CN110580406B - Internet file self-help importing system and method - Google Patents

Internet file self-help importing system and method Download PDF

Info

Publication number
CN110580406B
CN110580406B CN201910667366.7A CN201910667366A CN110580406B CN 110580406 B CN110580406 B CN 110580406B CN 201910667366 A CN201910667366 A CN 201910667366A CN 110580406 B CN110580406 B CN 110580406B
Authority
CN
China
Prior art keywords
file
import
module
control module
information
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201910667366.7A
Other languages
Chinese (zh)
Other versions
CN110580406A (en
Inventor
徐靖
袁伟
李书林
陈楠
曹伟
杨轩
刘佐
黄健
阳天青
姜冲
李皓
辛晓杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Aerospace Academy Of Systems Science And Engineering
Original Assignee
China Aerospace Academy Of Systems Science And Engineering
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Aerospace Academy Of Systems Science And Engineering filed Critical China Aerospace Academy Of Systems Science And Engineering
Priority to CN201910667366.7A priority Critical patent/CN110580406B/en
Publication of CN110580406A publication Critical patent/CN110580406A/en
Application granted granted Critical
Publication of CN110580406B publication Critical patent/CN110580406B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/17Details of further file system functions
    • G06F16/174Redundancy elimination performed by the file system
    • G06F16/1744Redundancy elimination performed by the file system using compression, e.g. sparse files
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • G06F21/32User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Software Systems (AREA)
  • Databases & Information Systems (AREA)
  • Data Mining & Analysis (AREA)
  • Computing Systems (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Storage Device Security (AREA)

Abstract

The invention discloses a self-help importing system and method for files among networks, which comprise a shell, an intranet machine touch display module, an image acquisition module, an IC card reading module, a fingerprint identification module, an intermediate machine touch display module, a non-secret importing module, a one-way importing module, an intermediate machine control module, an intranet machine control module, a one-way isolating module and an optical coupling isolating control module. Compared with a manual on-duty centralized import mode, the automatic file import method has the advantages that the automatic processing is realized on the file import link needing manual processing, the use is convenient and easy, the file import speed is greatly increased, and the service timeliness requirement is met.

Description

Internet file self-help importing system and method
Technical Field
The invention relates to an internetwork file self-help importing system and method, and belongs to the field of cross-network data exchange.
Background
How to realize efficient, safe and controllable cross-network data exchange and meet the fine management requirements of units on services and security strategies and the timeliness requirements of data exchange becomes a difficult problem which needs to be solved urgently at present.
In order to meet the construction requirements of a confidential system and solve the problems of management and safety of confidential documents in the exchange process, a confidential unit realizes the document exchange between a confidential intranet and an external network by setting a Chinese-integrated print room. The inter-network file exchange solution adopts a manual on-duty centralized ferrying mode, namely, a data ferrying person needing full-time work assists a user to complete the import work of files according to a secret specified flow. Along with the fact that the data transmission quantity between networks is larger and larger, the frequency is higher and higher, the workload of a data ferry is larger and larger, the data import time period is longer, and the working efficiency is greatly reduced.
Disclosure of Invention
The technical problem of the invention is solved: in order to overcome the defects of the prior art, a system and a method for automatically importing the files among networks are provided, a manual watching centralized import mode is converted into a user self-help import mode, and the automatic processing of the flow links in the file import process is realized.
The technical solution of the invention is as follows:
an internetwork file self-help import system comprises a shell, an intranet machine touch display module, an image acquisition module, an IC card reading module, a fingerprint identification module, an intermediate machine touch display module, a non-secret import module, a one-way import module, an intermediate machine control module, an intranet machine control module, a one-way isolation module and an optical coupling isolation control module,
the IC card reading module, the fingerprint identification module and the image acquisition module are all connected with the internal network machine control module, the internal network machine control module is connected with the management server, the IC card reading module and the fingerprint identification module are used for reading an IC card or fingerprint information of an applicant and inputting the IC card or the fingerprint information into the management server through the internal network machine control module, the management server compares the IC card or the fingerprint information with user information in the management server, and if the IC card or the fingerprint information is successfully matched with the user information in the management server, the identity verification of the applicant is passed;
after the identity authentication is passed, displaying all the import application instruction information stored on the management server through the intranet machine touch display module, and selecting one of the import application instruction information;
the intranet machine control module converts the selected import application instruction information into digital verification information through a Hash algorithm, displays the digital verification information on the intranet machine touch display module, and starts an import process;
the optical coupling isolation control module is connected with the internal microcomputer control module, after a leading-in process is started, the internal microcomputer control module lights an indicator lamp in the optical coupling isolation control module, if an optical sensor in the optical coupling isolation control module receives an optical signal sent by the indicator lamp during the lighting period of the indicator lamp and feeds the optical signal back to the intermediate microcomputer control module, the intermediate microcomputer control module is successfully activated, and the intermediate microcomputer touch display module prompts input of digital verification information; if the indicator lamp is turned on and the internal intermediate machine control module does not receive the optical signal fed back by the optical sensor, the intermediate machine control module fails to be activated;
inputting the digital verification information into the intermediate machine control module, analyzing whether the input digital verification information is correct or not by the intermediate machine control module through a Hash algorithm, if so,
the applicant selects a non-secret import module, a secret import module or a one-way import module to import the file through the intermediate machine control module, and stores the import file on the local of the intermediate machine control module;
the intermediate machine control module encrypts the electronic file to be imported and the digital verification information analyzed and input by the intermediate machine control module together by using an encryption algorithm, and a compressed file is formed after encryption is completed;
one end of the unidirectional isolation module is connected with the middleware control module, the other end of the unidirectional isolation module is connected with the management server, the middleware control module sends the compressed file to be imported to the unidirectional isolation module, the unidirectional isolation module forwards the compressed file to the management server in a unidirectional mode, and the middleware control module cleans the locally imported compressed file;
the management server receives the encrypted compressed file sent by the intermediate machine control module, decrypts the encrypted compressed file, matches the task number in the decrypted file with the task number in the imported application instruction information, and forwards the file to the applicant if the matching is successful; and if the continuous import or the matching is unsuccessful, the applicant selects a non-secret import module or a one-way import module to import the file again through the intermediate machine control module.
The shell is used for fixing functional components of all parts, the touch display module of the internal network machine is fixed on the left side of the front surface of the system and used for interface display and real-time operation of the internal network machine, and the touch display module of the middle machine is fixed on the right side of the front surface of the system and used for interface display and real-time operation of the middle machine respectively.
And when the IC card or the fingerprint information is read, the image acquisition module acquires the image information of the applicant and transmits the image information to the management server.
The digital verification information comprises a task number, a task security level and check code information.
And the intermediate machine control module analyzes whether the input digital verification information comprises a task number, a task security level and check code information through a Hash algorithm.
The middleware control module checks the imported file, and the check to be completed comprises the following steps: file security level, whether the compressed file is encrypted, and virus checking.
In the file encryption check, encryption check is carried out on the file name of the file to be imported, whether the tail part of the file name contains encryption keywords is judged, the encryption keywords comprise secret, internal, core encryption, common encryption and public encryption, and when all the files accord with encryption rules, the file is allowed to be continuously imported; otherwise, the user is prompted to mark the password incorrectly, and the user cannot continue to import the password.
In the compressed file check, whether the imported compressed file is encrypted or not is checked, and if the imported compressed file is the encrypted compressed file and the risk of avoiding the check exists, the import is prohibited.
A self-help importing method of files among networks comprises the following specific steps:
(1) initiating a task import application:
the applicant sends the task import application instruction information to the management server through the management system, and the management server stores the task import application instruction information;
(2) user identity authentication:
the method comprises the following steps that an applicant inputs login information to a management server on an intranet client in a user name password or fingerprint or card swiping mode, the management server collects the user login information and compares the information with user information in the management server, and if matching is successful, user identity authentication is passed;
(3) selecting an import task:
after the identity authentication is passed, displaying all the import application instruction information stored on the management server through the intranet client, and selecting one of the import application instruction information;
(4) generating digital verification information:
the intranet machine client converts the selected import application instruction information into digital verification information through a Hash algorithm, the digital verification information comprises a task number, a task security level and check code information, the digital verification information is displayed on the intranet machine client, and an import flow is started;
(5) activating the intermediate machine client:
after the importing process is started, the intranet client lights an indicator lamp in the optical coupling isolation control module, if an optical sensor in the optical coupling isolation control module receives an optical signal sent by the indicator lamp during the lighting period of the indicator lamp, and feeds the optical signal back to the middle client, the middle client activates successfully, and the middle client prompts to input digital verification information; if the intermediate machine client does not receive the optical signal fed back by the optical sensor during the lighting period of the indicator lamp, the intermediate machine client fails to activate;
(6) inputting digital verification information:
inputting the digital verification information into an intermediate machine client, analyzing whether the input digital verification information comprises a task number, a task security level and check code information or not by the intermediate machine client through a Hash algorithm, and entering the step (7) if the input digital verification information comprises the task number, the task security level and the check code information;
(7) selecting an import file:
the applicant selects the import file through the read-only optical drive or the one-way import module by the intermediate machine client, and stores the import file on the local of the intermediate machine client; if the file is imported through the read-only optical drive, the intermediate machine client controls the read-only optical drive, and if the read-only optical drive is empty, the optical drive is opened and the content of the optical disk is read;
(8) file checking:
the imported file is checked, and the check to be completed comprises the following steps: file security level, whether the compressed file is encrypted or not and virus check;
(9) encrypting and packaging the file:
the intermediate machine client side carries out encryption processing on the electronic file to be imported and the digital verification information analyzed in the step (6) by using an encryption algorithm, and a compressed file is formed after encryption is finished;
(10) and (3) file sending:
the intermediate machine client sends the compressed file to be imported to the one-way isolation module, the one-way isolation module forwards the compressed file to the management server in a one-way mode, and the intermediate machine client cleans the locally imported compressed file;
(11) file receiving:
the management server receives the encrypted compressed file sent from the client of the middleware machine, decrypts the encrypted compressed file, matches the task number in the decrypted file with the task number in the imported application instruction information, and forwards the file to a management system of an applicant if matching is successful; and (5) if the import is continued or the matching is unsuccessful, returning to the step (7).
In the step (8):
a) file encryption checking:
and carrying out encryption check on the file name of the file to be imported, and judging whether the tail part of the file name contains encryption keywords, wherein the encryption keywords comprise secret, internal, core encryption, common encryption and public. When all files meet the standard secret rule, allowing to continuously import; otherwise, prompting the user that the mark density is wrong and the user cannot continuously import the mark density;
b) and (3) compressed file checking:
checking whether the imported compressed file is encrypted or not, and if the imported compressed file is the encrypted compressed file, avoiding the risk of checking, and forbidding the import;
c) virus examination:
the system is embedded with a virus checking engine to check the virus of the imported file, and the import is allowed to continue after the scanning is passed.
The invention has the beneficial effects that:
(1) compared with a manual on-duty centralized import mode, the self-service import mode has the advantages that the automatic processing of the file import link needing manual processing is realized, the use is convenient and easy, the file import speed is greatly increased, and the service timeliness requirement is met;
(2) compared with a manual on-duty centralized import mode, the method is completely finished by an individual user according to a file import flow set by a system, the operation behavior can be audited, errors such as misoperation and missing operation caused by manual intervention are reduced, the risk of expanding the knowledge range of the confidential files is reduced, and the safety is better ensured;
(3) the invention fully considers the requirements of adjustment of the business management process and change of the service requirement, supports large-scale and large-capacity file import, has good stability, can realize configuration adjustment in a certain range, and is more suitable for the actual deployment requirement.
Drawings
FIG. 1 is a schematic view of the external structure of the present invention;
FIG. 2 is a schematic view of the internal structure of the present invention;
FIG. 3 is a timing diagram illustrating the operation of the present invention;
FIG. 4 is a flow chart of the method of the present invention.
Detailed Description
The present invention is described in further detail below with reference to the attached drawing figures.
A self-help importing system for files among networks is shown in figures 1 and 2 and comprises an outer shell invention 1, an intranet machine touch display module invention 2, an image acquisition module invention 3, an IC card reading module invention 4, a fingerprint identification module invention 5, an intermediate machine touch display module invention 6, a non-secret importing module invention 7, a secret importing module invention 8, a one-way importing module invention 9, an intermediate machine control module invention 16, an intranet machine control module invention 17, a one-way isolating module invention 18 and an optical coupling isolating control module invention 19,
the image acquisition module invention 3 is fixed above the touch display module invention 2 of the intranet machine and is used for recording identity image information of an operator; the invention of a non-secret import module 7 is arranged below the invention of a touch display module 6 of an intermediate machine and used for importing non-secret files through an optical disk, the invention of a secret import module 8 is arranged below the invention of the non-secret import module 7 and used for importing secret-related file information through the optical disk, and the invention of a one-way import module 9 is arranged on the right side of the invention of the non-secret import module 7 and used for importing the non-secret and secret-related file information through a USB Key.
The invention of the internal network machine control module 17 is installed on the invention of the interlayer 20 in the equipment and is used for running internal network machine control programs and controlling the running state of the invention of the optical coupling isolation control module 19 through the invention of the optical drive driving board 17. The invention of the middleware control module 16 is installed at the bottom of the equipment and used for controlling program operation of the middleware and reading the operation state of the invention of the optical coupling isolation control module 19 by the invention of the optical drive driving board 16. The invention relates to an optical coupling isolation control module 19 which is a link between an intranet machine and an intermediate machine, and realizes that an intermediate machine control program can know whether a user operates the intranet machine end in real time. The unidirectional isolation module invention 18 is fixed above the intermediate machine control module invention 16, so that data transmission from a non-confidential network to a confidential network can be realized, and the system does not have any feedback signal during unidirectional data transmission, so that the leakage of network information of a high security domain can be effectively prevented.
The invention of the outer cover 1 is the appearance structure of the apparatus, is used for fixing each functional assembly of part, the invention of touching display module of machine of the intranet of the left side of front of the apparatus 2, used in the interface display of the intranet machine and real-time operation, the invention of touching display module of middle machine of right side of front of the apparatus 6, used for interface display and real-time operation of the middle machine separately;
the IC card reading module invention 4, the fingerprint identification module invention 5 and the image acquisition module invention 3 are all connected with the intranet machine control module invention 17, the intranet machine control module invention 17 is connected with the management server, the IC card reading module invention 4 and the fingerprint identification module invention 5 are used for reading the IC card or the fingerprint information of an applicant and inputting the IC card or the fingerprint information into the management server through the intranet machine control module invention 17, the management server compares the IC card or the fingerprint information with the user information in the management server, and if the IC card or the fingerprint information is successfully matched with the user information in the management server, the identity of the applicant passes the verification; while reading the IC card or fingerprint information, the invention 3 of the image acquisition module collects the image information of the applicant and transmits the image information to the management server;
after the identity authentication is passed, the invention 2 displays all the import application instruction information stored on the management server through the internet access machine touch display module, and selects one of the import application instruction information;
the intranet machine control module invention 17 converts the selected import application instruction information into digital verification information through a Hash algorithm, wherein the digital verification information comprises a task number, a task security level and check code information, is displayed by the intranet machine touch display module invention 2, and starts an import process;
the invention of the optical coupling isolation control module 19 is connected with the invention of the internal network machine control module 17, after the leading-in process is started, the invention of the internal network machine control module 17 turns on the indicator light in the invention of the optical coupling isolation control module 19 for 10 seconds, the invention can be set, if the invention of the optical coupling isolation control module 19 in 10 seconds is used, the optical sensor device receives the optical signal sent by the indicator light and feeds the optical signal back to the invention of the intermediate machine control module 16, the invention of the intermediate machine control module 16 is successfully activated, and the invention of the intermediate machine touch display module 6 in the invention prompts to input digital verification information; if the invention 16 of the intermediate machine control module does not receive the optical signal fed back by the optical sensor within 10 seconds, the invention 16 of the intermediate machine control module fails to be activated;
the invention inputs the digital verification information into the invention of the middleware control module 16, the invention of the middleware control module 16 analyzes whether the input digital verification information comprises the information of the task number, the task security level and the check code through the Hash algorithm, if the input digital verification information comprises the information of the task number, the task security level and the check code,
the applicant selects the non-secret import module invention 7 invention, the secret import module invention 8 invention or the one-way import module invention 9 invention to import the file through the intermediate machine control module invention 16 invention, and stores the import file in the local area of the intermediate machine control module invention 16 invention; if the invention 7 of the non-secret import module or the invention 8 of the secret import module is selected to import the file, the invention 16 of the middleware control module controls the invention 7 of the non-secret import module or the invention 8 of the secret import module, and if the invention 7 of the non-secret import module or the invention 8 of the secret import module is empty, the CD driver is opened and the content of the CD is read;
the invention of the middleware control module 16 checks the imported file, and the check to be completed comprises the following steps: file security level, whether the compressed file is encrypted or not and virus check;
a) document encryption check
Checking whether the file identifies the file security level according to the security requirement. And carrying out encryption check on the file name of the file to be imported, and judging whether the tail part of the file name (except a file suffix) contains secret key words, wherein the secret key words comprise secret, internal, core quotient secret, common quotient secret and public. When all files meet the standard secret rule, allowing to continuously import; otherwise, the user is prompted to mark the password incorrectly, and the user cannot continue to import the password.
b) Compressed file inspection
And checking whether the imported compressed file is encrypted or not, and if the imported compressed file is the encrypted compressed file, avoiding the risk of checking, so that the import is forbidden.
c) Virus examination
The system is embedded with a virus checking engine to check the virus of the imported file, and the import is allowed to continue after the scanning is passed.
The invention of the intermediate machine control module 16 uses an encryption algorithm to encrypt the electronic file to be imported and the digital verification information analyzed and input by the invention of the intermediate machine control module 16, and a compressed file is formed after encryption is finished;
one end of the invention of the unidirectional isolation module 18 is connected with the invention of the intermediate machine control module 16, the other end is connected with the management server, the invention of the intermediate machine control module 16 sends the compressed file to be imported to the invention of the unidirectional isolation module 18, the invention of the unidirectional isolation module 18 forwards the compressed file to the management server in a unidirectional way, and the invention of the intermediate machine control module 16 cleans the compressed file imported locally;
the management server receives the encrypted compressed file sent by the invention of the middleware control module 16, decrypts the encrypted compressed file, matches the task number in the decrypted file with the task number in the imported application instruction information, and forwards the file to the applicant if the matching is successful; if the continuous import or the matching is unsuccessful, the applicant selects a non-secret import module invention 7, a secret import module invention 8 or a one-way import module invention 9 to import the file again through the intermediate machine control module invention 16.
A self-help importing method for files among networks is disclosed, as shown in FIG. 3 and FIG. 4, and mainly comprises the following steps:
(1) initiating a task import application
The applicant sends the task import application instruction information to the management server through the management system, and the management server stores the task import application instruction information;
(2) user identity verification
The method comprises the following steps that an applicant inputs login information to a management server on an intranet client in a user name password or fingerprint or card swiping mode, the management server collects the user login information and compares the information with user information in the management server, and if matching is successful, user identity authentication is passed;
(3) selecting import tasks
After the identity authentication is passed, displaying all the import application instruction information stored on the management server through the intranet client, and selecting one of the import application instruction information;
(4) generating digital authentication information
The intranet machine client converts the selected import application instruction information into digital verification information through a Hash algorithm, the digital verification information comprises a task number, a task security level and check code information, the digital verification information is displayed on the intranet machine client, and an import flow is started;
(5) activating an intermediary client
After the import process is started, the intranet client lights an indicator lamp in the optical coupling isolation control module for 10 seconds (which can be set), if an optical sensor in the optical coupling isolation control module receives an optical signal sent by the indicator lamp within 10 seconds and feeds the optical signal back to the middle client, the middle client activates successfully, and the middle client prompts to input digital verification information; if the intermediate machine client does not receive the optical signal fed back by the optical sensor within 10 seconds, the intermediate machine client fails to activate;
(6) inputting digital authentication information
Inputting the digital verification information into an intermediate machine client, analyzing whether the input digital verification information comprises a task number, a task security level and check code information or not by the intermediate machine client through a Hash algorithm, and entering the step (7) if the input digital verification information comprises the task number, the task security level and the check code information;
if the identity authentication is not carried out on the internal network machine client and the import process is started (the indication lamp of the internal network machine involved in secret is not lighted), the login verification of the intermediate machine involved in secret cannot be finished even if a correct login verification code is input into the intermediate machine involved in secret. The login of the secret-related intermediate machine is actually double authentication, and the login verification of the secret-related intermediate machine can be completed only when a correct login verification code is input and an optical signal is received. After verification is completed, the confidential intermediate machine can enter the file import process.
(7) Selecting import files
The applicant selects the import file through the read-only optical drive or the one-way import module by the intermediate machine client, and stores the import file on the local of the intermediate machine client; if the file is imported through the read-only optical drive, the intermediate machine client controls the read-only optical drive, and if the read-only optical drive is empty, the optical drive is opened and the content of the optical disk is read;
(8) document inspection
The imported file is checked, and the check to be completed comprises the following steps: file security level, whether the compressed file is encrypted or not and virus check;
a) document encryption check
Checking whether the file identifies the file security level according to the security requirement. And carrying out encryption check on the file name of the file to be imported, and judging whether the tail part of the file name (except a file suffix) contains secret key words, wherein the secret key words comprise secret, internal, core quotient secret, common quotient secret and public. When all files meet the standard secret rule, allowing to continuously import; otherwise, the user is prompted to mark the password incorrectly, and the user cannot continue to import the password.
b) Compressed file inspection
And checking whether the imported compressed file is encrypted or not, and if the imported compressed file is the encrypted compressed file, avoiding the risk of checking, so that the import is forbidden.
c) Virus examination
The system is embedded with a virus checking engine to check the virus of the imported file, and the import is allowed to continue after the scanning is passed.
(9) File encryption and packaging
The intermediate machine client side carries out encryption processing on the electronic file to be imported and the digital verification information analyzed in the step (6) by using an encryption algorithm, and a compressed file is formed after encryption is finished;
(10) file delivery
The intermediate machine client sends the compressed file to be imported to the one-way isolation module, the one-way isolation module forwards the compressed file to the management server in a one-way mode, and the intermediate machine client cleans the locally imported compressed file;
(11) file reception
The management server receives the encrypted compressed file sent from the client of the middleware machine, decrypts the encrypted compressed file, matches the task number in the decrypted file with the task number in the imported application instruction information, and forwards the file to a management system of an applicant if matching is successful; and (5) if the import is continued or the matching is unsuccessful, returning to the step (7).
Compared with a manual on-duty centralized import mode, the automatic file import method has the advantages that the automatic processing is realized on the file import link needing manual processing, the use is convenient and easy, the file import speed is greatly increased, and the service timeliness requirement is met.
Compared with a manual on-duty centralized import mode, the method and the system are completely finished by an individual user according to the file import flow set by the system, the operation behavior can be audited, errors such as misoperation and missing operation caused by manual intervention are reduced, the risk of expanding the knowledge range of the confidential files is reduced, and the safety is better ensured.
The invention fully considers the requirements of adjustment of the business management process and change of the service requirement, supports large-scale and large-capacity file import, has good stability, can realize configuration adjustment in a certain range, and is more suitable for the actual deployment requirement.
The present invention has not been described in detail as is known to those skilled in the art.

Claims (9)

1. The utility model provides an internetwork file self-service import system which characterized in that: comprises a shell (1), an intranet machine touch display module (2), an image acquisition module (3), an IC card reading module (4), a fingerprint identification module (5), an intermediate machine touch display module (6), a non-secret import module (7), a secret-involved import module (8), a one-way import module (9), an intermediate machine control module (16), an intranet machine control module (17), a one-way isolation module (18) and an optical coupling isolation control module (19),
the IC card reading module (4), the fingerprint identification module (5) and the image acquisition module (3) are all connected with the internal network machine control module (17), the internal network machine control module (17) is connected with the management server, the IC card reading module (4) and the fingerprint identification module (5) are used for reading the IC card or the fingerprint information of an applicant and inputting the IC card or the fingerprint information into the management server through the internal network machine control module (17), the management server compares the IC card or the fingerprint information with the user information in the management server, and if the IC card or the fingerprint information is successfully matched with the user information in the management server, the identity verification of the applicant is passed;
after the identity authentication is passed, displaying all the import application instruction information stored on the management server through the intranet machine touch display module (2), and selecting one of the import application instruction information;
the intranet machine control module (17) converts the selected import application instruction information into digital verification information through a Hash algorithm, displays the digital verification information on the intranet machine touch display module (2), and starts an import process;
the optical coupling isolation control module (19) is connected with the internal network machine control module (17), after a leading-in process is started, the internal network machine control module (17) lights an indicator lamp in the optical coupling isolation control module (19), if a light sensor in the optical coupling isolation control module (19) receives an optical signal sent by the indicator lamp during the lighting period of the indicator lamp and feeds the optical signal back to the intermediate machine control module (16), the intermediate machine control module (16) is successfully activated, and the intermediate machine touch display module (6) prompts input of digital verification information; if the indicator lamp is turned on and the internal intermediate machine control module (16) does not receive the optical signal fed back by the optical sensor, the intermediate machine control module (16) fails to be activated;
inputting the digital verification information into the intermediate machine control module (16), the intermediate machine control module (16) analyzes whether the input digital verification information is correct through a Hash algorithm, if so,
the applicant selects a non-secret import module (7), a secret-related import module (8) or a one-way import module (9) to import the file through the intermediate machine control module (16), and stores the import file on the local part of the intermediate machine control module (16);
the intermediate machine control module (16) encrypts the electronic file to be imported and the digital verification information analyzed and input by the intermediate machine control module (16) by using an encryption algorithm, and a compressed file is formed after encryption is completed;
one end of the unidirectional isolation module (18) is connected with the intermediate machine control module (16), the other end of the unidirectional isolation module is connected with the management server, the intermediate machine control module (16) sends a compressed file to be imported to the unidirectional isolation module (18), the unidirectional isolation module (18) forwards the compressed file to the management server in a unidirectional mode, and the intermediate machine control module (16) cleans the locally imported compressed file;
the management server receives the encrypted compressed file sent by the middleware control module (16), decrypts the encrypted compressed file, matches the task number in the decrypted file with the task number in the imported application instruction information, and forwards the file to the applicant if the matching is successful; if the import is continued or the matching is unsuccessful, the applicant selects a non-secret import module (7), a secret import module (8) or a one-way import module (9) to import the file again through the intermediate machine control module (16);
the digital verification information comprises a task number, a task security level and check code information.
2. The system for self-help importing the internet documents as claimed in claim 1, wherein the housing (1) is used for fixing functional components of each part, the left side of the front surface of the system is fixed with the touch display module (2) of the intranet machine for interface display and real-time operation of the intranet machine, and the right side of the front surface of the system is fixed with the touch display module (6) of the middle machine for interface display and real-time operation of the middle machine.
3. The internet document self-help importing system according to claim 1, wherein the image collecting module (3) collects image information of the applicant while reading the IC card or the fingerprint information, and transmits the image information to the management server.
4. The system for self-help importing the internet files as claimed in claim 1, wherein the middleware control module (16) analyzes whether the input digital verification information comprises a task number, a task security level and check code information through a hash algorithm.
5. The system for automatically importing the internet files as claimed in claim 1, wherein the middleware control module (16) checks the imported files, and the checks to be completed comprise: file security level, whether the compressed file is encrypted, and virus checking.
6. The system for self-help importing the files among the networks according to claim 5, wherein in the file encryption check, the file name of the file to be imported is subjected to encryption check, whether the tail part of the file name contains encryption keywords is judged, the encryption keywords comprise secret, internal, core encryption, common encryption and public encryption, and when all the files meet encryption rules, the file is allowed to be continuously imported; otherwise, the user is prompted to mark the password incorrectly, and the user cannot continue to import the password.
7. The system for self-help importing the internet files as claimed in claim 5, wherein in the compressed file check, whether the imported compressed files are encrypted is checked, and if the imported compressed files are encrypted, the risk of avoiding the check exists, and the import is prohibited.
8. A self-help importing method of files among networks is characterized by comprising the following specific steps:
(1) initiating a task import application:
the applicant sends the task import application instruction information to the management server through the management system, and the management server stores the task import application instruction information;
(2) user identity authentication:
the method comprises the following steps that an applicant inputs login information to a management server on an intranet client in a user name password or fingerprint or card swiping mode, the management server collects the user login information and compares the information with user information in the management server, and if matching is successful, user identity authentication is passed;
(3) selecting an import task:
after the identity authentication is passed, displaying all the import application instruction information stored on the management server through the intranet client, and selecting one of the import application instruction information;
(4) generating digital verification information:
the intranet machine client converts the selected import application instruction information into digital verification information through a Hash algorithm, the digital verification information comprises a task number, a task security level and check code information, the digital verification information is displayed on the intranet machine client, and an import flow is started;
(5) activating the intermediate machine client:
after the importing process is started, the intranet client lights an indicator lamp in the optical coupling isolation control module, if an optical sensor in the optical coupling isolation control module receives an optical signal sent by the indicator lamp during the lighting period of the indicator lamp, and feeds the optical signal back to the middle client, the middle client activates successfully, and the middle client prompts to input digital verification information; if the intermediate machine client does not receive the optical signal fed back by the optical sensor during the lighting period of the indicator lamp, the intermediate machine client fails to activate;
(6) inputting digital verification information:
inputting the digital verification information into an intermediate machine client, analyzing whether the input digital verification information comprises a task number, a task security level and check code information or not by the intermediate machine client through a Hash algorithm, and entering the step (7) if the input digital verification information comprises the task number, the task security level and the check code information;
(7) selecting an import file:
the applicant selects the import file through the read-only optical drive or the one-way import module by the intermediate machine client, and stores the import file on the local of the intermediate machine client; if the file is imported through the read-only optical drive, the intermediate machine client controls the read-only optical drive, and if the read-only optical drive is empty, the optical drive is opened and the content of the optical disk is read;
(8) file checking:
the imported file is checked, and the check to be completed comprises the following steps: file security level, whether the compressed file is encrypted or not and virus check;
(9) encrypting and packaging the file:
the intermediate machine client side carries out encryption processing on the electronic file to be imported and the digital verification information analyzed in the step (6) by using an encryption algorithm, and a compressed file is formed after encryption is finished;
(10) and (3) file sending:
the intermediate machine client sends the compressed file to be imported to the one-way isolation module, the one-way isolation module forwards the compressed file to the management server in a one-way mode, and the intermediate machine client cleans the locally imported compressed file;
(11) file receiving:
the management server receives the encrypted compressed file sent from the client of the middleware machine, decrypts the encrypted compressed file, matches the task number in the decrypted file with the task number in the imported application instruction information, and forwards the file to a management system of an applicant if matching is successful; and (5) if the import is continued or the matching is unsuccessful, returning to the step (7).
9. The method for self-help importing the internet document according to claim 8, wherein in the step (8):
a) file encryption checking:
carrying out encryption check on the file name of the file to be imported, and judging whether the tail part of the file name contains encryption keywords, wherein the encryption keywords comprise secret, internal, core encryption, common encryption and public; when all files meet the standard secret rule, allowing to continuously import; otherwise, prompting the user that the mark density is wrong and the user cannot continuously import the mark density;
b) and (3) compressed file checking:
checking whether the imported compressed file is encrypted or not, and if the imported compressed file is the encrypted compressed file, avoiding the risk of checking, and forbidding the import;
c) virus examination:
the system is embedded with a virus checking engine to check the virus of the imported file, and the import is allowed to continue after the scanning is passed.
CN201910667366.7A 2019-07-23 2019-07-23 Internet file self-help importing system and method Active CN110580406B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910667366.7A CN110580406B (en) 2019-07-23 2019-07-23 Internet file self-help importing system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910667366.7A CN110580406B (en) 2019-07-23 2019-07-23 Internet file self-help importing system and method

Publications (2)

Publication Number Publication Date
CN110580406A CN110580406A (en) 2019-12-17
CN110580406B true CN110580406B (en) 2021-08-10

Family

ID=68811078

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910667366.7A Active CN110580406B (en) 2019-07-23 2019-07-23 Internet file self-help importing system and method

Country Status (1)

Country Link
CN (1) CN110580406B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN111369249A (en) * 2020-02-25 2020-07-03 桂林微网互联信息技术有限公司 Digital encryption authorization processing method and user terminal
CN112037435A (en) * 2020-07-30 2020-12-04 中国航天系统科学与工程研究院 Internet file self-service scanning system and method
CN112613625B (en) * 2020-12-24 2022-10-28 中国航天系统科学与工程研究院 Internet file self-service recovery system and method

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN202178780U (en) * 2011-08-31 2012-03-28 公安部第三研究所 Internal-and-external network safety isolation system based on one-way transmission
US8737154B2 (en) * 2010-03-29 2014-05-27 Micron Technology, Inc. Voltage regulators, amplifiers, memory devices and methods
CN105471809A (en) * 2014-05-28 2016-04-06 北京奇虎科技有限公司 Verification method and verification system for software authorization information
CN109150912A (en) * 2018-10-17 2019-01-04 北京京航计算通讯研究所 Big data exchanges management method between net based on secure memory techniques
CN109302400A (en) * 2018-10-17 2019-02-01 成都安恒信息技术有限公司 A kind of cryptographic asset deriving method for O&M auditing system

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
ES2611946B1 (en) * 2016-11-23 2018-02-14 Consultores De Firma Avanzada, S.L. PROCEDURE FOR DIGITAL SIGNATURE AND SYSTEM FOR PRACTICE OF SUCH PROCEDURE
CN109255263A (en) * 2018-10-17 2019-01-22 北京京航计算通讯研究所 Big data exchanges management system between net based on secure memory techniques

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8737154B2 (en) * 2010-03-29 2014-05-27 Micron Technology, Inc. Voltage regulators, amplifiers, memory devices and methods
CN202178780U (en) * 2011-08-31 2012-03-28 公安部第三研究所 Internal-and-external network safety isolation system based on one-way transmission
CN105471809A (en) * 2014-05-28 2016-04-06 北京奇虎科技有限公司 Verification method and verification system for software authorization information
CN109150912A (en) * 2018-10-17 2019-01-04 北京京航计算通讯研究所 Big data exchanges management method between net based on secure memory techniques
CN109302400A (en) * 2018-10-17 2019-02-01 成都安恒信息技术有限公司 A kind of cryptographic asset deriving method for O&M auditing system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
互联网与内网接入安全技术研究;张富奎;《万方数据库》;20110427;第42-45页 *

Also Published As

Publication number Publication date
CN110580406A (en) 2019-12-17

Similar Documents

Publication Publication Date Title
CN110580406B (en) Internet file self-help importing system and method
CN1984213B (en) Authentication apparatus and image forming apparatus
CN103383789B (en) A kind of method and system for detecting true from false of bills
US7613929B2 (en) Method and system for biometric identification and authentication having an exception mode
US8572703B2 (en) System and method for authenticating a user of an image processing system
EP2571241B1 (en) Management apparatus, image forming apparatus management system
US20060230286A1 (en) System and method for authenticating a user of an image processing system
US8505066B2 (en) Security audit system and method
EP3385895A1 (en) Biometric information personal identity authenticating system and method using financial card information stored in mobile communication terminal
CN107977584A (en) The safe copy system of desktop type
CN104834853B (en) A kind of personal identification method, device and information security type duplicator
CN102300020A (en) Image processing apparatus and user authentication method for image processing apparatus
CN109243012A (en) Access control system
CN102223237A (en) Data signature authentication method and data signature authentication system
CN102364888B (en) Setting method, setting system, terminal and authentication server for dynamic token key factor
CN107977174A (en) Cloud print system and method based on wechat barcode scanning certification
CN104202304A (en) Method for certificating the seal by third party, and seal certification system based on the method
JP2012088859A (en) Information processor, information processing method, and program
CN1698055A (en) Personal information control system, mediation system, and terminal unit
CN1321950A (en) Content sender machine, content receiver machine, authorizing method and system
JP2008040912A (en) Facsimile transmission and reception system with authentication function, device, transmitting and receiving method and program for transmission and reception
JP2004118709A (en) Printing method by print system, print system, server computer, authenticating method with print system, computer program, and storage medium readable with computer
CN102474498B (en) Authentication method for user identification equipment
JP2012073829A (en) Image formation system
CN107070916A (en) Account binding method and system and storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant