CN113724048A - Expert extraction system - Google Patents
Expert extraction system Download PDFInfo
- Publication number
- CN113724048A CN113724048A CN202111025693.6A CN202111025693A CN113724048A CN 113724048 A CN113724048 A CN 113724048A CN 202111025693 A CN202111025693 A CN 202111025693A CN 113724048 A CN113724048 A CN 113724048A
- Authority
- CN
- China
- Prior art keywords
- expert
- data
- subsystem
- extraction
- management subsystem
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000605 extraction Methods 0.000 title claims abstract description 133
- 230000003068 static effect Effects 0.000 claims abstract description 59
- 238000000034 method Methods 0.000 claims abstract description 16
- 230000008569 process Effects 0.000 claims abstract description 9
- 238000007726 management method Methods 0.000 claims description 109
- 230000006854 communication Effects 0.000 claims description 25
- 238000004891 communication Methods 0.000 claims description 24
- 238000001914 filtration Methods 0.000 claims description 13
- 238000012550 audit Methods 0.000 claims description 7
- 238000012552 review Methods 0.000 claims description 7
- 238000005516 engineering process Methods 0.000 claims description 4
- 238000007689 inspection Methods 0.000 claims description 2
- 230000000717 retained effect Effects 0.000 claims 1
- 238000011156 evaluation Methods 0.000 abstract description 18
- 230000005540 biological transmission Effects 0.000 abstract description 3
- 239000000284 extract Substances 0.000 abstract description 3
- 238000002955 isolation Methods 0.000 description 3
- GOLXNESZZPUPJE-UHFFFAOYSA-N spiromesifen Chemical compound CC1=CC(C)=CC(C)=C1C(C(O1)=O)=C(OC(=O)CC(C)(C)C)C11CCCC1 GOLXNESZZPUPJE-UHFFFAOYSA-N 0.000 description 3
- 238000010586 diagram Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000002265 prevention Effects 0.000 description 2
- 238000012795 verification Methods 0.000 description 2
- 241000700605 Viruses Species 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000006243 chemical reaction Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000007246 mechanism Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 238000012797 qualification Methods 0.000 description 1
- 239000004065 semiconductor Substances 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q30/00—Commerce
- G06Q30/06—Buying, selling or leasing transactions
- G06Q30/0601—Electronic shopping [e-shopping]
- G06Q30/0611—Request for offers or quotes
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/32—User authentication using biometric data, e.g. fingerprints, iris scans or voiceprints
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0631—Resource planning, allocation, distributing or scheduling for enterprises or organisations
- G06Q10/06311—Scheduling, planning or task assignment for a person or group
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q10/00—Administration; Management
- G06Q10/06—Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
- G06Q10/063—Operations research, analysis or management
- G06Q10/0639—Performance analysis of employees; Performance analysis of enterprise or organisation operations
- G06Q10/06393—Score-carding, benchmarking or key performance indicator [KPI] analysis
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/12—Protocols specially adapted for proprietary or special-purpose networking environments, e.g. medical networks, sensor networks, networks in vehicles or remote metering networks
Landscapes
- Engineering & Computer Science (AREA)
- Business, Economics & Management (AREA)
- Human Resources & Organizations (AREA)
- Theoretical Computer Science (AREA)
- Economics (AREA)
- Strategic Management (AREA)
- Development Economics (AREA)
- Physics & Mathematics (AREA)
- Entrepreneurship & Innovation (AREA)
- General Physics & Mathematics (AREA)
- Educational Administration (AREA)
- Computer Security & Cryptography (AREA)
- Marketing (AREA)
- General Business, Economics & Management (AREA)
- Game Theory and Decision Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Quality & Reliability (AREA)
- Computer Hardware Design (AREA)
- Operations Research (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Tourism & Hospitality (AREA)
- Signal Processing (AREA)
- Accounting & Taxation (AREA)
- Finance (AREA)
- Software Systems (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Medical Informatics (AREA)
- Computer And Data Communications (AREA)
Abstract
The application relates to an expert extraction system, belongs to digital information safety transmission technical field, and this system includes: the expert management subsystem manages expert data in an expert management library; the expert extraction subsystem is isolated from the expert management subsystem based on the gatekeeper, and extracts experts from the expert management library according to the bid inviting and bidding requirements acquired by the expert management subsystem; the expert extraction subsystem is not connected to the public network; the network gate is used for data exchange between the expert management subsystem and the expert extraction subsystem; in the data exchange process, the gatekeeper is used for converting the data to be exchanged into static data; performing security examination on the static data; exchanging the checked static data to the opposite terminal; the problem that the list of the bid evaluation experts is possibly revealed in advance due to the fact that the expert extraction system is accessed to the public network can be solved; the safety of the extraction result can be improved because the expert management subsystem and the expert extraction subsystem are isolated by the gatekeeper.
Description
[ technical field ] A method for producing a semiconductor device
The application relates to an expert extraction system, and belongs to the technical field of digital information safety transmission.
[ background of the invention ]
The electronic bid inviting and bidding system is a system which is based on network technology and realizes digitization, networking and high integration in the whole process of the business such as bid inviting, bidding, bid evaluation, contract and the like. One of the most important items in the electronic bid and tender system is bid evaluation by a bid evaluation expert. The bid evaluation expert refers to a professional having a certain level of examination or review of the prequalification application file and the bid file submitted by the bidder legally in bidding and government procurement activities. Wherein, the bid evaluation expert is extracted from the expert management library by using an expert extraction system.
The traditional expert extraction system and the expert terminal establish communication connection based on a public network, and the expert extraction system sends extraction results to the expert terminal after extracting the experts.
However, since the expert extraction system is accessed to the public network, at this time, information may be stolen by a malicious terminal, and there are risks of notifying a background to take an expert list in advance through a short message, and the like, at this time, the list of the bid evaluation experts may be revealed in advance, authority of evaluation and bid evaluation is affected, and the safety of the expert extraction system is low.
[ summary of the invention ]
The application provides an expert extraction system and an expert extraction device, which can solve the problems that a list of bid evaluation experts is possibly revealed in advance and the authority of the bid evaluation experts is not high due to the fact that the expert extraction system is accessed into a public network. The application provides the following technical scheme: an expert extraction system, the system comprising:
the expert management subsystem is used for managing the expert data in the expert management library; the expert management subsystem supports connection with a user side based on a public network;
the expert extraction subsystem is isolated from the expert management subsystem based on a gatekeeper and is used for extracting experts from the expert management library according to the bid inviting and bidding requirements acquired by the expert management subsystem so as to evaluate the bids; the expert extraction subsystem is not connected to a public network;
the network gate is used for data exchange between the expert management subsystem and the expert extraction subsystem; in the data exchange process, the gatekeeper is used for converting data to be exchanged into static data; performing security review on the static data; and exchanging the checked static data to the opposite terminal.
Optionally, the gatekeeper adopts a real-time exchange mode, and establishes a communication connection with only one of the expert management subsystem and the expert extraction subsystem at the same time; the network gate is used for:
when the expert management subsystem is in communication connection, if first data to be exchanged sent by the expert management subsystem is received, the first data to be exchanged is stored in a queue mode to obtain first static data; immediately disconnecting the communication connection with the expert management subsystem, establishing the communication connection with the expert extraction subsystem, and sending the first static data which passes the examination to the expert extraction subsystem;
when the expert extraction subsystem is in communication connection, if second data to be exchanged sent by the expert extraction subsystem is received, the second data to be exchanged is stored in a queue mode to obtain second static data; and immediately disconnecting the communication connection with the expert extraction subsystem, establishing the communication connection with the expert management subsystem, and sending the examined second static data to the expert management subsystem.
Optionally, when data conflict exists between the data in the expert extraction subsystem and the first static data passing the examination, retaining the data in the expert extraction subsystem; and when data conflict exists between the data in the expert management subsystem and the second static data passing the examination, retaining the second static data passing the examination.
Optionally, the expert management subsystem is configured to: receiving expert data sent by the user side based on expert management application in the expert management subsystem; auditing the expert data; storing the expert data which passes the examination to the expert management library; sending the expert data which passes the examination to the gatekeeper based on the data exchange application in the expert management subsystem, wherein the first static data comprises the expert data which passes the examination;
correspondingly, after receiving the expert data which is sent by the gatekeeper and passes the audit, the expert extraction subsystem stores the expert data which passes the audit to an expert management library in the expert extraction subsystem, so that the expert management library in the expert management subsystem and the expert management library in the expert extraction subsystem keep data synchronization.
Optionally, the expert management subsystem is configured to: acquiring the bidding requirement based on an interface application in the expert management subsystem; sending the bidding requirement to the gatekeeper based on a data exchange application in the expert management subsystem, wherein the first static data comprises the bidding requirement;
correspondingly, after receiving the bid-inviting and bidding requirement sent by the gatekeeper, the expert extraction subsystem performs expert extraction according to the bid-inviting and bidding requirement by using expert extraction application in the expert extraction subsystem to obtain an extraction result; and sending the extraction result to corresponding expert equipment through notification equipment in the expert extraction subsystem.
Optionally, the performing security audit on the static data includes:
and performing security inspection on the static data based on a packet filtering technology.
Optionally, the packet-based filtering technique performs security review on the static data, including:
security scrutinizing source addresses, destination addresses, physical ports through which the static data flows, and/or protocol types based on the packet filtering technique.
Optionally, the expert extraction subsystem is in communication connection with an internal user end through an internal network;
the internal user side is used for: sending a data access request to the expert extraction subsystem;
the expert extraction subsystem is used for: receiving the data access request; sending an identity authentication prompt to the internal user side, wherein the identity authentication prompt is used for indicating the internal user side to input identity authentication information;
the internal user side is used for: receiving the identity authentication prompt; inputting identity authentication information based on the identity authentication prompt, and sending the identity authentication information to the expert extraction subsystem;
the expert extraction subsystem is used for: receiving the identity authentication information; performing identity authentication on the identity authentication information; and when the authentication is passed, returning the data indicated by the data access request to the internal user side.
Optionally, the identity authentication information includes at least two of the following: face information, fingerprint information, iris information, identification card information, text password information, and voiceprint information.
The beneficial effects of this application include at least: managing the expert data in an expert management library through an expert management subsystem; the expert management subsystem supports connection with the user side based on a public network; the expert extraction subsystem is isolated from the expert management subsystem based on the gatekeeper, and extracts experts from the expert management library for bid evaluation according to the bid inviting requirements acquired by the expert management subsystem; the expert extraction subsystem is not connected to the public network; the network gate is used for data exchange between the expert management subsystem and the expert extraction subsystem; in the data exchange process, the gatekeeper is used for converting the data to be exchanged into static data; performing security examination on the static data; exchanging the checked static data to the opposite terminal; the problems that the list of the bid evaluation experts is possibly revealed in advance and the authority of the bid evaluation is not high due to the fact that the expert extraction system is accessed to the public network can be solved; because the expert management subsystem and the expert extraction subsystem are isolated by the gatekeeper, the expert extraction subsystem does not allow an external network user to access, and the safety of an extraction result can be improved.
In addition, the internal and external network isolation mode improves the safety of the system and data by dividing the management of experts and the extraction notice of experts into 2 different areas. And the management system and the expert database of the expert are placed in the extranet area, and the information of the extranet area allows various Internet users, WeChat small programs and the like to access through the Internet. And the internal network area is physically isolated and does not allow any external user to access. If the intranet system needs to be updated, developers must go to a machine room and can operate the system after confirming the identity through manual verification. And the data interaction of the internal network and the external network is realized through the gatekeeper equipment.
The foregoing description is only an overview of the technical solutions of the present application, and in order to make the technical solutions of the present application more clear and clear, and to implement the technical solutions according to the content of the description, the following detailed description is made with reference to the preferred embodiments of the present application and the accompanying drawings.
[ description of the drawings ]
Fig. 1 is a schematic structural diagram of an expert extraction system according to an embodiment of the present application.
[ detailed description ] embodiments
The following detailed description of embodiments of the present application will be made with reference to the accompanying drawings and examples. The following examples are intended to illustrate the present application but are not intended to limit the scope of the present application.
First, several terms referred to in the present application will be described.
A network gate: two sets of independent systems are respectively connected with a safe network and a non-safe network, and information ferry is carried out between the two sets of systems through a network brake, so that no direct physical access exists between the two sets of systems. In the communication process, when the storage medium is connected with a secure network, the connection with an insecure network is disconnected; disconnecting the connection with the secure network when connected with the unsecured network; the data exchange is carried out by using the data paths in the two systems in a time-sharing manner so as to achieve the purposes of isolation and exchange. In addition, in the data exchange process, information filtering such as virus prevention, malicious code prevention and the like is required to be carried out simultaneously so as to ensure the safety of the information.
Fig. 1 is a schematic structural diagram of an expert extraction system according to an embodiment of the present application. As shown in fig. 1, the system comprises at least: an expert management subsystem 110 and an expert extraction subsystem 130 which is isolated from the expert management subsystem 110 based on the gatekeeper 120.
The expert management subsystem 110 is formed of at least one server host. The expert management subsystem 110 is used for managing expert data in an expert management library.
The expert management subsystem 110 supports public network based connectivity to the user's end. In other words, the expert management subsystem 110 is deployed in an extranet, supporting user-side login access based on the public network.
In this embodiment, the expert management subsystem 110 is provided with an expert management library. The expert management library is used for storing relevant data of experts, such as: number, name, sex, identification number, year of birth, title, qualification, specialty, telephone number (cell phone number), unit, area, resume (information such as specialty that the expert excels in), credit record (malpractice record), etc.
The expert extraction subsystem 130 is comprised of at least one server host. The expert extraction subsystem 130 is configured to extract experts from the expert management library for bid evaluation according to the bid inviting and bidding requirements acquired by the expert management subsystem 110.
The expert extraction subsystem 130 is not connected to the public network. In other words, the expert extraction subsystem 130 is deployed in the intranet, and does not support the login access of the user terminal based on the public network.
In this embodiment, an expert management library is also provided in the expert extraction subsystem 130, and the expert management library in the expert extraction subsystem 130 and the expert management library in the expert management subsystem 110 maintain data synchronization.
The gatekeeper 120 is used for data exchange between the expert management subsystem 110 and the expert extraction subsystem 130. In other words, the gatekeeper 120 is used for implementing data exchange between two different security domains in an information ferrying manner by means of protocol conversion between the two different security domains, and only information explicitly required to be transmitted by the system can pass through the gatekeeper.
Specifically, during the data exchange process, the gatekeeper 120 is used to convert the data to be exchanged into static data; performing security examination on the static data; and exchanging the checked static data to the opposite terminal.
Static data refers to data stored in the storage medium of gatekeeper 120.
In one example, the gatekeeper 120 adopts a real-time exchange mode, and only establishes a communication connection with one of the expert management subsystem 110 and the expert extraction subsystem 130 at the same time, and accordingly, the gatekeeper 120 is configured to store the first data to be exchanged in a queue manner if the first data to be exchanged sent by the expert management subsystem 110 is received when the gatekeeper is in communication connection with the expert management subsystem 110, so as to obtain first static data; immediately disconnecting the communication connection with the expert management subsystem 110, establishing the communication connection with the expert extraction subsystem 130, and sending the first static data which passes the examination to the expert extraction subsystem 130; when the expert extraction subsystem 130 is in communication connection, if second data to be exchanged sent by the expert extraction subsystem 130 is received, the second data to be exchanged is stored in a queue mode to obtain second static data; immediately disconnecting the communication connection with the expert extraction subsystem 130, establishing the communication connection with the expert management subsystem 110, and sending the examined second static data to the expert management subsystem 110.
In the embodiment, the new data generation in the internal network is immediately switched to the external network, the new data generation in the external network is immediately switched to the internal network, and the exchange sequence adopts a queuing mode, so that the data transmission efficiency can be improved.
Because the safety of the data in the expert extraction subsystem 130 is high, when the data in the expert extraction subsystem 130 conflicts with the first static data which is approved, the data in the expert extraction subsystem 130 is reserved; and when the data in the expert management subsystem 110 has data conflict with the approved second static data, the approved second static data is reserved. In other words, if a data collision occurs, the intranet data is the standard.
In one example, the first static data includes expert data that passes the audit. At this time, the expert management subsystem 110 is configured to: receiving expert data sent by a user side based on an expert management application in an expert management subsystem 110; auditing the expert data; storing the expert data which passes the examination to an expert management library; and transmits the approved expert data to the gatekeeper 120 based on the data exchange application in the expert management subsystem 110.
Accordingly, after receiving the approved expert data sent by the gatekeeper 120, the expert extraction subsystem 130 stores the approved expert data into the expert management library in the expert extraction subsystem 130, so that the expert management library in the expert management subsystem 110 and the expert management library in the expert extraction subsystem 130 maintain data synchronization.
In another example, the first static data includes bidding requirements. At this time, the expert management subsystem 110 is configured to: acquiring bidding requirements based on an interface application in the expert management subsystem 110; the bidding requirement is sent to the gatekeeper 120 based on the data exchange application in the expert management subsystem 110.
Correspondingly, after receiving the bid request sent by the gatekeeper 120, the expert extraction subsystem 130 performs expert extraction according to the bid request by using an expert extraction application in the expert extraction subsystem 130 to obtain an extraction result; and sending the extraction result to the corresponding expert equipment through the notification equipment in the expert extraction subsystem 130.
Alternatively, the expert extraction subsystem 130 may perform expert extraction using a preset random algorithm, or perform expert extraction using an equalization algorithm, and the embodiment does not limit the manner of expert extraction.
Alternatively, the notification device may be a voice notification service all-in-one machine, and the notification device is in communication connection with the expert device through the base station to notify the expert of the extraction result through voice notification.
Wherein, the security examination of the static data comprises: static data is security-inspected based on packet filtering techniques.
Packet filtering refers to a technique of monitoring and filtering IP packets incoming and outgoing on a network using a router, and filtering out suspicious packets.
Specifically, the security examination of static data based on packet filtering technology includes: the static data is security-inspected for source address, destination address, physical ports through which it flows, and/or protocol type based on packet filtering techniques.
In practical implementation, other contents of the static data may also be subjected to security review, and this embodiment is not listed here.
In this embodiment, the expert extraction subsystem 130 is communicatively connected to the internal user terminal through an internal network. The internal user end can access the data in the expert extraction subsystem 130, such as: and accessing the extraction result.
Specifically, the process of accessing the data in the expert extraction subsystem 130 by the internal user includes: the internal user side is used for sending a data access request to the expert extraction subsystem 130; the expert extraction subsystem 130 is used for receiving data access requests; sending an identity authentication prompt to the internal user side, wherein the identity authentication prompt is used for indicating the internal user side to input identity authentication information; the internal user side is used for receiving the identity authentication prompt; and inputs the authentication information based on the authentication prompt, and sends the authentication information to the expert extraction subsystem 130; the expert extraction subsystem 130 is used for receiving identity authentication information; performing identity authentication on the identity authentication information; and when the authentication is passed, returning the data indicated by the data access request to the internal user side.
Optionally, when the authentication fails, the data indicated by the data access request is not returned to the internal user terminal.
In this embodiment, the expert extraction subsystem 130 uses a strict identity authentication mechanism to authenticate the identity of the internal user terminal. Specifically, the identity authentication information includes at least two of the following: face information, fingerprint information, iris information, identification card information, text password information, and voiceprint information.
In practical implementation, the identity authentication may be combined with other information for authentication, which is not listed here.
In summary, the expert extraction system provided in this embodiment manages the expert data in the expert management library through the expert management subsystem; the expert management subsystem supports connection with the user side based on a public network; the expert extraction subsystem is isolated from the expert management subsystem based on the gatekeeper, and extracts experts from the expert management library for bid evaluation according to the bid inviting requirements acquired by the expert management subsystem; the expert extraction subsystem is not connected to the public network; the network gate is used for data exchange between the expert management subsystem and the expert extraction subsystem; in the data exchange process, the gatekeeper is used for converting the data to be exchanged into static data; performing security examination on the static data; exchanging the checked static data to the opposite terminal; the problems that the list of the bid evaluation experts is possibly revealed in advance and the authority of the bid evaluation is not high due to the fact that the expert extraction system is accessed to the public network can be solved; because the expert management subsystem and the expert extraction subsystem are isolated by the gatekeeper, the expert extraction subsystem does not allow an external network user to access, and the safety of an extraction result can be improved.
In addition, the internal and external network isolation mode improves the safety of the system and data by dividing the management of experts and the extraction notice of experts into 2 different areas. And the management system and the expert database of the expert are placed in the extranet area, and the information of the extranet area allows various Internet users, WeChat small programs and the like to access through the Internet. And the internal network area is physically isolated and does not allow any external user to access. If the intranet system needs to be updated, developers must go to a machine room and can operate the system after confirming the identity through manual verification. And the data interaction of the internal network and the external network is realized through the gatekeeper equipment.
The technical features of the embodiments described above may be arbitrarily combined, and for the sake of brevity, all possible combinations of the technical features in the embodiments described above are not described, but should be considered as being within the scope of the present specification as long as there is no contradiction between the combinations of the technical features.
The above-mentioned embodiments only express several embodiments of the present application, and the description thereof is more specific and detailed, but not construed as limiting the scope of the invention. It should be noted that, for a person skilled in the art, several variations and modifications can be made without departing from the concept of the present application, which falls within the scope of protection of the present application. Therefore, the protection scope of the present patent shall be subject to the appended claims.
Claims (9)
1. An expert extraction system, the system comprising:
the expert management subsystem is used for managing the expert data in the expert management library; the expert management subsystem supports connection with a user side based on a public network;
the expert extraction subsystem is isolated from the expert management subsystem based on a gatekeeper and is used for extracting experts from the expert management library according to the bid inviting and bidding requirements acquired by the expert management subsystem so as to evaluate the bids; the expert extraction subsystem is not connected to a public network;
the network gate is used for data exchange between the expert management subsystem and the expert extraction subsystem; in the data exchange process, the gatekeeper is used for converting data to be exchanged into static data; performing security review on the static data; and exchanging the checked static data to the opposite terminal.
2. The system of claim 1, wherein the gatekeeper employs a real-time switching mode and establishes a communication connection with only one of the expert management subsystem and the expert extraction subsystem at a time; the network gate is used for:
when the expert management subsystem is in communication connection, if first data to be exchanged sent by the expert management subsystem is received, the first data to be exchanged is stored in a queue mode to obtain first static data; immediately disconnecting the communication connection with the expert management subsystem, establishing the communication connection with the expert extraction subsystem, and sending the first static data which passes the examination to the expert extraction subsystem;
when the expert extraction subsystem is in communication connection, if second data to be exchanged sent by the expert extraction subsystem is received, the second data to be exchanged is stored in a queue mode to obtain second static data; and immediately disconnecting the communication connection with the expert extraction subsystem, establishing the communication connection with the expert management subsystem, and sending the examined second static data to the expert management subsystem.
3. The system of claim 2, wherein the data in the expert extraction subsystem is retained when there is a data conflict between the data in the expert extraction subsystem and the first static data that passes the review; and when data conflict exists between the data in the expert management subsystem and the second static data passing the examination, retaining the second static data passing the examination.
4. The system of claim 2, wherein the expert management subsystem is configured to: receiving expert data sent by the user side based on expert management application in the expert management subsystem; auditing the expert data; storing the expert data which passes the examination to the expert management library; sending the expert data which passes the examination to the gatekeeper based on the data exchange application in the expert management subsystem, wherein the first static data comprises the expert data which passes the examination;
correspondingly, after receiving the expert data which is sent by the gatekeeper and passes the audit, the expert extraction subsystem stores the expert data which passes the audit to an expert management library in the expert extraction subsystem, so that the expert management library in the expert management subsystem and the expert management library in the expert extraction subsystem keep data synchronization.
5. The system of claim 2, wherein the expert management subsystem is configured to: acquiring the bidding requirement based on an interface application in the expert management subsystem; sending the bidding requirement to the gatekeeper based on a data exchange application in the expert management subsystem, wherein the first static data comprises the bidding requirement;
correspondingly, after receiving the bid-inviting and bidding requirement sent by the gatekeeper, the expert extraction subsystem performs expert extraction according to the bid-inviting and bidding requirement by using expert extraction application in the expert extraction subsystem to obtain an extraction result; and sending the extraction result to corresponding expert equipment through notification equipment in the expert extraction subsystem.
6. The system of claim 1, wherein the security review of the static data comprises:
and performing security inspection on the static data based on a packet filtering technology.
7. The system of claim 4, wherein the packet-based filtering technique performs security audit on the static data, comprising:
security scrutinizing source addresses, destination addresses, physical ports through which the static data flows, and/or protocol types based on the packet filtering technique.
8. The system of claim 1, wherein said expert extraction subsystem is communicatively coupled to an internal user terminal via an internal network;
the internal user side is used for: sending a data access request to the expert extraction subsystem;
the expert extraction subsystem is used for: receiving the data access request; sending an identity authentication prompt to the internal user side, wherein the identity authentication prompt is used for indicating the internal user side to input identity authentication information;
the internal user side is used for: receiving the identity authentication prompt; inputting identity authentication information based on the identity authentication prompt, and sending the identity authentication information to the expert extraction subsystem;
the expert extraction subsystem is used for: receiving the identity authentication information; performing identity authentication on the identity authentication information; and when the authentication is passed, returning the data indicated by the data access request to the internal user side.
9. The system of claim 8, wherein the identity authentication information comprises at least two of: face information, fingerprint information, iris information, identification card information, text password information, and voiceprint information.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111025693.6A CN113724048A (en) | 2021-09-02 | 2021-09-02 | Expert extraction system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111025693.6A CN113724048A (en) | 2021-09-02 | 2021-09-02 | Expert extraction system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN113724048A true CN113724048A (en) | 2021-11-30 |
Family
ID=78680964
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111025693.6A Pending CN113724048A (en) | 2021-09-02 | 2021-09-02 | Expert extraction system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN113724048A (en) |
Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2000051360A1 (en) * | 1999-02-26 | 2000-08-31 | Kline & Walker, Llc | Tracking and monitoring equipment with security applications |
| CN101908163A (en) * | 2009-06-05 | 2010-12-08 | 深圳市脑库计算机系统有限公司 | Expert-supported application system platform used for government affair and business affair decision and establishment method thereof |
| CN107018155A (en) * | 2017-05-31 | 2017-08-04 | 南京燚麒智能科技有限公司 | A kind of outer net terminal security accesses the method and system of the specific data of Intranet |
| CN107832417A (en) * | 2017-11-08 | 2018-03-23 | 中国人民解放军海军装备部装备招标中心 | A kind of primary election experts database management method and database |
| CN109005218A (en) * | 2018-07-12 | 2018-12-14 | 浪潮软件集团有限公司 | Method and device for cross-gatekeeper ordered data transmission of cloud message service platform |
| CN109768923A (en) * | 2018-12-26 | 2019-05-17 | 浪潮软件集团有限公司 | A kind of unidirectional gateway of security isolation and method |
| WO2019182545A1 (en) * | 2018-03-22 | 2019-09-26 | Елызавэта Валэриивна ЛАПИНА | System for collecting, storing and securely transmitting data for verifying users |
| CN110516956A (en) * | 2019-08-23 | 2019-11-29 | 宁夏神州好易信息发展股份有限公司 | A kind of expert's extraction system and method |
| CN110517106A (en) * | 2019-07-24 | 2019-11-29 | 合肥善达信息科技有限公司 | A kind of expert's identity authorization system and its method of real-time for the assessment of bids |
| CN111740993A (en) * | 2020-06-18 | 2020-10-02 | 河南优易信息技术有限公司 | Internal and external network safety data exchange method |
| CN112468571A (en) * | 2020-11-24 | 2021-03-09 | 中国联合网络通信集团有限公司 | Intranet and extranet data synchronization method and device, electronic equipment and storage medium |
| CN112765591A (en) * | 2021-02-01 | 2021-05-07 | 深圳前海微众银行股份有限公司 | Authority management method, device and system and computer readable storage medium |
-
2021
- 2021-09-02 CN CN202111025693.6A patent/CN113724048A/en active Pending
Patent Citations (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2000051360A1 (en) * | 1999-02-26 | 2000-08-31 | Kline & Walker, Llc | Tracking and monitoring equipment with security applications |
| CN101908163A (en) * | 2009-06-05 | 2010-12-08 | 深圳市脑库计算机系统有限公司 | Expert-supported application system platform used for government affair and business affair decision and establishment method thereof |
| CN107018155A (en) * | 2017-05-31 | 2017-08-04 | 南京燚麒智能科技有限公司 | A kind of outer net terminal security accesses the method and system of the specific data of Intranet |
| CN107832417A (en) * | 2017-11-08 | 2018-03-23 | 中国人民解放军海军装备部装备招标中心 | A kind of primary election experts database management method and database |
| WO2019182545A1 (en) * | 2018-03-22 | 2019-09-26 | Елызавэта Валэриивна ЛАПИНА | System for collecting, storing and securely transmitting data for verifying users |
| CN109005218A (en) * | 2018-07-12 | 2018-12-14 | 浪潮软件集团有限公司 | Method and device for cross-gatekeeper ordered data transmission of cloud message service platform |
| CN109768923A (en) * | 2018-12-26 | 2019-05-17 | 浪潮软件集团有限公司 | A kind of unidirectional gateway of security isolation and method |
| CN110517106A (en) * | 2019-07-24 | 2019-11-29 | 合肥善达信息科技有限公司 | A kind of expert's identity authorization system and its method of real-time for the assessment of bids |
| CN110516956A (en) * | 2019-08-23 | 2019-11-29 | 宁夏神州好易信息发展股份有限公司 | A kind of expert's extraction system and method |
| CN111740993A (en) * | 2020-06-18 | 2020-10-02 | 河南优易信息技术有限公司 | Internal and external network safety data exchange method |
| CN112468571A (en) * | 2020-11-24 | 2021-03-09 | 中国联合网络通信集团有限公司 | Intranet and extranet data synchronization method and device, electronic equipment and storage medium |
| CN112765591A (en) * | 2021-02-01 | 2021-05-07 | 深圳前海微众银行股份有限公司 | Authority management method, device and system and computer readable storage medium |
Non-Patent Citations (4)
| Title |
|---|
| 于阳,等: "一种安全电子招标系统中专家抽取的方法", 计算机应用研究, vol. 02, no. 01, pages 444 - 446 * |
| 王中军,等: "专家随机抽取管理系统的设计与实现", 开封大学学报, vol. 35, no. 01, pages 22 - 27 * |
| 王可一,等: "浅谈安全隔离网闸(GAP)技术及其在电子政务中的应用", 中国科技信息, vol. 06, no. 14, pages 1156 - 1159 * |
| 马春英,等: "政府采购管理系统的设计与实现", 辽宁工程技术大学学报(自然科学版), vol. 22, no. 05, pages 123 - 125 * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6237037B1 (en) | Method and arrangement relating to communications systems | |
| US20150180865A1 (en) | Device and method for identity authentication | |
| CN104735065B (en) | A kind of data processing method, electronic equipment and server | |
| CN101005503A (en) | Method and data processing system for intercepting communication between a client and a service | |
| CN109067937A (en) | Terminal admittance control method, device, equipment, system and storage medium | |
| CN102104592A (en) | Session migration between network policy servers | |
| CN101488952A (en) | Mobile storage apparatus, data secured transmission method and system | |
| FR3041493A1 (en) | EQUIPMENT FOR OFFERING DOMAIN NAME RESOLUTION SERVICES | |
| KR101252787B1 (en) | Security management system with multiple gateway servers and method thereof | |
| CN107454064A (en) | A kind of visitor's authentication method and system based on public number | |
| US20160105417A1 (en) | Computer network security management system and method | |
| CN109995769B (en) | Multi-stage heterogeneous trans-regional full-real-time safety management and control method and system | |
| CN101567883B (en) | Realization method for preventing MAC address forgery | |
| CN109726531A (en) | A kind of marketer terminal security control method based on block chain intelligence contract | |
| CN109150787A (en) | A kind of authority acquiring method, apparatus, equipment and storage medium | |
| CN109246133A (en) | A kind of network access verifying method based on bio-identification | |
| CN103401686B (en) | A kind of user's OTP WEB Authentication System and application process thereof | |
| CN108011873A (en) | A kind of illegal connection determination methods based on set covering | |
| WO2018093984A1 (en) | System and method for communicating with inmates in a privileged communication | |
| CN112613006A (en) | Power data sharing method and device, electronic equipment and storage medium | |
| EP2512089B1 (en) | Method and system for accessing network through public equipment | |
| CN108667801A (en) | A kind of Internet of Things access identity safety certifying method and system | |
| CN110602111A (en) | Interface anti-brushing method and system based on long connection | |
| KR101858207B1 (en) | System for security network | |
| CN102083066B (en) | Unified safety authentication method and system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20211130 |
|
| RJ01 | Rejection of invention patent application after publication |