CN101753553B - Safety isolating and message switching system and method - Google Patents
Safety isolating and message switching system and method Download PDFInfo
- Publication number
- CN101753553B CN101753553B CN 200810306036 CN200810306036A CN101753553B CN 101753553 B CN101753553 B CN 101753553B CN 200810306036 CN200810306036 CN 200810306036 CN 200810306036 A CN200810306036 A CN 200810306036A CN 101753553 B CN101753553 B CN 101753553B
- Authority
- CN
- China
- Prior art keywords
- data message
- module
- network driver
- sent
- driver module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Abstract
The invention relates to a safety isolating and message switching system which comprises first equipment and second equipment, wherein the first equipment is used for receiving and analyzing data messages sent by a first network, extracting useable data messages, rebuilding new data messages to be encrypted, synchronizing the encrypted data messages to the second equipment or sending the encrypted data messages synchronized by the second equipment to the first network after being decrypted; and the second equipment is used for sending encrypted data messages synchronized by the first equipment to the second network, or receiving or analyzing the data messages transmitted by the second network, extracting the useable data messages, rebuilding new data messages to be encrypted and synchronizing the encrypted data messages to the first equipment.
Description
Technical field
The present invention relates to a kind of safe isolation and Information Exchange System and method, belong to network safety filed.
Background technology
The extensive use of computer network is a revolution of current information-intensive society.The development of the network applications such as e-commerce and e-government and popularize not only brings great convenience to life, and creating great riches, global IT wave take Internet as representative is day by day deep, the application of information network technique is just day by day popularized and is extensive, application level deepens continuously, application especially from traditional, small-sized operation system gradually to large-scale, key service system expansion.
Meanwhile, computer network also is being faced with the security threat that day by day increases severely.Widely just with annual 10 times speed increment, security issues become increasingly urgent for network and information, become the major issue that affects national security, social stability and people's lives for the hacker's behavior known to the network user and attack activity.In the existing diverse network safe practice, firewall technology can solve some network security problems to a certain extent, but firewall product exists limitation.Its maximum limitation is exactly that fire compartment wall self can not guarantee whether safety of its data of permit letting pass, and can not defend the attack from inside, can not defend to walk around the attack of fire compartment wall, can not defend fully new threat.
So attacking, new OS leak and network layer emerge in an endless stream; the event of breaking through fire compartment wall, attack computer network is also more and more; therefore; develop next effective protecting network system of a more perfect Protection of Network Security system, become each network security manufacturer and user's joint demand and target.The safety isolation claims again gateway with Information Exchange System, is for a kind of a kind of equipment that uses Physical-separation Technology to realize safe information transmission between outer net and the Intranet or between different other networks of concerning security matters level, has higher security reliability.
Summary of the invention
Technical problem to be solved by this invention is to overcome the deficiencies in the prior art, and next effective protecting network system of a more perfect Protection of Network Security system is provided.
The technical scheme that the present invention solves the problems of the technologies described above is as follows: a kind of safety isolation and Information Exchange System, comprise the first equipment and the second equipment, described the first equipment is used for receiving and resolving the data message that first network sends, extract useful data message, again after setting up new data message and encrypting and the data message after will encrypting synchronously to the second equipment, perhaps will after the data message after the encryption of the second device synchronization is deciphered, be sent to first network; Described the second equipment is used for and will be sent to second network after the deciphering of the data message after the encryption of the first device synchronization, perhaps receive and resolve the data message of second network transmission, extract useful data message, after again setting up new data message and encrypting and the data message after will encrypting synchronously to the first equipment;
Described the first equipment comprises the first private network driver module, the first universal network driver module, first service module, the first system administration module, the first security strategy module, the first system log pattern and the first enciphering/deciphering module;
Described the first universal network driver module, be used for receiving the data message that first network sends, and data message is sent to the first service module, perhaps receive the data message after the deciphering that the first service module sends, and data message is sent to the first universal network driver module;
Described first service module, be used for receiving and resolving the data message that the first universal network driver module sends, abandon the data message that does not meet rule, and legal data message is sent to the first private network driver module, perhaps receive the data message after the deciphering that the first private network driver module sends;
Described the first system administration module is used for the system mode at first service module configuration the first equipment;
Described the first security strategy module is used for according to user configured policing rule, is the discernible form of system with rule process, and the data message after the first service module parses is carried out corresponding rule-based filtering;
Described the first system log pattern is used for the log information that record first service module produces;
Described the first private network driver module, be used for extracting useful data message at legal data message, again set up new data message, and new data message is sent to after the first enciphering/deciphering module encrypt synchronously to the second equipment, perhaps the data message after the second device decrypts is sent to the first service module;
Described the first enciphering/deciphering module is used for the new data message of again setting up through the first private network driver module is encrypted processing, perhaps the data message after the encryption of the second device synchronization is decrypted processing.
The invention has the beneficial effects as follows: by safety isolation and the Information Exchange System that between separate first network and second network, connects, so that do not have direct data link between first network and the second network, and can carry out the exchange of internetwork information and data; Simultaneously, after the data message in the first equipment or the second equipment is encrypted processing, be sent to again the second equipment or the first equipment is decrypted processing, further improve the fail safe of information and exchanges data between first network and the second network, fully guaranteed accuracy and reliability that information is transmitted.
Further, described the second equipment comprises the second private network driver module, the second universal network driver module, second service module, second system administration module, the second security strategy module, second system log pattern and the second enciphering/deciphering module;
Described the second universal network driver module, be used for receiving the data message that second network sends, and data message is sent to the second service module, perhaps receive the data message after the deciphering that the second service module sends, and data message is sent to the second universal network driver module;
Described second service module, be used for receiving and resolving the data message that the second universal network driver module sends, abandon the data message that does not meet rule, and legal data message is sent to the second private network driver module, perhaps receive the data message after the deciphering that the second private network driver module sends;
Described second system administration module is used for the system mode at second service module configuration the second equipment;
Described the second security strategy module is used for according to user configured policing rule, is the discernible form of system with rule process, and the data message after the second service module parses is carried out corresponding rule-based filtering;
Described second system log pattern is used for the log information that record second service module produces;
Described the second private network driver module, be used for extracting useful data message at legal data message, again set up new data message, and new data message is sent to after the second enciphering/deciphering module encrypt synchronously to the first equipment, perhaps the data message after the first device decrypts is sent to the second service module;
Described the second enciphering/deciphering module is used for the new data message of again setting up through the second private network driver module is encrypted processing, perhaps the data message after the encryption of the first device synchronization is decrypted processing.
Further, described service module comprises FTP module, HTTP module, POP3 module, SMTP module or database module.
Further, described first network is outer net, and described second network is Intranet.
On the basis of technique scheme, the present invention also provides another kind of technical scheme, and a kind of safety isolation and information switching method may further comprise the steps:
Step 1: receive and resolve the data message that first network sends, extracts useful data message, the data message after also will encrypting after again setting up new data message and encrypting is synchronous;
Step 2: will after the deciphering of the data message after the synchronous encryption, be sent to second network.
Further, described step 1 may further comprise the steps:
The first universal network driver module receives the data message that first network sends, and data message is sent to the first service module;
The first service module receives and resolves the data message that the first universal network driver module sends, and abandons the data message that does not meet rule, and legal data message is sent to the first private network driver module;
The first private network driver module extracts useful data message in legal data message, again set up new data message, and new data message is sent to the first enciphering/deciphering module; And
After the first enciphering/deciphering module is encrypted processing to the new data message of again setting up through the first private network driver module and be sent to the first private network driver module to carry out data message synchronous.
Further, described step 2 may further comprise the steps:
The second private network driver module receives through the synchronous data message of the first private network driver module, and data message is sent to the second enciphering/deciphering module;
The second enciphering/deciphering module is decrypted processing to the data message that sends through the second private network driver module, and the data message after will deciphering is sent to the second service module via the second private network driver module; And
Data message behind the second service module receiving and deciphering also is sent to second network through the second universal network driver module.
Further, described first network is outer net, and described second network is Intranet.
Description of drawings
Fig. 1 is that the present invention isolates safely the structural representation with Information Exchange System the first embodiment;
Fig. 2 is that the present invention isolates safely the structural representation with Information Exchange System the second embodiment;
Fig. 3 is that the present invention isolates safely the structural representation with Information Exchange System the 3rd embodiment;
Fig. 4 is that the present invention isolates safely the schematic flow sheet with information switching method.
Embodiment
Below in conjunction with accompanying drawing principle of the present invention and feature are described, institute gives an actual example and only is used for explaining the present invention, is not be used to limiting scope of the present invention.
Fig. 1 is that the present invention isolates safely the structural representation with Information Exchange System the first embodiment.As shown in Figure 1, this is isolated safely with Information Exchange System and comprises the first equipment 10 and the second equipment 20, and described the first equipment 10 and the second equipment 20 interconnect by data line.This is isolated safely and Information Exchange System is connected between separate first network 30 and the second network 40, so that do not have direct data link between first network 30 and the second network 40, and can carry out the exchange of internetwork information and data.Described the first equipment 10 is connected to first network 30, and described the second equipment 20 is connected to second network 40.Among the present invention, described first network 30 is outer net, described second network 40 is Intranet, described the first equipment 10 is main equipment, be responsible for receiving the data message that outer net sends, described the second equipment 20 is from equipment, and the data message that in described safety isolation and Information Exchange System the first equipment 10 is received is synchronized in the second equipment 20, makes the first equipment 10 identical with the data message of the second equipment 20.
Safety isolation in the present embodiment is passed through the promiscuous mode reception of network and is sent data message with Information Exchange System, does not set up any network connection, thereby makes this system become transparent network equipment.This system is in being linked into actual network environment the time, can not be found its in network existence and do not take Internet resources, avoid or reduced safety isolation of the present invention and attacked with Information Exchange System or invaded possibility, thereby ensured this Security of the system.Simultaneously, after this system becomes transparent network equipment, can not become the node in the network, do not need the network informations such as configuration of IP address, do not need to configure the configuration of other equipment in the former network yet, also can not take simultaneously the resource of other equipment in the former network, namely not need to change former topology of networks and network configuration.
Fig. 2 is that the present invention isolates safely the structural representation with Information Exchange System the second embodiment.As shown in Figure 2, be with Fig. 1 difference, described the first equipment 10 comprises the first universal network driver module 101, first service module 102, the first system administration module 103, the first security strategy module 104, the first system log pattern 105, the first private network driver module 106 and the first enciphering/deciphering module 107.Described the second equipment 20 comprises the second universal network driver module 201, second service module 202, second system administration module 203, the second security strategy module 204, second system log pattern 205, the second private network driver module 206 and the second enciphering/deciphering module 207.
Described the first universal network driver module 101 is responsible for receiving the data message that first network 30 sends, and data message is sent to first service module 102, perhaps receive the data message that first service module 102 sends, and data message is sent to first network 30; Described the second universal network driver module 201 is responsible for receiving the data message that second network 40 sends, and data message is sent to second service module 202, perhaps receive the data message that second service module 202 sends, and data message is sent to second network 40.Data format in described the first universal network driver module 101 and the second universal network driver module 201 is standard compliant ICP/IP protocol standard.
Described first service module 102 is the nucleus modules in the first equipment 10, be responsible for connecting the modules in the first equipment 10, behind the data message that receives 101 transmissions of the first universal network driver module, according to the filtering rule that the first security strategy module 104 arranges, the data message that will meet filtering rule is sent to the first private network driver module 106; Described second service module 202 is the nucleus modules in the second equipment 20, be responsible for connecting the modules in the second equipment 20, behind the data message that receives 201 transmissions of the second universal network driver module, according to the filtering rule that the second security strategy module 204 arranges, the data message that will meet filtering rule is sent to the second private network driver module 206.
Described the first system administration module 103 is used for the system mode of configuration the first equipment 10, such as the management of equipment state, the management of Version Control etc., itself does not participate in the processing of data message; Described second system administration module 203 is used for the system mode of configuration the second equipment 20, and such as the management of equipment state, the management of Version Control etc., itself does not participate in the processing of data message.
Described the first security strategy module 104 can be according to user configured policing rule, be the discernible form of system with rule process, be added on the first service module 102 of core, for first service module 102 provides filtering rule, such as IP filtering rule, protocol filtering rule etc.; Described the second security strategy module 204 can be according to user configured policing rule, be the discernible form of system with rule process, be added on the second service module 202 of core, for second service module 202 provides filtering rule, such as I P filtering rule, protocol filtering rule etc.
Described the first system log pattern 105 can be recorded to some daily record situations of this first equipment 10 in the process of the first equipment 10 operations; Described second system log pattern 205 can be recorded to some daily record situations of this second equipment 20 in the process of the second equipment 20 operations.
The data message communication that described the first private network driver module 106 and the second private network driver module 206 are responsible between the first equipment 10 and the second equipment 20, what all adopt is private data information communication form, respectively the data message of first service module 102 and 202 transmissions of second service module is recombinated according to private data information communication form again.This private data information communication form comprises protocol header organization definition and application data formal definition, with prior art need not, private data information communication form of the present invention has been simplified complicated protocol header structure, only keep necessary information, as destination-mac address, MAC Address, control command, encrypted instruction, data command, reservation position and verification and; In the application data formal definition, adopted simultaneously and can transmit simultaneously the application of polylith data, thereby improved the efficiency of transmission of data message.The private data information communication form that adopts among the present invention can prevent effectively that the third party from obtaining, monitoring even distorting data message in the network by improper means.
Described the first enciphering/deciphering module 107 and the second enciphering/deciphering module 207 are responsible for respectively the data message in the first equipment 10 and the second equipment 20 being encrypted and decryption processing, thereby guarantee fail safe and the integrality of the first equipment 10 and the second equipment 20 internal communications.
Fig. 3 is that the present invention isolates safely the structural representation with Information Exchange System the 3rd embodiment.As shown in Figure 3, be with Fig. 2 difference, described first service module 102 can comprise various application protocol modules, such as FTP module, HTTP module, POP3 module, SMTP module or database module; Described second service module 202 can comprise various application protocol modules, such as FTP module, HTTP module, POP3 module, SMTP module or database module.
Fig. 4 is that the present invention isolates safely the schematic flow sheet with information switching method.As shown in Figure 4, the method may further comprise the steps:
Step 50: receive and resolve the data message that first network sends, extracts useful data message, the data message after also will encrypting after again setting up new data message and encrypting is synchronous;
Step 51: will after the deciphering of the data message after the synchronous encryption, be sent to second network.
Described first network is outer net in an embodiment, second network is Intranet, the below's safety isolation shown in Figure 3 in the present embodiment is the basis with Information Exchange System, the process that data message transmits to Intranet through this system from outer net is described in detail in detail, if carry out data information transfer through this system to outer net from Intranet, then opposite to the process of Intranet transmission through this system from outer net with data message, at this Ao Shu no longer.
In the present embodiment in safety isolation and the information switching method step 50 may further comprise the steps:
Step 501: the first universal network driver module receives the data message that first network sends, and data message is sent to the first service module.
Step 502: the first service module receives and resolves the data message that the first universal network driver module sends, and abandons the data message that does not meet rule, and legal data message is sent to the first private network driver module.
Described first service module 102 is enabled different application protocol modules according to different data messages, such as the HTTP module, data message is resolved; And according to the policing rule that the first security strategy module 104 provides, carry out corresponding rule-based filtering, and as whether satisfying I P feature, whether satisfy URL feature etc., abandon the data message that does not meet rule; Produce simultaneously relevant log information and carry out record by the first system log pattern 105.
Step 503: the first private network driver module extracts useful data message in legal data message, again set up new data message, and new data message is sent to the first enciphering/deciphering module.
Described the first private network driver module 106 extracts useful data message in the legal data message that first service module 102 sends, such as data content, address, time, link information etc., the data message that these are useful is recombinated according to private data information communication form again again.
Step 504: after the first enciphering/deciphering module is encrypted processing to the new data message of again setting up through the first private network driver module and be sent to the first private network driver module to carry out data message synchronous.
The cryptographic algorithm and the encryption key that provide by the first enciphering/deciphering module 107 in the first equipment 10 are encrypted processing to the new data message of again setting up.Generate unique decruption key with the irregular time as encryption key in the present embodiment, as take the standard time as time format, namely from 0 of on January 1st, 1970 to current number of seconds, as the current time be 2008-11-27,11:30:17, the first equipment is converted to the standard time with this time, namely generate 1259379017 time character string, carry out the hash of twice MD5 algorithm, obtain one 32 character string, this is exactly the key of encryption and decryption.The first equipment 10 can send to the second equipment 20 with this key.Simultaneously, after generating this key, the second enciphering/deciphering module 207 of the second equipment 20 will be notified the first enciphering/deciphering module 107 of the first equipment 10 in safety isolation and the Information Exchange System, change cryptographic algorithm or encryption key in the first enciphering/deciphering module 107, further improve the safety letter of system data communication.
In the present embodiment in safety isolation and the information switching method step 51 may further comprise the steps:
Step 511: the second private network driver module receives through the synchronous data message of the first private network driver module, and data message is sent to the second enciphering/deciphering module.
Step 512: the second enciphering/deciphering module is decrypted processing to the data message that sends through the second private network driver module, and the data message after will deciphering is sent to the second service module via the second private network driver module.
Described the second enciphering/deciphering module 207 will be decrypted processing through the data message that the second private network driver module 206 sends first, and the data message after will deciphering is again set up again becomes the network data of standard form.
Step 513: the data message behind the second service module receiving and deciphering also is sent to second network through the second universal network driver module.
Behind the data message behind described second service module 202 receiving and decipherings, no longer enable the application protocol module in the second service module 202, namely no longer carry out protocal analysis, only in second system log pattern 205, behind the necessary log information of record, be transmitted to again the second universal network driver module 201.
The above only is preferred embodiment of the present invention, and is in order to limit the present invention, within the spirit and principles in the present invention not all, any modification of doing, is equal to replacement, improvement etc., all should be included within protection scope of the present invention.
Claims (8)
1. a safety is isolated and Information Exchange System, it is characterized in that, this is isolated safely with Information Exchange System and comprises the first equipment and the second equipment, described the first equipment is used for receiving and resolving the data message that first network sends, extract useful data message, again after setting up new data message and encrypting and the data message after will encrypting synchronously to the second equipment, perhaps will after the data message after the encryption of the second device synchronization is deciphered, be sent to first network; Described the second equipment is used for and will be sent to second network after the deciphering of the data message after the encryption of the first device synchronization, perhaps receive and resolve the data message of second network transmission, extract useful data message, after again setting up new data message and encrypting and the data message after will encrypting synchronously to the first equipment;
Described the first equipment comprises the first private network driver module, the first universal network driver module, first service module, the first system administration module, the first security strategy module, the first system log pattern and the first enciphering/deciphering module;
Described the first universal network driver module, be used for receiving the data message that first network sends, and data message is sent to the first service module, perhaps receive the data message after the deciphering that the first service module sends, and data message is sent to the first universal network driver module;
Described first service module, be used for receiving and resolving the data message that the first universal network driver module sends, abandon the data message that does not meet rule, and legal data message is sent to the first private network driver module, perhaps receive the data message after the deciphering that the first private network driver module sends;
Described the first system administration module is used for the system mode at first service module configuration the first equipment;
Described the first security strategy module is used for according to user configured policing rule, is the discernible form of system with rule process, and the data message after the first service module parses is carried out corresponding rule-based filtering;
Described the first system log pattern is used for the log information that record first service module produces;
Described the first private network driver module, be used for extracting useful data message at legal data message, again set up new data message, and new data message is sent to after the first enciphering/deciphering module encrypt synchronously to the second equipment, perhaps the data message after the second device decrypts is sent to the first service module;
Described the first enciphering/deciphering module is used for the new data message of again setting up through the first private network driver module is encrypted processing, perhaps the data message after the encryption of the second device synchronization is decrypted processing.
2. safety according to claim 1 is isolated and Information Exchange System, it is characterized in that, described the second equipment comprises the second private network driver module, the second universal network driver module, second service module, second system administration module, the second security strategy module, second system log pattern and the second enciphering/deciphering module;
Described the second universal network driver module, be used for receiving the data message that second network sends, and data message is sent to the second service module, perhaps receive the data message after the deciphering that the second service module sends, and data message is sent to the second universal network driver module;
Described second service module, be used for receiving and resolving the data message that the second universal network driver module sends, abandon the data message that does not meet rule, and legal data message is sent to the second private network driver module, perhaps receive the data message after the deciphering that the second private network driver module sends;
Described second system administration module is used for the system mode at second service module configuration the second equipment;
Described the second security strategy module is used for according to user configured policing rule, is the discernible form of system with rule process, and the data message after the second service module parses is carried out corresponding rule-based filtering;
Described second system log pattern is used for the log information that record second service module produces;
Described the second private network driver module, be used for extracting useful data message at legal data message, again set up new data message, and new data message is sent to after the second enciphering/deciphering module encrypt synchronously to the first equipment, perhaps the data message after the first device decrypts is sent to the second service module;
Described the second enciphering/deciphering module is used for the new data message of again setting up through the second private network driver module is encrypted processing, perhaps the data message after the encryption of the first device synchronization is decrypted processing.
3. safety isolation according to claim 1 and 2 and Information Exchange System is characterized in that, described service module comprises FTP module, HTTP module, POP3 module, SMTP module or database module.
4. safety isolation according to claim 1 and 2 and Information Exchange System is characterized in that, described first network is outer net, and described second network is Intranet.
5. safety isolation and an information switching method of using safety isolation as claimed in claim 1 or 2 and Information Exchange System is characterized in that, the method may further comprise the steps:
Step 1: receive and resolve the data message that first network sends, extracts useful data message, the data message after also will encrypting after again setting up new data message and encrypting is synchronous;
Step 2: will after the deciphering of the data message after the synchronous encryption, be sent to second network.
6. safety isolation according to claim 5 and information switching method is characterized in that, described step 1 may further comprise the steps:
The first universal network driver module receives the data message that first network sends, and data message is sent to the first service module;
The first service module receives and resolves the data message that the first universal network driver module sends, and abandons the data message that does not meet rule, and legal data message is sent to the first private network driver module;
The first private network driver module extracts useful data message in legal data message, again set up new data message, and new data message is sent to the first enciphering/deciphering module; And
After the first enciphering/deciphering module is encrypted processing to the new data message of again setting up through the first private network driver module and be sent to the first private network driver module to carry out data message synchronous.
7. safety isolation according to claim 5 and information switching method is characterized in that, described step 2 may further comprise the steps:
The second private network driver module receives through the synchronous data message of the first private network driver module, and data message is sent to the second enciphering/deciphering module;
The second enciphering/deciphering module is decrypted processing to the data message that sends through the second private network driver module, and the data message after will deciphering is sent to the second service module via the second private network driver module; And
Data message behind the second service module receiving and deciphering also is sent to second network through the second universal network driver module.
8. safety isolation according to claim 5 and information switching method is characterized in that, described first network is outer net, and described second network is Intranet.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810306036 CN101753553B (en) | 2008-12-08 | 2008-12-08 | Safety isolating and message switching system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200810306036 CN101753553B (en) | 2008-12-08 | 2008-12-08 | Safety isolating and message switching system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN101753553A CN101753553A (en) | 2010-06-23 |
| CN101753553B true CN101753553B (en) | 2013-03-06 |
Family
ID=42479962
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200810306036 Active CN101753553B (en) | 2008-12-08 | 2008-12-08 | Safety isolating and message switching system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101753553B (en) |
Families Citing this family (13)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102567034B (en) * | 2010-12-15 | 2014-08-20 | 北京旋极信息技术股份有限公司 | Driver management system |
| CN102299926B (en) * | 2011-08-29 | 2014-02-19 | 浙江中烟工业有限责任公司 | Data exchange prepositioning subsystem of multistage safe interconnection platform |
| CN102497361B (en) * | 2011-12-06 | 2015-04-01 | 武汉光庭信息技术有限公司 | Emergency reparation dispatching management communication system and building method thereof |
| CN102780702B (en) * | 2012-07-30 | 2015-01-21 | 北京市计算中心 | System and method for document security transmission |
| CN105630786A (en) * | 2014-10-27 | 2016-06-01 | 航天信息股份有限公司 | Car purchase tax electronic archive uploading, storing and querying system and method |
| CN104486289B (en) * | 2014-10-30 | 2017-09-29 | 中国人民解放军信息工程大学 | Data unidirectional transmission method and system |
| CN104486053A (en) * | 2014-12-05 | 2015-04-01 | 浪潮集团有限公司 | Anti-catastrophe system of network encryption machine |
| CN104539406A (en) * | 2014-12-05 | 2015-04-22 | 浪潮集团有限公司 | Double control network encryptor system |
| CN105141599A (en) * | 2015-08-17 | 2015-12-09 | 山东超越数控电子有限公司 | Multi-chip network encryption system based on physical isolation |
| CN105530254B (en) * | 2015-12-17 | 2018-11-30 | 浙江工业大学 | A kind of data communications method between intranet and extranet |
| CN105721481B (en) * | 2016-03-02 | 2019-08-30 | 湖南岳麓山数据科学与技术研究院有限公司 | A kind of network access system and method based on lucidification disposal |
| CN109120647A (en) * | 2018-10-31 | 2019-01-01 | 武汉光谷联众大数据技术有限责任公司 | A kind of security exchange system |
| CN110730170A (en) * | 2019-10-10 | 2020-01-24 | 山东超越数控电子股份有限公司 | Internal and external network isolation method and system |
-
2008
- 2008-12-08 CN CN 200810306036 patent/CN101753553B/en active Active
Non-Patent Citations (1)
| Title |
|---|
| 张妹璞,周安民,吴少华.一种改进的安全隔离网闸实现研究.《微计算机信息》.2008,第24卷(第03期),第45-47页. * |
Also Published As
| Publication number | Publication date |
|---|---|
| CN101753553A (en) | 2010-06-23 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101753553B (en) | Safety isolating and message switching system and method | |
| US20230017740A1 (en) | Electric Border Gateway Device and Method for Chaining and Storage of Sensing Data Based on the Same | |
| CN107018134B (en) | Power distribution terminal safety access platform and implementation method thereof | |
| CN102130915B (en) | Clock-based replay protection | |
| Xin | A mixed encryption algorithm used in internet of things security transmission system | |
| CN107947357B (en) | Power distribution automation data acquisition device and method based on safety access area | |
| CN103491072A (en) | Boundary access control method based on double one-way separation gatekeepers | |
| KR101670522B1 (en) | Time Synchronization Method in Machine to Machine Communication System | |
| CN102891848B (en) | Ipsec security alliance is utilized to be encrypted the method for deciphering | |
| Musa et al. | Secure security model implementation for security services and related attacks base on end-to-end, application layer and data link layer security | |
| CN102377571A (en) | Method and system for implementing IEC104 message transmission | |
| CN113923655B (en) | Data decryption receiving method and device based on adjacent nodes | |
| CN101917294A (en) | Method and equipment for updating anti-replay parameter during master and slave switching | |
| CN105959355B (en) | Secret information transmission method under P2P network based on BitTorrent agreement | |
| CN113992427B (en) | Data encryption sending method and device based on adjacent nodes | |
| CN106603512A (en) | SDN (software define network) architecture IS (Intermediate System)-IS (Intermediate System) routing protocol-based trusted authentication method | |
| CN104079408A (en) | Method for enhancing communication safety in industrial control system | |
| CN103139189A (en) | Internet protocol security (IPSec) tunnel sharing method, IPSec tunnel sharing system and IPSec tunnel sharing equipment | |
| CN205051736U (en) | Safe high -efficient satellite data transmission system | |
| CN101997926A (en) | Method for remotely maintaining multiple terminals based on 3G network | |
| CN101217532B (en) | An anti-network attack data transmission method and system | |
| RU2449361C2 (en) | Method of protecting computer network having dedicated server | |
| CN103401682A (en) | Method and equipment for processing cipher suite | |
| CN100583891C (en) | Communication encryption method and system | |
| CN103929423A (en) | IPSec VPN safety forwarding method and system for handling power protocols |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| ASS | Succession or assignment of patent right |
Owner name: BEIJING CHENRUI TECHNOLOGY CO., LTD. Free format text: FORMER OWNER: ZHANG WEIBIN Effective date: 20120531 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20120531 Address after: 100036, Haidian District Fuxing Road, Beijing, No. 65, -A-16 layer Applicant after: BEIJING CHENRUI TECHNOLOGY Co.,Ltd. Address before: 100036, Fuxing Road, Beijing, Haidian District, No. 65, -A, 16 floor Applicant before: Zhang Weibin |
|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CP03 | Change of name, title or address |
Address after: 100190 102, 1 / F, building 46, No. 13, Beiertiao, Zhongguancun, Haidian District, Beijing Patentee after: CHEN RUI Corp. Address before: Level A-16, A-65 Fuxing Road, Haidian District, Beijing, 100036 Patentee before: BEIJING CHENRUI TECHNOLOGY Co.,Ltd. |
|
| CP03 | Change of name, title or address |