CN105721481A - Transparent-computing-based network access system and method - Google Patents
Transparent-computing-based network access system and method Download PDFInfo
- Publication number
- CN105721481A CN105721481A CN201610119598.5A CN201610119598A CN105721481A CN 105721481 A CN105721481 A CN 105721481A CN 201610119598 A CN201610119598 A CN 201610119598A CN 105721481 A CN105721481 A CN 105721481A
- Authority
- CN
- China
- Prior art keywords
- network
- subset
- network access
- client
- access equipment
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0869—Network architectures or network communication protocols for network security for authentication of entities for achieving mutual authentication
Abstract
The invention discloses a transparent-computing-based network access system and method. The system comprises a network access device and at least one client, wherein the network access device comprises at least one first sub device in charge of enabling the client to access a first network, and at least one second sub device in charge of enabling the client to access a second network, the first network is a network owning security data, and the second network is a network owning security data and/or insecurity data. The network access device is used for enabling the client to access the first network by utilizing the first sub device in charge of a current access service based on a transparent computing manner when the client requests to access the first network, so that the first network provides network access services for the client; the network access device is also used for enabling the client to access the second network by utilizing the second sub device in charge of the current access service based on the transparent computing manner when the client requests to access the second network, so that the second network provides the network access services for the client.
Description
Technical field
The present invention relates to Internet technical field, particularly relate to a kind of network access system based on lucidification disposal and method.
Background technology
At present, when user and the Internet carry out information mutual time, it is common that to carry out information mutual with TCP/IP network, and user can obtain information from network, it is also possible to directly information is passed in TCP/IP network.
Although the TCP/IP network that traditional address drives is the excellent configuration interconnected, but network security it cannot be guaranteed that, network is filled with potential safety hazard, the content insincere propagated on network, therefore, the content in TCP/IP network structure is uncontrollable, may mix much unnecessary even harmful information inside it, therefore, how to ensure some particular network content safety reliable and not contaminated be a problem demanding prompt solution.
Summary of the invention
In view of this, the main purpose of the embodiment of the present invention is in that to provide a kind of network access system based on lucidification disposal and method, to realize ensureing the reliable purpose of particular network content safety.
For achieving the above object, embodiments provide a kind of network access system based on lucidification disposal, described system includes network access equipment and at least one client, described network access equipment includes being responsible for making described client access at least one first subset of first network and be responsible at least one second subset making described client access the second network, described first network is the network having secure data, and described second network is the network having secure data and/or dangerous data;
Described network access equipment, for when the request of described client accesses described first network, based on the mode of lucidification disposal, the first subset being responsible for the service that is currently accessed described client is made to access described first network, in order to described first network provides network access service for described client;When the request of described client accesses described second network, based on the mode of lucidification disposal, the second subset being responsible for the service that is currently accessed described client is made to access described second network, in order to described second network provides network access service for described client.
Optionally, described network access equipment also includes:
Network insertion service module, for accessing described first network or before the request of described client accesses described second network when the request of described client, makes described client realize network by the network connection service provided and connects.
Optionally, described network access equipment also includes:
Network insertion service module, for adopting the mode of lucidification disposal to manage described first subset and described second subset.
Optionally, described network access equipment also includes:
Network insertion service module, the first subset and described second subset described in physical isolation;Or, the first subset described in physical isolation and described second subset and the first subset described in physical isolation each two.
Optionally, described system also includes:
Central administration center, for adopting firmware and the operating system of network access equipment described in the mode maintenance and management of lucidification disposal.
Optionally, described central administration center, specifically for described central administration center and the two-way mutual authentication of described network access equipment by and/or described central administration center with described network access equipment after Third Party Authentication passes through, the firmware of network access equipment described in the mode maintenance and management of employing lucidification disposal and operating system.
Optionally, described central administration center, whether the communication link being additionally operable between monitoring and described network access equipment disconnects.
Optionally, described network access equipment, for when monitoring under the exception level state laying oneself open to setting, carrying out the automatic maintenance of firmware and/or systems soft ware, or, carry out the self-destruction of firmware and/or systems soft ware.
The embodiment of the present invention additionally provides a kind of method for network access based on lucidification disposal, described method is applied to a kind of network access system, described system includes network access equipment and at least one client, described network access equipment includes being responsible for making described client access at least one first subset of first network and be responsible at least one second subset making described client access the second network, described first network is the network having secure data, and described second network is the network having secure data and/or dangerous data;Described method includes:
When the request of described client accesses described first network, described network access equipment is based on the mode of lucidification disposal, described client is made to access described first network by the first subset being responsible for the service that is currently accessed, in order to described first network provides network access service for described client;
When the request of described client accesses described second network, described network access equipment is based on the mode of lucidification disposal, described client is made to access described second network by the second subset being responsible for the service that is currently accessed, in order to described second network provides network access service for described client.
Optionally, described network access equipment also includes network insertion service module, and described method also includes:
When the described client request described first network of access or before the request of described client accesses described second network, described network insertion service module makes described client realize network connection by the network connection service provided.
Optionally, described network access equipment also includes network insertion service module, and described method also includes:
Described network insertion service module adopts the mode of lucidification disposal to manage described first subset and described second subset.
Optionally, described network access equipment also includes network insertion service module;
First subset described in described network insertion service module physical isolation and described second subset;
Or, the first subset described in described network insertion service module physical isolation and described second subset and the first subset described in physical isolation each two.
Optionally, described system also includes central administration center, and described method also includes:
The firmware of network access equipment described in the mode maintenance and management of described central administration center employing lucidification disposal and operating system.
Optionally, described central administration center adopts the mode of lucidification disposal to safeguard firmware and the operating system of described network access equipment, specifically includes:
Described central administration center described central administration center and the two-way mutual authentication of described network access equipment by and/or described central administration center with described network access equipment after Third Party Authentication passes through, the firmware of network access equipment described in the mode maintenance and management of employing lucidification disposal and operating system.
Optionally, described method also includes:
Whether the communication link between the monitoring of described central administration center and described network access equipment disconnects.
Optionally, described method also includes:
Described network access equipment, when monitoring under the exception level state laying oneself open to setting, carries out the automatic maintenance of firmware and/or systems soft ware, or, carry out the self-destruction of firmware and/or systems soft ware.
The network access system based on lucidification disposal of embodiment of the present invention offer and method, network access equipment in this system includes two seed devices, respectively the first subset and the second subset, first subset is responsible for making client access security network (first network), second subset is responsible for making client access insecure network (the second network), first network and the second network is utilized to provide the user two kinds of network services that are separate and that isolate, subscription client is made freely to access first network and the mutually isolated network of the second network both by corresponding subset, can ensure that the content in first network is not polluted by the content in the second network, namely the content in the second network may not flow in first network, thus the content safety that ensure that in first network is credible.
Accompanying drawing explanation
In order to be illustrated more clearly that the embodiment of the present invention or technical scheme of the prior art, the accompanying drawing used required in embodiment or description of the prior art will be briefly described below, apparently, accompanying drawing in the following describes is some embodiments of the present invention, for those of ordinary skill in the art, under the premise not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the embodiment of the present invention based on one of composition schematic diagram of the network access system of lucidification disposal;
Fig. 2 is the embodiment of the present invention based on the two of the composition schematic diagram of the network access system of lucidification disposal;
Fig. 3 is the embodiment of the present invention schematic flow sheet based on the method for network access of lucidification disposal.
Detailed description of the invention
For making the purpose of the embodiment of the present invention, technical scheme and advantage clearly, below in conjunction with the accompanying drawing in the embodiment of the present invention, technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is a part of embodiment of the present invention, rather than whole embodiments.Based on the embodiment in the present invention, the every other embodiment that those of ordinary skill in the art obtain under not making creative work premise, broadly fall into the scope of protection of the invention.
For ensureing that some Web content that user gets is credible and safe, the embodiment of the present invention opens the safe and reliable network of and conventional TCP/IP the Internet isolation specially, content on this network is managed by specialized agency, such as by releasing news specially or the organization management of government affairs information, the content in this network is credible and safe.
Referring to Fig. 1, for one of composition schematic diagram of the network access system based on lucidification disposal that the embodiment of the present invention provides, described system includes at least one client 100, network access equipment 200, described network access equipment 200 includes being responsible for making described client 100 access at least one first subset of first network and be responsible at least one second subset making described client 100 access the second network, described first network is the network having secure data, and described second network is the network having secure data and/or dangerous data.
Lucidification disposal is a kind of user concrete place without perception computer operating system, middleware, application program and communication network;Only according to the demand of oneself, need to select and use the computation schema of respective service (such as calculating, phone, TV, online and amusement etc.) from the various terminal units (include fixing, all kinds of terminal units) mobile and family used by network.
In embodiments of the present invention, described first network can be by releasing news specially, the content network of the content such as government affairs information, public service information, described second network can be TCP/IP address network.In actual the Internet, can there is one or more first network, each first network has the safe and reliable network data managed by specialized agency, same, can also there is one or more second network, content in described second network is more complicated, comprises safe and/or unsafe Web content.Each first network is to there being one or more first subset, and each second network is to there being one or more second subset.
In embodiments of the present invention, for many seed devices (i.e. at least one first subset and at least one second subset) integrated in network access equipment 200, the physical form of these subsets can be independent circuit board, it is also possible to be the intellectual computing device with systems soft ware or operating system.Each subset can access a kind of network service by individual responsibility, wherein, first subset is responsible for making client 100 access first network, namely the network address of client-access is accessed, to be provided user to ask the network service of (by network access mode) by first network for client 100, second subset is responsible for making client 100 access the second network, namely the network address of client-access is accessed, in order to provided user to ask the network service of (by network access mode) by the second network for client 100.To sum up, described network access equipment 200, for when the request of described client 100 accesses described first network, mode based on lucidification disposal, described client 100 is made to access described first network by the first subset being responsible for the service that is currently accessed, in order to described first network provides network access service for described client 100;When the request of described client 100 accesses described second network, mode based on lucidification disposal, described client 100 is made to access described second network by the second subset being responsible for the service that is currently accessed, in order to described second network provides network access service for described client 100.
Specifically, if network access equipment 200 only includes first subset being responsible for making client 100 access first network, then when this first network of client-access, this first subset client 100 is made to access this first network.If network access equipment 200 includes at least two the first subset being responsible for making client 100 access this first network, then when this first network of client-access, (such as all access services relevant to first network can be classified according to access level, such as data download, information browse etc. it are divided into, each first subset is responsible for the access of one or more of which access level and is accessed) determine and by which the first subset be responsible for making active client 100 access first network, and made client 100 access this first network by the first subset determined.
Same, if network access equipment 200 only includes second subset being responsible for making client 100 access the second network, then when this second network of client-access, this second subset make client 100 access this second network.If network access equipment 200 includes at least two the second subset being responsible for making client 100 access this second network, then when this second network of client-access, (such as all access services relevant to the second network are classified according to access level, such as data download, information browse etc. it are divided into, each second subset is responsible for the access of one or more of which access level and is accessed) determine and by which the second subset be responsible for making active client 100 access the second network, and made client 100 access this second network by the second subset determined.
Further, the two of the composition schematic diagram of the network access system based on lucidification disposal shown in Figure 2, described network access equipment 200 also includes: network insertion service module, for accessing described first network or before the request of described client 100 accesses described second network when the request of described client 100, make described client 100 realize network by the network connection service provided and connect.
Specifically, described network insertion service module collaborative work is required between each subset of network access equipment 200, described network insertion service module is responsible for the network insertion of user, user is provided unified such as Wifi by this module, LAN (LocalAreaNetwork, the network connection service such as LAN), these Connection Service can make the network docking that client 100 is directly corresponding with each subset simultaneously, user uses and is not required to when network manage these different networks, user is transparent by the various networks under this network access equipment 200, Consumer's Experience can be identical with current network access equipment, such as, subscription client 100 connects the Wifi service of this network access equipment 200, following user just can freely use each network service that these subsets are corresponding, it is which network is providing service even without knowing.
In embodiments of the present invention, described network insertion service module, it is additionally operable to adopt the mode of lucidification disposal to manage described first subset and described second subset.That is, described access service module is as a master control hardware, it is not only responsible for processing above-mentioned user's access request, it is also responsible in the way of lucidification disposal, managing the first subset and the second subset (supervisor of lucidification disposal is controlled program and is located in described network insertion service module), by to the first subset, second subset carries out lucidification disposal management, just make user when accessing network by network access equipment 200, without perception the first equipment, second subset, management program on subset, and access Internet resources are positioned at the concrete existence of which network, only need to select respective service by network from client 100.
In addition; described network insertion service module can also realize the mutual physical isolation between each subset according to safety requirements; to reach to protect some network not infected demand of such as described first network; isolation between subset can be realized by the design of service module circuit; relatively adopt the mode that functional circuit etc. is physically separated; if realizing isolation by software, then reducing safety, namely to be subject to the probability of security threat bigger for described first network.Specifically, such as, when having data communication between described first subset and described second subset, in order to ensure the safety of data in first network, it is possible to will be physically separated between each second subset and each first subset;Again such as, when also having the different access classification that data communication and different first subset are responsible for first network between each first subset, in order to strengthen the data safety under certain access level of first network, it is possible to will be physically separated between each first subset and other the first subset further.Visible, described network insertion service module, it is additionally operable to the first subset described in physical isolation and described second subset;Or, the first subset described in physical isolation and described second subset and the first subset described in physical isolation each two.
It addition, each subset of described network access equipment 200 can be different architecture, as adopted different CPU, it is also possible to install different operating system.For the different architecture that each subset adopts, the network insertion service module in described network access equipment 200, for different architectures, is responsible to define communication capacity and condition that each subset needs to meet.Such as, user is uploaded to the data of network or network is issued to the data of user and requires over the subset of correspondence and carry out data parsing, but when each subset adopts different architectures, subset may be different to the analysis mode of data, therefore, described network insertion service module is as the data uploading channel between client and network and data distributing passage, need the resolution data under these subset difference analysis modes is carried out different upload process or issues process, in order to data are uploaded to network or are issued to client.
Further, network access system shown in Fig. 2 also includes central administration center 300, described network access equipment 200 needs to access long-range central administration center 300, shown in central administration center 300 can be cloud computing center etc., central administration center 300 adopts the method firmware to network access equipment 200 and subset thereof of lucidification disposal, operating system and the systems soft ware of network access equipment 200 and subset thereof is managed.The manufacturer of network access equipment 200 is without the installation of the firmware and systems soft ware that manage equipment and maintenance, even without knowing each subset needs what network corresponding, these work adopt the mode of lucidification disposal to carry out configuring and managing by central administration center 300 is unified according to set standard.To sum up, central administration center 300, for adopting firmware and the operating system of network access equipment 200 described in the mode maintenance and management of lucidification disposal.
Specifically, when central administration center 300 adopts the way to manage management network access equipment 200 of lucidification disposal, safety and the management and control of network access equipment 200 are more paid close attention to.Network access equipment 200 is modified by (data that such as amendment network issues) for disabled user, attack and (as by network access equipment, network is accessed in a large number, it is intended to make network paralysis), falsely use (such as falsely using official's signature), copy safety problems such as (such as copying official's signature), central administration center 300 all has corresponding control measures, code is managed as passed through addition hardware (or software) on network access equipment 200, it is responsible for monitoring hardware (or software) state etc., once pinpoint the problems, remotely network access equipment 200 can be carried out management and control, as closed the port of network access equipment 200, close the network access equipment 200 access to network, restart network access equipment 200, reinstall the system of network access equipment 200, or update the system mend etc. of network access equipment 200.
In addition, the above-mentioned central administration center 300 way to manage to the lucidification disposal of network access equipment 200, can in conjunction with third-party certification, such as ca authentication, simultaneously, can possess two-way mutual authentication ability between network access equipment 200 and central administration center 300, not only prevent illegality equipment, be also prevented from illegal center.Therefore, described central administration center 300, specifically for described central administration center 300 and the described two-way mutual authentication of network access equipment 200 by and/or described central administration center 300 with described network access equipment 200 after Third Party Authentication passes through, the firmware of network access equipment 200 described in the mode maintenance and management of employing lucidification disposal and operating system.
It addition, described central administration center 300, whether the communication link being additionally operable between monitoring and described network access equipment 200 disconnects.Specifically, network access equipment 200 can be adopted the monitor in real time mechanism such as heartbeat signal by central administration center 300, namely central administration center 300 sends an only small packet to network access equipment 200 at set intervals, by the reply situation of network access equipment 200, central administration center 300 judges that whether the bipartite communication link of interconnection is already off.
Further, in embodiments of the present invention, described network access equipment 200; for when monitoring under the exception level state laying oneself open to setting, carrying out firmware and/or systems soft ware safeguarded automatically, or; carry out the self-destruction of firmware and/or systems soft ware or other self-protection measure.Specifically, the network access equipment 200 safe class requirement according to self, can possess and automatically safeguard and self-destruction ability, such as can preset security grade, when oneself primary control program or hardware (are under some safe class) under abnormality, by automatically safeguarding the method self-destruction eliminating safe hidden trouble or adopting oneself to eliminate firmware or systems soft ware.
The network access system based on lucidification disposal of embodiment of the present invention offer and method, network access equipment in this system includes two seed devices, respectively the first subset and the second subset, first subset is responsible for making client access security network (first network), second subset is responsible for making client access insecure network (the second network), first network and the second network is utilized to provide the user two kinds of network services that are separate and that isolate, subscription client is made freely to access first network and the mutually isolated network of the second network both by corresponding subset, can ensure that the content in first network is not polluted by the content in the second network, namely the content in the second network may not flow in first network, thus the content safety that ensure that in first network is credible.
Referring to Fig. 3, schematic flow sheet for the method for network access based on lucidification disposal that the embodiment of the present invention provides, described method is applied to a kind of network access system, described system includes network access equipment and at least one client, described network access equipment includes being responsible for making described client access at least one first subset of first network and be responsible at least one second subset making described client access the second network, described first network is the network having secure data, and described second network is the network having secure data and/or dangerous data;Described method includes:
Step 301: determine the network of the requested access of described client;
Step 302: when the request of described client accesses described first network, described network access equipment is based on the mode of lucidification disposal, described client is made to access described first network by the first subset being responsible for the service that is currently accessed, in order to described first network provides network access service for described client;
Step 303: when the request of described client accesses described second network, described network access equipment is based on the mode of lucidification disposal, described client is made to access described second network by the second subset being responsible for the service that is currently accessed, in order to described second network provides network access service for described client.
In embodiments of the present invention, described network access equipment also includes network insertion service module, and described method also includes:
When the described client request described first network of access or before the request of described client accesses described second network, described network insertion service module makes described client realize network connection by the network connection service provided.
In embodiments of the present invention, described network access equipment also includes network insertion service module, and described method also includes:
Described network insertion service module adopts the mode of lucidification disposal to manage described first subset and described second subset.
In embodiments of the present invention, described network access equipment also includes network insertion service module;First subset described in described network insertion service module physical isolation and described second subset;Or, the first subset described in described network insertion service module physical isolation and described second subset and the first subset described in physical isolation each two.
In embodiments of the present invention, described system also includes central administration center, and described method also includes:
The firmware of network access equipment described in the mode maintenance and management of described central administration center employing lucidification disposal and operating system.
In embodiments of the present invention, described central administration center adopts the mode of lucidification disposal to safeguard firmware and the operating system of described network access equipment, specifically includes:
Described central administration center described central administration center and the two-way mutual authentication of described network access equipment by and/or described central administration center with described network access equipment after Third Party Authentication passes through, the firmware of network access equipment described in the mode maintenance and management of employing lucidification disposal and operating system.
In embodiments of the present invention, described method also includes:
Whether the communication link between the monitoring of described central administration center and described network access equipment disconnects.
In embodiments of the present invention, described method also includes:
Described network access equipment, when monitoring under the exception level state laying oneself open to setting, carries out the automatic maintenance of firmware and/or systems soft ware, or, carry out the self-destruction of firmware and/or systems soft ware.
As seen through the above description of the embodiments, those skilled in the art is it can be understood that can add the mode of required general hardware platform by software to all or part of step in above-described embodiment method and realize.Based on such understanding, the part that prior art is contributed by technical scheme substantially in other words can embody with the form of software product, this computer software product can be stored in storage medium, such as ROM/RAM, magnetic disc, CD etc., including some instructions with so that a computer equipment (can be personal computer, server, or the network communication equipments such as such as WMG, etc.) perform the method described in some part of each embodiment of the present invention or embodiment.
It should be noted that each embodiment adopts the mode gone forward one by one to describe in this specification, what each embodiment stressed is the difference with other embodiments, between each embodiment identical similar portion mutually referring to.For method disclosed in embodiment, due to its with embodiment disclosed in system corresponding, so what describe is fairly simple, relevant part illustrates referring to components of system as directed.
It can further be stated that, in this article, the relational terms of such as first and second or the like is used merely to separate an entity or operation with another entity or operating space, and not necessarily requires or imply the relation that there is any this reality between these entities or operation or sequentially.And, term " includes ", " comprising " or its any other variant are intended to comprising of nonexcludability, so that include the process of a series of key element, method, article or equipment not only include those key elements, but also include other key elements being not expressly set out, or also include the key element intrinsic for this process, method, article or equipment.When there is no more restriction, statement " including ... " key element limited, it is not excluded that there is also other identical element in including the process of described key element, method, article or equipment.
Described above to the disclosed embodiments, makes professional and technical personnel in the field be capable of or uses the present invention.The multiple amendment of these embodiments be will be apparent from for those skilled in the art, and generic principles defined herein can without departing from the spirit or scope of the present invention, realize in other embodiments.Therefore, the present invention is not intended to be limited to the embodiments shown herein, and is to fit to the widest scope consistent with principles disclosed herein and features of novelty.
Claims (16)
1. the network access system based on lucidification disposal, it is characterized in that, described system includes network access equipment and at least one client, described network access equipment includes being responsible for making described client access at least one first subset of first network and be responsible at least one second subset making described client access the second network, described first network is the network having secure data, and described second network is the network having secure data and/or dangerous data;
Described network access equipment, for when the request of described client accesses described first network, based on the mode of lucidification disposal, the first subset being responsible for the service that is currently accessed described client is made to access described first network, in order to described first network provides network access service for described client;When the request of described client accesses described second network, based on the mode of lucidification disposal, the second subset being responsible for the service that is currently accessed described client is made to access described second network, in order to described second network provides network access service for described client.
2. system according to claim 1, it is characterised in that described network access equipment also includes:
Network insertion service module, for accessing described first network or before the request of described client accesses described second network when the request of described client, makes described client realize network by the network connection service provided and connects.
3. system according to claim 1, it is characterised in that described network access equipment also includes:
Network insertion service module, for adopting the mode of lucidification disposal to manage described first subset and described second subset.
4. system according to claim 1, it is characterised in that described network access equipment also includes:
Network insertion service module, the first subset and described second subset described in physical isolation;Or, the first subset described in physical isolation and described second subset and the first subset described in physical isolation each two.
5. system according to claim 1, it is characterised in that described system also includes:
Central administration center, for adopting firmware and the operating system of network access equipment described in the mode maintenance and management of lucidification disposal.
6. system according to claim 5, it is characterised in that
Described central administration center, specifically for described central administration center and the two-way mutual authentication of described network access equipment by and/or described central administration center with described network access equipment after Third Party Authentication passes through, the firmware of network access equipment described in the mode maintenance and management of employing lucidification disposal and operating system.
7. system according to claim 5, it is characterised in that
Described central administration center, whether the communication link being additionally operable between monitoring and described network access equipment disconnects.
8. the system according to any one of claim 1 to 7, it is characterised in that
Described network access equipment, for when monitoring under the exception level state laying oneself open to setting, carrying out the automatic maintenance of firmware and/or systems soft ware, or, carry out the self-destruction of firmware and/or systems soft ware.
9. the method for network access based on lucidification disposal, it is characterized in that, described method is applied to a kind of network access system, described system includes network access equipment and at least one client, described network access equipment includes being responsible for making described client access at least one first subset of first network and be responsible at least one second subset making described client access the second network, described first network is the network having secure data, and described second network is the network having secure data and/or dangerous data;Described method includes:
When the request of described client accesses described first network, described network access equipment is based on the mode of lucidification disposal, described client is made to access described first network by the first subset being responsible for the service that is currently accessed, in order to described first network provides network access service for described client;
When the request of described client accesses described second network, described network access equipment is based on the mode of lucidification disposal, described client is made to access described second network by the second subset being responsible for the service that is currently accessed, in order to described second network provides network access service for described client.
10. method according to claim 9, it is characterised in that described network access equipment also includes network insertion service module, and described method also includes:
When the described client request described first network of access or before the request of described client accesses described second network, described network insertion service module makes described client realize network connection by the network connection service provided.
11. method according to claim 9, it is characterised in that described network access equipment also includes network insertion service module, and described method also includes:
Described network insertion service module adopts the mode of lucidification disposal to manage described first subset and described second subset.
12. method according to claim 9, it is characterised in that described network access equipment also includes network insertion service module;
First subset described in described network insertion service module physical isolation and described second subset;
Or, the first subset described in described network insertion service module physical isolation and described second subset and the first subset described in physical isolation each two.
13. method according to claim 9, it is characterised in that described system also includes central administration center, and described method also includes:
The firmware of network access equipment described in the mode maintenance and management of described central administration center employing lucidification disposal and operating system.
14. method according to claim 13, it is characterised in that described central administration center adopts the mode of lucidification disposal to safeguard firmware and the operating system of described network access equipment, specifically includes:
Described central administration center described central administration center and the two-way mutual authentication of described network access equipment by and/or described central administration center with described network access equipment after Third Party Authentication passes through, the firmware of network access equipment described in the mode maintenance and management of employing lucidification disposal and operating system.
15. method according to claim 13, it is characterised in that described method also includes:
Whether the communication link between the monitoring of described central administration center and described network access equipment disconnects.
16. according to the method described in any one of claim 9 to 15, it is characterised in that described method also includes:
Described network access equipment, when monitoring under the exception level state laying oneself open to setting, carries out the automatic maintenance of firmware and/or systems soft ware, or, carry out the self-destruction of firmware and/or systems soft ware.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610119598.5A CN105721481B (en) | 2016-03-02 | 2016-03-02 | A kind of network access system and method based on lucidification disposal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201610119598.5A CN105721481B (en) | 2016-03-02 | 2016-03-02 | A kind of network access system and method based on lucidification disposal |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105721481A true CN105721481A (en) | 2016-06-29 |
| CN105721481B CN105721481B (en) | 2019-08-30 |
Family
ID=56156278
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201610119598.5A Active CN105721481B (en) | 2016-03-02 | 2016-03-02 | A kind of network access system and method based on lucidification disposal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105721481B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106850677A (en) * | 2017-03-17 | 2017-06-13 | 湖南新云网科技有限公司 | A kind of Network Isolation method based on lucidification disposal, network interface card, mainboard and terminal |
| CN109041042A (en) * | 2018-07-03 | 2018-12-18 | 成都鼎桥通信技术有限公司 | A kind of LTE private network SoftSIM solution and equipment |
| CN109951470A (en) * | 2019-03-12 | 2019-06-28 | 湖北大学 | A kind of information of multiple computing device Distributed Parallel Computing issues and result method for uploading |
Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350814A (en) * | 2008-08-26 | 2009-01-21 | 成都卫士通信息产业股份有限公司 | Safety remote access technology and gateway thereof |
| CN101753553A (en) * | 2008-12-08 | 2010-06-23 | 北京财富天湖科技有限公司 | Safety isolating and message switching system and method |
| CN101997722A (en) * | 2010-11-16 | 2011-03-30 | 西安电子科技大学 | Three-network convergence-oriented digital home network service management system and method |
| CN201839446U (en) * | 2010-11-03 | 2011-05-18 | 中国地质大学(武汉) | Heterogeneous network interconnection gateway device |
| CN201869374U (en) * | 2010-11-24 | 2011-06-15 | 中国地质大学(武汉) | Heterogeneous network interconnection gateway based on bluetooth, ZigBee and Internet |
| CN102891835A (en) * | 2011-07-20 | 2013-01-23 | 桂林长海科技有限责任公司 | Security isolation method for multi-network access of computer terminal |
| CN103336798A (en) * | 2013-06-17 | 2013-10-02 | 华南理工大学 | Virtualized data access system and method of embedded network device |
-
2016
- 2016-03-02 CN CN201610119598.5A patent/CN105721481B/en active Active
Patent Citations (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101350814A (en) * | 2008-08-26 | 2009-01-21 | 成都卫士通信息产业股份有限公司 | Safety remote access technology and gateway thereof |
| CN101753553A (en) * | 2008-12-08 | 2010-06-23 | 北京财富天湖科技有限公司 | Safety isolating and message switching system and method |
| CN201839446U (en) * | 2010-11-03 | 2011-05-18 | 中国地质大学(武汉) | Heterogeneous network interconnection gateway device |
| CN101997722A (en) * | 2010-11-16 | 2011-03-30 | 西安电子科技大学 | Three-network convergence-oriented digital home network service management system and method |
| CN201869374U (en) * | 2010-11-24 | 2011-06-15 | 中国地质大学(武汉) | Heterogeneous network interconnection gateway based on bluetooth, ZigBee and Internet |
| CN102891835A (en) * | 2011-07-20 | 2013-01-23 | 桂林长海科技有限责任公司 | Security isolation method for multi-network access of computer terminal |
| CN103336798A (en) * | 2013-06-17 | 2013-10-02 | 华南理工大学 | Virtualized data access system and method of embedded network device |
Non-Patent Citations (1)
| Title |
|---|
| 中国工程院: "《未来计算 讨论和展望》", 31 August 2013, 沈阳:东北大学出版社 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106850677A (en) * | 2017-03-17 | 2017-06-13 | 湖南新云网科技有限公司 | A kind of Network Isolation method based on lucidification disposal, network interface card, mainboard and terminal |
| CN109041042A (en) * | 2018-07-03 | 2018-12-18 | 成都鼎桥通信技术有限公司 | A kind of LTE private network SoftSIM solution and equipment |
| CN109041042B (en) * | 2018-07-03 | 2022-02-15 | 成都鼎桥通信技术有限公司 | LTE private network SoftSIM solution method and equipment |
| CN109951470A (en) * | 2019-03-12 | 2019-06-28 | 湖北大学 | A kind of information of multiple computing device Distributed Parallel Computing issues and result method for uploading |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105721481B (en) | 2019-08-30 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10425425B2 (en) | Monitoring actions performed by a network of peer devices using a blockchain | |
| US11005819B1 (en) | Secure surrogate cloud browsing | |
| US10885189B2 (en) | Isolated container event monitoring | |
| CN105656903B (en) | A kind of user safety management system of Hive platforms and application | |
| CN105183307B (en) | Application messages display control method and device | |
| US6920558B2 (en) | Method and apparatus for securely and dynamically modifying security policy configurations in a distributed system | |
| US8561182B2 (en) | Health-based access to network resources | |
| US10044765B2 (en) | Method and apparatus for centralized policy programming and distributive policy enforcement | |
| CN109831327A (en) | IMS full service network based on big data analysis monitors intelligent operation support system | |
| CN106713365A (en) | Cloud environment-based network security system | |
| IL228003A (en) | System and method for application attestation | |
| CN101909298B (en) | Secure access control method and device for wireless network | |
| CN104219218A (en) | Active safety defense method and active safety defense device | |
| CN104380301A (en) | Managing distributed operating system physical resources | |
| CN105094996A (en) | Security-enhancing method and system of Android system based on dynamic authority verification | |
| CN105721481A (en) | Transparent-computing-based network access system and method | |
| US9635017B2 (en) | Computer network security management system and method | |
| CN108495082A (en) | A kind of video monitoring system based on cloud platform | |
| CN109450933B (en) | Network system for nuclear power plant emergency network | |
| CN106254442A (en) | A kind of cloud disk data transmission method based on virtual encryption disk and device | |
| US20240012700A1 (en) | Governing Access To Third-Party Application Programming Interfaces | |
| WO2015182873A1 (en) | Dns server selective block and dns address modification method using proxy | |
| WO2014073760A1 (en) | Set-top box based cloud service method | |
| Compastié et al. | A software-defined security strategy for supporting autonomic security enforcement in distributed cloud | |
| CN103441882A (en) | Remote management method for internet access |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB03 | Change of inventor or designer information | ||
| CB03 | Change of inventor or designer information |
Inventor after: Yin Hao Inventor after: Zhang Yaoxue Inventor after: Kang Lu Inventor before: Yin Hao Inventor before: Lv Yongqiang Inventor before: Li Youping Inventor before: Yang Peng Inventor before: Zhang Yaoxue Inventor before: Kang Lu |
|
| TA01 | Transfer of patent application right | ||
| TA01 | Transfer of patent application right |
Effective date of registration: 20190116 Address after: 410000 Yuelu Street, Yuelu District, Changsha City, Hunan Province, No. 1 Building, Fenghe Garden, No. 328 Luxiangzhong Road Applicant after: Hunan Yuelushan Research Institute of Data Science and Technology Co., Ltd. Address before: 100084 Tsinghua Yuan, Beijing, Haidian District Applicant before: Tsinghua University |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |