CN104683332A - Security isolation gateway in industrial control network and security isolation method thereof - Google Patents
Security isolation gateway in industrial control network and security isolation method thereof Download PDFInfo
- Publication number
- CN104683332A CN104683332A CN201510069506.2A CN201510069506A CN104683332A CN 104683332 A CN104683332 A CN 104683332A CN 201510069506 A CN201510069506 A CN 201510069506A CN 104683332 A CN104683332 A CN 104683332A
- Authority
- CN
- China
- Prior art keywords
- processing unit
- security
- module
- gateway
- interface processing
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/66—Arrangements for connecting between networks having differing types of switching systems, e.g. gateways
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
- H04L63/1416—Event detection, e.g. attack signature detection
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention relates to the field of network information security, and discloses a security isolation gateway suitable for use in an industrial control network and a security isolation method thereof. The security isolation gateway comprises an intranet interface processing unit, an extranet interface processing unit and a security gateway detecting and processing unit, wherein each of the intranet interface processing unit and the extranet interface processing unit comprises a communication function module, a serial configuration module and a journaling function module; the security gateway detecting and processing unit comprises a security isolation module, a protocol analysis module, a deep packet detecting module, a data flow direction control module, a VPN module and a visit control module, wherein the intranet interface processing unit, the security gateway detecting and processing unit and the extranet interface processing unit are in turn connected through a data stream. Aiming at solving the security problem of the control system connected with the management information system or the wide area network system, the security isolation gateway can be used for effectively solving the security problem of the industrial control network during external connection based on the network external connection security isolation solution of the security isolation gateway of the control system.
Description
Technical field
The present invention relates to filed of network information security, particularly relate to a kind of Secure isolation gateway be applicable in industrial control network.
Background technology
Along with the continuous application of industrial network technology and perfect, the combination of Internet and all sectors of society is more and more tightr, and a series of network applications such as industrial enterprise's constituent parts informatization are flourish.People are abundant in enjoyment the Internet, simultaneously easily, also day by day experience all kinds of security threat rapidly to increase, the problem such as network attack, virus overflowing, unauthorized access, information-leakage greatly annoyings user frequently, causes serious destruction to information network and core business.
Industrial control network integrated architecture, comprise PLC technology product, numerical control products, process instrument product, network communication product and programming configuration software etc., formed from field level to controlled stage, from execution level again to the automation solutions of factory management level by Ethernet.Under this framework, control system and other equipment share Same Physical passage by switching technology, for eliminating information island, realizing wisdom factory and creating condition.But meanwhile, share due to physical channel and make control system more easily suffer inside and outside attack, make system there is potential safety hazard.
Summary of the invention
The present invention is directed to industry measurement and control system network in prior art and there is the shortcoming of potential safety hazard, provide a kind of Secure isolation gateway and security isolation method thereof.
In order to solve the problems of the technologies described above, the present invention is solved by following technical proposals:
Comprise Intranet interface processing unit, outer net interface processing unit and security gateway check processing unit, Intranet interface processing unit and outer net interface processing unit include communication function module, serial ports configuration module and journal function module, security gateway check processing unit comprises Secure isolation module, protocol-analysis model, deep-packet detection module, data flow control module, VPN module and access control module, and Intranet interface processing unit, security gateway check processing unit and outer net interface processing unit pass through data flow connection successively.Wherein:
Secure isolation module: based on privately owned encrypted speech Real Time Data Exchange Technology and isolate encrypted circuit accordingly, the package of complete independently application data, ferries, unpacks, thus the data isolation realized between intranet and extranet exchanges.Based on unified security engine, message is exchanged to isolation and carries out full-text data reduction, depth detection is in full implemented to user's login, command request, text message, protocol format etc., and support the detection control of application-specific layer protocol label, achieve and multiple content safety management is exchanged to customizing messages.
Protocol-analysis model: protocol-analysis model possesses perfect authentication management and security audit function simultaneously, ensures the confidentiality of Intranet system, integrality and non-repudiation, possesses powerful data exchange capability and multiple industrial communication protocol support.Protocol-analysis model, by clearly defining access control right, carries out unified management to user and authority, adopts least privilege principle, effectively avoids intentional or unintentional operate miss.By the unified management of trusted users list for user, for application program and factory area specify corresponding authority.
Deep-packet detection module: deep packet inspection technical is based on the identification of " tagged word ", industrial communication network application program is all be based upon on certain application protocol, different application protocols and communication data fail to be convened for lack of a quorum with its special " fingerprint ", and these fingerprints are likely fixing port, specific character string or specific bit stream.Based on the recognition technology of " tagged word ", by " fingerprint " information in some data messages in analysis data flow, carry out pattern matching, real-time behavioural analysis, heuristic analysis and statistical analysis, even if packet adopts advanced fascination and encryption technology, it also can carry out detection to procotol reliably and analyze.By data division and the header part of data flow, the standard found agreement unlawful practice, virus, spam, intrusion behavior or perform definition decide packet whether by or it need to be routed to a different destination.
Data flow control module: data flow control module carries out packet filtering, only has the clean culture that meets special characteristic and multicast message to allow to pass through, with the flow of limit single port, avoids network over loading; Under the prerequisite ensureing instantaneity of industrial control system, adopt the refined net message based on private cipher key, avoid unauthorized user the data of forging are replaced the data of normal transmission or inserts the data of forging, it also avoid the leakage of key message simultaneously; Industrial control network adopts real-time ethernet host-host protocol, reduces the possibility being subject to network attack.Thus set up a set of industrial communication security system, depth defense, strengthen preventive control, ensure the information security of industrial communication.
VPN module: VPN function adopts ipsec protocol, utilizes cryptographic algorithm and relevant network technology to build the secure tunnel of VPN, carries out data encryption safe transmission, reach the object of dedicated network, has the performance of protection IP layer safety.Like this, even if information is intercepted also cannot peep or alter its content.Thus ensure the secret of the local internetwork communication connected by the Internet, integrality and certification.
Access control module: adopt security protection zoning design principle, by control system by " region and passage " and controlling functions layering or subregion.Multi partition isolation contributes to system to be provided " depth defense ".Interface channel between region possesses the control entering region: adopt the transfer resisting denial of service (DoS) security from attacks or Malware; Shield other network systems; The integrality of protecting network flow and confidentiality.Adopt fire compartment wall and unidirectional gateway to cut off the unauthorized access stoping the inner industrial control network resource of outer bound pair control system, forbid the inner dangerous access to outside simultaneously.
Meanwhile, Secure isolation gateway has and realizes the basic communication function module of gateway, serial ports configuration module and journal function module, realizes network interconnection, information exchange service.Wherein:
Communication function module: basic data interaction function, realizes mutual chain.
Serial ports configuration module: the configuration feature of basic serial ports parameter.
Journal function module: basic historical record function.
Existence feedback between Intranet interface processing unit and outer net interface processing unit, when outer network data enters, data monitoring is carried out by safety monitoring unit, if monitoring result safety, interior network interface allows data to communicate with intranet host then to have state feedback to notify, if monitoring result is dangerous, then Intranet interface unit refusal data communicate with intranet host to have state feedback to notify, otherwise still.
As preferably, Intranet interface processing unit is connected with the host computer communication in Intranet, and outer net interface processing unit is connected with the host computer communication in outer net.
A security isolation method for Secure isolation gateway in industrial control network, comprises the following steps:
A: external user needs logging in VPN account just can enter Secure isolation gateway;
After B:VPN module judges user's Successful login, access control module judges access privilege;
C: if after user has access rights, feedback states notice outer net interface processing unit connects outer net host computer communication and carries out communication;
D: data flow enters security gateway monitoring processing unit, this unit carries out data flow after data flow control, protocal analysis, deep-packet detection, Secure isolation etc. process to the data flow passed through and enters Intranet interface processing unit;
E: security gateway monitoring processing unit judges data flow whether safety, notifies whether Intranet interface processing unit allows data flow to enter Intranet by state feedback.
The present invention is directed to the security challenge of control system connection management information system or Wide Area Network system, the network based on control system Secure isolation gateway outreaches Secure isolation solution, can effectively solve the safety problem faced when industrial control network outreaches.
Accompanying drawing explanation
Fig. 1 is block diagram of the present invention.
Fig. 2 is method flow diagram of the present invention.
Embodiment
Below in conjunction with accompanying drawing and embodiment, the present invention is described in further detail.
Embodiment 1
Secure isolation gateway in a kind of industrial control network, as shown in Figure 1, comprise Intranet interface processing unit, outer net interface processing unit and security gateway check processing unit, Intranet interface processing unit and outer net interface processing unit include communication function module, serial ports configuration module and journal function module, security gateway check processing unit comprises Secure isolation module, protocol-analysis model, deep-packet detection module, data flow control module, VPN module, access control module, Intranet interface processing unit, security gateway check processing unit and outer net interface processing unit pass through data flow connection successively.Intranet interface processing unit is connected with the host computer communication in Intranet, and outer net interface processing unit is connected with the host computer communication in outer net.Operating state is also fed back to Intranet interface processing unit by outer net interface processing unit.Wherein:
Secure isolation module: based on privately owned encrypted speech Real Time Data Exchange Technology and isolate encrypted circuit accordingly, the package of complete independently application data, ferries, unpacks, thus the data isolation realized between intranet and extranet exchanges.Based on unified security engine, message is exchanged to isolation and carries out full-text data reduction, depth detection is in full implemented to user's login, command request, text message, protocol format etc., and support the detection control of application-specific layer protocol label, achieve and multiple content safety management is exchanged to customizing messages.
Protocol-analysis model: protocol-analysis model possesses perfect authentication management and security audit function simultaneously, ensures the confidentiality of Intranet system, integrality and non-repudiation, possesses powerful data exchange capability and multiple industrial communication protocol support.Protocol-analysis model, by clearly defining access control right, carries out unified management to user and authority, adopts least privilege principle, effectively avoids intentional or unintentional operate miss.By the unified management of trusted users list for user, for application program and factory area specify corresponding authority.
Deep-packet detection module: deep packet inspection technical is based on the identification of " tagged word ", industrial communication network application program is all be based upon on certain application protocol, different application protocols and communication data fail to be convened for lack of a quorum with its special " fingerprint ", and these fingerprints are likely fixing port, specific character string or specific bit stream.Based on the recognition technology of " tagged word ", by " fingerprint " information in some data messages in analysis data flow, carry out pattern matching, real-time behavioural analysis, heuristic analysis and statistical analysis, even if packet adopts advanced fascination and encryption technology, it also can carry out detection to procotol reliably and analyze.By data division and the header part of data flow, the standard found agreement unlawful practice, virus, spam, intrusion behavior or perform definition decide packet whether by or it need to be routed to a different destination.
Data flow control module: data flow control module adopts Secure isolation gateway to carry out packet filtering, only has the clean culture that meets special characteristic and multicast message to allow to pass through, with the flow of limit single port, avoids network over loading; Under the prerequisite ensureing instantaneity of industrial control system, adopt the refined net message based on private cipher key, avoid unauthorized user the data of forging are replaced the data of normal transmission or inserts the data of forging, it also avoid the leakage of key message simultaneously; Industrial control network adopts real-time ethernet host-host protocol, reduces the possibility being subject to network attack.Thus set up a set of industrial communication security system, depth defense, strengthen preventive control, ensure the information security of industrial communication.
VPN module: VPN function adopts ipsec protocol, utilizes cryptographic algorithm and relevant network technology to build the secure tunnel of VPN, carries out data encryption safe transmission, reach the object of dedicated network, has the performance of protection IP layer safety.Like this, even if information is intercepted also cannot peep or alter its content.Thus ensure the secret of the local internetwork communication connected by the Internet, integrality and certification.
Access control module: adopt security protection zoning design principle, by control system by " region and passage " and controlling functions layering or subregion.Multi partition isolation contributes to system to be provided " depth defense ".Interface channel between region possesses the control entering region: adopt the transfer resisting denial of service (DoS) security from attacks or Malware; Shield other network systems; The integrality of protecting network flow and confidentiality.Adopt fire compartment wall and unidirectional gateway to cut off the unauthorized access stoping the inner industrial control network resource of outer bound pair control system, forbid the inner dangerous access to outside simultaneously.
Meanwhile, Secure isolation gateway has and realizes the basic communication function module of gateway, serial ports configuration module and journal function module, realizes network interconnection, information exchange service.Wherein:
Communication function module: basic data interaction function, realizes mutual chain.
Serial ports configuration module: the configuration feature of basic serial ports parameter.
Journal function module: basic historical record function.
Existence feedback is gone back between Intranet interface processing unit and outer net interface processing unit, when outer network data enters, data monitoring is carried out by safety monitoring unit, if monitoring result safety, interior network interface allows data to communicate with intranet host then to have state feedback to notify, if monitoring result is dangerous, then Intranet interface unit refusal data communicate with intranet host to have state feedback to notify, otherwise still.
A security isolation method for Secure isolation gateway in industrial control network, as shown in Figure 2, comprises the following steps:
A: external user needs logging in VPN account just can enter Secure isolation gateway; VPN module sets up a dedicated network passage according to ipsec protocol, and builds one group of VPN account, and VPN account needs to authorize just effective, and external user needs to use effective VPN account to log in just can enter Secure isolation gateway.
After B:VPN module judges user's Successful login, access control module judges access privilege;
C: if after user has access rights, feedback states notice outer net interface processing unit connects outer net host computer communication and carries out communication;
D: data flow enters security gateway monitoring processing unit, this unit carries out data flow after data flow control, protocal analysis, deep-packet detection, Secure isolation etc. process to the data flow passed through and enters Intranet interface processing unit;
E: security gateway monitoring processing unit judges data flow whether safety, notifies whether Intranet interface processing unit allows data flow to enter Intranet by state feedback.
The present invention is directed to the security challenge of control system connection management information system or Wide Area Network system, the network based on control system Secure isolation gateway outreaches Secure isolation solution, can effectively solve the safety problem faced when industrial control network outreaches.
In a word, the foregoing is only preferred embodiment of the present invention, all equalizations done according to the present patent application the scope of the claims change and modify, and all should belong to the covering scope of patent of the present invention.
Claims (5)
1. the Secure isolation gateway in an industrial control network, comprise Intranet interface processing unit, outer net interface processing unit and security gateway check processing unit, Intranet interface processing unit, security gateway check processing unit and outer net interface processing unit pass through data flow connection successively, it is characterized in that: security gateway check processing unit also comprises Secure isolation module, protocol-analysis model, deep-packet detection module, wherein:
Secure isolation module: based on privately owned encrypted speech Real Data Exchangs method and isolate encrypted circuit accordingly, complete the package of application data, ferry, unpack, realize data isolation between intranet and extranet and exchange;
Protocol-analysis model: comprise authentication management and safety auditing system, realizes the confidentiality of Intranet system, integrality and non-repudiation, realizes exchanges data and industrial communication protocol support;
Deep-packet detection module: by analyzing the header part of data flow and data division, find agreement unlawful practice, virus, spam and intrusion behavior, determination data bag whether by or be routed.
2. the Secure isolation gateway in a kind of industrial control network according to claim 1, is characterized in that: Intranet interface processing unit and outer net interface processing unit include communication function module for realizing data interaction function, for realizing the serial ports configuration module of serial ports parameter configuration function and the journal function module for realizing historical record function.
3. the Secure isolation gateway in a kind of industrial control network according to claim 1, is characterized in that: security gateway check processing unit also comprises: for carrying out the data flow control module of packet filtering; Adopt ipsec protocol, for carrying out data encryption safe transmission, the VPN module of protection IP layer safety; Denial of service is resisted in employing, the transfer of security from attacks or Malware, shields other network systems, the integrality of protecting network flow and the access control module of confidentiality.
4. the Secure isolation gateway in a kind of industrial control network according to claim 1, it is characterized in that: Intranet interface processing unit is connected with the host computer communication in Intranet, outer net interface processing unit is connected with the host computer communication in outer net.
5. a security isolation method for the Secure isolation gateway in industrial control network, is characterized in that: the security isolation method comprising the Secure isolation gateway in a kind of industrial control network described in Claims 1-4, comprises the following steps:
A: external user needs logging in VPN account to enter Secure isolation gateway;
After B:VPN module judges user's Successful login, access control module judges access privilege;
C: if after user has access rights, feedback states notice outer net interface processing unit connects outer net host computer communication and carries out communication;
D: data flow enters security gateway monitoring processing unit, security gateway monitoring processing unit carries out data flow after data flow control, protocal analysis, deep-packet detection, Secure isolation etc. process to the data flow passed through and enters Intranet interface processing unit;
E: security gateway monitoring processing unit judges data flow whether safety, notifies whether Intranet interface processing unit allows data flow to enter Intranet by state feedback.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510069506.2A CN104683332A (en) | 2015-02-10 | 2015-02-10 | Security isolation gateway in industrial control network and security isolation method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510069506.2A CN104683332A (en) | 2015-02-10 | 2015-02-10 | Security isolation gateway in industrial control network and security isolation method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104683332A true CN104683332A (en) | 2015-06-03 |
Family
ID=53317928
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510069506.2A Pending CN104683332A (en) | 2015-02-10 | 2015-02-10 | Security isolation gateway in industrial control network and security isolation method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104683332A (en) |
Cited By (27)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104917776A (en) * | 2015-06-23 | 2015-09-16 | 北京威努特技术有限公司 | Industrial control network safety protection equipment and industrial control network safety protection method |
| CN105337971A (en) * | 2015-10-20 | 2016-02-17 | 上海电机学院 | Electric power information system cloud safety guarantee system and implementation method thereof |
| CN105656883A (en) * | 2015-12-25 | 2016-06-08 | 冶金自动化研究设计院 | Unidirectional transmission internal and external network secure isolating gateway applicable to industrial control network |
| CN105897711A (en) * | 2016-04-07 | 2016-08-24 | 周文奇 | System for isolating industrial control system and management network |
| CN106209801A (en) * | 2016-06-28 | 2016-12-07 | 广东电网有限责任公司信息中心 | Mobile solution platform and inner-external network data safety switching plane integrated system |
| CN106302532A (en) * | 2016-09-30 | 2017-01-04 | 广州特道信息科技有限公司 | Data boundary safety detecting system |
| CN106651183A (en) * | 2016-12-26 | 2017-05-10 | 英赛克科技(北京)有限公司 | Communication data security audit method and device for industrial control system |
| CN107181769A (en) * | 2017-07-28 | 2017-09-19 | 山东超越数控电子有限公司 | A kind of network intrusion prevention system and method |
| CN108306854A (en) * | 2017-12-14 | 2018-07-20 | 兆辉易安(北京)网络安全技术有限公司 | The industry control security gateway system and its invasion cognitive method of bimodulus isomery redundancy |
| CN108337224A (en) * | 2017-12-14 | 2018-07-27 | 兆辉易安(北京)网络安全技术有限公司 | The industry control security gateway system and its invasion cognitive method of three mould isomery redundancies |
| CN109510841A (en) * | 2018-12-26 | 2019-03-22 | 杭州优稳自动化系统有限公司 | A kind of security isolation gateway of control device and system |
| CN109698837A (en) * | 2019-02-01 | 2019-04-30 | 重庆邮电大学 | A kind of tertiary-structure network based on one-way transmission physical medium and DEU data exchange unit and method |
| CN110768982A (en) * | 2019-10-24 | 2020-02-07 | 山东超越数控电子股份有限公司 | Network security interconnection device based on homemade SOC |
| CN111431905A (en) * | 2020-03-26 | 2020-07-17 | 重庆新致金服信息技术有限公司 | Intelligent gateway system suitable for credit industry |
| CN111585972A (en) * | 2020-04-16 | 2020-08-25 | 网御安全技术(深圳)有限公司 | Security protection method and device for gatekeeper and network system |
| CN111740993A (en) * | 2020-06-18 | 2020-10-02 | 河南优易信息技术有限公司 | Internal and external network safety data exchange method |
| CN111970256A (en) * | 2020-07-31 | 2020-11-20 | 深圳市研锐智能科技有限公司 | Intelligent isolation and information exchange network brake system |
| CN112073375A (en) * | 2020-08-07 | 2020-12-11 | 中国电力科学研究院有限公司 | Isolation device and isolation method suitable for power Internet of things client side |
| CN112118299A (en) * | 2020-09-04 | 2020-12-22 | 四川蜂巢智造云科技有限公司 | System for separating equipment management data and production service data |
| CN112351013A (en) * | 2020-10-28 | 2021-02-09 | 南京熊猫电子股份有限公司 | Internal and external network isolation wired and wireless transmission equipment with industrial control machine control system |
| CN112631222A (en) * | 2020-12-17 | 2021-04-09 | 哈尔滨工大天创电子有限公司 | Processing method and system of Internet industrial control system and computing equipment |
| CN113114632A (en) * | 2021-03-22 | 2021-07-13 | 国网河北省电力有限公司 | Can peg graft formula intelligence financial audit platform |
| CN113194027A (en) * | 2021-05-21 | 2021-07-30 | 上海振华重工(集团)股份有限公司 | Safety communication gateway system for industrial internet of automatic wharf |
| CN113301052A (en) * | 2021-05-27 | 2021-08-24 | 南京恒先伟网络工程有限公司 | Safety isolation and information exchange system and method |
| CN114448681A (en) * | 2022-01-04 | 2022-05-06 | 珠海横琴能源发展有限公司 | Energy station user data wireless communication system and experimental platform |
| CN114766086A (en) * | 2019-12-19 | 2022-07-19 | 西门子交通有限责任公司 | Transmission device for transmitting data |
| CN115795542A (en) * | 2022-11-30 | 2023-03-14 | 江苏欧软信息科技有限公司 | Industrial Internet data privacy protection method and system |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2403207A1 (en) * | 2010-06-30 | 2012-01-04 | Juniper Networks, Inc. | VPN network client for mobile device having fast reconnect |
| CN103139058A (en) * | 2013-01-28 | 2013-06-05 | 公安部第一研究所 | Internet of things security access gateway |
| CN103701824A (en) * | 2013-12-31 | 2014-04-02 | 大连环宇移动科技有限公司 | Security isolation management and control system |
| CN104320332A (en) * | 2014-11-13 | 2015-01-28 | 济南华汉电气科技有限公司 | Multi-protocol industrial communication safety gateway and communication method with gateway applied |
-
2015
- 2015-02-10 CN CN201510069506.2A patent/CN104683332A/en active Pending
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2403207A1 (en) * | 2010-06-30 | 2012-01-04 | Juniper Networks, Inc. | VPN network client for mobile device having fast reconnect |
| CN103139058A (en) * | 2013-01-28 | 2013-06-05 | 公安部第一研究所 | Internet of things security access gateway |
| CN103701824A (en) * | 2013-12-31 | 2014-04-02 | 大连环宇移动科技有限公司 | Security isolation management and control system |
| CN104320332A (en) * | 2014-11-13 | 2015-01-28 | 济南华汉电气科技有限公司 | Multi-protocol industrial communication safety gateway and communication method with gateway applied |
Non-Patent Citations (2)
| Title |
|---|
| DINGQIANZHI123: "北京力控华康——安全隔离网关", 《HTTPS://WENKU.BAIDU.COM/VIEW/49A8DBD633D4B14E85246821.HTML》 * |
| 丁青芝: "力控华康工业网络安全防护网关pSafetyLink技术白皮书", 《HTTPS://WENKU.BAIDU.COM/VIEW/9C601E1AFC4FFE473368AB14.HTML?FROM=SEARCH》 * |
Cited By (35)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104917776A (en) * | 2015-06-23 | 2015-09-16 | 北京威努特技术有限公司 | Industrial control network safety protection equipment and industrial control network safety protection method |
| CN105337971A (en) * | 2015-10-20 | 2016-02-17 | 上海电机学院 | Electric power information system cloud safety guarantee system and implementation method thereof |
| CN105656883A (en) * | 2015-12-25 | 2016-06-08 | 冶金自动化研究设计院 | Unidirectional transmission internal and external network secure isolating gateway applicable to industrial control network |
| CN105897711A (en) * | 2016-04-07 | 2016-08-24 | 周文奇 | System for isolating industrial control system and management network |
| CN106209801A (en) * | 2016-06-28 | 2016-12-07 | 广东电网有限责任公司信息中心 | Mobile solution platform and inner-external network data safety switching plane integrated system |
| CN106302532A (en) * | 2016-09-30 | 2017-01-04 | 广州特道信息科技有限公司 | Data boundary safety detecting system |
| CN106651183A (en) * | 2016-12-26 | 2017-05-10 | 英赛克科技(北京)有限公司 | Communication data security audit method and device for industrial control system |
| CN107181769A (en) * | 2017-07-28 | 2017-09-19 | 山东超越数控电子有限公司 | A kind of network intrusion prevention system and method |
| CN108306854A (en) * | 2017-12-14 | 2018-07-20 | 兆辉易安(北京)网络安全技术有限公司 | The industry control security gateway system and its invasion cognitive method of bimodulus isomery redundancy |
| CN108337224A (en) * | 2017-12-14 | 2018-07-27 | 兆辉易安(北京)网络安全技术有限公司 | The industry control security gateway system and its invasion cognitive method of three mould isomery redundancies |
| CN108306854B (en) * | 2017-12-14 | 2021-01-22 | 杭州电子科技大学 | Dual-mode heterogeneous redundancy industrial control security gateway system and intrusion sensing method thereof |
| CN108337224B (en) * | 2017-12-14 | 2020-12-15 | 兆辉易安(北京)网络安全技术有限公司 | Three-mode heterogeneous redundancy industrial control security gateway system and intrusion sensing method thereof |
| CN109510841A (en) * | 2018-12-26 | 2019-03-22 | 杭州优稳自动化系统有限公司 | A kind of security isolation gateway of control device and system |
| CN109510841B (en) * | 2018-12-26 | 2022-01-18 | 杭州优稳自动化系统有限公司 | Safety isolation gateway of control device and system |
| CN109698837A (en) * | 2019-02-01 | 2019-04-30 | 重庆邮电大学 | A kind of tertiary-structure network based on one-way transmission physical medium and DEU data exchange unit and method |
| CN109698837B (en) * | 2019-02-01 | 2021-06-18 | 重庆邮电大学 | Internal and external network isolation and data exchange device and method based on unidirectional transmission physical medium |
| CN110768982A (en) * | 2019-10-24 | 2020-02-07 | 山东超越数控电子股份有限公司 | Network security interconnection device based on homemade SOC |
| CN114766086A (en) * | 2019-12-19 | 2022-07-19 | 西门子交通有限责任公司 | Transmission device for transmitting data |
| CN111431905A (en) * | 2020-03-26 | 2020-07-17 | 重庆新致金服信息技术有限公司 | Intelligent gateway system suitable for credit industry |
| CN111431905B (en) * | 2020-03-26 | 2022-07-22 | 重庆新致金服信息技术有限公司 | Intelligent gateway system suitable for credit industry |
| CN111585972A (en) * | 2020-04-16 | 2020-08-25 | 网御安全技术(深圳)有限公司 | Security protection method and device for gatekeeper and network system |
| CN111740993A (en) * | 2020-06-18 | 2020-10-02 | 河南优易信息技术有限公司 | Internal and external network safety data exchange method |
| CN111970256A (en) * | 2020-07-31 | 2020-11-20 | 深圳市研锐智能科技有限公司 | Intelligent isolation and information exchange network brake system |
| CN112073375A (en) * | 2020-08-07 | 2020-12-11 | 中国电力科学研究院有限公司 | Isolation device and isolation method suitable for power Internet of things client side |
| CN112073375B (en) * | 2020-08-07 | 2023-09-26 | 中国电力科学研究院有限公司 | Isolation device and isolation method suitable for client side of electric power Internet of things |
| CN112118299A (en) * | 2020-09-04 | 2020-12-22 | 四川蜂巢智造云科技有限公司 | System for separating equipment management data and production service data |
| CN112351013A (en) * | 2020-10-28 | 2021-02-09 | 南京熊猫电子股份有限公司 | Internal and external network isolation wired and wireless transmission equipment with industrial control machine control system |
| CN112631222A (en) * | 2020-12-17 | 2021-04-09 | 哈尔滨工大天创电子有限公司 | Processing method and system of Internet industrial control system and computing equipment |
| CN113114632A (en) * | 2021-03-22 | 2021-07-13 | 国网河北省电力有限公司 | Can peg graft formula intelligence financial audit platform |
| CN113194027A (en) * | 2021-05-21 | 2021-07-30 | 上海振华重工(集团)股份有限公司 | Safety communication gateway system for industrial internet of automatic wharf |
| CN113301052A (en) * | 2021-05-27 | 2021-08-24 | 南京恒先伟网络工程有限公司 | Safety isolation and information exchange system and method |
| CN113301052B (en) * | 2021-05-27 | 2022-07-05 | 南京恒先伟网络工程有限公司 | Safety isolation and information exchange system and method |
| CN114448681A (en) * | 2022-01-04 | 2022-05-06 | 珠海横琴能源发展有限公司 | Energy station user data wireless communication system and experimental platform |
| CN115795542A (en) * | 2022-11-30 | 2023-03-14 | 江苏欧软信息科技有限公司 | Industrial Internet data privacy protection method and system |
| CN115795542B (en) * | 2022-11-30 | 2023-10-10 | 江苏欧软信息科技有限公司 | Industrial Internet data privacy protection method and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN104683332A (en) | Security isolation gateway in industrial control network and security isolation method thereof | |
| CN204392296U (en) | Secure isolation gateway in a kind of industrial control network | |
| Sandaruwan et al. | PLC security and critical infrastructure protection | |
| Schehlmann et al. | Blessing or curse? Revisiting security aspects of Software-Defined Networking | |
| CN110958262A (en) | Ubiquitous Internet of things safety protection gateway system, method and deployment architecture in power industry | |
| US9870476B2 (en) | Industrial security agent platform | |
| CN107426219B (en) | L KJ data wireless reloading system | |
| CN109510841B (en) | Safety isolation gateway of control device and system | |
| Mahan et al. | Secure data transfer guidance for industrial control and SCADA systems | |
| CN214306527U (en) | Gas pipe network scheduling monitoring network safety system | |
| Jingyao et al. | Securing a network: how effective using firewalls and VPNs are? | |
| KR20210001728A (en) | Ship security system for Ethernet network based ship network protection. | |
| Khosroshahi et al. | Security technology by using firewall for smart grid | |
| Freeman et al. | A survey of cyber threats and security controls analysis for urban air mobility environments | |
| Miloslavskaya et al. | Ensuring information security for internet of things | |
| CN112532612A (en) | Industrial control network safety protection system | |
| Yue et al. | The research of firewall technology in computer network security | |
| Pedapudi et al. | A Comprehensive Network Security Management in Virtual Private Network Environment | |
| Singh et al. | SCADA security issues and FPGA implementation of AES—A review | |
| Wang | Research on firewall technology and its application in computer network security strategy | |
| Deng et al. | TNC-UTM: A holistic solution to secure enterprise networks | |
| Granzer et al. | Security in Industrial Communication Systems | |
| Mahmood et al. | Securing Industrial Internet of Things (Industrial IoT)-A Reviewof Challenges and Solutions | |
| Rowe | VOIP-extra threats in the converged environment | |
| Ewing | Engineering Defense-in-Depth Cybersecurity for the Modern Substation |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20150603 |