CN109104443A - A kind of communication means and system based on physical isolation apparatus - Google Patents
A kind of communication means and system based on physical isolation apparatus Download PDFInfo
- Publication number
- CN109104443A CN109104443A CN201811269467.0A CN201811269467A CN109104443A CN 109104443 A CN109104443 A CN 109104443A CN 201811269467 A CN201811269467 A CN 201811269467A CN 109104443 A CN109104443 A CN 109104443A
- Authority
- CN
- China
- Prior art keywords
- frame
- physical isolation
- isolation apparatus
- business
- communication means
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L69/00—Network arrangements, protocols or services independent of the application payload and not provided for in the other groups of this subclass
- H04L69/30—Definitions, standards or architectural aspects of layered protocol stacks
- H04L69/32—Architecture of open systems interconnection [OSI] 7-layer type protocol stacks, e.g. the interfaces between the data link level and the physical level
- H04L69/322—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions
- H04L69/329—Intralayer communication protocols among peer entities or protocol data unit [PDU] definitions in the application layer [OSI layer 7]
Abstract
The embodiment of the invention provides a kind of communication means and system based on physical isolation apparatus, should communication means based on physical isolation apparatus include: that business access request is generated according to pre-set business requirements for access;First is established using frame according to business access request and default application layer protocol;Physical isolation apparatus is sent to using frame by first.By implementing the present invention, the defect that physical isolation apparatus needs specialized protocol in link layer is avoided by the way of application layer protocol, so that physical isolation apparatus can receive the Intranet access request of different business systems client, the flexibility that outer net accesses Intranet is improved, and then improves access efficiency.
Description
Technical field
The present invention relates to information security fields, and in particular to a kind of communication means and system based on physical isolation apparatus.
Background technique
Physical isolation apparatus is a kind of chain by cutting off between network on circuit with various control function specialized hardware
The connection of road floor, and the Network Security Device of the business datum exchange of safety appropriateness can be carried out between network.In physical isolation ring
Under border using typical physical isolation apparatus in address procedures, mainly towards specialized protocol, that is, before preposition and terminal is isolated
Binding relationship, isolation postposition and Batch Processing binding relationship are set, the business of support is single business.Such as outer net video terminal, warp
Gateway is only capable of the video access system inside access, they only support single operation system, to support multiservice system, then
It has to dispose the physical isolation apparatus that more sets support different business, this visit the business between intranet and extranet can not directly
It asks, the switching or unified ability further progress access by other special equipments is needed, to generate the industry between intranet and extranet
The problem that business access is inflexible, access efficiency is lower.
Summary of the invention
The embodiment of the invention provides a kind of communication means and system based on physical isolation apparatus, to overcome the prior art
In in the case where being physically isolated environment by the way of specialized protocol, can only support single operation system, make the industry between intranet and extranet
Business access efficiency is low and accesses inflexible problem.
The embodiment of the invention provides a kind of communication means based on physical isolation apparatus, comprising: is visited according to pre-set business
Ask that demand generates business access request;First is established using frame according to business access request and default application layer protocol;It will
Described first is sent to physical isolation apparatus using frame.
Optionally, it is described according to the business access request and default application layer protocol establish first application frame after,
It is described be sent to physical isolation apparatus using frame for described first before, the communication means further include: according to described first
It establishes using frame and is connect with the socket of communication front end, and be sent to the communication front end using frame for described first;It is logical
It crosses the communication front end and updates described first using frame.
The embodiment of the invention also provides a kind of communication means based on physical isolation apparatus, comprising: obtains physical isolation
First after device progress dissection process applies frame;Judge whether described first meet default application using frame according to parsing result
Layer protocol;When described first meets the default application layer protocol using frame, receives described first and apply frame;According to described
One application frame generates business datum.
Optionally, described that business datum is generated according to the first application frame, comprising: by business front end to described the
One application frame carries out business access parsing, generates business access parsing result;Industry is generated according to the business access parsing result
Business data.
The embodiment of the invention also provides a kind of communication means based on physical isolation apparatus, comprising: according to default application
Layer protocol and business datum establish second using frame;Physical isolation apparatus is sent to using frame by described second.
Optionally, it after the basis presets application layer protocol and business datum establishes the second application frame, is incited somebody to action described
Described second is sent to before physical isolation apparatus using frame, the communication means further include: builds according to described second using frame
It is vertical to be connect with the socket of business front end, and the business front end is sent to using frame by described second;Pass through the industry
Front end update described second be engaged in using frame.
The embodiment of the invention also provides a kind of communication means based on physical isolation apparatus, comprising: obtains physical isolation
Second after device progress dissection process applies frame;Judge whether described second meet default application using frame according to parsing result
Layer protocol;When described second meets the default application layer protocol using frame, receives described second and apply frame;According to described
Two obtain business datum using frame.
Optionally, described to obtain business datum using frame according to described second, comprising: by communication front end to described the
Two application frames carry out business access parsing, generate business access parsing result;Institute is obtained according to the business access parsing result
State business datum.
The embodiment of the invention also provides a kind of communication systems based on physical isolation apparatus, comprising: client, physics every
From device and server end, wherein the client is used to generate business access request according to pre-set business requirements for access, according to
The business access request and default application layer protocol establish first using frame, and are sent to the object using frame for described first
Manage isolating device;The physical isolation apparatus carries out at parsing to described first using frame for receiving described first using frame
Reason, and judge whether described first meet default application layer protocol using frame according to parsing result;When the first application frame accords with
When closing the default application layer protocol, described first after the physical isolation apparatus will carry out dissection process is sent to using frame
The server end;Described in the received server-side progress dissection process after described first apply frame, and according to it is described into
The first application frame after row dissection process generates business datum.
Optionally, the communication system further include: communication front end and business front end, the communication front end is for connecing
The client is sent described first is received using frame, and is updated to described first using frame, updated first is answered
The physical isolation apparatus is sent to frame;The business front end is used to receive described the of physical isolation apparatus feedback
One applies frame, and carries out business access parsing to the first application frame, generates business access parsing result;The business is preposition
End is also used to the business access parsing result being sent to the server end;The server is according to the business access solution
It analyses result and generates the business datum.
The embodiment of the invention also provides a kind of communication systems based on physical isolation apparatus, comprising: client, physics every
From device and server end, wherein the server end presets application layer protocol and establish second using data and answers for basis
The physical isolation apparatus is sent to using frame with frame, and by described second;The physical isolation apparatus is for receiving described the
Two apply frame, carry out dissection process to the second application frame and judge whether described second meet using frame according to parsing result
Default application layer protocol;When described second meets the default application layer protocol using frame, the physical isolation apparatus will be into
Described second after row dissection process is sent to the client using frame;The client is for receiving described carry out at parsing
Described second after reason applies frame, and obtains business datum using frame according to described second after the progress dissection process.
Optionally, the communication system further include: business front end and communication front end, wherein the business front end
It is updated using frame, and to described second using frame for receiving the server end is sent described second, after update
Second be sent to the physical isolation apparatus using frame;The communication front end is for receiving the physical isolation apparatus feedback
Described second apply frame, and to it is described second application frame carry out business datum parsing, generate business datum parsing result;It is described
Communication front end is also used to the business datum parsing result being sent to the client;The client is according to the business
Data parsing result obtains the business datum.
The embodiment of the invention also provides a kind of non-transient computer readable storage medium, the non-transient computer is readable
Storage medium stores computer instruction, and the computer instruction is any of the above-described based on physical isolation for executing the computer
The communication means of device.
The embodiment of the invention also provides a kind of computer equipments, comprising: at least one processor;And with it is described at least
Wherein, the memory is stored with the finger that can be executed by least one described processor to the memory of one processor communication connection
It enables, described instruction executed by least one described processor, so that at least one described processor executes above-mentioned any be based on
The communication means of physical isolation apparatus.
Technical solution of the present invention has the advantages that
1. the communication means provided in an embodiment of the present invention based on physical isolation apparatus, according to the business access of external network user
Request and the building of preset application layer protocol be sent to physical isolation apparatus using frame, thus by the way of application layer protocol
The defect that physical isolation apparatus needs specialized protocol in link layer is avoided, so that physical isolation apparatus can receive different business
The Intranet access request of system users improves the flexibility that outer net accesses Intranet, and then improves access efficiency.
2. the communication means provided in an embodiment of the present invention based on physical isolation apparatus, server is by obtaining physical isolation
Meet default application layer protocol after device parsing applies frame, and generates corresponding business datum, applies to only work as
After screening of the frame by the default application layer protocol of physical isolation apparatus, server could be accessed, and then ensured outer net to clothes
The secure access of business device.
3. the communication means provided in an embodiment of the present invention based on physical isolation apparatus, according to the business datum of server and
Preset application layer protocol building is sent to physical isolation apparatus using frame, to avoid object by the way of application layer protocol
Reason isolating device needs the defect of specialized protocol in link layer, so that physical isolation apparatus can receive server for not of the same trade or business
The business datum of business system, to support the access of multiservice system to provide basis.
4. the communication means provided in an embodiment of the present invention based on physical isolation apparatus, by obtaining physical isolation apparatus solution
Meet default application layer protocol after analysis obtains corresponding business datum using frame, passes through physical isolation using frame to only work as
After the screening of the default application layer protocol of device, external network user, Jin Erbao could will be sent to using frame with business datum
Secure access of the outer net to server is hindered.
5. the communication system provided in an embodiment of the present invention based on physical isolation apparatus, the application that external network user is established
Frame, by physical isolation apparatus analysis judgment, whether it meets default application layer protocol, includes industry by this if meeting agreement
Business request passes to server and generates corresponding business datum by server using frame.Pass through the side using application layer protocol
Formula avoids the defect that physical isolation apparatus needs specialized protocol in link layer so that physical isolation apparatus can receive it is not of the same trade or business
The Intranet access request for system users of being engaged in, the uplink service for realizing client to server end access, and it is internal to improve outer net
The flexibility of access is netted, and then improves access efficiency.
6. the communication system provided in an embodiment of the present invention based on physical isolation apparatus, what server was established includes business number
According to apply frame, by physical isolation apparatus analysis judgment, whether it meets default application layer protocol, if meeting agreement, will
This passes to outer net client using frame, and outer net client is made to receive corresponding business datum.To by utilizing application layer protocol
Mode avoids the defect that physical isolation apparatus needs specialized protocol in link layer, realize server end to client downlink
Service response, so that physical isolation apparatus can receive business datum of the server for different business systems, to support more industry
The access of business system provides basis, and then has ensured secure access of the outer net to server.
Detailed description of the invention
It, below will be to specific in order to illustrate more clearly of the specific embodiment of the invention or technical solution in the prior art
Embodiment or attached drawing needed to be used in the description of the prior art be briefly described, it should be apparent that, it is described below
Attached drawing is some embodiments of the present invention, for those of ordinary skill in the art, before not making the creative labor
It puts, is also possible to obtain other drawings based on these drawings.
Fig. 1 is the flow chart of the communication means based on physical isolation apparatus in the embodiment of the present invention;
Fig. 2 is another flow chart of the communication means based on physical isolation apparatus in the embodiment of the present invention;
Fig. 3 is another flow chart of the communication means based on physical isolation apparatus in the embodiment of the present invention;
Fig. 4 is another flow chart of the communication means based on physical isolation apparatus in the embodiment of the present invention;
Fig. 5 is another flow chart of the communication means based on physical isolation apparatus in the embodiment of the present invention;
Fig. 6 is another flow chart of the communication means based on physical isolation apparatus in the embodiment of the present invention;
Fig. 7 is another flow chart of the communication means based on physical isolation apparatus in the embodiment of the present invention;
Fig. 8 is another flow chart of the communication means based on physical isolation apparatus in the embodiment of the present invention;
Fig. 9 is the structural schematic diagram of the communication system based on physical isolation apparatus in the embodiment of the present invention;
Figure 10 is another structural schematic diagram of the communication system based on physical isolation apparatus in the embodiment of the present invention;
Figure 11 is the structural schematic diagram of computer equipment in the embodiment of the present invention.
Specific embodiment
Technical solution of the present invention is clearly and completely described below in conjunction with attached drawing, it is clear that described implementation
Example is a part of the embodiment of the present invention, instead of all the embodiments.Based on the embodiments of the present invention, ordinary skill
Personnel's every other embodiment obtained without making creative work, shall fall within the protection scope of the present invention.
In the description of the present invention, it should be noted that term " first ", " second " are used for description purposes only, and cannot
It is interpreted as indication or suggestion relative importance.
In the description of the present invention, it should be noted that unless otherwise clearly defined and limited, term " connection " should be done
It broadly understood, for example, it may be being fixedly connected, may be a detachable connection, or be integrally connected;It can be mechanical connection,
It is also possible to be electrically connected;It can be directly connected, can also can also be inside two elements indirectly connected through an intermediary
Connection, can be wireless connection, be also possible to wired connection.It for the ordinary skill in the art, can be specific
Situation understands the concrete meaning of above-mentioned term in the present invention.
As long as in addition, the non-structure each other of technical characteristic involved in invention described below different embodiments
It can be combined with each other at conflict.
Embodiment 1
The embodiment of the invention provides a kind of communication means based on physical isolation apparatus, as shown in Figure 1, physics should be based on
The communication means of isolating device includes:
Step S1: business access request is generated according to pre-set business requirements for access.Specifically, business access request is outer
The client of net side requires the business datum for needing to obtain from intranet server according to practical business.
Step S2: first is established using frame according to business access request and default application layer protocol.Specifically, above-mentioned pre-
If application layer protocol abbreviation FM, defining this and presetting for layer protocol format is FM: < S, L, CID, SID, SA, DA, R, DATA, F, E
>, wherein S is frame bebinning character, and L is message length, and CID is client identity mark, and SID is service identification, and SA is source address,
DA is destination address, and R is reserved field, and DATA is data payload, F be frame check and, E is frame end character;Isolating device is only
The message for allowing to meet FM format passes through, and in address procedures, tetra- domains CID, SID, SA and DA are used only.It needs to illustrate
That above-mentioned preset can be defined as extended formatting for layer protocol according to actual needs in practical applications, the present invention not with
This is limited.In practical applications, client is defined according to above-mentioned preset for layer protocol format, on group application protocol frame is
First stated applies frame, and the identity CID of itself and the service identification SID to be accessed are written first using frame together.
Step S3: physical isolation apparatus is sent to using frame by first.In practical applications, when outer net client needs to visit
When asking intranet data, need to be sent to physical isolation apparatus using frame for above-mentioned first.
S1 to step S3 through the above steps, the communication party provided in an embodiment of the present invention based on physical isolation apparatus
Method avoids the defect that physical isolation apparatus needs specialized protocol in link layer by the way of application layer protocol, so that physics
Isolating device can receive the Intranet access request of different business systems client, improve the flexibility that outer net accesses Intranet,
And then improve access efficiency.
In a preferred embodiment, above-mentioned before executing step S3 as shown in Fig. 2, after executing above-mentioned steps S2
The communication means based on physical isolation apparatus further include:
Step S4: establishing according to the first application frame and connect with the socket of communication front end, and the first application frame is sent
To communication front end.In practical applications, it is asked to reduce physical isolation apparatus to multiple client access intranet server
The Intranet of progress is asked to address workload, setting communicates front end between client and physical isolation apparatus, and client is according to upper
The the first application frame stated with communicate preposition unlatching Socket service mode, i.e. socket connection.
Step S5: first is updated by communication front end and applies frame.In practical applications, client initiate with communicate it is preposition
Socket connection is held, physical isolation apparatus one end is connect with communication front end Socket, and the other end and the business of interior net side are preposition
Socket connection is held, after communication front end will be issued using frame, communication front end record client identification CID and client address
C_A relationship;The source address field of above-mentioned first application frame is written in the address CF_A of oneself by communication front end, then communicates front end
Before forwarding the first application frame, inquiring client terminal is identified between CID and business front end address BF_A with the presence or absence of fixation
Relationship, and if it exists, then fill in BF_A to the destination address field of above-mentioned first application frame, if it does not exist, then the SP that fills a vacancy is to above-mentioned
The destination address field of first application frame completes the update to above-mentioned first application frame.Then updated first application frame is sent
To physical isolation apparatus.
S1 to step S5 through the above steps, the communication party provided in an embodiment of the present invention based on physical isolation apparatus
Method avoids the defect that physical isolation apparatus needs specialized protocol in link layer by the way of application layer protocol, so that physics
Isolating device can receive the Intranet access request of different business systems client, improve the flexibility that outer net accesses Intranet,
And then access efficiency is improved, and improve physical isolation apparatus to network service in extranet access by adding communication front end
Processing speed, further improve the efficiency of access.
Embodiment 2
The embodiment of the invention provides a kind of communication means based on physical isolation apparatus, as shown in figure 3, physics should be based on
The communication means of isolating device includes:
Step S6: first after obtaining physical isolation apparatus progress dissection process applies frame.In practical applications, this first
Using frame be physical isolation apparatus receive client transmission comprising access intranet server apply frame, to this using frame into
Row dissection process is to parse to obtain the format content for applying frame.
Step S7: judge whether first meet default application layer protocol using frame according to parsing result.In practical applications,
In order to ensure the secure access between outer net and Intranet, need to judge client be sent to physical isolation apparatus application frame whether
Meet the requirement of about default application layer protocol, when these segmentation symbols match, then illustrate the access of the client using frame be it is safe, allow it
It accesses to Intranet, executes step S8, when the first above-mentioned application frame does not meet default application layer protocol requirement, then explanation should
The access of client be it is against regulation, abandon first apply frame, do not allow its access intranet server, to ensure outer net pair
The secure access of Intranet.
Step S8: it when first meets default application layer protocol using frame, receives first and applies frame.In practical applications,
If meet default application layer protocol, illustrate that it is security access request, then server receives at physical isolation apparatus parsing
First after reason applies frame.
Step S9: business datum is generated according to the first application frame.Specifically, it is receiving comprising customer service access request
The first application frame after, server end generates corresponding business datum according to its specific request content.So far, it is sent out from client
Access is played, carries out parsing verifying to by physical isolation apparatus, final server end generates corresponding business datum, entire uplink
The access process of business terminates.
S6 to step S9 through the above steps, the communication means based on physical isolation apparatus of the embodiment of the present invention are real
Having showed only after passing through the screening of default application layer protocol of physical isolation apparatus using frame, could access server, into
And secure access of the outer net to server is ensured.
In a preferred embodiment, as shown in figure 4, above-mentioned step S9, specifically includes:
Step S91: business access parsing is carried out to the first application frame by business front end, generates business access parsing knot
Fruit.In practical applications, in order to reduce physical isolation apparatus directly to intranet server carry out business datum access processing
Workload is arranged such as the business front end in embodiment 1, client initiation between interior net side physical isolation apparatus and server
It is connect with communication front end Socket, physical isolation apparatus one end is connect with communication front end Socket, the other end and interior net side
The Socket connection of business front end, business front end Socket connection server end.Physical isolation apparatus will be after dissection process
First be sent to business front end using frame, which parses this using frame, extract service identification BID,
Client identification CID, source address CF_A and data field DATA;According to BID, initiated using data field DATA to the access of business;
Business front end records client identification CID, the corresponding link of service identification BID, source address BF_A, isolation postposition Socket
The relation table of FD.
Step S92: business datum is generated according to business access parsing result.Business front end is solved to first using frame
After analysis, this is directly sent to server using the corresponding request for needing to access server in frame, server is asked according to this
Seek survival into corresponding business datum.
S6 to step S9 through the above steps, the communication means based on physical isolation apparatus of the embodiment of the present invention are real
Having showed only after passing through the screening of default application layer protocol of physical isolation apparatus using frame, could access server, into
And ensured secure access of the outer net to server, physical isolation apparatus is improved to extranet access by adding business front end
The processing speed of interior network service further improves the efficiency of access.
Embodiment 3
The embodiment of the invention provides a kind of communication means based on physical isolation apparatus, as shown in figure 5, physics should be based on
The communication means of isolating device includes:
Step S10: second is established using frame according to default application layer protocol and business datum.Specifically, above-mentioned default
Application layer protocol abbreviation FM, define this preset for layer protocol format be FM:<S, L, CID, SID, SA, DA, R, DATA, F, E>,
Wherein S is frame bebinning character, and L is message length, and CID is client identity mark, and SID is service identification, and SA is source address, DA
For destination address, R is reserved field, and DATA is data payload, F be frame check and, E is frame end character;Isolating device only permits
The message for being permitted to meet FM format passes through, and in address procedures, tri- domains CID, SID, SA and DA are used only.It should be noted that
Above-mentioned preset can be defined as extended formatting for layer protocol according to actual needs in practical applications, the present invention not as
Limit.
Step S11: physical isolation apparatus is sent to using frame by second.Specifically, the second above-mentioned application is being constructed
After frame, according to CID search physical isolation apparatus Socket connection address, and by this second application frame be sent to physics every
From device.
S10 to step S11 through the above steps, the communication means based on physical isolation apparatus of the embodiment of the present invention,
The defect that physical isolation apparatus needs specialized protocol in link layer is avoided by the way of application layer protocol, so that physical isolation
Device can receive business datum of the server for different business systems, to support the access of multiservice system to provide basis.
In a preferred embodiment, as shown in fig. 6, after executing step S10, before executing step S11, it is above-mentioned
Communication means further include:
Step S12: establishing according to the second application frame and connect with the socket of business front end, and the second application frame is sent
To business front end.In practical applications, return is addressed in order to reduce physical isolation apparatus to the multiple business datums of server end
Business front end is arranged in the processing workload of client between server end and physical isolation apparatus, and server end is according to upper
The the second application frame stated with communicate preposition unlatching Socket service mode, i.e. socket connection.
Step S13: second is updated by business front end and applies frame.In practical applications, server end initiation and business
Front end Socket connection, physical isolation apparatus one end are connect with business front end Socket, the communication of the other end and outer net side
Front end Socket connection, after the application frame comprising business datum is issued business front end, business front end is believed according to link
Breath extracts client identification CID, source address CF_A;By CID, BID, the address of oneself, source address CF_A, data DATA difference
Client identification, service identification, source address field, destination address field and the data field of write-in the second application frame are completed to above-mentioned first
Using the update of frame.Then physical isolation apparatus is sent to using frame by updated first.
S10 to step S13 through the above steps, the communication party provided in an embodiment of the present invention based on physical isolation apparatus
Method avoids the defect that physical isolation apparatus needs specialized protocol in link layer by the way of application layer protocol, so that physics
Isolating device can receive business datum of the server for different business systems, to support the access of multiservice system to provide base
Plinth, and the response speed that physical isolation apparatus externally nets access to intranet data is improved by adding business front end, into
One step improves the efficiency of access.
Embodiment 4
The embodiment of the invention provides a kind of communication means based on physical isolation apparatus, as shown in fig. 7, physics should be based on
The communication means of isolating device includes:
Step S14: second after obtaining physical isolation apparatus progress dissection process applies frame.In practical applications, this
Two application frames are the correspondence industry that extranet access Intranet is responded comprising server that physical isolation apparatus receives server end transmission
Business data, carrying out dissection process using frame to this is the format content for parsing and obtaining this using frame.
Step S15: judge whether second meet default application layer protocol using frame according to parsing result.In practical application
In, in order to ensure the secure access between outer net and Intranet, need to judge that server end is sent to the application of physical isolation apparatus
Whether frame meets the requirement of about default application layer protocol, when these segmentation symbols match, then illustrates the answering comprising business datum of the server end
Be with frame it is safe, allow for the business datum to be sent to corresponding client, execute step S8, the second above-mentioned application frame is not
When meeting default application layer protocol requirement, then illustrate the server end business datum be it is against regulation, abandon and second answer
With frame, it is not allowed to access intranet server, to ensure secure access of the outer net to Intranet.
Step S16: it when second meets default application layer protocol using frame, receives second and applies frame.In practical applications,
If above-mentioned second application frame meets default application layer protocol, illustrate that the business datum at intranet server end is sent to outer net
Client be it is safe, then by client receive physical isolation apparatus dissection process after first apply frame.
Step S17: business datum is obtained using frame according to second.Second comprising business datum is being received using frame
Afterwards, client requests corresponding business datum according to oneself business access is therefrom obtained, and completes the data access to Intranet.Extremely
This, business datum is generated from server end and applies frame, be then forwarded to physical isolation apparatus and carry out parsing verifying, End-Customer
End receives using frame and therefrom obtains corresponding business datum, and entire downlink business response process terminates.
S14 to step S17 through the above steps, the communication means based on physical isolation apparatus of the embodiment of the present invention,
Only after screening of the application frame by the default application layer protocol of physical isolation apparatus, the application of business datum could will be had
Frame is sent to external network user, and then has ensured secure access of the outer net to server.
In a preferred embodiment, as shown in figure 8, above-mentioned step S17, obtains business datum using frame according to second,
It specifically includes:
Step S171: business access parsing is carried out to the second application frame by communication front end, generates business access parsing
As a result.In practical applications, the processing that business datum issues is carried out in order to reduce the directly external net client of physical isolation apparatus
Workload is arranged such as the communication front end in embodiment 1, client initiation between interior net side physical isolation apparatus and client
It is connect with communication front end Socket, physical isolation apparatus one end is connect with communication front end Socket, the other end and interior net side
The Socket connection of business front end, business front end Socket connection server end.Physical isolation apparatus will be after dissection process
Second be sent to communication front end using frame, which parses this using frame, extracts this using visitor in frame
Family end identifies CID and source address (the as preposition address BF_A of business), before communication front end records client identification CID and business
Set the relationship of address BF_A between holding;Front end is communicated according to CID, selects link by being sent to using frame comprising business datum
Client.
Step S172: business datum is obtained according to business access parsing result.Front end is communicated to carry out the second application frame
After parsing, directly this is sent using the corresponding business datum of access server corresponding in frame to client.
S14 to step S17 through the above steps, the communication means based on physical isolation apparatus of the embodiment of the present invention,
Only after screening of the application frame by the default application layer protocol of physical isolation apparatus, the application of business datum could will be had
Frame is sent to external network user, and then has ensured secure access of the outer net to server, and is improved by adding communication front end
Physical isolation apparatus further improves the efficiency of access to the processing speed of Intranet response outer net business datum.
Embodiment 5
The embodiment of the invention provides a kind of communication systems based on physical isolation apparatus, as shown in figure 9, physics should be based on
The communication device of isolating device 2 includes: client 1, physical isolation apparatus 2 and server end 3, wherein client 1 is used for basis
Pre-set business requirements for access generates business access request, establishes the first application according to business access request and default application layer protocol
Frame, and physical isolation apparatus 2 is sent to using frame by first;Physical isolation apparatus 2 applies frame for receiving first, answers first
Dissection process is carried out with frame, and judges whether first meet default application layer protocol using frame according to parsing result;It answers when first
When meeting default application layer protocol with frame, first after physical isolation apparatus 2 will carry out dissection process is sent to service using frame
Device end 3;First after the reception progress dissection process of server end 3 applies frame, and according to the first application after progress dissection process
Frame generates business datum.
Pass through the cooperative cooperating of above-mentioned each component part, the communication dress based on physical isolation apparatus of the embodiment of the present invention
It sets, the defect of specialized protocol is needed avoiding physical isolation apparatus in the way of application layer protocol in link layer, so that
Physical isolation apparatus can receive the Intranet access request of different business systems client, realize client to the upper of server end
Row business access improves the flexibility that outer net accesses Intranet, and then improves access efficiency.
In a preferred embodiment, as shown in Figure 10, the above-mentioned communication device based on physical isolation apparatus further include: logical
Believe front end 4 and business front end 5, communication front end 4 is used to receive client 1 is sent first using frame, and answers first
It is updated with frame, is sent to physical isolation apparatus 2 using frame for updated first;Business front end 5 is for receiving physics
The first of the feedback of isolating device 2 applies frame, and carries out business access parsing to the first application frame, generates business access and parses knot
Fruit;Business front end 5 is also used to business access parsing result being sent to server end 3;Server is parsed according to business access
As a result business datum is generated.
The communication device proposed by the present invention based on physical isolation apparatus is carried out below with reference to concrete application example detailed
Thin explanation.
Firstly, application layer protocol format FM:<S, L are defined, and CID, SID, SA, DA, R, DATA, F, E>, wherein S rises for frame
Beginning character, L are message length, and CID is 1 identity of client, and SID is service identification, and SA is source address, and DA is for target
Location, R are reserved field, and DATA is data payload, F be frame check and, E is frame end character;Physical isolation apparatus 2 only allows full
Sufficient FM format passes through using frame, and in address procedures, tri- domains CID, SID, SA and DA are used only.
Then, the preposition unlatching Socket service mode of isolation in physical isolation apparatus 2 receives communication front end 4 and connects;
Socket service mode is opened in business front end 5, receives the connection of the isolation postposition in physical isolation apparatus 2;Communicate front end 4
Access to isolation it is preposition after, the preposition Socket list CFS_LIST of preposition record communication is isolated;It is preposition that postposition access service is isolated
Behind end 5, the Socket list BFS_LIST of postposition record traffic front end 5 is isolated;The clothes of the preset communication front end 4 of client 1
Business address;The address of the preset all business services in business front end 5.
The business access process that the client 1 of outer net is carried out to the server end 3 of Intranet is as follows:
Client 1 initiates access, organizes application protocol frame, and by the identity CID of oneself and the service identification to be accessed
Frame is written;Client 1 is initiated to connect with the Socket of communication front end 4, and communication front end 4 will be issued using frame;Before communication
It sets 4 record client 1 of end and identifies CID and 1 address C_A relationship of client;Communication front end 4 is answered by the address CF_A write-in of oneself
With the source address field of frame;When communicating 4 forwarded upstream application frame of front end, inquiring client terminal 1 identifies CID and 5 ground of business front end
Relationship between the BF_A of location, and if it exists, the destination address field for then filling in BF_A to application frame then fills a vacancy SP extremely if it does not exist
Using the destination address field of frame;Communication front end 4 is preposition by the isolation being forwarded in physical isolation apparatus 2 using frame;Before isolation
Machine parsing is set using frame, abandons the frame for being unsatisfactory for above-mentioned default application protocol format FM;Meet the frame of FM, cross physical isolation card,
Into isolation postposition;Postposition parsing is isolated and applies frame, extracts 5 address field BF_A of business front end and client 1 identifies CID;If
For sky, then link is selected from list BFS_LIST at random, to forward using frame;If it is empty, then according to before BF_A locator service
Set end 5;Frame is applied in the parsing of business front end 5, extracts service identification BID, and client 1 identifies CID, source address CF_A and data field
DATA;According to BID, initiated using data field DATA to the access of business;Business front end 5 records client 1 and identifies CID, industry
Business mark BID corresponding link source address BF_A, is isolated the relation table of postposition Socket FD, and sends it to server end
3;Server end 3 generates corresponding business datum according to above-mentioned application frame.
It is provided in an embodiment of the present invention logical based on physical isolation apparatus by the cooperative cooperating of above-mentioned each component part
Letter system needs the defect of specialized protocol avoiding physical isolation apparatus in the way of application layer protocol in link layer,
So that physical isolation apparatus can receive the Intranet access request of different business systems client, a kind of general service mould is constituted
Formula, the uplink service for realizing client to server end access, and improve the flexibility that outer net accesses Intranet, and then improve
Access efficiency, and by adding business front end and communication front end, so that the interaction between client and server
Transparence applies frame according to destination address forwarding, improves physical isolation apparatus to the processing speed of network service in extranet access,
Further improve the efficiency of access.
Embodiment 6
The embodiment of the invention provides a kind of communication systems based on physical isolation apparatus, as shown in figure 9, physics should be based on
The communication device of isolating device 2 includes: client 1, physical isolation apparatus 2 and server end 3, wherein server end 3 is used for root
Second is established using frame according to default application layer protocol and using data, and is sent to physical isolation apparatus 2 using frame for second;Object
It manages isolating device 2 and applies frame for receiving second, dissection process is carried out to the second application frame and judge second according to parsing result
Whether meet default application layer protocol using frame;When second meets default application layer protocol using frame, physical isolation apparatus 2 will
Second after carrying out dissection process is sent to client 1 using frame;Client 1 is answered for receiving second after carrying out dissection process
Business datum is obtained using frame with frame, and according to carry out after dissection process second.
Pass through the cooperative cooperating of above-mentioned each component part, the communication dress based on physical isolation apparatus of the embodiment of the present invention
It sets, the defect of specialized protocol is needed avoiding physical isolation apparatus in the way of application layer protocol in link layer, realize
The downlink business of server end to client responds, so that physical isolation apparatus can receive server for different business system
The business datum of system to support the access of multiservice system to provide basis, and then has ensured secure access of the outer net to server.
In a preferred embodiment, as shown in Figure 10, the above-mentioned communication device based on physical isolation apparatus 2, further includes:
Business front end 5 and communication front end 4, wherein business front end 5 is used to receive server end 3 is sent second using frame, and
It is updated to second using frame, is sent to physical isolation apparatus 2 using frame for updated second;Communication front end 4 is used for
It receives physical isolation apparatus 2 is fed back second and applies frame, and business datum parsing is carried out to the second application frame, generate business datum
Parsing result;Communication front end 4 is also used to business datum parsing result being sent to client 1;Client 1 is according to business datum
Parsing result obtains business datum.
The communication device proposed by the present invention based on physical isolation apparatus 2 is carried out below with reference to concrete application example detailed
Thin explanation.
Firstly, application layer protocol format FM:<S, L are defined, and CID, SID, SA, DA, R, DATA, F, E>, wherein S rises for frame
Beginning character, L are message length, and CID is 1 identity of client, and SID is service identification, and SA is source address, and DA is for target
Location, R are reserved field, and DATA is data payload, F be frame check and, E is frame end character;Physical isolation apparatus 2 only allows full
Sufficient FM format passes through using frame, and in address procedures, tri- domains CID, SID, SA and DA are used only.
Then, the preposition unlatching Socket service mode of isolation in physical isolation apparatus 2 receives communication front end 4 and connects;
Socket service mode is opened in business front end 5, receives the connection of the isolation postposition in physical isolation apparatus 2;Communicate front end 4
Access to isolation it is preposition after, the preposition Socket list CFS_LIST of preposition record communication is isolated;It is preposition that postposition access service is isolated
Behind end 5, the Socket list BFS_LIST of postposition record traffic front end 5 is isolated;The clothes of the preset communication front end 4 of client 1
Business address;The address of the preset all business services in business front end 5.
The process of the server end 3 of Intranet to the server end 3 of outer net response business datum is as follows:
Server end 3 returns to the application frame comprising business datum to business front end 5;Business is preposition to receive business datum
After DATA, according to link information, extracts client 1 and identify CID, source address CF_A;By CID, BID, by the address of oneself, source
Location CF_A, data DATA are respectively written into the mark of client 1 using frame, service identification, source address field, destination address field and data
Domain;After construction complete application frame, according to CID see look for isolation rear side Socket FD, and forward retribution frame to physics every
Isolation postposition from device 2;(note: in an interactive process, this step can be sent to any isolation postposition, any object at random
The isolation of reason isolating device 2 is preposition can be forwarded the packet according to destination address to communication front end 4);Postposition is isolated and receives report
Wen Hou, analytic message abandon the frame for being unsatisfactory for application protocol format FM;Meet the frame of FM, physical isolation card is crossed, into before isolation
It sets;The destination address field (DAF) in preposition foundation application message is isolated, selects given link from list of link CFS_LIST, will answer
Communication front end 4 is gone to frame;It communicates front end 4 and extracts and identify CID and source address using the client 1 in frame (business is preposition
Address BF_A);It communicates front end 4 and records the relationship that client 1 identifies address BF_A between CID and business front end 5;It communicates preposition
End 4 selects link that will be forwarded to client 1 using frame comprising business datum according to CID.
Pass through the cooperative cooperating of above-mentioned each component part, the communication dress based on physical isolation apparatus of the embodiment of the present invention
It sets, the defect of specialized protocol is needed avoiding physical isolation apparatus in the way of application layer protocol in link layer, realize
The downlink business of server end to client responds, and constitutes a kind of general service mode, so that physical isolation apparatus can be with
The business datum that server is used for different business systems is received, to support the access of multiservice system to provide basis, and then is ensured
Secure access of the outer net to server, and by adding business front end and communication front end, so that client and service
Interaction transparence between device end applies frame according to destination address forwarding, improves physical isolation apparatus and respond outer net to Intranet
The processing speed of business datum further improves the efficiency of service response.
Embodiment 7
The embodiment of the present invention provides a kind of non-transient computer storage medium, which is stored with computer
Executable instruction, it is logical based on physical isolation apparatus into which can be performed above-mentioned any embodiment 1
Letter method, or, communication based on physical isolation apparatus of the above-mentioned any embodiment 2 into can be performed in the computer executable instructions
Method, or, communication party based on physical isolation apparatus of the above-mentioned any embodiment 3 into can be performed in the computer executable instructions
Method, or, communication party based on physical isolation apparatus of the above-mentioned any embodiment 4 into can be performed in the computer executable instructions
Method, wherein above-mentioned storage medium can be magnetic disk, CD, read-only memory (Read-Only Memory, ROM), deposit at random
Store up memory body (Random Access Memory, RAM), flash memory (Flash Memory), hard disk (Hard Disk
Drive, abbreviation: HDD) or solid state hard disk (Solid-State Drive, SSD) etc.;The storage medium can also include above-mentioned kind
The combination of the memory of class.
It is that can lead to it will be understood by those skilled in the art that realizing all or part of the process in above-described embodiment method
Computer program is crossed to instruct relevant hardware come what is completed, program can be stored in a computer-readable storage medium, should
Program is when being executed, it may include such as the process of the embodiment of above-mentioned each method.Wherein, storage medium can for magnetic disk, CD, only
Read storage memory (ROM) or random access memory (RAM) etc..
Embodiment 8
The embodiment of the present invention provides a kind of computer equipment, and structural schematic diagram is as shown in figure 11, the computer equipment packet
It includes: one or more processors 410 and memory 420, in Figure 11 by taking a processor 410 as an example.
Above-mentioned computer equipment can also include: input unit 430 and output device 440.
Processor 410, memory 420, input unit 430 and output device 440 can pass through bus or other modes
It connects, in Figure 11 for being connected by bus.
Processor 410 can be central processing unit (Central Processing Unit, CPU).Processor 410 may be used also
Think other general processors, digital signal processor (Digital Signal Processor, DSP), specific integrated circuit
(Application Specific Integrated Circuit, ASIC), field programmable gate array (Field-
Programmable Gate Array, FPGA) either other programmable logic device, discrete gate or transistor logic,
The combination of the chips such as discrete hardware components or above-mentioned all kinds of chips.General processor can be microprocessor or the processing
Device is also possible to any conventional processor etc..
Memory 420 is used as a kind of non-transient computer readable storage medium, can be used for storing non-transient software program, non-
Transient computer executable program and module, as the communication means based on physical isolation apparatus in the embodiment of the present application is corresponding
Program instruction/module, processor 410 passes through the operation non-transient software program, instruction and the mould that are stored in memory 420
Block, thereby executing the various function application and data processing of server, i.e., realization above method embodiment based on physics every
Communication means from device.
Memory 420 may include storing program area and storage data area, wherein storing program area can store operation system
Application program required for system, at least one function;Storage data area can be stored according to the communication party based on physical isolation apparatus
The processing unit of method uses created data etc..In addition, memory 420 may include high-speed random access memory, also
It may include non-transient memory, a for example, at least disk memory, flush memory device or other non-transient solid-state memories
Part.In some embodiments, it includes the memory remotely located relative to processor 410 that memory 420 is optional, these are remotely deposited
Reservoir can pass through network connection to the communication device based on physical isolation apparatus.The example of above-mentioned network is including but not limited to mutual
Networking, intranet, local area network, mobile radio communication and combinations thereof.
Input unit 430 can receive the number or character information of input, and generate and leading to based on physical isolation apparatus
Believe the related user setting of processing unit and the related key signals input of function control of operation.Output device 440 may include
Display screen etc. shows equipment.
One or more module is stored in memory 420, when being executed by one or more processor 410, is held
Row method as shown in Figure 1 or 2, or, method as shown in Figure 3 or Figure 4 is executed, or, executing side as shown in Figure 5 or Figure 6
Method, or, executing such as Fig. 7 or method shown in Fig. 8.
Method provided by the embodiment of the present invention can be performed in the said goods, has the corresponding functional module of execution method and has
Beneficial effect.The not technical detail of detailed description in embodiments of the present invention, for details, reference can be made to embodiments as shown in Figure 1 or 2
In associated description, or referring to the associated description in embodiment as shown in Figure 3 or Figure 4, or referring to as shown in Figure 5 or Figure 6
Associated description in embodiment, or referring to the associated description in such as Fig. 7 or embodiment shown in Fig. 8.
Obviously, the above embodiments are merely examples for clarifying the description, and does not limit the embodiments.It is right
For those of ordinary skill in the art, can also make on the basis of the above description it is other it is various forms of variation or
It changes.There is no necessity and possibility to exhaust all the enbodiments.And it is extended from this it is obvious variation or
It changes still within the protection scope of the invention.
Claims (14)
1. a kind of communication means based on physical isolation apparatus characterized by comprising
Business access request is generated according to pre-set business requirements for access;
First is established using frame according to business access request and default application layer protocol;
Physical isolation apparatus is sent to using frame by described first.
2. the communication means according to claim 1 based on physical isolation apparatus, which is characterized in that described according to
Business access request and default application layer protocol are established after the first application frame, are sent to object using frame for described first described
Before managing isolating device, the communication means further include:
It is established according to the first application frame and is connect with the socket of communication front end, and be sent to institute using frame for described first
State communication front end;
Described first, which is updated, by the communication front end applies frame.
3. a kind of communication means based on physical isolation apparatus characterized by comprising
First after obtaining physical isolation apparatus progress dissection process applies frame;
Judge whether described first meet default application layer protocol using frame according to parsing result;
When described first meets the default application layer protocol using frame, receives described first and apply frame;
Business datum is generated according to the first application frame.
4. the communication means according to claim 3 based on physical isolation apparatus, which is characterized in that described according to described
One application frame generates business datum, comprising:
Business access parsing is carried out to the first application frame by business front end, generates business access parsing result;
Business datum is generated according to the business access parsing result.
5. a kind of communication means based on physical isolation apparatus characterized by comprising
Second is established using frame according to default application layer protocol and business datum;
Physical isolation apparatus is sent to using frame by described second.
6. the communication means according to claim 5 based on physical isolation apparatus, which is characterized in that default in the basis
Application layer protocol and business datum are established after the second application frame, are sent to physical isolation dress using frame for described second described
Before setting, the communication means further include:
It is established according to the second application frame and is connect with the socket of business front end, and be sent to institute using frame for described second
State business front end;
Described second, which is updated, by the business front end applies frame.
7. a kind of communication means based on physical isolation apparatus characterized by comprising
Second after obtaining physical isolation apparatus progress dissection process applies frame;
Judge whether described second meet default application layer protocol using frame according to parsing result;
When described second meets the default application layer protocol using frame, receives described second and apply frame;
Business datum is obtained using frame according to described second.
8. the communication means according to claim 7 based on physical isolation apparatus, which is characterized in that described according to described
Two obtain business datum using frame, comprising:
Business access parsing is carried out to the second application frame by communication front end, generates business access parsing result;
The business datum is obtained according to the business access parsing result.
9. a kind of communication system based on physical isolation apparatus characterized by comprising client (1), physical isolation apparatus
(2) and server end (3), wherein
The client (1) is used to generate business access request according to pre-set business requirements for access, is asked according to the business access
It seeks and presets application layer protocol and establish first using frame, and be sent to the physical isolation apparatus (2) using frame for described first;
The physical isolation apparatus (2) applies frame for receiving described first, carries out dissection process to the first application frame, and
Judge whether described first meet default application layer protocol using frame according to parsing result;
When described first meets the default application layer protocol using frame, the physical isolation apparatus (2) will be carried out at parsing
Described first after reason is sent to the server end (3) using frame;
Described first after server end (3) the reception progress dissection process applies frame, and is parsed according to described
Treated, and the first application frame generates business datum.
10. the communication system according to claim 9 based on physical isolation apparatus, which is characterized in that further include: before communication
End (4) and business front end (5) are set,
Communication front end (4) is used to receive the client (1) is sent described first using frame, and answers described first
It is updated with frame, is sent to the physical isolation apparatus (2) using frame for updated first;
The business front end (5) is used to receive the physical isolation apparatus (2) are fed back described first using frame, and to described
First application frame carries out business access parsing, generates business access parsing result;
The business front end (5) is also used to the business access parsing result being sent to the server end (3);
The server generates the business datum according to the business access parsing result.
11. a kind of communication system based on physical isolation apparatus characterized by comprising client (1), physical isolation apparatus
(2) and server end (3), wherein
The server end (3) is used for according to presetting application layer protocol and establish second using frame using data, and by described the
Two are sent to the physical isolation apparatus (2) using frame;
The physical isolation apparatus (2) carries out dissection process simultaneously to the second application frame for receiving described second using frame
Judge whether described second meet default application layer protocol using frame according to parsing result;
When described second meets the default application layer protocol using frame, the physical isolation apparatus (2) will be carried out at parsing
Described second after reason is sent to the client (1) using frame;
The client (1) applies frame for described second after receiving the progress dissection process, and is solved according to described
Treated described second obtains business datum using frame for analysis.
12. the communication system according to claim 11 based on physical isolation apparatus, which is characterized in that further include: business
Front end (5) and communication front end (4), wherein
The business front end (5) is used to receive the server end (3) are sent described second using frame, and to described second
It is updated using frame, is sent to the physical isolation apparatus (2) using frame for updated second;
Communication front end (4) is used to receive the physical isolation apparatus (2) are fed back described second using frame, and to described
Second application frame carries out business datum parsing, generates business datum parsing result;
The communication front end (4) is also used to the business datum parsing result being sent to the client (1);
The client (1) obtains the business datum according to the business datum parsing result.
13. a kind of non-transient computer readable storage medium, which is characterized in that the non-transient computer readable storage medium is deposited
Computer instruction is stored up, is realized when the computer instruction is executed by processor as claimed in claim 1 or 2 based on physical isolation
The communication means of device, or, being realized when the computer instruction is executed by processor as claim 3 or 4 is described in any item
Communication means based on physical isolation apparatus, or, realizing such as claim 5 or 6 when the computer instruction is executed by processor
The communication means based on physical isolation apparatus, or, being realized when the computer instruction is executed by processor as right is wanted
Seek 7 or 8 described in any item communication means based on physical isolation apparatus.
14. a kind of computer equipment characterized by comprising
At least one processor (410);And the memory (420) with the communication connection of at least one described processor (410);Its
In,
The memory (420) be stored with can by least one described processor execute instruction, described instruction by it is described at least
One processor executes so that at least one described processor (410) execute as claimed in claim 1 or 2 based on physics every
Communication means from device, alternatively, executing at least one described processor (410) as claim 3 or 4 is described in any item
Communication means based on physical isolation apparatus, or, executing at least one described processor (410) as claim 5 or 6 is any
The communication means based on physical isolation apparatus described in, or, at least one described processor (410) is made to execute such as claim
Based on the communication means of physical isolation apparatus described in 7 or 8.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811269467.0A CN109104443A (en) | 2018-10-29 | 2018-10-29 | A kind of communication means and system based on physical isolation apparatus |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201811269467.0A CN109104443A (en) | 2018-10-29 | 2018-10-29 | A kind of communication means and system based on physical isolation apparatus |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109104443A true CN109104443A (en) | 2018-12-28 |
Family
ID=64869612
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201811269467.0A Pending CN109104443A (en) | 2018-10-29 | 2018-10-29 | A kind of communication means and system based on physical isolation apparatus |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109104443A (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1605667A2 (en) * | 2004-06-08 | 2005-12-14 | Printronix, Inc. | Controlled firewall penetration for management of discrete devices |
CN101043522A (en) * | 2006-03-22 | 2007-09-26 | 腾讯科技(深圳)有限公司 | Web server based communication method and system |
CN102893270A (en) * | 2009-05-01 | 2013-01-23 | 卡金公司 | Enterprise client-server system and methods of providing web application support through distributed emulation of websocket communications |
-
2018
- 2018-10-29 CN CN201811269467.0A patent/CN109104443A/en active Pending
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
EP1605667A2 (en) * | 2004-06-08 | 2005-12-14 | Printronix, Inc. | Controlled firewall penetration for management of discrete devices |
CN101043522A (en) * | 2006-03-22 | 2007-09-26 | 腾讯科技(深圳)有限公司 | Web server based communication method and system |
CN102893270A (en) * | 2009-05-01 | 2013-01-23 | 卡金公司 | Enterprise client-server system and methods of providing web application support through distributed emulation of websocket communications |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US20210136653A1 (en) | Internet of Things Service Routing Method | |
CN105591982B (en) | A kind of method and apparatus of message transmissions | |
CN106797405A (en) | Distributed load equalizing system, health examination method and service node | |
US10389848B2 (en) | Message transmission method and core network interface device | |
CN106533883A (en) | Network private line establishment method, apparatus and system | |
CN107980217A (en) | Method and device for acquiring address of local domain name server and authoritative domain name server | |
CN107800603B (en) | Intranet user accesses the method and storage medium of headend equipment based on VPN | |
CN110198229B (en) | Network configuration method and device, storage medium and electronic device | |
CN108259642A (en) | Public service virtual machine access method and device based on private clound | |
CN106302839A (en) | The distribution method of internet protocol address and device | |
CN109391502A (en) | A kind of information configuring methods and administrative unit | |
CN106341298A (en) | Message transmission method and device | |
CN101252605A (en) | Multimedia communication method, system and apparatus traversing network address conversion equipment | |
CN109151916B (en) | Network transmission method, device and system for mobile network service | |
CN109743244A (en) | A kind of system and method for realizing that high speed interconnects based on SDN and NFV technology | |
CN103973753B (en) | A kind of method and apparatus of data processing | |
CN111245918A (en) | Service request transmission method and device | |
CN1947455B (en) | Supporting a network behind a wireless station | |
CN104539752B (en) | Access method and system between multilevel field platform | |
CN111935260B (en) | Account synchronization method and device, electronic equipment and storage medium | |
CN108064441A (en) | Method and system for accelerating network transmission optimization | |
CN107294752A (en) | Realize framework, the method and device of network function communication | |
CN109104443A (en) | A kind of communication means and system based on physical isolation apparatus | |
CN106953752A (en) | Realize multi-network coexisted and simultaneously accessed system and method | |
CN105656744B (en) | Identification method, equipment and the service chaining in service chaining path |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20181228 |
|
RJ01 | Rejection of invention patent application after publication |