CN104243426A - Protocol-isolated internal and external network data communication method - Google Patents
Protocol-isolated internal and external network data communication method Download PDFInfo
- Publication number
- CN104243426A CN104243426A CN201310244794.1A CN201310244794A CN104243426A CN 104243426 A CN104243426 A CN 104243426A CN 201310244794 A CN201310244794 A CN 201310244794A CN 104243426 A CN104243426 A CN 104243426A
- Authority
- CN
- China
- Prior art keywords
- data
- intranet
- serial
- server
- communication
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000004891 communication Methods 0.000 title claims abstract description 73
- 238000000034 method Methods 0.000 title claims abstract description 16
- 238000012544 monitoring process Methods 0.000 claims abstract description 11
- 238000002955 isolation Methods 0.000 claims description 22
- 101150091027 ale1 gene Proteins 0.000 claims description 4
- 238000006243 chemical reaction Methods 0.000 abstract 2
- 230000005540 biological transmission Effects 0.000 description 10
- 241000700605 Viruses Species 0.000 description 9
- 238000005516 engineering process Methods 0.000 description 9
- 238000004519 manufacturing process Methods 0.000 description 6
- 206010033799 Paralysis Diseases 0.000 description 4
- 241001269238 Data Species 0.000 description 2
- 238000012790 confirmation Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000009776 industrial production Methods 0.000 description 2
- 238000012546 transfer Methods 0.000 description 2
- 230000003612 virological effect Effects 0.000 description 2
- 101000746134 Homo sapiens DNA endonuclease RBBP8 Proteins 0.000 description 1
- 101000969031 Homo sapiens Nuclear protein 1 Proteins 0.000 description 1
- 102100021133 Nuclear protein 1 Human genes 0.000 description 1
- 238000004458 analytical method Methods 0.000 description 1
- 238000013459 approach Methods 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000003780 insertion Methods 0.000 description 1
- 230000037431 insertion Effects 0.000 description 1
- 239000000463 material Substances 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000005855 radiation Effects 0.000 description 1
- 238000003892 spreading Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Small-Scale Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
A protocol-isolated internal and external network data communication method is characterized in that an internal and external network server communicates through a serial port communication circuit module, firstly, serial ports of the internal and external network servers establish physical connection through a circuit controller, the circuit controller ensures that a serial port circuit is connected only when data is sent, and serial port interfaces are disconnected at other times and have no physical channel; the data communication module sends data at intervals by scheduling through an SQL server data conversion service packet on the internal and external network servers; the SQL server data conversion service pack firstly sends a high level to a serial communication circuit controller through a parallel printer port to connect a serial communication circuit, and then sends data through a bottom serial communication monitoring module; the bottom serial port communication monitoring module sends fixed-length data bytes by sending handshake signals, and data encryption and decryption send data of the intranet database to the extranet database in a one-way mode.
Description
Technical field
The present invention relates to Computer Data Communication field.
Background technology
Current all trades and professions are all in a large amount of use computer technologies.Industrial production and business administration mostly depend on computer technology.Along with the development of Internet technology.Computer Applied Technology based on the Internet has had significant progress.Simultaneous computer virus and network hacker are also spreading unchecked by network technology.Constrain the development of computer networking technology.If a computer for controlling being operated in one-level or secondary is subject to the attack of virus and paralyses, directly affect industrial production.The special large scale industry as some continuous operations is produced (such as ironmaking production) consequence and cannot be imagined especially; The database server of a management system is subject to attack that is viral and hacker to be made critical data lose or leaks, and can bring very large loss to enterprise.Therefore, the isolation technology between the data of internal network and external network (or the Internet) just seems particular importance.
Number of patent application CN201120020153.4 network isolation data exchanger, comprises intranet server, external network server, display card, image pick-up card, and described intranet server is connected by video line with external network server; Described intranet server and external network server install display card and image pick-up card respectively; The display card of described intranet server and the image pick-up card of outer net establish a communications link, and the image pick-up card of intranet server and the display card of outer net establish a communications link.Its advantage is passed through all to install display card and image pick-up card in intranet server and external network server in fourth, and by converting data to the mode of video data, effectively can ensure the data security of dedicated network, realizing the exchanges data of intranet and extranet.This patent is the image pick-up card swap data of the video card by intranet and extranet computer.Need image pick-up card is installed, increase hardware device.
Number of patent application CN200310115817.5 computer network isolation device, there are two RJ45 sockets linked together by relay, wherein two is hub socket, a computer workstation socket, controls work station by the different operating state of relay and connects different hub.Advantage is: adopt physical circuit changing method, safe and reliable, once the completely isolated of information can be accomplished after isolating with public network, and computer workstation can only select one to be connected between public network with local area network (LAN), be damaged even if the attack being subject to network hacker also can only be this work station, and whole local area network (LAN) can not be made to be affected, simultaneously, because this computer network isolation device structure is simple, therefore realize than being easier to, and dependable performance.But do not solve safety problem.
Number of patent application CN99116909.3 network isolation system, relate to a kind of network isolation system, comprise server, computer, HuB, also comprise system design scheme, network selector and software thereof, it is the intermediate layer between outer net and Intranet, by configuration server and network selector, realize subscriber computer interior, switching between outer net, to be mounted between computer network interface and subscriber computer network interface and to receive by subscriber computer the handover network instruction net control selector run thereon and subscriber computer and a certain specific network are set up physical connection, this system configuration is simple, be applicable to the occasion that multiple network insertion meets high fail safe.But do not solve safety problem.
The patent No. 200510088727.0 network data isolation system and data transmission method, a kind of network data isolation system, comprise intranet host, outer net main frame, serial interface connector, wherein, serial interface connector is connected with the serial line interface of intranet host, the serial line interface of outer net main frame respectively.And the transmission of data is encrypted.This patent is the encrypted data transmission between two computers as a whole, but it adopts USB port to transmit.
" technical conceive that under physical isolation environment, data security forwards ", Zhang Pusheng, discussing physically-isolated closure is for preventing external swarming into and information leakage, and the opening of data retransmission is then link up to contact with the external world.For closure and this conflict open, the technical conceive that the data security intending proposing the isolation of a kind of physically based deformation forwards.This design cuts off for maintaining the physics of intranet and extranet in conduction, radiation and storage, and utilize the technology such as oriented acquisition, intermediate buffering, data scanning, the data security that internal-external network is realized dynamically, quasi real time in disconnected situation forwards.Discuss technological approaches and the implementation method of data retransmission under physical isolation condition in detail, and carried out safety analysis for the potential safety hazard that may occur, inquired into security strategy, proposed safety measure.Just summarize material herein, do not propose concrete scheme.
Summary of the invention
In order to effectively blocked external network virus or hacker to the attack of inner computer network system, solve 2 grades, workshop computer network system server data and the participative management participating in production operation level of factory (of company level, ERP) data communication between 3 grades of computer network system server datas, or the data communication problem between enterprises lan server data and Internet Server data.The method of the intranet and extranet Servers-SQL server database data communication of a kind of procotol isolation of proposition of the present invention.
The present invention utilizes the used time to connect, and the RS232 serial communication of the ICP/IP protocol isolation of not used time disconnection, the method for unidirectional transmission data solves the data transmission problems of intranet and extranet database, and data communication is based on SQL Server bag mechanics of communication.
The invention provides the method for the intranet and extranet Servers-SQL server database data communication of a kind of procotol isolation.Its spy is being: comprise the serial communication circuit module between intranet and extranet server, the data communication module operated on intranet and extranet server, bottom serial communication monitoring module; The concrete means of communication carry out the communication of intranet and extranet server by serial ports (RS232) communication circuit module, first the serial ports (RS232) of intranet and extranet server sets up physical connection by circuit controller, circuit controller controls to only have serial ports (RS232) circuit ON when sending data, other times serial ports (RS232) interface disconnects, and do not have physical path; Data communication module sends data by the SQL server DTS packet scheduling on intranet and extranet server by interval; First SQL server DTS bag sends high level by parallel printer mouth to serial ports (RS232) communicating circuit controller and connects serial ports (RS232) communicating circuit, then sends data by bottom serial communication monitoring module; Bottom serial communication monitoring module is by sending handshake, and send fixed-length data byte, data encrypting and deciphering is sent to unidirectional for intranet data database data in outer grid database.
1. serial communication circuit module
Object sets up data communications channel under the prerequisite that intranet and extranet server is isolated in ICP/IP protocol, prevents the computer virus of outer net and hacker from attacking intranet server by ICP/IP protocol etc. while making the data of intranet server normally be sent in external network server; It is characterized in that receiving LPT1: the low and high level of port controls the break-make of serial communication circuit by circuit controller.
2. operate in the data communication module in intranet and extranet Servers-SQL server DTS bag
The communication of intranet and extranet server carries out data communication based on SQL server DTS bag, it is characterized in that directly use is operated in SQL server DTS bag on intranet and extranet server and carry out data identification and communication by calling bottom serial ports (RS232) communication monitor module.
3. the serial communication monitoring module of bottom
Bottom serial communication monitoring module has transmission handshake, unidirectional transmission database data, data encrypting and deciphering function.It is characterized in that before communication, sending handshake by monitoring PORT COM, send fixed-length data byte, data encrypting and deciphering is sent to unidirectional for intranet data database data in outer grid database.
The method of the intranet and extranet Servers-SQL server database data communication of the procotol isolation that the present invention adopts, the level of factory solving 2 grades, workshop computer network system server data and the participative management participating in production operation is (of company level, ERP) data communication between 3 grades of computer network system server datas, or the data communication problem between enterprises lan server data and Internet Server data, effectively blocked while normal transmission data external network virus or hacker to the attack of inner computer network system.
Accompanying drawing explanation
Fig. 1. data communication schematic diagram between workshop level (2 grades) network server system and level of factory (3 grades) filesystem server;
Fig. 2. the intranet and extranet Servers-SQL server database data bitcom schematic diagram of procotol isolation;
Fig. 3. data communication flow process figure.
Embodiment
Below in conjunction with accompanying drawing, the invention will be further described:
The invention provides the method for the intranet and extranet Servers-SQL server database data communication of a kind of procotol isolation.Optimum implementation:
Workshop level 2 grades of computer systems participate in the computer network system of production operation directly.Level of factory (of company level, ERP) 3 grades of computer network systems are internal control local area network (LAN)s of large enterprise, and network topology structure is complicated, propagate a large amount of computer viruses on the net by USB flash disk etc.This net has the example of the viral Tomcat-AdminPortal paralysis making that network runs occurred frequently several times to occur.Tomcat-AdminPortal paralysis adopts suitable standby system can recover after paralysis.Once the 2 grades of computers participating in production control directly access level of factory (of company level, ERP) 3 grades of computer network systems, virus occurs and causes servers go down directly can affect production, consequence cannot be imagined.The method of the intranet and extranet Servers-SQL server database data communication of procotol isolation is adopted successfully to solve procotol isolation between 2,3 grades of networks.Successfully the creation data of 2 grades of computer networks is delivered to 3 grades of computer management systems.
The hardware environment of 1 data transmission system:
As shown in Figure 1, workshop level network 1 is made up of upper-level control system and workshop level server 4.Plant level network 2 is made up of with the of company level various network be connected by various routing device (network topology structure is complicated) level of factory server 5.In order to prevent virus and the assault of plant level network 2 pairs of workshop level networks 1, and can the database data on workshop level server 4 be updated in the database of level of factory server 5 timing.The serial communication 3 between workshop level server 4 and level of factory server 5 is adopted to complete transfer of data.Before each data communication, send high level signal by the parallel port of workshop level server 4, connect serial communication 3 circuit by controller 6 and carry out data communication.Serial communication 3 circuit is disconnected by controller 6 after completing communication.
