CN112600845A - Network security isolation and information exchange method and system - Google Patents

Network security isolation and information exchange method and system Download PDF

Info

Publication number
CN112600845A
CN112600845A CN202011480383.9A CN202011480383A CN112600845A CN 112600845 A CN112600845 A CN 112600845A CN 202011480383 A CN202011480383 A CN 202011480383A CN 112600845 A CN112600845 A CN 112600845A
Authority
CN
China
Prior art keywords
file
program
information
production
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011480383.9A
Other languages
Chinese (zh)
Inventor
王西雁
王怀斌
孙浩
王永飞
周贺
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Power Machinery Institute
Original Assignee
Beijing Power Machinery Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Power Machinery Institute filed Critical Beijing Power Machinery Institute
Priority to CN202011480383.9A priority Critical patent/CN112600845A/en
Publication of CN112600845A publication Critical patent/CN112600845A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q30/00Commerce
    • G06Q30/06Buying, selling or leasing transactions
    • G06Q30/0601Electronic shopping [e-shopping]
    • G06Q30/0633Lists, e.g. purchase orders, compilation or processing
    • G06Q30/0635Processing of requisition or of purchase orders
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/02Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
    • H04L67/025Protocols based on web technology, e.g. hypertext transfer protocol [HTTP] for remote control or remote monitoring of applications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/12Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • Accounting & Taxation (AREA)
  • Software Systems (AREA)
  • Health & Medical Sciences (AREA)
  • General Physics & Mathematics (AREA)
  • Finance (AREA)
  • General Health & Medical Sciences (AREA)
  • Virology (AREA)
  • Medical Informatics (AREA)
  • Development Economics (AREA)
  • Economics (AREA)
  • Marketing (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Factory Administration (AREA)

Abstract

The invention discloses a method and a system for network security isolation and information exchange, wherein the method comprises the following steps: collecting a production task, a process file and a numerical control machining (NC) program from a secret-related information system; transmitting the production task, the process file and the numerical control machining NC program to an intelligent workshop network so that an intelligent workshop can obtain the production task, the process file and the numerical control machining NC program from the intelligent workshop network; and acquiring the state information of the industrial control equipment, the execution condition of the production task, the material storage information and the NC filing program file in the intelligent network, and transmitting the state information of the industrial control equipment, the execution condition of the production task, the material storage information and the NC filing program file back to the confidential information system. The method safely transmits the information such as production plans, process files, NC programs and the like required in the production process to the intelligent workshop from the confidential information system, and safely transmits the information such as the production progress, equipment states, product data and the like of the intelligent workshop back to the confidential information system, so that the aim of integration of design, production and management is fulfilled.

Description

Network security isolation and information exchange method and system
Technical Field
The invention relates to the technical field of information processing, in particular to a network security isolation and information exchange method and system.
Background
At present, due to the reason of security and confidentiality, a confidential information system and an intelligent workshop network are in a physical isolation state, data exchange between the confidential information system and the intelligent workshop network is realized by means of optical disc recording and manual input in the daily scientific research and production process, the data exchange efficiency is low, the requirements of design and production quick iteration, production data quick processing, decision analysis and the like cannot be met, and the problem needs to be solved.
Disclosure of Invention
The present invention is directed to solving, at least to some extent, one of the technical problems in the related art.
Therefore, one objective of the present invention is to provide a network security isolation and information exchange method, which safely transmits information such as production plans, process files, NC programs and the like required in the production process from a secret-related information system to an intelligent workshop, and safely transmits information such as production progress, equipment states, product data and the like of the intelligent workshop back to the secret-related information system, so as to achieve the goal of integration of design, production and management.
Another object of the present invention is to provide a network security isolation and information exchange system.
It is a further object of the invention to propose an electronic device.
It is yet another object of the present invention to provide a computer storage medium.
In order to achieve the above object, an embodiment of an aspect of the present invention provides a method for network security isolation and information exchange, including the following steps: collecting a production task, a process file and a numerical control machining (NC) program from a secret-related information system; transmitting the production tasks, the process files and the numerical control machining NC program to an intelligent workshop network so that an intelligent workshop can obtain the production tasks, the process files and the numerical control machining NC program from the intelligent workshop network; and acquiring the state information of the industrial control equipment, the execution condition of the production task, the material storage information and the NC filing program file in the intelligent network, and transmitting the state information of the industrial control equipment, the execution condition of the production task, the material storage information and the NC filing program file back to the confidential information system.
The network security isolation and information exchange method of the embodiment of the invention adopts controllable one-way transmission control measures between a workshop MES and DNC system, a logistics storage system and a confidential net MES and DNC service system through networking of an intelligent workshop numerical control machine tool and logistics storage equipment, realizes one-way security transmission of production tasks, process files and numerical control processing NC programs in the confidential information system to the intelligent workshop network, and security return of state information, production task execution conditions, material storage information and NC filing program files of industrial control equipment in the intelligent workshop network to the confidential information system. Meanwhile, considering the security requirement, the DNC and MES system in the confidential information system is transformed in a security manner, a network security isolation and information exchange system between the intelligent workshop network and the confidential information system is constructed, the industrial control equipment and the system of the intelligent workshop are upgraded in a security reinforcing manner, the security management after the security interconnection of the intelligent workshop network and the confidential information system is strengthened, the security interconnection of the confidential information system and the intelligent workshop network is finally realized, and the comprehensive informatization management level of workshop production design is improved.
In addition, the network security isolation and information exchange method according to the above embodiment of the present invention may further have the following additional technical features:
further, in an embodiment of the present invention, the method for network security isolation and information exchange further includes: and carrying out security transformation on the DNC system and the MES system in the security information system to acquire the acquisition and production task, the process file and the NC program by adopting a preset security strategy.
Further, in an embodiment of the present invention, the performing security transformation on the service systems of the DNC system and the MES system in the confidential information system includes: the production order of the MES system is examined through a data transmission examination and approval system, and the production order is uploaded after the examination is passed; and aiming at the machine tool state information of the MES system, converting the machine tool state information into a preset file format, and uploading the machine tool state information back after searching and killing viruses and malicious codes.
Further, in an embodiment of the present invention, the performing security transformation on the service systems of the DNC system and the MES system in the confidential information system includes: for the NC file and the first program model of the DNC system, the NC file and the first program model are examined through a data transmission examination and approval system and are issued to an industrial system after the examination is passed; and for the archived NC file and the second program model of the DNC system, the archived NC file and the second program model are inspected through a data transmission inspection and approval system, and after the inspection is passed, the archived NC file and the second program model are transmitted back to the confidential information system in an uplink mode.
In order to achieve the above object, another embodiment of the present invention provides a network security isolation and information exchange system, including: the acquisition module is used for acquiring production tasks, process files and numerical control machining (NC) programs from the confidential information system; the transmission module is used for transmitting the production tasks, the process files and the numerical control machining NC programs to an intelligent workshop network so that an intelligent workshop can obtain the production tasks, the process files and the numerical control machining NC programs from the intelligent workshop network; and the return module is used for acquiring the state information of the industrial control equipment, the execution condition of the production task, the material storage information and the NC filing program file in the intelligent network, and returning the state information of the industrial control equipment, the execution condition of the production task, the material storage information and the NC filing program file to the secret-related information system.
The network safety isolation and information exchange system of the embodiment of the invention adopts controllable one-way transmission control measures between a workshop MES and DNC system, a logistics storage system and a confidential net MES and DNC service system through networking of an intelligent workshop numerical control machine tool and logistics storage equipment, realizes one-way safety transmission of production tasks, process files and numerical control processing NC programs in the confidential information system to the intelligent workshop network, and safe return of state information, production task execution conditions, material storage information and NC filing program files of industrial control equipment in the intelligent workshop network to the confidential information system. Meanwhile, considering the security requirement, the DNC and MES system in the confidential information system is transformed in a security manner, a network security isolation and information exchange system between the intelligent workshop network and the confidential information system is constructed, the industrial control equipment and the system of the intelligent workshop are upgraded in a security reinforcing manner, the security management after the security interconnection of the intelligent workshop network and the confidential information system is strengthened, the security interconnection of the confidential information system and the intelligent workshop network is finally realized, and the comprehensive informatization management level of workshop production design is improved.
In addition, the network security isolation and information exchange system according to the above embodiment of the present invention may further have the following additional technical features:
further, in an embodiment of the present invention, the above-mentioned network security isolation and information exchange system further includes: and the reconstruction module is used for carrying out safe and confidential reconstruction on a DNC system and an MES system in the confidential information system so as to acquire the acquisition production task, the process file and the NC program by adopting a preset confidential strategy.
Further, in an embodiment of the present invention, the modification module is specifically configured to: the production order of the MES system is examined through a data transmission examination and approval system, and the production order is uploaded after the examination is passed; and aiming at the machine tool state information of the MES system, converting the machine tool state information into a preset file format, and uploading the machine tool state information back after searching and killing viruses and malicious codes.
Further, in an embodiment of the present invention, the modification module is further configured to: for the NC file and the first program model of the DNC system, the NC file and the first program model are examined through a data transmission examination and approval system and are issued to an industrial system after the examination is passed; and for the archived NC file and the second program model of the DNC system, the archived NC file and the second program model are inspected through a data transmission inspection and approval system, and after the inspection is passed, the archived NC file and the second program model are transmitted back to the confidential information system in an uplink mode.
In order to achieve the above object, an embodiment of another aspect of the present invention provides an electronic device, including: the system comprises a memory, a processor and a computer program which is stored on the memory and can run on the processor, wherein the processor executes the program to realize the network security isolation and information exchange method.
To achieve the above object, a further embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor to implement the network security isolation and information exchange method described above.
Additional aspects and advantages of the invention will be set forth in part in the description which follows and, in part, will be obvious from the description, or may be learned by practice of the invention.
Drawings
The foregoing and/or additional aspects and advantages of the present invention will become apparent and readily appreciated from the following description of the embodiments, taken in conjunction with the accompanying drawings of which:
FIG. 1 is a flow chart of a method for network security isolation and information exchange according to an embodiment of the present invention;
fig. 2 is a schematic diagram of a downstream data derivation information flow according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an upstream non-real-time data import flow according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an upstream real-time data import flow according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a downstream data derivation information flow according to an embodiment of the present invention;
fig. 6 is a schematic diagram of an upstream non-real-time data import flow according to an embodiment of the present invention;
fig. 7 is a block diagram of a network security isolation and information exchange system according to an embodiment of the present invention.
Detailed Description
Reference will now be made in detail to embodiments of the present invention, examples of which are illustrated in the accompanying drawings, wherein like or similar reference numerals refer to the same or similar elements or elements having the same or similar function throughout. The embodiments described below with reference to the drawings are illustrative and intended to be illustrative of the invention and are not to be construed as limiting the invention.
The following describes a method and a system for network security isolation and information exchange according to an embodiment of the present invention with reference to the accompanying drawings, and first, the method for network security isolation and information exchange according to an embodiment of the present invention will be described with reference to the accompanying drawings.
Fig. 1 is a flowchart of a network security isolation and information exchange method according to an embodiment of the present invention.
As shown in fig. 1, the network security isolation and information exchange method includes the following steps:
in step S101, a production task, a process file, and a NC program are collected from the confidential information system.
It can be appreciated that embodiments of the present invention may first collect production tasks, process files, and NC programs from a confidential information system. The acquisition mode may be an acquisition mode in the related art, and details are not described herein in order to avoid redundancy.
In step S102, the production task, the process file, and the NC program are transmitted to the intelligent workshop network, so that the intelligent workshop can obtain the production task, the process file, and the NC program from the intelligent workshop network.
In step S103, state information of the industrial control device, execution of the production task, material storage information, and NC archive program files in the intelligent network are obtained, and the state information of the industrial control device, the execution of the production task, the material storage information, and the NC archive program files are transmitted back to the confidential information system.
Further, in an embodiment of the present invention, the method for network security isolation and information exchange further includes: the safety and confidentiality transformation is carried out on the DNC system and the MES system in the confidential information system, so that a preset confidentiality strategy is adopted to collect production tasks, process files and numerical control machining (NC) programs.
Specifically, the downlink transmission data of the original MES system mainly is a production worksheet file, which is a low real-time requirement file, the functional module of the original MES system needs to be combed according to the 'request opinion draft', and the downlink transmission production worksheet file can be issued to the industrial control system through the data transmission examination and approval system.
Further, in an embodiment of the present invention, the performing security transformation on the service systems of the DNC system and the MES system in the security-related information system includes: according to the production order of the MES system, the production order is examined through a data transmission examination and approval system, and the production order is uploaded after the examination is passed; and aiming at the machine tool state information of the MES system, converting the machine tool state information into a preset file format, and uploading the machine tool state information back after searching and killing viruses and malicious codes.
Specifically, as shown in fig. 2 to 4, the uplink transmission data of the original MES system includes a production order and machine state information, wherein the production order feedback file belongs to a low real-time requirement file, and according to the "request comment draft", the uplink transmission production order file can be transmitted back to the confidential information system by going through the data transmission examination and approval system. The machine tool state information belongs to a file with high real-time requirement, and can be automatically transmitted back to a secret-related information system in an uplink mode on the premise that file formats, viruses and malicious codes are searched and killed according to a 'solicited opinion draft'.
Further, in an embodiment of the present invention, the performing security transformation on the service systems of the DNC system and the MES system in the security-related information system includes: aiming at an NC file and a first program model of a DNC system, the NC file and the first program model are examined through a data transmission examination and approval system and are issued to an industrial system after the examination is passed; and for the archived NC file and the second program model of the DNC system, the archived NC file and the second program model are inspected through the data transmission inspection and approval system, and after the inspection is passed, the archived NC file and the second program model are transmitted back to the confidential information system in an uplink mode.
Specifically, as shown in fig. 5 to fig. 6, the embodiments of the present invention may require security modification of the DNC system by referring to the technical requirements (solicitation for comments) of information exchange between the confidential information system and the industrial control system and by specifying the principle of service information flow in the interconnected system.
The downlink transmission data of the original DNC system mainly comprise NC files and program models, the files are low real-time requirement files, the functional modules of the original DNC system need to be combed according to the 'request opinion draft', and the downlink transmission NC files and the program models can be issued to the industrial control system only through the data transmission examination and approval system.
The original DNC system uplink transmission data comprises a filing NC file and a program model, belongs to a file with low real-time requirement, and can be transmitted back to a secret-related information system in an uplink mode only by a data transmission examination and approval system according to a 'request opinion draft'.
According to the network security isolation and information exchange method provided by the embodiment of the invention, through networking of an intelligent workshop numerical control machine and logistics storage equipment, controllable one-way transmission control measures are adopted between a workshop MES (manufacturing execution system), a DNC (digital network communication) system, a logistics storage system and a security-related MES (manufacturing execution system) and DNC (digital network communication) service system, so that one-way security transmission from a production task, a process file and a Numerical Control (NC) processing program in the security-related information system to an intelligent workshop network and security return from state information of industrial control equipment, execution conditions of the production task, material storage information and an NC filing program file in the intelligent workshop network to the security-related information system are realized. Meanwhile, considering the security requirement, the DNC and MES system in the confidential information system is transformed in a security manner, a network security isolation and information exchange system between the intelligent workshop network and the confidential information system is constructed, the industrial control equipment and the system of the intelligent workshop are upgraded in a security reinforcing manner, the security management after the security interconnection of the intelligent workshop network and the confidential information system is strengthened, the security interconnection of the confidential information system and the intelligent workshop network is finally realized, and the comprehensive informatization management level of workshop production design is improved.
Next, a network security isolation and information exchange system proposed according to an embodiment of the present invention is described with reference to the accompanying drawings.
Fig. 7 is a block diagram of a network security isolation and information exchange system according to an embodiment of the present invention.
As shown in fig. 7, the network security isolation and information exchange system 10 includes: an acquisition module 100, a transmission module 200 and a backhaul module 300.
The acquisition module 100 is used for acquiring production tasks, process files and NC programs from the confidential information system. The transmission module 200 is configured to transmit the production task, the process file, and the NC program to an intelligent workshop network, so that the intelligent workshop can obtain the production task, the process file, and the NC program from the intelligent workshop network. The return module 300 is configured to obtain state information of the industrial control device, execution conditions of the production task, material warehousing information, and an NC filing program file in the intelligent network, and return the state information of the industrial control device, the execution conditions of the production task, the material warehousing information, and the NC filing program file to the secret-related information system.
Further, in an embodiment of the present invention, the above-mentioned network security isolation and information exchange system further includes: and the transformation module is used for carrying out safe and confidential transformation on the business systems of the DNC system and the MES system in the confidential information system so as to adopt a preset confidential strategy to collect production tasks, process files and NC (numerical control) processing programs.
Further, in an embodiment of the present invention, the modification module is specifically configured to: according to the production order of the MES system, the production order is examined through a data transmission examination and approval system, and the production order is uploaded after the examination is passed; and aiming at the machine tool state information of the MES system, converting the machine tool state information into a preset file format, and uploading the machine tool state information back after searching and killing viruses and malicious codes.
Further, in an embodiment of the present invention, the retrofit module is further configured to: aiming at an NC file and a first program model of a DNC system, the NC file and the first program model are examined through a data transmission examination and approval system and are issued to an industrial system after the examination is passed; and for the archived NC file and the second program model of the DNC system, the archived NC file and the second program model are inspected through the data transmission inspection and approval system, and after the inspection is passed, the archived NC file and the second program model are transmitted back to the confidential information system in an uplink mode.
It should be noted that the foregoing explanation of the embodiment of the network security isolation and information exchange method is also applicable to the network security isolation and information exchange system of this embodiment, and is not repeated here.
According to the network security isolation and information exchange system provided by the embodiment of the invention, through networking of an intelligent workshop numerical control machine and logistics storage equipment, controllable one-way transmission control measures are adopted between a workshop MES (manufacturing execution system), a DNC (digital network communication) system, a logistics storage system and a security-related MES (manufacturing execution system) and DNC (digital network communication) service system, so that one-way security transmission from a production task, a process file and a Numerical Control (NC) processing program in the security-related information system to an intelligent workshop network and security return from state information of industrial control equipment, execution conditions of the production task, material storage information and an NC filing program file in the intelligent workshop network to the security-related information system are realized. Meanwhile, considering the security requirement, the DNC and MES system in the confidential information system is transformed in a security manner, a network security isolation and information exchange system between the intelligent workshop network and the confidential information system is constructed, the industrial control equipment and the system of the intelligent workshop are upgraded in a security reinforcing manner, the security management after the security interconnection of the intelligent workshop network and the confidential information system is strengthened, the security interconnection of the confidential information system and the intelligent workshop network is finally realized, and the comprehensive informatization management level of workshop production design is improved.
An embodiment of the present invention provides an electronic device, including: the network security isolation and information exchange method comprises a memory, a processor and a computer program which is stored in the memory and can run on the processor, wherein the processor executes the program to realize the network security isolation and information exchange method.
An embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, where the computer program is executed by a processor, so as to implement the network security isolation and information exchange method described above.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or implicitly indicating the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include at least one such feature. In the description of the present invention, "a plurality" means at least two, e.g., two, three, etc., unless specifically limited otherwise.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example," or "some examples," etc., mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above are not necessarily intended to refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples. Furthermore, various embodiments or examples and features of different embodiments or examples described in this specification can be combined and combined by one skilled in the art without contradiction.
Although embodiments of the present invention have been shown and described above, it is understood that the above embodiments are exemplary and should not be construed as limiting the present invention, and that variations, modifications, substitutions and alterations can be made to the above embodiments by those of ordinary skill in the art within the scope of the present invention.

Claims (10)

1. A network security isolation and information exchange method is characterized by comprising the following steps:
collecting a production task, a process file and a numerical control machining (NC) program from a secret-related information system;
transmitting the production tasks, the process files and the numerical control machining NC program to an intelligent workshop network so that an intelligent workshop can obtain the production tasks, the process files and the numerical control machining NC program from the intelligent workshop network; and
and acquiring the state information of the industrial control equipment, the execution condition of the production task, the material storage information and the NC filing program file in the intelligent network, and transmitting the state information of the industrial control equipment, the execution condition of the production task, the material storage information and the NC filing program file back to the confidential information system.
2. The method of claim 1, further comprising:
and carrying out security transformation on the DNC system and the MES system in the security information system to acquire the acquisition and production task, the process file and the NC program by adopting a preset security strategy.
3. The method of claim 2, wherein the performing security transformation on the business systems of the DNC system and the MES system in the classified information system comprises:
the production order of the MES system is examined through a data transmission examination and approval system, and the production order is uploaded after the examination is passed;
and aiming at the machine tool state information of the MES system, converting the machine tool state information into a preset file format, and uploading the machine tool state information back after searching and killing viruses and malicious codes.
4. The method of claim 2, wherein the performing security transformation on the business systems of the DNC system and the MES system in the classified information system comprises:
for the NC file and the first program model of the DNC system, the NC file and the first program model are examined through a data transmission examination and approval system and are issued to an industrial system after the examination is passed;
and for the archived NC file and the second program model of the DNC system, the archived NC file and the second program model are inspected through a data transmission inspection and approval system, and after the inspection is passed, the archived NC file and the second program model are transmitted back to the confidential information system in an uplink mode.
5. A network security isolation and information exchange system, comprising:
the acquisition module is used for acquiring production tasks, process files and numerical control machining (NC) programs from the confidential information system;
the transmission module is used for transmitting the production tasks, the process files and the numerical control machining NC programs to an intelligent workshop network so that an intelligent workshop can obtain the production tasks, the process files and the numerical control machining NC programs from the intelligent workshop network; and
and the return module is used for acquiring the state information of the industrial control equipment, the execution condition of the production task, the material storage information and the NC filing program file in the intelligent network, and returning the state information of the industrial control equipment, the execution condition of the production task, the material storage information and the NC filing program file to the secret-related information system.
6. The system of claim 5, further comprising:
and the reconstruction module is used for carrying out safe and confidential reconstruction on a DNC system and an MES system in the confidential information system so as to acquire the acquisition production task, the process file and the NC program by adopting a preset confidential strategy.
7. The system of claim 6, wherein the retrofit module is specifically configured to:
the production order of the MES system is examined through a data transmission examination and approval system, and the production order is uploaded after the examination is passed;
and aiming at the machine tool state information of the MES system, converting the machine tool state information into a preset file format, and uploading the machine tool state information back after searching and killing viruses and malicious codes.
8. The system of claim 6, wherein the retrofit module is further configured to:
for the NC file and the first program model of the DNC system, the NC file and the first program model are examined through a data transmission examination and approval system and are issued to an industrial system after the examination is passed;
and for the archived NC file and the second program model of the DNC system, the archived NC file and the second program model are inspected through a data transmission inspection and approval system, and after the inspection is passed, the archived NC file and the second program model are transmitted back to the confidential information system in an uplink mode.
9. An electronic device, comprising: a memory, a processor and a computer program stored on the memory and executable on the processor, the processor executing the program to implement the network security isolation and information exchange method of any one of claims 1-4.
10. A computer-readable storage medium, on which a computer program is stored, the program being executable by a processor for implementing the network security isolation and information exchange method according to any one of claims 1 to 4.
CN202011480383.9A 2020-12-15 2020-12-15 Network security isolation and information exchange method and system Pending CN112600845A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011480383.9A CN112600845A (en) 2020-12-15 2020-12-15 Network security isolation and information exchange method and system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011480383.9A CN112600845A (en) 2020-12-15 2020-12-15 Network security isolation and information exchange method and system

Publications (1)

Publication Number Publication Date
CN112600845A true CN112600845A (en) 2021-04-02

Family

ID=75195942

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011480383.9A Pending CN112600845A (en) 2020-12-15 2020-12-15 Network security isolation and information exchange method and system

Country Status (1)

Country Link
CN (1) CN112600845A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115545568A (en) * 2022-11-28 2022-12-30 大方智造(天津)科技有限公司 Automatic feedback method and device for production task progress, storage medium and processor

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102043394A (en) * 2009-10-09 2011-05-04 卢健华 Direct numerical control (DNC) information acquisition method
CN106774168A (en) * 2016-12-09 2017-05-31 中国电子科技网络信息安全有限公司 A kind of numerical control NC code safety filtering system
CN107844098A (en) * 2016-09-17 2018-03-27 青岛海尔模具有限公司 A kind of digital factory management system and management method
CN109709913A (en) * 2018-12-20 2019-05-03 北京动力机械研究所 Intelligent workshop logistic dispatching system

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102043394A (en) * 2009-10-09 2011-05-04 卢健华 Direct numerical control (DNC) information acquisition method
CN107844098A (en) * 2016-09-17 2018-03-27 青岛海尔模具有限公司 A kind of digital factory management system and management method
CN106774168A (en) * 2016-12-09 2017-05-31 中国电子科技网络信息安全有限公司 A kind of numerical control NC code safety filtering system
CN109709913A (en) * 2018-12-20 2019-05-03 北京动力机械研究所 Intelligent workshop logistic dispatching system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
曾凡毅等: "基于单向传输协议的网间安全交换技术", 《计算机工程》 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115545568A (en) * 2022-11-28 2022-12-30 大方智造(天津)科技有限公司 Automatic feedback method and device for production task progress, storage medium and processor

Similar Documents

Publication Publication Date Title
US10331429B2 (en) Patch management for industrial control systems
CN102521781B (en) Safe region-crossing equipment uniform monitoring method based on independent monitoring services, and monitoring system for the same
CN115051926B (en) Digital twin device, model evaluation system and model operation method
CN112433998B (en) Multisource heterogeneous data acquisition and convergence system and method based on power system
CN107451034A (en) A kind of big data cluster log management apparatus, method and system
KR102097448B1 (en) Distributed data acquisition and distributed control command system for factory automation, and Distributed data collection and distributed control method for the same
CN113992769B (en) Industrial Internet information exchange method
CN116107282B (en) Industrial robot predictive maintenance system based on enterprise application integration
CN112600845A (en) Network security isolation and information exchange method and system
CN113887749A (en) Cloud edge cooperation-based multi-dimensional monitoring and disposal method, device and platform for power internet of things
CN109167684A (en) A kind of communication network status failure monitoring system and repair method
CN111210539B (en) Data analysis system for power storage battery
CN107291818B (en) Exchange system with built-in data confirmation and account checking
CN116071902B (en) Method, equipment and medium for monitoring power equipment of machine room
US20070101017A1 (en) System and method for routing information
CN111221802A (en) Digital asset risk management and control system and method based on big data
CN114757448A (en) Manufacturing inter-link optimal value chain construction method based on data space model
CN115577821A (en) Method and device for predicting residual service life of equipment
CN100403273C (en) Distributed monitoring method based on bidirectional information flow
CN113051445A (en) Industrial production data processing method and device, computer equipment and storage medium
CN116684437B (en) Distributed data management method based on natural language analysis
CN202394273U (en) Cross-safe-area equipment unified monitoring system based on independent monitoring service
Chen IoT Architecture-Based Mechanism for Digital Transmission of Key Aspects of the Enterprise
CN117872918A (en) Industrial equipment monitoring data processing method, system, equipment and medium
CN116192620A (en) Fault detection model training method, fault detection method, device and system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination