, a data writing module 402, an optimal transmission path selection module 403, a data transmission rate adjustment module 404, and a data switching module 405 according to the implemented functions. The module of the invention, which may also be referred to as a unit, refers to a series of computer program segments, which are stored in the memory of the electronic device, capable of being executed by the processor of the electronic device and of performing a fixed function.
In the present embodiment, the functions concerning the respective modules/units are as follows:
the data verification module 401 is configured to obtain data to be exchanged of an internal network and an external network through a preset data exchange front-end processor, and perform data verification on the data to be exchanged to obtain target exchange data;
the data writing module 402 is configured to encrypt the target exchange data to obtain encrypted data, and write the encrypted data into a data exchange server of a boundary network corresponding to the intranet and the extranet;
The optimal transmission path selection module 403 is configured to obtain a data transmission node in the boundary network, calculate a transmission distance between the data transmission node and the data exchange server, and select an optimal transmission path according to the transmission distance;
the data transmission rate adjustment module 404 is configured to calculate a data transmission efficiency of the optimal transmission path, and adjust a data transmission rate of the optimal transmission path according to the data transmission efficiency;
the data exchange module 405 is configured to transmit the encrypted data to a preset terminal of the intranet or the extranet according to the optimal transmission path and the data transmission rate.
In detail, each module in the boundary network-based internal and external network data security switching apparatus 400 in the embodiment of the present invention adopts the same technical means as the boundary network-based internal and external network data security switching method described in fig. 1 to 3, and can produce the same technical effects, which are not repeated here.
Fig. 5 is a schematic structural diagram of an electronic device for implementing a secure switching method for internal and external network data based on a border network according to an embodiment of the present invention.
The electronic device 500 may comprise a processor 501, a memory 502, a communication bus 503 and a communication interface 504, and may further comprise a computer program stored in the memory 502 and executable on the processor 501, such as a network-based intranet and extranet data security switching method program.
The processor 501 may be formed by an integrated circuit in some embodiments, for example, a single packaged integrated circuit, or may be formed by a plurality of integrated circuits packaged with the same function or different functions, including one or more central processing units (Central Processing unit, CPU), a microprocessor, a digital processing chip, a graphics processor, a combination of various control chips, and so on. The processor 501 is a Control Unit (Control Unit) of the electronic device, connects various components of the entire electronic device using various interfaces and lines, executes or executes programs or modules stored in the memory 502 (for example, executes a network-based intranet and extranet data security switching method program, etc.), and invokes data stored in the memory 502 to perform various functions of the electronic device and process data.
The memory 502 includes at least one type of readable storage medium including flash memory, a removable hard disk, a multimedia card, a card memory (e.g., SD or DX memory, etc.), magnetic memory, magnetic disk, optical disk, etc. The memory 502 may in some embodiments be an internal storage unit of the electronic device, such as a mobile hard disk of the electronic device. The memory 502 may also be an external storage device of the electronic device in other embodiments, for example, a plug-in mobile hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card) or the like. Further, the memory 502 may also include both internal storage units and external storage devices of the electronic device. The memory 502 may be used to store not only application software installed in an electronic device and various data, such as codes of an intranet and extranet data security switching method program based on a border network, but also temporarily store data that has been output or is to be output.
The communication bus 503 may be a peripheral component interconnect standard (Peripheral Component Interconnect, PCI) bus or an extended industry standard architecture (Extended Industry Standard Architecture, EISA) bus, among others. The bus may be classified as an address bus, a data bus, a control bus, etc. The bus is arranged to enable connected communication between the memory 502 and the at least one processor 501 etc.
The communication interface 504 is used for communication between the electronic device and other devices, including network interfaces and user interfaces. Optionally, the network interface may include a wired interface and/or a wireless interface (e.g., WI-FI interface, bluetooth interface, etc.), typically used to establish a communication connection between the electronic device and other electronic devices. The user interface may be a Display (Display), an input unit such as a Keyboard (Keyboard), or alternatively a standard wired interface, a wireless interface. Alternatively, in some embodiments, the display may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch, or the like. The display may also be referred to as a display screen or display unit, as appropriate, for displaying information processed in the electronic device and for displaying a visual user interface.
Only an electronic device having components is shown, and it will be understood by those skilled in the art that the structures shown in the figures do not limit the electronic device, and may include fewer or more components than shown, or may combine certain components, or a different arrangement of components.
