CN107172020A - A kind of network data security exchange method and system - Google Patents

A kind of network data security exchange method and system Download PDF

Info

Publication number
CN107172020A
CN107172020A CN201710292702.5A CN201710292702A CN107172020A CN 107172020 A CN107172020 A CN 107172020A CN 201710292702 A CN201710292702 A CN 201710292702A CN 107172020 A CN107172020 A CN 107172020A
Authority
CN
China
Prior art keywords
data
agency
outer end
client
carried out
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201710292702.5A
Other languages
Chinese (zh)
Inventor
刘志勇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hubei Micro Source Excellent Technology Co Ltd
Original Assignee
Hubei Micro Source Excellent Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hubei Micro Source Excellent Technology Co Ltd filed Critical Hubei Micro Source Excellent Technology Co Ltd
Priority to CN201710292702.5A priority Critical patent/CN107172020A/en
Publication of CN107172020A publication Critical patent/CN107172020A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0245Filtering by information in the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0281Proxies
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/10Network architectures or network communication protocols for network security for controlling access to devices or network resources
    • H04L63/101Access control lists [ACL]

Abstract

The invention discloses the method and system that a kind of network data security is exchanged, traditional single main frame is changed to, using double main frames, traditional data double-way to be flowed, one-way flow is changed to, thus the process to data exchange is carried out within five layers of safeguard procedures, substantially increases the security of exchange.

Description

A kind of network data security exchange method and system
Technical field
The present invention relates to Data Interchange Technology field, and in particular to the method and system that a kind of network data security is exchanged.
Background technology
With the fast development of social informatization, network security is increasingly becoming the opportunities and challenges of New Times.With thing The development of networking and the propulsion of all things on earth interconnection, the original various network element devices inside LAN are now begun to progressively " exposed " In internet, resulting information leakage, potential safety hazard emerge in an endless stream.How to accomplish to allow Internet of Things to be effectively big Family's service, while can accomplish not revealing information, ensure internal security againPeople have thought many schemes, including the use of agency, prevent The means such as wall with flues.But have limitation, because once agency and fire wall are by assault or control, internal network is still Or it is exposed in hacker at the moment., can be effectively using this method we have invented a kind of method in order to solve this problem The problem of solving data exchange, and with high security protection ability, it is to avoid information is revealed by assault.
Prior art, as shown in figure 1, client Client needs to be communicated with server S erver, is used:Directly connect Connect, act on behalf of, fire wall.
Direct mutual contact mode, it is therefore apparent that without any safeguard procedures, having no security can say.
Agent way, is changed on proxy server by agent software, realizes data exchange.This scheme is than straight Connect interconnection safe, conceal the information of real service device, if cipher mode, security is more preferable.But this side Case is also defective, because proxy server is a main frame, hacker has once attacked proxy server, with regard to can control client and Data exchange between server, carries out data and steals secret information.
Fire wall is similar with proxy server, can be changed by NAT, realizes the Information hiding to server, can also Realized and isolated by DMZ areas, reach the purpose of security data exchange.Equally, because fire wall is also single main frame, Er Qieshi By " blacklist " rule realize protection, once fire wall is controlled by hacker in itself, can also steal client and server it Between data.
The content of the invention
For problem of the prior art, the present invention proposes the method and system that a kind of network data security is exchanged, by tradition Single main frame be changed to, using double main frames, traditional data double-way be flowed, one-way flow is changed to, thus to the mistake of data exchange Journey is carried out within five layers of safeguard procedures, substantially increases the security of exchange.
As the first aspect of the present invention there is provided a kind of network data exchange method, comprise the following steps:
S1, judges whether data sending terminal is legal, if not conforming to rule refusal service, otherwise carries out TCP/UDP to data net Load is peeled off and carries out data Safety Examination;
Legitimacy of data sending terminal is judged using " white list " rule, first determines whether whether are source IP and source MAC Whether source IP unanimously is judged within the scope of authority if consistent with default, if then continuing whether judge source port/target port Within the scope of authority, if then carrying out peeling off TCP/UDP net loads, and Safety Examination is carried out to the legitimacy of net load, if peace Full examination result is valid data, then jumps to step S2 and carry out block encryption to the data by Safety Examination and transmit;
Any procedure failure then disconnects and abandons number during three judgements and Safety Examination in said process According to bag, while record access daily record.
The data examined by data safety are encrypted and transmitted by S2;
Packet numbering is carried out to the data by Safety Examination and encrypted, proprietary protocol envelope then is carried out to encryption data Dress, adds privately owned heading, and carry out data transmission and record access daily record by unidirectional data channel.
Data are decrypted and re-assemblied and are sent to data receiver by S3.
Following operation is carried out successively to the data received:Privately owned encapsulation is peeled off, payload data is decrypted, by packet numbering Payload data is recombinated, Safety Examination is then carried out again to the data after decryption restructuring, judges whether data are legal; If valid data then extracts target data receiving terminal IP and port, by " white list " rule, determine whether to data Receiving terminal sends data, if allowing, data are sent into destination server and record access daily record;Two judgements during this Any procedure failure of process then packet discard, while record access daily record.
Another aspect of the present invention provides a kind of network data security exchange system, including client, outer end agency, inner generation Reason and server end;The client and server end carries out data exchange by outer end agency and inner agency;
The outer end agency and inner agency include:
Identity authenticating unit, for utilizing " white list " rule verification client or server end whether legal, including Client or server end IP address are verified whether in the range of authorization, and whether source port and target port are being awarded Weigh in tolerance band;
The TCP/UDP net loads included in data processing unit, the data for peeling off client server transmission, And by virus scan, the filtering of sensitive keys word, using feature recognition or the method for application character control to TCP/UDP net loads Carry out Safety Examination;
Ciphering unit, for carrying out packet numbering by the data of Safety Examination and encrypt, and to encryption after Data carry out privately owned message protocol encapsulation;
Decryption unit, for peeling off privately owned message protocol head, and the data content of encryption is decrypted and group again Dress.
Further, outer end agency and inner agency respectively further comprise the first communication set, the second communication set and Third communication set, each communication set is made up of one or more communication interfaces, the interface quantity phase in each communication set Deng;
The first Communication Set of the outer end agency shares to enter row data communication with client;The inner agency wherein the One Communication Set shares to enter row data communication with server end;
Outer end agency the second communication set passes through single fiber with the communication interface in the third communication set of inner agency One-way optical fiber is connected two-by-two, constitutes one or more outer end agency to the one-way data transfer passage of inner agency;The outer end Act on behalf of third communication set with the inner agency second communicate gather in communication interface connected two-by-two by single fiber one-way optical fiber, Constitute the one-way data transfer passage that one or more inner agency acts on behalf of to outer end.
Preferably, the one or more one-way data transfer passage of the outer end agency to inner agency are acted on behalf of with inner Corresponded to the one or more one-way data transfer passage that outer end is acted on behalf of, constitute one or more groups of transmission channels pair.
The present invention is due to using above technical scheme, with significant technique effect:Pass through " double main frames " and " one-way data Stream " scheme, its security is obviously higher.First, there is the examination to client using white list rule on " outer end agency ", only The client for having the scope of authority can be accessed " outer end agency ".So it is greatly lowered the possibility that " outer end agency " is threatened Property.Assuming that authorized client is controlled by hacker, " outer end agency " is successfully connected to, at this time second layer protection will be raw Effect:It is sent to " outer end agency " if data it is illegal, such as:There is no the proprietary application condition code of carrying, data to lack in data Contain illegal sensitive data or threat code etc. in few proprietary data check code, data, it will be rejected service.Assuming that black Visitor has successfully attacked " outer end agency " again by controlled client, and enters " outer end agency " internal system.Now, The protection of three roads will be unlocked:If wanting to connect real internal server, it must pass through " outer end agency " to " acting on behalf of the inner " One-way optical fiber passage send data because we employ private data encapsulation and AES, and private data bag hair Interface is sent, can not equally be met if this three sample is any, it is impossible to which data are correctly sent to real server.Assuming that the The protection of three roads is also attacked, and the protection of the 4th road will be opened, and " the inner agency " will not allow internal server to send number to outside According to even if hacker successfully have sent the request for obtaining data to real server, i.e. hacker is successfully pretended, and is used Data are sent to the inner by correct cipher mode and packet, and the inner agency receives corresponding data, also that the data are correct Be sent to service end, when the packet of server response reaches " the inner agency ", the protection of the 5th road is opened:The inner agency Server is not allowed to act on behalf of transmission data (automatic to disconnect service) outward, stealing secret information for hacker will be unable to complete.By more than this Data while realizing data safety exchange, have also been carried out security protection by a little means.
Brief description of the drawings
Fig. 1 is directly connected to, acted on behalf of for use in the prior art, fire wall carries out the method schematic diagram of data exchange;
Fig. 2 is data safety exchange scheme schematic diagram in the present invention;
Fig. 3 is outer end Agency reason client data flow chart in the present invention;
Fig. 4 receives the flow chart of data processing figure of the packet of outer end agency for inner agency in the present invention;
Fig. 5 is inner proxy processing server end data flow chart in the present invention;
Fig. 6 receives the flow chart of data processing figure of the packet of inner agency for outer end agency in the present invention
Embodiment
Below in conjunction with the accompanying drawings and embodiment the invention will be further described.
As shown in Fig. 2 the present invention is provided in the method and system that a kind of network data security is exchanged, by " double main frames " and " unidirectional flow of data move " ensures the secure exchange of data,
First, client Client is only attached with " outer end agency " Agent-Out, server S erver with it is " interior End agency " Agent-In is attached;
Secondly, " outer end agency " and " the inner agency " is two independent hardware devices, and connection is by list each other To optical-fibre channel be attached, in unidirectional optical-fibre channel, data can only one-way transmission.
3rd, " outer end agency " transmits data procedures to " acting on behalf of the inner ":" outer end agency " and " the inner agency " wraps respectively The first equal communication set of interface quantity, the second communication set and third communication set are included, Fig. 2 assumes each communication set only It is made up of a communication interface, on OUT1 interfaces, " outer end agency " use " white list " rule can first judge client Client in itself and data send source port and target port whether validated user, unauthorized user directly refuse service. The data sended over for legitimate client, the TCP/UDP received net load are peeled off, and data are pacified It is complete to examine, record access daily record (invalid data will be abandoned refuses service simultaneously, and record access daily record).For being pacified by data The data examined entirely, data are encrypted with proprietary protocol, i.e., reconfigure TCP/UDP according to privately owned host-host protocol bears only Data are packaged by lotus, then the IN3 of " acting on behalf of the inner " is sent to special interface of giving out a contract for a project by OUT2.
Specifically, as shown in figure 3, when " outer end agency " port receives the packet that client is sent, first determining whether Whether whether source IP and source MAC unanimously judge source IP within the scope of authority with default if consistent, if then continuing to judge source If whether mouth/target port then carry out peel off TCP/UDP net load, utilizes virus scan, sensitive keys within the scope of authority Word is filtered, the legitimacy of net load examined using the method such as feature recognition and application character control, if examination result is Valid data, then carry out packet numbering to payload data and encrypt, and then adds privately owned heading to encryption data and encapsulates, Then special mode of giving out a contract for a project is used, data are sent to " acting on behalf of the inner " by single fiber one-way optical fiber, and record access daily record.
Four any procedure failures of deterministic process then " outer end agency " refusal service in said process, disconnects and loses Packet is abandoned, while record access daily record.
The IN3 interfaces of " the inner agency " can only carry out packet reception with special packet receiving interface, receive after data, incite somebody to action After data are peeled off and decrypt restructuring, real server S erver is sent to by IN1.So original TCP/UDP is assisted View stack transmission is completely cut through, and data one-way transmission is realized with proprietary protocol, privately owned interface.
Specifically, as shown in figure 4, " the inner agency " receives the data sent by " outer end agency " by single fiber one-way optical fiber Bag, whether be privately owned encapsulated data packet, if then peeling off privately owned encapsulation if first determining whether packet, decrypt payload data, by point Group # is recombinated to payload data, is then carried out Safety Examination again to the data after decryption restructuring, is judged that data are No legal, checking method mainly includes virus scan, the filtering of sensitive keys word, using the side such as feature recognition and application character control Method, if valid data then extracts destination server end IP and port, " the inner agency " is judged whether by " white list " rule Allow to send data to destination server, if allowing, data are sent to destination server and record access daily record.
Three any procedure failures of deterministic process in said process then " act on behalf of the inner " packet discard, are visited while recording Ask daily record.
4th, to realize that data double-way is exchanged, " the inner agency " transmits data procedures to " outer end agency ":In IN1 interfaces On, " the inner agency " use " white list " rule can first judge whether service end Server allows to be sent out data, unauthorized Directly refusal service.The data sended over for authorization service end, the TCP/UDP received net load is peeled off, And data are carried out with Safety Examination (invalid data will be abandoned to be refused to service simultaneously, and log).For passing through data safety The data of examination, data are encrypted with proprietary protocol, then are sent to " outer end agency " by IN2 with special interface of giving out a contract for a project OUT3。
Specifically, as shown in figure 5, " the inner agency " the reception server send data when, advised first with " white list " Whether server ip is then judged within the scope of authority, if whether then judging source port/target port within the scope of authority, if It is then to peel off TCP/UDP net loads and carry out Safety Examination, checking method equally mainly includes virus scan, sensitive keys word Filter, using the method such as feature recognition and application character control, if by Safety Examination, then judge whether system allows service Outer transmission data are thought at device end, if then carrying out packet numbering to payload data and encrypting, add privately owned heading, then use Special method of giving out a contract for a project, is sent to outer end by single fiber one-way optical fiber and acts on behalf of, and record access daily record.
Four any procedure failures of deterministic process then " the inner agency " refusal service in said process, disconnects and server The connection at end simultaneously abandons data, while record access daily record.
The OUT3 interfaces of " outer end agency " can only carry out packet reception with special packet receiving interface, after receiving data, Agreement decryption is carried out, then data is stripped out again after re-assemblying, real client is sent to by OUT1 Client。
Specifically, as shown in fig. 6, " outer end agency " receives the data sent by " acting on behalf of the inner " by single fiber one-way optical fiber Bag, whether be privately owned encapsulated data packet, peel off privately owned encapsulation if first determining whether packet, payload data is decrypted, by packet numbering Payload data is recombinated, Safety Examination is then carried out again to the data after decryption restructuring, judges whether data are legal, Checking method mainly includes virus scan, the filtering of sensitive keys word, using the method such as feature recognition and application character control, if Valid data then extracts destination client IP and port, and " the inner agency " is determined whether to mesh by " white list " rule Mark client and send data, if allowing, data are sent to destination client and record access daily record.
Three any procedure failures of deterministic process in said process then " outer end agency " packet discard, is visited while recording Ask daily record.
So the transmission of original TCP/UDP protocol stacks is completely cut through, realizes that data are unidirectional with proprietary protocol, privately owned interface Transmission.
When each communication set of " outer end agency " and " the inner agency " expand to multiple interfaces, constituted between each interface Communication loop it is similar to the above process, be so achieved that load balancing and transmission reliability, one communicates back wherein In the case that path loss is bad, " outer end agency " or inner " the inner agency " automatically selects spare communication loop and carried out data transmission.
By " double main frames " and " unidirectional traffic " scheme, its security is obviously higher.First, it is sharp on " outer end agency " There is the examination to client with white list rule, the source port and target port of access are also limit in addition to limiting IP, this There are IP+MAC bindings outside, that is, only have fixed some or certain several hardware clients to access, only the scope of authority Client can access " outer end agency ".So it is greatly lowered the possibility that " outer end agency " is threatened.Assuming that being awarded The client of power is controlled by hacker, is successfully connected to " outer end agency ", and at this time second layer protection will come into force:It is sent to " outer End agency " if data it is illegal, such as:There is no the proprietary application condition code of carrying, data to lack proprietary data in data Contain illegal sensitive data or threat code etc. in check code, data, it will be rejected service.Assuming that hacker is by being controlled Client successfully attack " outer end agency " again, and entrance " outer end agency " internal system.Now, the 3rd road protection will be by Open:If wanting to connect real internal server, it must be led to by " outer end agency " to the one-way optical fiber of " acting on behalf of the inner " Road sends data, because we employ private data encapsulation and AES, and private data bag transmission interface, if this Three samples are any can not equally to be met, it is impossible to which data are correctly sent to real server.Assuming that the 3rd road protection also by Attack, the 4th road protection will be opened, and " the inner agency " will not allow internal server to send data to outside, even if hacker into Work(have sent the request for obtaining data to real server, i.e. hacker is successfully pretended, and use correct encryption side Data are sent to the inner by formula and packet, and the inner agency receives corresponding data, the data have correctly also been sent into service End, when the packet of server response reaches " the inner agency ", the protection of the 5th road is opened:The inner agency does not allow server Agency sends data (automatic to disconnect service) outward, and stealing secret information for hacker will be unable to complete.By the above means, realize While data safety is exchanged, security protection also has been carried out to data.
The part not illustrated in specification is prior art or common knowledge.The present embodiment is merely to illustrate the invention, Rather than limitation the scope of the present invention, those skilled in the art change for equivalent replacement of the invention made etc. to be considered Fall into invention claims institute protection domain.

Claims (9)

1. a kind of network data security exchange method, it is characterised in that:Comprise the following steps:
S1, judges whether data sending terminal is legal, if not conforming to rule refusal service, and data otherwise are carried out with net load stripping and is gone forward side by side Row Safety Examination;
Data by Safety Examination are carried out block encryption and transmitted by S2;
Data are decrypted and re-assemblied and are sent to data receiver by S3.
2. a kind of network data security exchange method according to claim 1, it is characterised in that:The step S1 is specific For:
Legitimacy of data sending terminal is judged using " white list " rule, first determine whether source IP and source MAC whether with advance If consistent, whether source IP is judged within the scope of authority if consistent, if then continuing to judge whether source port/target port is being awarded In the range of power, if then carrying out peeling off TCP/UDP net loads, and Safety Examination is carried out to the legitimacy of net load, if safety is examined The fruit that comes to an end is valid data, then jumps to step S2 and carry out block encryption to the data by Safety Examination and transmit;
Any procedure failure is then disconnected and packet discard during three judgements and Safety Examination in said process, Record access daily record simultaneously.
3. a kind of network data security exchange method according to claim 2, it is characterised in that:Entering described in step S1 The method of row data Safety Examination includes carrying out virus scan, the filtering of sensitive keys word for net load, using feature recognition or Using character control.
4. a kind of network data security exchange method according to claim 3, it is characterised in that:Pass through safety in net load Also carried out after examination:Judge whether system allows to send data to target data receiving terminal, S2 pairs of step is jumped to if allowing Block encryption is carried out by the data of Safety Examination and is transmitted, is otherwise disconnected and packet discard, while record access day Will.
5. a kind of network data security exchange method according to claim 3, it is characterised in that:The step S2 is specific To carry out packet numbering to the data by Safety Examination and encrypting, proprietary protocol encapsulation, addition are then carried out to encryption data Privately owned heading, and carried out data transmission and record access daily record by unidirectional data channel.
6. a kind of network data security exchange method according to claim 5, it is characterised in that:The step S3 is specific To carry out following operation successively to the data received:Privately owned encapsulation is peeled off, payload data is decrypted, by packet numbering to net Load data is recombinated, and is then carried out Safety Examination again to the data after decryption restructuring, is judged whether data are legal;If Valid data then extracts target data receiving terminal IP and port, by " white list " rule, determines whether to data receiver End sends data, if allowing, data are sent into destination server and record access daily record;
Two any procedure failures of deterministic process in said process then packet discard, while record access daily record.
7. a kind of network data security exchange system, it is characterised in that:Including client, outer end agency, the inner agency and service Device end;The client and server end carries out data exchange by outer end agency and inner agency;
The outer end agency and inner agency include:
Identity authenticating unit, for utilizing " white list " rule verification client or server end whether legal, including checking Whether client or server end IP address are in the range of authorization, and whether source port and target port are permitted in mandate Can be in scope;
The TCP/UDP net loads included in data processing unit, the data for peeling off client server transmission, and lead to Cross virus scan, the filtering of sensitive keys word, TCP/UDP net loads are carried out using the method for feature recognition or application character control Safety Examination;
Ciphering unit, for carrying out packet numbering to the data by Safety Examination and encrypting, and to the number after encryption According to the privately owned message protocol encapsulation of progress;
Decryption unit, is decrypted and re-assemblies for peeling off privately owned message protocol head, and to the data content of encryption.
8. a kind of network data security exchange system according to claim 7, it is characterised in that:Act on behalf of and interior the outer end End agency respectively further comprises the first communication set, the second communication set and third communication set, each communication set by one or Multiple communication interface compositions, the interface quantity in each communication set is equal;
The first Communication Set of the outer end agency shares to enter row data communication with client;The inner agency wherein first is led to Letter set is used for entering row data communication with server end;
Communication interface in the third communication set that the second communication of outer end agency set is acted on behalf of with the inner is unidirectional by single fiber Optical fiber is connected two-by-two, constitutes one or more outer end agency to the one-way data transfer passage of inner agency;The outer end agency Third communication set with the inner agency second communicate set in communication interface connected two-by-two by single fiber one-way optical fiber, composition The one-way data transfer passage that one or more inner agency acts on behalf of to outer end.
9. a kind of network data security exchange system according to claim 8, it is characterised in that:
What the one or more one-way data transfer passage of the outer end agency to the inner agency were acted on behalf of with inner agency to outer end One or more one-way data transfer passage is corresponded, and constitutes one or more groups of transmission channels pair.
CN201710292702.5A 2017-04-28 2017-04-28 A kind of network data security exchange method and system Pending CN107172020A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710292702.5A CN107172020A (en) 2017-04-28 2017-04-28 A kind of network data security exchange method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710292702.5A CN107172020A (en) 2017-04-28 2017-04-28 A kind of network data security exchange method and system

Publications (1)

Publication Number Publication Date
CN107172020A true CN107172020A (en) 2017-09-15

Family

ID=59812886

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710292702.5A Pending CN107172020A (en) 2017-04-28 2017-04-28 A kind of network data security exchange method and system

Country Status (1)

Country Link
CN (1) CN107172020A (en)

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483514A (en) * 2017-10-13 2017-12-15 北京知道创宇信息技术有限公司 Attack monitoring device and smart machine
CN108173828A (en) * 2017-12-22 2018-06-15 北京知道创宇信息技术有限公司 Data transmission method, device and storage medium
CN108777681A (en) * 2018-05-29 2018-11-09 中国人民解放军91977部队 Network data unidirectional transmission control method based on NDIS filtration drives
CN108965286A (en) * 2018-07-09 2018-12-07 国网重庆市电力公司电力科学研究院 A kind of lightweight network equipment port detection method based on python
CN109391635A (en) * 2018-12-17 2019-02-26 北京奇安信科技有限公司 Data transmission method, device, equipment and medium based on two-way gateway
CN109547486A (en) * 2018-12-29 2019-03-29 浙江汇安网络科技有限公司 A kind of monitoring analysis method of Internet of Things network layer communication
CN110049059A (en) * 2019-04-26 2019-07-23 深圳市网心科技有限公司 A kind of outer net equipment and Intranet communication between devices method and relevant apparatus
CN110233859A (en) * 2019-07-01 2019-09-13 上海冰鉴信息科技有限公司 A kind of novel air prosecutor method and air control system
CN110545158A (en) * 2019-07-23 2019-12-06 国网福建省电力有限公司 Virtualization and self-adaptive communication system and communication method for multiple interfaces of optical digital tester
CN110598426A (en) * 2019-08-14 2019-12-20 平安科技(深圳)有限公司 Data communication method, device, equipment and storage medium based on information security
CN111031067A (en) * 2019-12-24 2020-04-17 上海中信信息发展股份有限公司 Monitoring data transmission method and device of distributed system and electronic equipment
CN111641852A (en) * 2020-05-15 2020-09-08 上海幕革科技有限公司 Method and system for secondary packaging of film content

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8621551B2 (en) * 2008-04-18 2013-12-31 Samsung Electronics Company, Ltd. Safety and management of computing environments that may support unsafe components
CN104363221A (en) * 2014-11-10 2015-02-18 青岛微智慧信息有限公司 Network safety isolation file transmission control method
CN105007272A (en) * 2015-07-21 2015-10-28 陈巨根 Information exchange system with safety isolation
CN105635079A (en) * 2014-11-11 2016-06-01 无锡清杨机械制造有限公司 Network isolation gap data exchange system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8621551B2 (en) * 2008-04-18 2013-12-31 Samsung Electronics Company, Ltd. Safety and management of computing environments that may support unsafe components
CN104363221A (en) * 2014-11-10 2015-02-18 青岛微智慧信息有限公司 Network safety isolation file transmission control method
CN105635079A (en) * 2014-11-11 2016-06-01 无锡清杨机械制造有限公司 Network isolation gap data exchange system
CN105007272A (en) * 2015-07-21 2015-10-28 陈巨根 Information exchange system with safety isolation

Cited By (13)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107483514A (en) * 2017-10-13 2017-12-15 北京知道创宇信息技术有限公司 Attack monitoring device and smart machine
CN108173828B (en) * 2017-12-22 2021-01-12 北京知道创宇信息技术股份有限公司 Data transmission method, device and storage medium
CN108173828A (en) * 2017-12-22 2018-06-15 北京知道创宇信息技术有限公司 Data transmission method, device and storage medium
CN108777681A (en) * 2018-05-29 2018-11-09 中国人民解放军91977部队 Network data unidirectional transmission control method based on NDIS filtration drives
CN108965286A (en) * 2018-07-09 2018-12-07 国网重庆市电力公司电力科学研究院 A kind of lightweight network equipment port detection method based on python
CN109391635A (en) * 2018-12-17 2019-02-26 北京奇安信科技有限公司 Data transmission method, device, equipment and medium based on two-way gateway
CN109547486A (en) * 2018-12-29 2019-03-29 浙江汇安网络科技有限公司 A kind of monitoring analysis method of Internet of Things network layer communication
CN110049059A (en) * 2019-04-26 2019-07-23 深圳市网心科技有限公司 A kind of outer net equipment and Intranet communication between devices method and relevant apparatus
CN110233859A (en) * 2019-07-01 2019-09-13 上海冰鉴信息科技有限公司 A kind of novel air prosecutor method and air control system
CN110545158A (en) * 2019-07-23 2019-12-06 国网福建省电力有限公司 Virtualization and self-adaptive communication system and communication method for multiple interfaces of optical digital tester
CN110598426A (en) * 2019-08-14 2019-12-20 平安科技(深圳)有限公司 Data communication method, device, equipment and storage medium based on information security
CN111031067A (en) * 2019-12-24 2020-04-17 上海中信信息发展股份有限公司 Monitoring data transmission method and device of distributed system and electronic equipment
CN111641852A (en) * 2020-05-15 2020-09-08 上海幕革科技有限公司 Method and system for secondary packaging of film content

Similar Documents

Publication Publication Date Title
CN107172020A (en) A kind of network data security exchange method and system
CN107018134B (en) Power distribution terminal safety access platform and implementation method thereof
CN103491072B (en) A kind of border access control method based on double unidirection insulation network brakes
CN101836422B (en) Bidirectional gateway with enhanced security level
US8413248B2 (en) Method for secure single-packet remote authorization
JP3688830B2 (en) Packet transfer method and packet processing apparatus
KR101585936B1 (en) System for managing virtual private network and and method thereof
CN102347870B (en) A kind of flow rate security detection method, equipment and system
CN109088870A (en) A kind of method of new energy plant stand generator unit acquisition terminal secure accessing platform
Frankel et al. Guide to IPsec VPNs:.
US20100226280A1 (en) Remote secure router configuration
CN106060003A (en) Network boundary unidirectional isolated transmission device
JP2005503047A (en) Apparatus and method for providing a secure network
CN107005534A (en) Secure connection is set up
CN106169952B (en) A kind of authentication method that internet Key Management Protocol is negotiated again and device
CN111770071B (en) Method and device for gateway authentication of trusted device in network stealth scene
KR20100107033A (en) Method and apparatus to enable lawful intercept of encrypted traffic
US7577156B2 (en) Highly adaptable proxy traversal and authentication
CN106506540A (en) A kind of intranet data transmission method of attack resistance and system
CA2506418C (en) Systems and apparatuses using identification data in network communication
CN109150906A (en) A kind of real-time data communication safety method
Xu et al. Research on network security of VPN technology
CN103139189B (en) Internet protocol security (IPSec) tunnel sharing method, IPSec tunnel sharing system and IPSec tunnel sharing equipment
CN115348118B (en) Network address and port number hiding method based on cryptographic technology
CN110351308B (en) Virtual private network communication method and virtual private network device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170915