The software flow of 2 transfer of data:
The communication of intranet and extranet server carries out data communication based on SQL server DTS bag, and direct use is operated in SQL server DTS bag on intranet and extranet server and carries out data identification and communication by calling bottom RS232 communication monitor module.Bag data transport service is started by the SQL Server packet scheduling program timing of intranet server.Bag data transport service calls the RS232 communication monitor module of bottom, first by LPT1: RS232 communicating circuit connected by the controller 6 that mouth sends in high level signal triggering graph 1.By COM1: mouth sends request communication, after confirmation, send the handshake of a string predefined again, after confirmation, the fixed-length data of encryption is sent frame by frame.LPT1 is passed through again: the controller 6 that mouth sends in low level signal triggering graph 1 disconnects RS232 communicating circuit after being transmitted.Bag data services terminate, and wait for the scheduling of bag next time.
3 on-the-spot applicable cases:
This method uses in iron-smelter many blast furnaces and laboratory, field data is delivered to management at factory level server, has effectively blocked external network virus or hacker to the attack of inner computer network system, achieve satisfied effect while transmission data.
Claims (2)
1. an intranet and extranet data communication method for agreement isolation, its spy is being: comprise the serial communication circuit module between intranet and extranet server, the data communication module operated on intranet and extranet server, bottom serial communication monitoring module; The concrete means of communication carry out the communication of intranet and extranet server by serial communication circuit module, first the serial ports of intranet and extranet server sets up physical connection by circuit controller, circuit controller controls to only have serial port circuit when sending data to connect, other times serial interface disconnects, and do not have physical path; Data communication module sends data by the SQL server DTS packet scheduling on intranet and extranet server by interval; First SQL server DTS bag sends high level by parallel printer mouth to serial communication circuit controller and connects serial communication circuit, then sends data by bottom serial communication monitoring module; Bottom serial communication monitoring module is by sending handshake, and send fixed-length data byte, data encrypting and deciphering is sent to unidirectional for intranet data database data in outer grid database.
2. the intranet and extranet data communication method of agreement isolation according to claim 1, its spy is being: the serial communication circuit module of intranet and extranet server receives LPT1: the low and high level of port, by circuit controller, controls the break-make of serial communication circuit.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310244794.1A CN104243426A (en) | 2013-06-19 | 2013-06-19 | Protocol-isolated internal and external network data communication method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310244794.1A CN104243426A (en) | 2013-06-19 | 2013-06-19 | Protocol-isolated internal and external network data communication method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104243426A true CN104243426A (en) | 2014-12-24 |
Family
ID=52230783
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310244794.1A Pending CN104243426A (en) | 2013-06-19 | 2013-06-19 | Protocol-isolated internal and external network data communication method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104243426A (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105892299A (en) * | 2016-03-30 | 2016-08-24 | 本钢板材股份有限公司 | Computer remote control system and method based on serial port connection |
| CN108769076A (en) * | 2018-07-06 | 2018-11-06 | 北京绪水互联科技有限公司 | Data collecting system, method and device with network isolation function |
Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1350242A (en) * | 2001-12-03 | 2002-05-22 | 复旦大学 | Information bridge network safety isolator |
| US20030163523A1 (en) * | 2002-02-22 | 2003-08-28 | Shean-Guang Chang | System and method for server network configuration and addressing |
| CN2785015Y (en) * | 2005-02-03 | 2006-05-31 | 张职亮 | Network safe system based on NC system |
| CN1905477A (en) * | 2005-07-29 | 2007-01-31 | 东方惠科防伪技术有限责任公司 | Network data isolation system and data transmission method |
| CN101459608A (en) * | 2008-12-08 | 2009-06-17 | 上海华平信息技术股份有限公司 | Resource sharing method for internal and external network |
| CN101902448A (en) * | 2009-05-27 | 2010-12-01 | 厦门敏讯信息技术股份有限公司 | Method and system for implementing data transmission through serial ports |
-
2013
- 2013-06-19 CN CN201310244794.1A patent/CN104243426A/en active Pending
Patent Citations (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1350242A (en) * | 2001-12-03 | 2002-05-22 | 复旦大学 | Information bridge network safety isolator |
| US20030163523A1 (en) * | 2002-02-22 | 2003-08-28 | Shean-Guang Chang | System and method for server network configuration and addressing |
| CN2785015Y (en) * | 2005-02-03 | 2006-05-31 | 张职亮 | Network safe system based on NC system |
| CN1905477A (en) * | 2005-07-29 | 2007-01-31 | 东方惠科防伪技术有限责任公司 | Network data isolation system and data transmission method |
| CN101459608A (en) * | 2008-12-08 | 2009-06-17 | 上海华平信息技术股份有限公司 | Resource sharing method for internal and external network |
| CN101902448A (en) * | 2009-05-27 | 2010-12-01 | 厦门敏讯信息技术股份有限公司 | Method and system for implementing data transmission through serial ports |
Non-Patent Citations (1)
| Title |
|---|
| 王帮海: "《基于网络隔离与数据交换的安全系统研究与实现》", 《中国优秀硕士学位论文全文数据库 信息科技辑》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105892299A (en) * | 2016-03-30 | 2016-08-24 | 本钢板材股份有限公司 | Computer remote control system and method based on serial port connection |
| CN105892299B (en) * | 2016-03-30 | 2019-05-03 | 本钢板材股份有限公司 | Computer remote control system and method based on serial ports connection |
| CN108769076A (en) * | 2018-07-06 | 2018-11-06 | 北京绪水互联科技有限公司 | Data collecting system, method and device with network isolation function |
| CN108769076B (en) * | 2018-07-06 | 2023-12-05 | 北京绪水互联科技有限公司 | Data acquisition system, method and device with network isolation function |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101901318B (en) | Trusted hardware equipment and using method thereof | |
| CN106789015B (en) | Intelligent power distribution network communication safety system | |
| CN105230036B (en) | Physical layer and virtualization physical layer suitable for EHF contactless communication | |
| CN101753553B (en) | Safety isolating and message switching system and method | |
| CN107947357A (en) | A kind of power distribution automation data acquisition device and method based on secure accessing area | |
| KR20100120442A (en) | An apparatus and method for enhancing the security of zigbee wireless protocol | |
| CN106549502B (en) | A kind of safe distribution of electric power protecting, monitoring system | |
| CN202424770U (en) | Safety isolator for network data | |
| CN109218308A (en) | A kind of data high-speed secure exchange method based on intelligent network adapter | |
| CN108040098A (en) | Network Isolation method and system based on visual information one-way transmission | |
| CN109660565A (en) | A kind of isolation gap equipment and implementation method | |
| CN108011867B (en) | Safe encryption method and system for railway signals | |
| CN103067216B (en) | The reverse link communication method of cross-safety zone, Apparatus and system | |
| CN104994061A (en) | Intelligent transformer station process layer switch MMS safety communication device and method | |
| CN104243426A (en) | Protocol-isolated internal and external network data communication method | |
| CN201936307U (en) | Special physical isolation device for electric power system | |
| CN205407853U (en) | Double -link data transmission system | |
| CN104468497A (en) | Data isolation method and device of monitoring system | |
| JP5091975B2 (en) | Information processing apparatus and information processing system | |
| CN209419652U (en) | A kind of isolation gap equipment | |
| CN111221764B (en) | Cross-link data transmission method and system | |
| CN201741156U (en) | Trusted hardware equipment | |
| CN107592294A (en) | Data reporting method and device | |
| CN101800597A (en) | Method and system for preventing vibration of fiber interface | |
| CN221531503U (en) | Cross-network service data exchange system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20141224 |