For example, although not shown, the electronic device may further include a power source (such as a battery) for supplying power to the respective components, and preferably, the power source may be logically connected to the at least one processor 501 through a power management device, so that functions of charge management, discharge management, power consumption management, and the like are implemented through the power management device. The power supply may also include one or more of any of a direct current or alternating current power supply, recharging device, power failure detection circuit, power converter or inverter, power status indicator, etc. The electronic device may further include various sensors, bluetooth modules, wi-Fi modules, etc., which are not described herein.
It should be understood that the embodiments described are for illustrative purposes only and are not limited to this configuration in the scope of the patent application.
The internal and external network data security switching method program based on the boundary network stored in the memory 502 in the electronic device 500 is a combination of a plurality of instructions, and when running in the processor 501, it can be implemented:
acquiring data to be exchanged of an internal network and an external network through a preset data exchange front-end processor, and performing data verification on the data to be exchanged to obtain target exchange data;
Encrypting the target exchange data to obtain encrypted data, and writing the encrypted data into a data exchange server of a boundary network corresponding to the intranet and the extranet;
acquiring a data transmission node in the boundary network, calculating a transmission distance between the data transmission node and the data exchange server, and selecting an optimal transmission path according to the transmission distance;
calculating the data transmission efficiency of the optimal transmission path, and adjusting the data transmission rate of the optimal transmission path according to the data transmission efficiency;
and transmitting the encrypted data to a preset terminal of the internal network or the external network according to the optimal transmission path and the data transmission rate.
In particular, the specific implementation method of the above instruction by the processor 501 may refer to the description of the relevant steps in the corresponding embodiment of the drawings, which is not repeated herein.
Further, the modules/units integrated with the electronic device 500 may be stored in a computer readable storage medium if implemented in the form of software functional units and sold or used as a stand alone product. The computer readable storage medium may be volatile or nonvolatile. For example, the computer readable medium may include: any entity or device capable of carrying the computer program code, a recording medium, a U disk, a removable hard disk, a magnetic disk, an optical disk, a computer Memory, a Read-Only Memory (ROM).
In the several embodiments provided in the present invention, it should be understood that the disclosed apparatus, device and method may be implemented in other manners. For example, the above-described apparatus embodiments are merely illustrative, and for example, the division of the modules is merely a logical function division, and there may be other manners of division when actually implemented.
The modules described as separate components may or may not be physically separate, and components shown as modules may or may not be physical units, may be located in one place, or may be distributed over multiple network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of this embodiment.
In addition, each functional module in the embodiments of the present invention may be integrated in one processing unit, or each unit may exist alone physically, or two or more units may be integrated in one unit. The integrated units can be realized in a form of hardware or a form of hardware and a form of software functional modules.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential characteristics thereof.
The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference signs in the claims shall not be construed as limiting the claim concerned.
The embodiment of the application can acquire and process the related data based on the artificial intelligence technology. Among these, artificial intelligence (Artificial Intelligence, AI) is the theory, method, technique and application system that uses a digital computer or a digital computer-controlled machine to simulate, extend and extend human intelligence, sense the environment, acquire knowledge and use knowledge to obtain optimal results.
Furthermore, it is evident that the word "comprising" does not exclude other elements or steps, and that the singular does not exclude a plurality. A plurality of units or means recited in the system claims can also be implemented by means of software or hardware by means of one unit or means. The terms first, second, etc. are used to denote a name, but not any particular order.
Finally, it should be noted that the above-mentioned embodiments are merely for illustrating the technical solution of the present invention and not for limiting the same, and although the present invention has been described in detail with reference to the preferred embodiments, it should be understood by those skilled in the art that modifications and equivalents may be made to the technical solution of the present invention without departing from the spirit and scope of the technical solution of the present invention.
Claims (10)
1. An internal and external network data security exchange method based on a boundary network, which is characterized by comprising the following steps:
acquiring data to be exchanged of an internal network and an external network through a preset data exchange front-end processor, and performing data verification on the data to be exchanged to obtain target exchange data;
encrypting the target exchange data to obtain encrypted data, and writing the encrypted data into a data exchange server of a boundary network corresponding to the intranet and the extranet;
acquiring a data transmission node in the boundary network, calculating a transmission distance between the data transmission node and the data exchange server, and selecting an optimal transmission path according to the transmission distance;
calculating the data transmission efficiency of the optimal transmission path, and adjusting the data transmission rate of the optimal transmission path according to the data transmission efficiency;
and transmitting the encrypted data to a preset terminal of the internal network or the external network according to the optimal transmission path and the data transmission rate.
2. The method for securely exchanging data between an internal network and an external network based on a boundary network according to claim 1, wherein said encrypting the target exchanged data to obtain encrypted data comprises:
Digitally encoding the target exchange data to obtain encoded data of the target exchange data;
calculating the data length of the encoded data, generating a key sequence according to the data length, and dividing the encoded data based on the key sequence to obtain a divided data sequence corresponding to the key sequence;
generating an encryption vector sequence corresponding to the key sequence, and calculating ciphertext of the target exchange data according to the encryption vector sequence and a segmentation data sequence corresponding to the key sequence;
generating an encryption vector sequence corresponding to the key sequence by using the following formula:
wherein P is i Represents the ith encryption vector in the encryption vector sequence, n represents the sum of the key sequences, k represents the total number of keys in the key sequences, t i Representing the t-th vector element in the i-th encryption vector;
and encrypting the key sequence by using a preset encryption algorithm to obtain an encryption key, and packaging the encryption key and the ciphertext to obtain the encrypted data of the target exchange data.
3. The method for securely exchanging data between an internal network and an external network based on a border network according to claim 1, wherein selecting an optimal transmission path according to the transmission distance comprises:
Determining the transmission range of the data transmission nodes according to the transmission distance, and calculating the number of target data transmission nodes according to the transmission range and the transmission distance;
calculating the number of target data transmission nodes by using the following formula:
wherein K represents the number of target data transmission nodes, N represents the total number of data transmission nodes, epsilon fs ,ε mp Representing preset parameters, M represents the transmission range, and d represents the average value of the transmission distance;
selecting target data transmission nodes of the target data transmission node number from the data transmission nodes by using a preset data transmission node selection rule;
and generating an optimal transmission path according to the target data transmission node.
4. A method for securely exchanging data between an internal network and an external network based on a border network as claimed in claim 3, wherein said selecting a target data transmission node of said target data transmission node number from said data transmission nodes using a preset data transmission node selection rule comprises:
acquiring a configuration file of the data transmission node according to the node address of the data transmission node, and extracting evaluation index information of the data transmission node from the configuration file;
Grading the data transmission nodes according to the evaluation index information, and sequencing the data transmission nodes according to the grading result to obtain a data transmission node sequence;
and selecting target data transmission nodes with the number of target transmission nodes from the data transmission node sequence.
5. The method for securely exchanging data between an internal network and an external network based on a border network according to claim 1, wherein said calculating the data transmission efficiency of the optimal transmission path comprises:
detecting a first time packet loss rate and a second time packet loss rate of the optimal transmission route by using a preset detection command, and detecting a first time network delay and a second time network delay of the optimal transmission route by using the detection command;
calculating the real-time packet loss rate of the optimal data transmission path according to the first time packet loss rate and the second time packet loss rate;
calculating the real-time packet loss rate of the optimal data transmission path by using the following formula:
L=α×L 1 +(1-α)×L 2 ,(0<<α<<1)
wherein L represents real-time packet loss rate, alpha represents preset parameter (0 < alpha < 1), L 1 Representing the first time packet loss rate, L 2 Representing a second time packet loss rate;
calculating the real-time network delay of the optimal data transmission path according to the first time network delay and the second time network delay;
And determining the data transmission efficiency of the optimal transmission path according to the real-time packet loss rate and the real-time network delay.
6. The method for securely switching data between an internal network and an external network based on a border network as claimed in claim 1, wherein said adjusting the data transmission rate of the optimal transmission path according to the data transmission efficiency comprises:
determining whether the optimal transmission path is congested or not by using a preset packet loss rate parameter and the data transmission efficiency;
determining whether the optimal transmission path is congested using the following formula:
wherein L represents real-time packet loss rate, L r Representing preset packet loss rate parameters, J represents real-time network delay, J 1 Representing a second time network delay;
if the optimal transmission path is congested, reducing the data transmission rate of the optimal transmission path to a preset data transmission rate;
and if the optimal transmission path is not congested, keeping the current data transmission rate of the optimal transmission path unchanged.
7. The method for securely exchanging data between an internal network and an external network based on a boundary network according to claim 1, wherein the performing data verification on the data to be exchanged to obtain target exchange data comprises:
Acquiring a data source of the data to be exchanged, and performing data screening on the data to be exchanged according to the data source by using a preset program white list to obtain screening data;
and checking the data format of the screening data, and obtaining target exchange data according to the checking result.
8. The method for securely exchanging data between an internal network and an external network based on a border network as claimed in claim 1, wherein said transmitting the encrypted data to a preset terminal of the internal network or the external network according to the optimal transmission path and the data transmission rate comprises:
packaging the target data to obtain a data packet of the target data;
and transmitting the data packet to a preset terminal through the optimal transmission path based on the data transmission rate.
9. An internal and external network data security switching device based on a boundary network, the device comprising:
the data verification module is used for obtaining to-be-exchanged data of the internal network and the external network through a preset data exchange front-end processor, and carrying out data verification on the to-be-exchanged data to obtain target exchange data;
the data writing module is used for carrying out data encryption on the target exchange data to obtain encrypted data, and writing the encrypted data into the data exchange servers of the boundary networks corresponding to the internal network and the external network;
The optimal transmission path selection module is used for acquiring the data transmission nodes in the boundary network, calculating the transmission distance between the data transmission nodes and the data exchange server, and selecting an optimal transmission path according to the transmission distance;
the data transmission rate adjustment module is used for calculating the data transmission efficiency of the optimal transmission path and adjusting the data transmission rate of the optimal transmission path according to the data transmission efficiency;
and the data exchange module is used for transmitting the encrypted data to a preset terminal of the internal network or the external network according to the optimal transmission path and the data transmission rate.
10. An electronic device, the electronic device comprising:
at least one processor; the method comprises the steps of,
a memory communicatively coupled to the at least one processor; wherein, the liquid crystal display device comprises a liquid crystal display device,
the memory stores a computer program executable by the at least one processor to enable the at least one processor to perform the border network-based intranet data security exchange method of any one of claims 1 to 8.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310491947.6A CN116471103B (en) | 2023-05-04 | 2023-05-04 | Internal and external network data security exchange method, device and equipment based on boundary network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310491947.6A CN116471103B (en) | 2023-05-04 | 2023-05-04 | Internal and external network data security exchange method, device and equipment based on boundary network |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN116471103A true CN116471103A (en) | 2023-07-21 |
| CN116471103B CN116471103B (en) | 2023-09-22 |
Family
ID=87184267
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310491947.6A Active CN116471103B (en) | 2023-05-04 | 2023-05-04 | Internal and external network data security exchange method, device and equipment based on boundary network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116471103B (en) |
Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090222535A1 (en) * | 2006-05-30 | 2009-09-03 | Haisheng Ni | Internet Access Server for Isolating the Internal Network from the External Network and A Process Method thereof |
| CN102685119A (en) * | 2012-04-28 | 2012-09-19 | 上海杰之能信息科技有限公司 | Data transmitting/receiving method, data transmitting/receiving device, transmission method, transmission system and server |
| CN104363221A (en) * | 2014-11-10 | 2015-02-18 | 青岛微智慧信息有限公司 | Network safety isolation file transmission control method |
| CN104486336A (en) * | 2014-12-12 | 2015-04-01 | 冶金自动化研究设计院 | Device for safely isolating and exchanging industrial control networks |
| CN104767752A (en) * | 2015-04-07 | 2015-07-08 | 西安汇景倬元信息技术有限公司 | Distributed network isolating system and method |
| CN105871902A (en) * | 2016-05-25 | 2016-08-17 | 安徽问天量子科技股份有限公司 | Data encryption and isolation system |
| CN108551464A (en) * | 2018-03-08 | 2018-09-18 | 网宿科技股份有限公司 | A kind of connection foundation of mixed cloud, data transmission method, device and system |
| CN110730170A (en) * | 2019-10-10 | 2020-01-24 | 山东超越数控电子股份有限公司 | Internal and external network isolation method and system |
| CN111343093A (en) * | 2020-02-28 | 2020-06-26 | 腾讯科技(深圳)有限公司 | Service data transmission method and device |
| CN113382012A (en) * | 2021-06-18 | 2021-09-10 | 广州中爆数字信息科技股份有限公司 | Internal and external network data exchange method, device, equipment and storage medium |
| CN113704781A (en) * | 2021-07-23 | 2021-11-26 | 平安银行股份有限公司 | File secure transmission method and device, electronic equipment and computer storage medium |
| CN113746900A (en) * | 2021-08-02 | 2021-12-03 | 南方电网深圳数字电网研究院有限公司 | Intranet and extranet data transmission method, electronic device and computer readable storage medium |
| CN114095184A (en) * | 2020-07-15 | 2022-02-25 | 中国航发上海商用航空发动机制造有限责任公司 | Data transmission system and transmission method thereof |
| CN116055415A (en) * | 2023-01-10 | 2023-05-02 | 中国联合网络通信集团有限公司 | Data packet transmission control method and device |
-
2023
- 2023-05-04 CN CN202310491947.6A patent/CN116471103B/en active Active
Patent Citations (14)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20090222535A1 (en) * | 2006-05-30 | 2009-09-03 | Haisheng Ni | Internet Access Server for Isolating the Internal Network from the External Network and A Process Method thereof |
| CN102685119A (en) * | 2012-04-28 | 2012-09-19 | 上海杰之能信息科技有限公司 | Data transmitting/receiving method, data transmitting/receiving device, transmission method, transmission system and server |
| CN104363221A (en) * | 2014-11-10 | 2015-02-18 | 青岛微智慧信息有限公司 | Network safety isolation file transmission control method |
| CN104486336A (en) * | 2014-12-12 | 2015-04-01 | 冶金自动化研究设计院 | Device for safely isolating and exchanging industrial control networks |
| CN104767752A (en) * | 2015-04-07 | 2015-07-08 | 西安汇景倬元信息技术有限公司 | Distributed network isolating system and method |
| CN105871902A (en) * | 2016-05-25 | 2016-08-17 | 安徽问天量子科技股份有限公司 | Data encryption and isolation system |
| CN108551464A (en) * | 2018-03-08 | 2018-09-18 | 网宿科技股份有限公司 | A kind of connection foundation of mixed cloud, data transmission method, device and system |
| CN110730170A (en) * | 2019-10-10 | 2020-01-24 | 山东超越数控电子股份有限公司 | Internal and external network isolation method and system |
| CN111343093A (en) * | 2020-02-28 | 2020-06-26 | 腾讯科技(深圳)有限公司 | Service data transmission method and device |
| CN114095184A (en) * | 2020-07-15 | 2022-02-25 | 中国航发上海商用航空发动机制造有限责任公司 | Data transmission system and transmission method thereof |
| CN113382012A (en) * | 2021-06-18 | 2021-09-10 | 广州中爆数字信息科技股份有限公司 | Internal and external network data exchange method, device, equipment and storage medium |
| CN113704781A (en) * | 2021-07-23 | 2021-11-26 | 平安银行股份有限公司 | File secure transmission method and device, electronic equipment and computer storage medium |
| CN113746900A (en) * | 2021-08-02 | 2021-12-03 | 南方电网深圳数字电网研究院有限公司 | Intranet and extranet data transmission method, electronic device and computer readable storage medium |
| CN116055415A (en) * | 2023-01-10 | 2023-05-02 | 中国联合网络通信集团有限公司 | Data packet transmission control method and device |
Also Published As
| Publication number | Publication date |
|---|---|
| CN116471103B (en) | 2023-09-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| JP2549220B2 (en) | Method and apparatus for correlating report messages | |
| CN108600163B (en) | Cloud environment distributed hash chain architecture and cloud data integrity verification method | |
| CN112150141A (en) | Block chain consensus method, device and system | |
| CN110290522B (en) | Risk identification method and device for mobile equipment and computer system | |
| US11575515B2 (en) | Post-quantum secure remote attestation for autonomous systems | |
| CN113704781B (en) | File secure transmission method and device, electronic equipment and computer storage medium | |
| CN114124502B (en) | Message transmission method, device, equipment and medium | |
| CN113822675A (en) | Block chain based message processing method, device, equipment and storage medium | |
| CN115795517B (en) | Asset data storage method and device | |
| CN113452527A (en) | Robust state synchronization for stateful hash-based signatures | |
| CN114154174A (en) | State synchronization for post-quantum signature facilities | |
| CN111246407B (en) | Data encryption and decryption method and device for short message transmission | |
| CN113722419A (en) | Harassment mark data processing method, harassment mark data processing device, electronic equipment and medium | |
| CN116471103B (en) | Internal and external network data security exchange method, device and equipment based on boundary network | |
| CN105933303B (en) | A kind of detection method and device that file is distorted | |
| CN110570309A (en) | Method and system for replacing leader of blockchain network | |
| CN113452783B (en) | Digital PAAS open platform system of block chain cloud architecture and implementation method | |
| CN113918517A (en) | Multi-type file centralized management method, device, equipment and storage medium | |
| WO2022121183A1 (en) | Text model training method, recognition method, apparatus, device and storage medium | |
| CN111949738A (en) | Block chain-based data storage deduplication method, terminal device and storage medium | |
| CN115941352B (en) | Information security interaction method and device based on big data, electronic equipment and storage medium | |
| CN111585764A (en) | System for block chain on terminal equipment data | |
| CN116418580B (en) | Data integrity protection detection method and device for local area network and electronic equipment | |
| CN117009951B (en) | Method, device, equipment and medium for dispatching equipment cluster based on instruction encryption | |
| CN113032168B (en) | Data transmission rate dynamic adjustment method and device, electronic equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |