CN107172020A - A kind of network data security exchange method and system - Google Patents
A kind of network data security exchange method and system Download PDFInfo
- Publication number
- CN107172020A CN107172020A CN201710292702.5A CN201710292702A CN107172020A CN 107172020 A CN107172020 A CN 107172020A CN 201710292702 A CN201710292702 A CN 201710292702A CN 107172020 A CN107172020 A CN 107172020A
- Authority
- CN
- China
- Prior art keywords
- data
- agency
- outer end
- client
- carried out
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0236—Filtering by address, protocol, port number or service, e.g. IP-address or URL
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
- H04L63/0245—Filtering by information in the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
- H04L63/101—Access control lists [ACL]
Abstract
The invention discloses the method and system that a kind of network data security is exchanged, traditional single main frame is changed to, using double main frames, traditional data double-way to be flowed, one-way flow is changed to, thus the process to data exchange is carried out within five layers of safeguard procedures, substantially increases the security of exchange.
Description
Technical field
The present invention relates to Data Interchange Technology field, and in particular to the method and system that a kind of network data security is exchanged.
Background technology
With the fast development of social informatization, network security is increasingly becoming the opportunities and challenges of New Times.With thing
The development of networking and the propulsion of all things on earth interconnection, the original various network element devices inside LAN are now begun to progressively " exposed "
In internet, resulting information leakage, potential safety hazard emerge in an endless stream.How to accomplish to allow Internet of Things to be effectively big
Family's service, while can accomplish not revealing information, ensure internal security againPeople have thought many schemes, including the use of agency, prevent
The means such as wall with flues.But have limitation, because once agency and fire wall are by assault or control, internal network is still
Or it is exposed in hacker at the moment., can be effectively using this method we have invented a kind of method in order to solve this problem
The problem of solving data exchange, and with high security protection ability, it is to avoid information is revealed by assault.
Prior art, as shown in figure 1, client Client needs to be communicated with server S erver, is used:Directly connect
Connect, act on behalf of, fire wall.
Direct mutual contact mode, it is therefore apparent that without any safeguard procedures, having no security can say.
Agent way, is changed on proxy server by agent software, realizes data exchange.This scheme is than straight
Connect interconnection safe, conceal the information of real service device, if cipher mode, security is more preferable.But this side
Case is also defective, because proxy server is a main frame, hacker has once attacked proxy server, with regard to can control client and
Data exchange between server, carries out data and steals secret information.
Fire wall is similar with proxy server, can be changed by NAT, realizes the Information hiding to server, can also
Realized and isolated by DMZ areas, reach the purpose of security data exchange.Equally, because fire wall is also single main frame, Er Qieshi
By " blacklist " rule realize protection, once fire wall is controlled by hacker in itself, can also steal client and server it
Between data.
The content of the invention
For problem of the prior art, the present invention proposes the method and system that a kind of network data security is exchanged, by tradition
Single main frame be changed to, using double main frames, traditional data double-way be flowed, one-way flow is changed to, thus to the mistake of data exchange
Journey is carried out within five layers of safeguard procedures, substantially increases the security of exchange.
As the first aspect of the present invention there is provided a kind of network data exchange method, comprise the following steps:
S1, judges whether data sending terminal is legal, if not conforming to rule refusal service, otherwise carries out TCP/UDP to data net
Load is peeled off and carries out data Safety Examination;
Legitimacy of data sending terminal is judged using " white list " rule, first determines whether whether are source IP and source MAC
Whether source IP unanimously is judged within the scope of authority if consistent with default, if then continuing whether judge source port/target port
Within the scope of authority, if then carrying out peeling off TCP/UDP net loads, and Safety Examination is carried out to the legitimacy of net load, if peace
Full examination result is valid data, then jumps to step S2 and carry out block encryption to the data by Safety Examination and transmit;
Any procedure failure then disconnects and abandons number during three judgements and Safety Examination in said process
According to bag, while record access daily record.
The data examined by data safety are encrypted and transmitted by S2;
Packet numbering is carried out to the data by Safety Examination and encrypted, proprietary protocol envelope then is carried out to encryption data
Dress, adds privately owned heading, and carry out data transmission and record access daily record by unidirectional data channel.
Data are decrypted and re-assemblied and are sent to data receiver by S3.
Following operation is carried out successively to the data received:Privately owned encapsulation is peeled off, payload data is decrypted, by packet numbering
Payload data is recombinated, Safety Examination is then carried out again to the data after decryption restructuring, judges whether data are legal;
If valid data then extracts target data receiving terminal IP and port, by " white list " rule, determine whether to data
Receiving terminal sends data, if allowing, data are sent into destination server and record access daily record;Two judgements during this
Any procedure failure of process then packet discard, while record access daily record.
Another aspect of the present invention provides a kind of network data security exchange system, including client, outer end agency, inner generation
Reason and server end;The client and server end carries out data exchange by outer end agency and inner agency;
The outer end agency and inner agency include:
Identity authenticating unit, for utilizing " white list " rule verification client or server end whether legal, including
Client or server end IP address are verified whether in the range of authorization, and whether source port and target port are being awarded
Weigh in tolerance band;
The TCP/UDP net loads included in data processing unit, the data for peeling off client server transmission,
And by virus scan, the filtering of sensitive keys word, using feature recognition or the method for application character control to TCP/UDP net loads
Carry out Safety Examination;
Ciphering unit, for carrying out packet numbering by the data of Safety Examination and encrypt, and to encryption after
Data carry out privately owned message protocol encapsulation;
Decryption unit, for peeling off privately owned message protocol head, and the data content of encryption is decrypted and group again
Dress.
Further, outer end agency and inner agency respectively further comprise the first communication set, the second communication set and
Third communication set, each communication set is made up of one or more communication interfaces, the interface quantity phase in each communication set
Deng;
The first Communication Set of the outer end agency shares to enter row data communication with client;The inner agency wherein the
One Communication Set shares to enter row data communication with server end;
Outer end agency the second communication set passes through single fiber with the communication interface in the third communication set of inner agency
One-way optical fiber is connected two-by-two, constitutes one or more outer end agency to the one-way data transfer passage of inner agency;The outer end
Act on behalf of third communication set with the inner agency second communicate gather in communication interface connected two-by-two by single fiber one-way optical fiber,
Constitute the one-way data transfer passage that one or more inner agency acts on behalf of to outer end.
Preferably, the one or more one-way data transfer passage of the outer end agency to inner agency are acted on behalf of with inner
Corresponded to the one or more one-way data transfer passage that outer end is acted on behalf of, constitute one or more groups of transmission channels pair.
The present invention is due to using above technical scheme, with significant technique effect:Pass through " double main frames " and " one-way data
Stream " scheme, its security is obviously higher.First, there is the examination to client using white list rule on " outer end agency ", only
The client for having the scope of authority can be accessed " outer end agency ".So it is greatly lowered the possibility that " outer end agency " is threatened
Property.Assuming that authorized client is controlled by hacker, " outer end agency " is successfully connected to, at this time second layer protection will be raw
Effect:It is sent to " outer end agency " if data it is illegal, such as:There is no the proprietary application condition code of carrying, data to lack in data
Contain illegal sensitive data or threat code etc. in few proprietary data check code, data, it will be rejected service.Assuming that black
Visitor has successfully attacked " outer end agency " again by controlled client, and enters " outer end agency " internal system.Now,
The protection of three roads will be unlocked:If wanting to connect real internal server, it must pass through " outer end agency " to " acting on behalf of the inner "
One-way optical fiber passage send data because we employ private data encapsulation and AES, and private data bag hair
Interface is sent, can not equally be met if this three sample is any, it is impossible to which data are correctly sent to real server.Assuming that the
The protection of three roads is also attacked, and the protection of the 4th road will be opened, and " the inner agency " will not allow internal server to send number to outside
According to even if hacker successfully have sent the request for obtaining data to real server, i.e. hacker is successfully pretended, and is used
Data are sent to the inner by correct cipher mode and packet, and the inner agency receives corresponding data, also that the data are correct
Be sent to service end, when the packet of server response reaches " the inner agency ", the protection of the 5th road is opened:The inner agency
Server is not allowed to act on behalf of transmission data (automatic to disconnect service) outward, stealing secret information for hacker will be unable to complete.By more than this
Data while realizing data safety exchange, have also been carried out security protection by a little means.
Brief description of the drawings
Fig. 1 is directly connected to, acted on behalf of for use in the prior art, fire wall carries out the method schematic diagram of data exchange;
Fig. 2 is data safety exchange scheme schematic diagram in the present invention;
Fig. 3 is outer end Agency reason client data flow chart in the present invention;
Fig. 4 receives the flow chart of data processing figure of the packet of outer end agency for inner agency in the present invention;
Fig. 5 is inner proxy processing server end data flow chart in the present invention;
Fig. 6 receives the flow chart of data processing figure of the packet of inner agency for outer end agency in the present invention
Embodiment
Below in conjunction with the accompanying drawings and embodiment the invention will be further described.
As shown in Fig. 2 the present invention is provided in the method and system that a kind of network data security is exchanged, by " double main frames " and
" unidirectional flow of data move " ensures the secure exchange of data,
First, client Client is only attached with " outer end agency " Agent-Out, server S erver with it is " interior
End agency " Agent-In is attached;
Secondly, " outer end agency " and " the inner agency " is two independent hardware devices, and connection is by list each other
To optical-fibre channel be attached, in unidirectional optical-fibre channel, data can only one-way transmission.
3rd, " outer end agency " transmits data procedures to " acting on behalf of the inner ":" outer end agency " and " the inner agency " wraps respectively
The first equal communication set of interface quantity, the second communication set and third communication set are included, Fig. 2 assumes each communication set only
It is made up of a communication interface, on OUT1 interfaces, " outer end agency " use " white list " rule can first judge client
Client in itself and data send source port and target port whether validated user, unauthorized user directly refuse service.
The data sended over for legitimate client, the TCP/UDP received net load are peeled off, and data are pacified
It is complete to examine, record access daily record (invalid data will be abandoned refuses service simultaneously, and record access daily record).For being pacified by data
The data examined entirely, data are encrypted with proprietary protocol, i.e., reconfigure TCP/UDP according to privately owned host-host protocol bears only
Data are packaged by lotus, then the IN3 of " acting on behalf of the inner " is sent to special interface of giving out a contract for a project by OUT2.
Specifically, as shown in figure 3, when " outer end agency " port receives the packet that client is sent, first determining whether
Whether whether source IP and source MAC unanimously judge source IP within the scope of authority with default if consistent, if then continuing to judge source
If whether mouth/target port then carry out peel off TCP/UDP net load, utilizes virus scan, sensitive keys within the scope of authority
Word is filtered, the legitimacy of net load examined using the method such as feature recognition and application character control, if examination result is
Valid data, then carry out packet numbering to payload data and encrypt, and then adds privately owned heading to encryption data and encapsulates,
Then special mode of giving out a contract for a project is used, data are sent to " acting on behalf of the inner " by single fiber one-way optical fiber, and record access daily record.
Four any procedure failures of deterministic process then " outer end agency " refusal service in said process, disconnects and loses
Packet is abandoned, while record access daily record.
The IN3 interfaces of " the inner agency " can only carry out packet reception with special packet receiving interface, receive after data, incite somebody to action
After data are peeled off and decrypt restructuring, real server S erver is sent to by IN1.So original TCP/UDP is assisted
View stack transmission is completely cut through, and data one-way transmission is realized with proprietary protocol, privately owned interface.
Specifically, as shown in figure 4, " the inner agency " receives the data sent by " outer end agency " by single fiber one-way optical fiber
Bag, whether be privately owned encapsulated data packet, if then peeling off privately owned encapsulation if first determining whether packet, decrypt payload data, by point
Group # is recombinated to payload data, is then carried out Safety Examination again to the data after decryption restructuring, is judged that data are
No legal, checking method mainly includes virus scan, the filtering of sensitive keys word, using the side such as feature recognition and application character control
Method, if valid data then extracts destination server end IP and port, " the inner agency " is judged whether by " white list " rule
Allow to send data to destination server, if allowing, data are sent to destination server and record access daily record.
Three any procedure failures of deterministic process in said process then " act on behalf of the inner " packet discard, are visited while recording
Ask daily record.
4th, to realize that data double-way is exchanged, " the inner agency " transmits data procedures to " outer end agency ":In IN1 interfaces
On, " the inner agency " use " white list " rule can first judge whether service end Server allows to be sent out data, unauthorized
Directly refusal service.The data sended over for authorization service end, the TCP/UDP received net load is peeled off,
And data are carried out with Safety Examination (invalid data will be abandoned to be refused to service simultaneously, and log).For passing through data safety
The data of examination, data are encrypted with proprietary protocol, then are sent to " outer end agency " by IN2 with special interface of giving out a contract for a project
OUT3。
Specifically, as shown in figure 5, " the inner agency " the reception server send data when, advised first with " white list "
Whether server ip is then judged within the scope of authority, if whether then judging source port/target port within the scope of authority, if
It is then to peel off TCP/UDP net loads and carry out Safety Examination, checking method equally mainly includes virus scan, sensitive keys word
Filter, using the method such as feature recognition and application character control, if by Safety Examination, then judge whether system allows service
Outer transmission data are thought at device end, if then carrying out packet numbering to payload data and encrypting, add privately owned heading, then use
Special method of giving out a contract for a project, is sent to outer end by single fiber one-way optical fiber and acts on behalf of, and record access daily record.
Four any procedure failures of deterministic process then " the inner agency " refusal service in said process, disconnects and server
The connection at end simultaneously abandons data, while record access daily record.
The OUT3 interfaces of " outer end agency " can only carry out packet reception with special packet receiving interface, after receiving data,
Agreement decryption is carried out, then data is stripped out again after re-assemblying, real client is sent to by OUT1
Client。
Specifically, as shown in fig. 6, " outer end agency " receives the data sent by " acting on behalf of the inner " by single fiber one-way optical fiber
Bag, whether be privately owned encapsulated data packet, peel off privately owned encapsulation if first determining whether packet, payload data is decrypted, by packet numbering
Payload data is recombinated, Safety Examination is then carried out again to the data after decryption restructuring, judges whether data are legal,
Checking method mainly includes virus scan, the filtering of sensitive keys word, using the method such as feature recognition and application character control, if
Valid data then extracts destination client IP and port, and " the inner agency " is determined whether to mesh by " white list " rule
Mark client and send data, if allowing, data are sent to destination client and record access daily record.
Three any procedure failures of deterministic process in said process then " outer end agency " packet discard, is visited while recording
Ask daily record.
So the transmission of original TCP/UDP protocol stacks is completely cut through, realizes that data are unidirectional with proprietary protocol, privately owned interface
Transmission.
When each communication set of " outer end agency " and " the inner agency " expand to multiple interfaces, constituted between each interface
Communication loop it is similar to the above process, be so achieved that load balancing and transmission reliability, one communicates back wherein
In the case that path loss is bad, " outer end agency " or inner " the inner agency " automatically selects spare communication loop and carried out data transmission.
By " double main frames " and " unidirectional traffic " scheme, its security is obviously higher.First, it is sharp on " outer end agency "
There is the examination to client with white list rule, the source port and target port of access are also limit in addition to limiting IP, this
There are IP+MAC bindings outside, that is, only have fixed some or certain several hardware clients to access, only the scope of authority
Client can access " outer end agency ".So it is greatly lowered the possibility that " outer end agency " is threatened.Assuming that being awarded
The client of power is controlled by hacker, is successfully connected to " outer end agency ", and at this time second layer protection will come into force:It is sent to " outer
End agency " if data it is illegal, such as:There is no the proprietary application condition code of carrying, data to lack proprietary data in data
Contain illegal sensitive data or threat code etc. in check code, data, it will be rejected service.Assuming that hacker is by being controlled
Client successfully attack " outer end agency " again, and entrance " outer end agency " internal system.Now, the 3rd road protection will be by
Open:If wanting to connect real internal server, it must be led to by " outer end agency " to the one-way optical fiber of " acting on behalf of the inner "
Road sends data, because we employ private data encapsulation and AES, and private data bag transmission interface, if this
Three samples are any can not equally to be met, it is impossible to which data are correctly sent to real server.Assuming that the 3rd road protection also by
Attack, the 4th road protection will be opened, and " the inner agency " will not allow internal server to send data to outside, even if hacker into
Work(have sent the request for obtaining data to real server, i.e. hacker is successfully pretended, and use correct encryption side
Data are sent to the inner by formula and packet, and the inner agency receives corresponding data, the data have correctly also been sent into service
End, when the packet of server response reaches " the inner agency ", the protection of the 5th road is opened:The inner agency does not allow server
Agency sends data (automatic to disconnect service) outward, and stealing secret information for hacker will be unable to complete.By the above means, realize
While data safety is exchanged, security protection also has been carried out to data.
The part not illustrated in specification is prior art or common knowledge.The present embodiment is merely to illustrate the invention,
Rather than limitation the scope of the present invention, those skilled in the art change for equivalent replacement of the invention made etc. to be considered
Fall into invention claims institute protection domain.
Claims (9)
1. a kind of network data security exchange method, it is characterised in that:Comprise the following steps:
S1, judges whether data sending terminal is legal, if not conforming to rule refusal service, and data otherwise are carried out with net load stripping and is gone forward side by side
Row Safety Examination;
Data by Safety Examination are carried out block encryption and transmitted by S2;
Data are decrypted and re-assemblied and are sent to data receiver by S3.
2. a kind of network data security exchange method according to claim 1, it is characterised in that:The step S1 is specific
For:
Legitimacy of data sending terminal is judged using " white list " rule, first determine whether source IP and source MAC whether with advance
If consistent, whether source IP is judged within the scope of authority if consistent, if then continuing to judge whether source port/target port is being awarded
In the range of power, if then carrying out peeling off TCP/UDP net loads, and Safety Examination is carried out to the legitimacy of net load, if safety is examined
The fruit that comes to an end is valid data, then jumps to step S2 and carry out block encryption to the data by Safety Examination and transmit;
Any procedure failure is then disconnected and packet discard during three judgements and Safety Examination in said process,
Record access daily record simultaneously.
3. a kind of network data security exchange method according to claim 2, it is characterised in that:Entering described in step S1
The method of row data Safety Examination includes carrying out virus scan, the filtering of sensitive keys word for net load, using feature recognition or
Using character control.
4. a kind of network data security exchange method according to claim 3, it is characterised in that:Pass through safety in net load
Also carried out after examination:Judge whether system allows to send data to target data receiving terminal, S2 pairs of step is jumped to if allowing
Block encryption is carried out by the data of Safety Examination and is transmitted, is otherwise disconnected and packet discard, while record access day
Will.
5. a kind of network data security exchange method according to claim 3, it is characterised in that:The step S2 is specific
To carry out packet numbering to the data by Safety Examination and encrypting, proprietary protocol encapsulation, addition are then carried out to encryption data
Privately owned heading, and carried out data transmission and record access daily record by unidirectional data channel.
6. a kind of network data security exchange method according to claim 5, it is characterised in that:The step S3 is specific
To carry out following operation successively to the data received:Privately owned encapsulation is peeled off, payload data is decrypted, by packet numbering to net
Load data is recombinated, and is then carried out Safety Examination again to the data after decryption restructuring, is judged whether data are legal;If
Valid data then extracts target data receiving terminal IP and port, by " white list " rule, determines whether to data receiver
End sends data, if allowing, data are sent into destination server and record access daily record;
Two any procedure failures of deterministic process in said process then packet discard, while record access daily record.
7. a kind of network data security exchange system, it is characterised in that:Including client, outer end agency, the inner agency and service
Device end;The client and server end carries out data exchange by outer end agency and inner agency;
The outer end agency and inner agency include:
Identity authenticating unit, for utilizing " white list " rule verification client or server end whether legal, including checking
Whether client or server end IP address are in the range of authorization, and whether source port and target port are permitted in mandate
Can be in scope;
The TCP/UDP net loads included in data processing unit, the data for peeling off client server transmission, and lead to
Cross virus scan, the filtering of sensitive keys word, TCP/UDP net loads are carried out using the method for feature recognition or application character control
Safety Examination;
Ciphering unit, for carrying out packet numbering to the data by Safety Examination and encrypting, and to the number after encryption
According to the privately owned message protocol encapsulation of progress;
Decryption unit, is decrypted and re-assemblies for peeling off privately owned message protocol head, and to the data content of encryption.
8. a kind of network data security exchange system according to claim 7, it is characterised in that:Act on behalf of and interior the outer end
End agency respectively further comprises the first communication set, the second communication set and third communication set, each communication set by one or
Multiple communication interface compositions, the interface quantity in each communication set is equal;
The first Communication Set of the outer end agency shares to enter row data communication with client;The inner agency wherein first is led to
Letter set is used for entering row data communication with server end;
Communication interface in the third communication set that the second communication of outer end agency set is acted on behalf of with the inner is unidirectional by single fiber
Optical fiber is connected two-by-two, constitutes one or more outer end agency to the one-way data transfer passage of inner agency;The outer end agency
Third communication set with the inner agency second communicate set in communication interface connected two-by-two by single fiber one-way optical fiber, composition
The one-way data transfer passage that one or more inner agency acts on behalf of to outer end.
9. a kind of network data security exchange system according to claim 8, it is characterised in that:
What the one or more one-way data transfer passage of the outer end agency to the inner agency were acted on behalf of with inner agency to outer end
One or more one-way data transfer passage is corresponded, and constitutes one or more groups of transmission channels pair.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710292702.5A CN107172020A (en) | 2017-04-28 | 2017-04-28 | A kind of network data security exchange method and system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710292702.5A CN107172020A (en) | 2017-04-28 | 2017-04-28 | A kind of network data security exchange method and system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN107172020A true CN107172020A (en) | 2017-09-15 |
Family
ID=59812886
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710292702.5A Pending CN107172020A (en) | 2017-04-28 | 2017-04-28 | A kind of network data security exchange method and system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN107172020A (en) |
Cited By (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483514A (en) * | 2017-10-13 | 2017-12-15 | 北京知道创宇信息技术有限公司 | Attack monitoring device and smart machine |
CN108173828A (en) * | 2017-12-22 | 2018-06-15 | 北京知道创宇信息技术有限公司 | Data transmission method, device and storage medium |
CN108777681A (en) * | 2018-05-29 | 2018-11-09 | 中国人民解放军91977部队 | Network data unidirectional transmission control method based on NDIS filtration drives |
CN108965286A (en) * | 2018-07-09 | 2018-12-07 | 国网重庆市电力公司电力科学研究院 | A kind of lightweight network equipment port detection method based on python |
CN109391635A (en) * | 2018-12-17 | 2019-02-26 | 北京奇安信科技有限公司 | Data transmission method, device, equipment and medium based on two-way gateway |
CN109547486A (en) * | 2018-12-29 | 2019-03-29 | 浙江汇安网络科技有限公司 | A kind of monitoring analysis method of Internet of Things network layer communication |
CN110049059A (en) * | 2019-04-26 | 2019-07-23 | 深圳市网心科技有限公司 | A kind of outer net equipment and Intranet communication between devices method and relevant apparatus |
CN110233859A (en) * | 2019-07-01 | 2019-09-13 | 上海冰鉴信息科技有限公司 | A kind of novel air prosecutor method and air control system |
CN110545158A (en) * | 2019-07-23 | 2019-12-06 | 国网福建省电力有限公司 | Virtualization and self-adaptive communication system and communication method for multiple interfaces of optical digital tester |
CN110598426A (en) * | 2019-08-14 | 2019-12-20 | 平安科技(深圳)有限公司 | Data communication method, device, equipment and storage medium based on information security |
CN111031067A (en) * | 2019-12-24 | 2020-04-17 | 上海中信信息发展股份有限公司 | Monitoring data transmission method and device of distributed system and electronic equipment |
CN111641852A (en) * | 2020-05-15 | 2020-09-08 | 上海幕革科技有限公司 | Method and system for secondary packaging of film content |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8621551B2 (en) * | 2008-04-18 | 2013-12-31 | Samsung Electronics Company, Ltd. | Safety and management of computing environments that may support unsafe components |
CN104363221A (en) * | 2014-11-10 | 2015-02-18 | 青岛微智慧信息有限公司 | Network safety isolation file transmission control method |
CN105007272A (en) * | 2015-07-21 | 2015-10-28 | 陈巨根 | Information exchange system with safety isolation |
CN105635079A (en) * | 2014-11-11 | 2016-06-01 | 无锡清杨机械制造有限公司 | Network isolation gap data exchange system |
-
2017
- 2017-04-28 CN CN201710292702.5A patent/CN107172020A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8621551B2 (en) * | 2008-04-18 | 2013-12-31 | Samsung Electronics Company, Ltd. | Safety and management of computing environments that may support unsafe components |
CN104363221A (en) * | 2014-11-10 | 2015-02-18 | 青岛微智慧信息有限公司 | Network safety isolation file transmission control method |
CN105635079A (en) * | 2014-11-11 | 2016-06-01 | 无锡清杨机械制造有限公司 | Network isolation gap data exchange system |
CN105007272A (en) * | 2015-07-21 | 2015-10-28 | 陈巨根 | Information exchange system with safety isolation |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN107483514A (en) * | 2017-10-13 | 2017-12-15 | 北京知道创宇信息技术有限公司 | Attack monitoring device and smart machine |
CN108173828B (en) * | 2017-12-22 | 2021-01-12 | 北京知道创宇信息技术股份有限公司 | Data transmission method, device and storage medium |
CN108173828A (en) * | 2017-12-22 | 2018-06-15 | 北京知道创宇信息技术有限公司 | Data transmission method, device and storage medium |
CN108777681A (en) * | 2018-05-29 | 2018-11-09 | 中国人民解放军91977部队 | Network data unidirectional transmission control method based on NDIS filtration drives |
CN108965286A (en) * | 2018-07-09 | 2018-12-07 | 国网重庆市电力公司电力科学研究院 | A kind of lightweight network equipment port detection method based on python |
CN109391635A (en) * | 2018-12-17 | 2019-02-26 | 北京奇安信科技有限公司 | Data transmission method, device, equipment and medium based on two-way gateway |
CN109547486A (en) * | 2018-12-29 | 2019-03-29 | 浙江汇安网络科技有限公司 | A kind of monitoring analysis method of Internet of Things network layer communication |
CN110049059A (en) * | 2019-04-26 | 2019-07-23 | 深圳市网心科技有限公司 | A kind of outer net equipment and Intranet communication between devices method and relevant apparatus |
CN110233859A (en) * | 2019-07-01 | 2019-09-13 | 上海冰鉴信息科技有限公司 | A kind of novel air prosecutor method and air control system |
CN110545158A (en) * | 2019-07-23 | 2019-12-06 | 国网福建省电力有限公司 | Virtualization and self-adaptive communication system and communication method for multiple interfaces of optical digital tester |
CN110598426A (en) * | 2019-08-14 | 2019-12-20 | 平安科技(深圳)有限公司 | Data communication method, device, equipment and storage medium based on information security |
CN111031067A (en) * | 2019-12-24 | 2020-04-17 | 上海中信信息发展股份有限公司 | Monitoring data transmission method and device of distributed system and electronic equipment |
CN111641852A (en) * | 2020-05-15 | 2020-09-08 | 上海幕革科技有限公司 | Method and system for secondary packaging of film content |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN107172020A (en) | A kind of network data security exchange method and system | |
CN107018134B (en) | Power distribution terminal safety access platform and implementation method thereof | |
CN103491072B (en) | A kind of border access control method based on double unidirection insulation network brakes | |
CN101836422B (en) | Bidirectional gateway with enhanced security level | |
US8413248B2 (en) | Method for secure single-packet remote authorization | |
JP3688830B2 (en) | Packet transfer method and packet processing apparatus | |
KR101585936B1 (en) | System for managing virtual private network and and method thereof | |
CN102347870B (en) | A kind of flow rate security detection method, equipment and system | |
CN109088870A (en) | A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform | |
Frankel et al. | Guide to IPsec VPNs:. | |
US20100226280A1 (en) | Remote secure router configuration | |
CN106060003A (en) | Network boundary unidirectional isolated transmission device | |
JP2005503047A (en) | Apparatus and method for providing a secure network | |
CN107005534A (en) | Secure connection is set up | |
CN106169952B (en) | A kind of authentication method that internet Key Management Protocol is negotiated again and device | |
CN111770071B (en) | Method and device for gateway authentication of trusted device in network stealth scene | |
KR20100107033A (en) | Method and apparatus to enable lawful intercept of encrypted traffic | |
US7577156B2 (en) | Highly adaptable proxy traversal and authentication | |
CN106506540A (en) | A kind of intranet data transmission method of attack resistance and system | |
CA2506418C (en) | Systems and apparatuses using identification data in network communication | |
CN109150906A (en) | A kind of real-time data communication safety method | |
Xu et al. | Research on network security of VPN technology | |
CN103139189B (en) | Internet protocol security (IPSec) tunnel sharing method, IPSec tunnel sharing system and IPSec tunnel sharing equipment | |
CN115348118B (en) | Network address and port number hiding method based on cryptographic technology | |
CN110351308B (en) | Virtual private network communication method and virtual private network device |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170915 |