CN106790028A - A kind of prison and the data transmission method and system of bank's intranet and extranet security isolation - Google Patents
A kind of prison and the data transmission method and system of bank's intranet and extranet security isolation Download PDFInfo
- Publication number
- CN106790028A CN106790028A CN201611157905.5A CN201611157905A CN106790028A CN 106790028 A CN106790028 A CN 106790028A CN 201611157905 A CN201611157905 A CN 201611157905A CN 106790028 A CN106790028 A CN 106790028A
- Authority
- CN
- China
- Prior art keywords
- network
- initial data
- bank
- network packet
- prison
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/12—Applying verification of the received information
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/145—Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/16—Implementation or adaptation of Internet protocol [IP], of transmission control protocol [TCP] or of user datagram protocol [UDP]
- H04L69/163—In-band adaptation of TCP data exchange; In-band control procedures
Abstract
The present invention relates to network safety filed, the data transmission method and system in a kind of prison and bank's intranet and extranet security isolation are disclosed, by obtaining first network packet, carry out authentication;The first network packet is decapsulated, to reduce initial data;Checking treatment is carried out to the initial data;The initial data is encrypted;According to the type of the second network, protocol encapsulation is carried out to the initial data, generate the second network packet;To the second network packet described in the second forwarded.The present invention has prevented the safety problem brought by the inherent hidden danger of TCP/IP procotols fragility and part operation system.Security isolation by the way of data ferry-boat from hardware and software simultaneously between guarantee prison and bank network.
Description
Technical field
The present invention relates to network safety filed, more particularly to a kind of prison and bank's intranet and extranet security isolation data transfer
Method and system.
Background technology
The management of inmate's individual bankroll bankization has turned into a kind of trend in current prison, right due to being related to financial transaction
It is higher with the network security requirement of bank in prison, although we can use the peace such as fire wall, proxy server, intrusion detection
Full measure, but these technologies are all based on the logic isolation product of software, and being for hacker and internal user possible quilt
Manipulate, it is impossible to meet requirement of the financial department to data safety.Along with the computer core software and hardware that current China uses
Import is dependent on, who cannot also ensure do not have back door, no leak during these are soft or hard.Therefore, best bet is exactly to allow user
Important data and the internet of outside, using physically-isolated mode, allow hacker to have no exploits without connection physically, but
It is that can not so realize the intercommunication with external bank network again.So be accomplished by a kind of technology help user can effectively every
From internal-external network, the resource of intranet and extranet can be conveniently used again, here it is being completed for task of Physical-separation Technology.
The content of the invention
The present invention provides the data transmission method and system in a kind of prison and bank's intranet and extranet security isolation, solves existing skill
Prison network and the technical problem that external bank network interworking is limited, Networked RAID is not enough in art.
The purpose of the present invention is achieved through the following technical solutions:
A kind of prison and the data transmission method of bank's intranet and extranet security isolation, including:
First network packet is obtained, authentication is carried out;
The first network packet is decapsulated, to reduce initial data;
Checking treatment is carried out to the initial data;
The initial data is encrypted;
According to the type of the second network, protocol encapsulation is carried out to the initial data, generate the second network packet;
To the second network packet described in the second forwarded.
A kind of prison and the data transmission system of bank's intranet and extranet security isolation, including:
Acquisition module, for obtaining first network packet, carries out authentication;
Deblocking module, for being decapsulated to the first network packet, to reduce initial data;
Correction verification module, for carrying out checking treatment to the initial data;
Encrypting module, for being encrypted to the initial data;
Package module, for the type according to the second network, protocol encapsulation is carried out to the initial data, generates the second net
Network packet;
Sending module, for the second network packet described in the second forwarded.
The present invention provides the data transmission method and system in a kind of prison and bank's intranet and extranet security isolation, by obtaining the
One network packet, carries out authentication;The first network packet is decapsulated, to reduce initial data;To institute
Stating initial data carries out checking treatment;The initial data is encrypted;According to the type of the second network, to the original
Beginning data carry out protocol encapsulation, generate the second network packet;To the second network packet described in the second forwarded.The present invention
The safety problem brought by the inherent hidden danger of TCP/IP procotols fragility and part operation system is prevented.Put using data
The mode crossed ensures the security isolation between prison and bank network simultaneously from hardware and software.
Brief description of the drawings
In order to illustrate more clearly about the embodiment of the present invention or technical scheme of the prior art, below will be to institute in embodiment
The accompanying drawing for needing to use is briefly described, it should be apparent that, drawings in the following description are only some implementations of the invention
Example, for those of ordinary skill in the art, without having to pay creative labor, can also obtain according to these accompanying drawings
Obtain other accompanying drawings.
Fig. 1 is a kind of prison of the embodiment of the present invention and the flow of the data transmission method of bank's intranet and extranet security isolation
Figure;
Fig. 2 is a kind of prison of the embodiment of the present invention and the structure of the data transmission system of bank's intranet and extranet security isolation
Figure.
Specific embodiment
It is below in conjunction with the accompanying drawings and specific real to enable the above objects, features and advantages of the present invention more obvious understandable
The present invention is further detailed explanation to apply mode.
As shown in figure 1, be the data transmission method in a kind of prison and bank's intranet and extranet security isolation, including:
Step 101, acquisition first network packet, carry out authentication;
Step 102, the first network packet is decapsulated, to reduce initial data;
Step 103, checking treatment is carried out to the initial data;
Step 104, the initial data is encrypted;
Step 105, the type according to the second network, protocol encapsulation is carried out to the initial data, generates the second network number
According to bag;
Step 106, to the second network packet described in the second forwarded.
Wherein, step 101 can specifically include:
Step 101-1, by first network interface obtain first network packet;
Step 101-2, the IP address according to first network packet, port carry out IP certifications, port authentication.
When the first network is bank network, second network is prison network;When the first network is prison
During the network of prison, second network is bank network.
Step 105 can specifically include the type according to the second network, and TCP encapsulation is carried out to the initial data, generate
Second network packet.
After step 102, before step 103, also include:
Virus scan is carried out to the initial data.Can the implicit security threat of data portion be identified.
The present invention provides the data transmission method in a kind of prison and bank's intranet and extranet security isolation, by obtaining first network
Packet, carries out authentication;The first network packet is decapsulated, to reduce initial data;To described original
Data carry out checking treatment;The initial data is encrypted;According to the type of the second network, to the initial data
Protocol encapsulation is carried out, the second network packet is generated;To the second network packet described in the second forwarded.The present invention prevents
The safety problem brought by the inherent hidden danger of TCP/IP procotols fragility and part operation system.The side ferried using data
Formula ensures the security isolation between prison and bank network simultaneously from hardware and software.
The embodiment of the present invention additionally provides the data transmission system in a kind of prison and bank's intranet and extranet security isolation, such as Fig. 2
It is shown, including:
Acquisition module 210, for obtaining first network packet, carries out authentication;
Deblocking module 220, for being decapsulated to the first network packet, to reduce initial data;
Correction verification module 230, for carrying out checking treatment to the initial data;
Encrypting module 240, for being encrypted to the initial data;
Package module 250, for the type according to the second network, carries out protocol encapsulation to the initial data, generation the
Two network packets;
Sending module 260, for the second network packet described in the second forwarded.
Wherein, the acquisition module 210 includes:
Receiving unit 211, for obtaining first network packet by first network interface;
Authentication unit 212, IP certifications, port authentication are carried out for the IP address according to first network packet, port.
Package module 250 carries out TCP encapsulation to the initial data specifically for the type according to the second network, generation
Second network packet.
The system can also include virus scan module 270, for being decapsulated to the first network packet
Afterwards, before carrying out checking treatment to the initial data, virus scan is carried out to the initial data.
Through the above description of the embodiments, those skilled in the art can be understood that the present invention can be by
Software adds the mode of required hardware platform to realize, naturally it is also possible to all implemented by hardware, but in many cases before
Person is more preferably implementation method.Based on such understanding, whole that technical scheme contributes to background technology or
Person part can be embodied in the form of software product, and the computer software product can be stored in storage medium, such as
ROM/RAM, magnetic disc, CD etc., including some instructions are used to so that a computer equipment (can be personal computer, service
Device, or the network equipment etc.) perform method described in some parts of each embodiment of the invention or embodiment.
The present invention is described in detail above, specific case used herein is to principle of the invention and embodiment party
Formula is set forth, and the explanation of above example is only intended to help and understands the method for the present invention and its core concept;Meanwhile, it is right
In those of ordinary skill in the art, according to thought of the invention, change is had in specific embodiments and applications
Part, in sum, this specification content should not be construed as limiting the invention.
Claims (9)
1. the data transmission method of a kind of prison and bank's intranet and extranet security isolation, it is characterised in that including:
First network packet is obtained, authentication is carried out;
The first network packet is decapsulated, to reduce initial data;
Checking treatment is carried out to the initial data;
The initial data is encrypted;
According to the type of the second network, protocol encapsulation is carried out to the initial data, generate the second network packet;
To the second network packet described in the second forwarded.
2. the data transmission method of prison according to claim 1 and bank's intranet and extranet security isolation, it is characterised in that institute
Acquisition first network packet is stated, authentication is carried out, including:
First network packet is obtained by first network interface;
IP address, port according to first network packet carry out IP certifications, port authentication.
3. the data transmission method of prison according to claim 1 and bank's intranet and extranet security isolation, it is characterised in that when
When the first network is bank network, second network is prison network;When the first network is prison network, institute
The second network is stated for bank network.
4. the data transmission method of prison according to claim 1 and bank's intranet and extranet security isolation, it is characterised in that root
According to the type of the second network, TCP encapsulation is carried out to the initial data, generate the second network packet.
5. the data transmission method of prison according to claim 1 and bank's intranet and extranet security isolation, it is characterised in that
After being decapsulated to the first network packet, before carrying out checking treatment to the initial data, also include:To institute
Stating initial data carries out virus scan.
6. the data transmission system of a kind of prison and bank's intranet and extranet security isolation, it is characterised in that including:
Acquisition module, for obtaining first network packet, carries out authentication;
Deblocking module, for being decapsulated to the first network packet, to reduce initial data;
Correction verification module, for carrying out checking treatment to the initial data;
Encrypting module, for being encrypted to the initial data;
Package module, for the type according to the second network, protocol encapsulation is carried out to the initial data, generates the second network number
According to bag;
Sending module, for the second network packet described in the second forwarded.
7. the data transmission system of prison according to claim 6 and bank's intranet and extranet security isolation, it is characterised in that institute
Stating acquisition module includes:
Receiving unit, for obtaining first network packet by first network interface;
Authentication unit, IP certifications, port authentication are carried out for the IP address according to first network packet, port.
8. the data transmission system of prison according to claim 6 and bank's intranet and extranet security isolation, it is characterised in that envelope
Die-filling piece, specifically for the type according to the second network, TCP encapsulation is carried out to the initial data, generates the second network data
Bag.
9. the data transmission system of prison according to claim 6 and bank's intranet and extranet security isolation, it is characterised in that also
Including virus scan module, for after being decapsulated to the first network packet, being carried out to the initial data
Before checking treatment, virus scan is carried out to the initial data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611157905.5A CN106790028A (en) | 2016-12-15 | 2016-12-15 | A kind of prison and the data transmission method and system of bank's intranet and extranet security isolation |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201611157905.5A CN106790028A (en) | 2016-12-15 | 2016-12-15 | A kind of prison and the data transmission method and system of bank's intranet and extranet security isolation |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106790028A true CN106790028A (en) | 2017-05-31 |
Family
ID=58889084
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201611157905.5A Pending CN106790028A (en) | 2016-12-15 | 2016-12-15 | A kind of prison and the data transmission method and system of bank's intranet and extranet security isolation |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106790028A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110855634A (en) * | 2019-10-24 | 2020-02-28 | 北京电信易通信息技术股份有限公司 | Cross-network switching service system and method based on secure network |
CN114389866A (en) * | 2021-12-29 | 2022-04-22 | 北京连山科技股份有限公司 | System and method for realizing high-speed isolation network gate data ferrying |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1953395A (en) * | 2006-09-18 | 2007-04-25 | 北京明朝万达科技有限公司 | A method to control network separation based on mode switch |
CN103812861A (en) * | 2014-01-20 | 2014-05-21 | 广东电网公司电力科学研究院 | IPSEC (internet protocol security) VPN (virtual private network) device, isolation method thereof and isolation system thereof |
CN104683352A (en) * | 2015-03-18 | 2015-06-03 | 宁波科安网信通讯科技有限公司 | Industrial communication isolation gap with double-channel ferrying function |
US20160087933A1 (en) * | 2006-09-25 | 2016-03-24 | Weaved, Inc. | Techniques for the deployment and management of network connected devices |
CN105656883A (en) * | 2015-12-25 | 2016-06-08 | 冶金自动化研究设计院 | Unidirectional transmission internal and external network secure isolating gateway applicable to industrial control network |
-
2016
- 2016-12-15 CN CN201611157905.5A patent/CN106790028A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1953395A (en) * | 2006-09-18 | 2007-04-25 | 北京明朝万达科技有限公司 | A method to control network separation based on mode switch |
US20160087933A1 (en) * | 2006-09-25 | 2016-03-24 | Weaved, Inc. | Techniques for the deployment and management of network connected devices |
CN103812861A (en) * | 2014-01-20 | 2014-05-21 | 广东电网公司电力科学研究院 | IPSEC (internet protocol security) VPN (virtual private network) device, isolation method thereof and isolation system thereof |
CN104683352A (en) * | 2015-03-18 | 2015-06-03 | 宁波科安网信通讯科技有限公司 | Industrial communication isolation gap with double-channel ferrying function |
CN105656883A (en) * | 2015-12-25 | 2016-06-08 | 冶金自动化研究设计院 | Unidirectional transmission internal and external network secure isolating gateway applicable to industrial control network |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110855634A (en) * | 2019-10-24 | 2020-02-28 | 北京电信易通信息技术股份有限公司 | Cross-network switching service system and method based on secure network |
CN114389866A (en) * | 2021-12-29 | 2022-04-22 | 北京连山科技股份有限公司 | System and method for realizing high-speed isolation network gate data ferrying |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104639534B (en) | The loading method and browser device of web portal security information | |
CN103581108B (en) | Login authentication method, login authentication client, login authentication server and login authentication system | |
JP2022524709A (en) | Second element of customer support calls Systems and methods for authentication | |
WO2020258837A1 (en) | Unlocking method, device for realizing unlocking, and computer readable medium | |
CN104869102B (en) | Authorization method, device and system based on xAuth agreement | |
CN107743133A (en) | Mobile terminal and its access control method and system based on trustable security environment | |
US10263782B2 (en) | Soft-token authentication system | |
US10257171B2 (en) | Server public key pinning by URL | |
CN103297437A (en) | Safety server access method for mobile intelligent terminal | |
CN104837150B (en) | IPv6 wireless sense network safety test systems | |
CN107508847A (en) | One kind connection method for building up, device and equipment | |
CN110430065B (en) | Application service calling method, device and system | |
CN107547559A (en) | A kind of message processing method and device | |
CN106850517A (en) | A kind of method, apparatus and system for solving intranet and extranet repeat logon | |
CN104463584B (en) | The method for realizing mobile terminal App secure payments | |
CN107196906A (en) | A kind of security domain network connection control method and system | |
CN109040059A (en) | Shielded TCP communication method, communication device and storage medium | |
CN109150906A (en) | A kind of real-time data communication safety method | |
WO2015120769A1 (en) | Password management method and system | |
Darwish et al. | A model to authenticate requests for online banking transactions | |
CN106790028A (en) | A kind of prison and the data transmission method and system of bank's intranet and extranet security isolation | |
CN113055357B (en) | Method and device for verifying credibility of communication link by single packet, computing equipment and storage medium | |
CN104270346B (en) | The methods, devices and systems of two-way authentication | |
CN107251520A (en) | Method for the polymerization authentication protocol in M2M communication | |
CN109495458A (en) | A kind of method, system and the associated component of data transmission |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20170531 |
|
WD01 | Invention patent application deemed withdrawn after publication |