CN114285649B - Equipment protection method, system, protection equipment and computer readable storage medium - Google Patents
Equipment protection method, system, protection equipment and computer readable storage medium Download PDFInfo
- Publication number
- CN114285649B CN114285649B CN202111611319.4A CN202111611319A CN114285649B CN 114285649 B CN114285649 B CN 114285649B CN 202111611319 A CN202111611319 A CN 202111611319A CN 114285649 B CN114285649 B CN 114285649B
- Authority
- CN
- China
- Prior art keywords
- information
- receiving
- network card
- equipment
- processed
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 79
- 230000004044 response Effects 0.000 claims description 16
- 238000004891 communication Methods 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 8
- 230000008569 process Effects 0.000 claims description 8
- 239000000284 extract Substances 0.000 claims description 4
- 230000001681 protective effect Effects 0.000 abstract description 9
- 230000009545 invasion Effects 0.000 abstract description 4
- 238000000926 separation method Methods 0.000 abstract description 4
- 230000002829 reductive effect Effects 0.000 abstract description 3
- 238000010586 diagram Methods 0.000 description 11
- 238000004422 calculation algorithm Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 5
- 230000009471 action Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 230000036961 partial effect Effects 0.000 description 3
- 238000005336 cracking Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000003993 interaction Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000004364 calculation method Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000000670 limiting effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000002441 reversible effect Effects 0.000 description 1
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The embodiment of the invention provides equipment protection method, system, protection equipment and a computer readable storage medium, which belong to the technical field of network security, wherein the equipment protection method is applied to the protection equipment, the protection equipment comprises a receiving network card group and a transmitting network card group, and the method comprises the following steps: the receiving network card group receives the information to be processed sent by the first device, so that the sending network card group obtains the return data corresponding to the information to be processed, the return data is sent to the first device or the second device, and the protective device realizes data receiving and transmitting separation through the receiving network card group and the sending network card group, so that the function of disguising the unavailability of a network is achieved, the risk of data leakage after the device is invaded can be reduced to a certain extent, and meanwhile, the problem that the existing safety protection method is difficult to effectively immunize network invasion is solved.
Description
Technical Field
The present invention relates to the field of network security technologies, and in particular, to a device protection method, a system, a protection device, and a computer readable storage medium.
Background
The internet of things refers to the communication and communication of things and people in information through various network access modes. The internet of things takes the network as an information carrier, so that an independent and associated information interaction relationship between people and objects is formed, and intelligent management and use of the objects to remote services of people and people to objects are realized. With the wide application of the internet of things technology and the popularization of the internet of things equipment, the safety problem of the internet of things equipment is caused. Once the internet of things equipment is invaded, huge losses can be caused.
At present, the safety protection of the internet of things equipment is generally realized by a method of setting a firewall, a blacklist, a built-in immune calculation module and the like. However, these security protection methods are all conventional network security solutions, and hackers have a relatively mature cracking experience for such methods, so it is difficult to effectively immunize against network intrusion.
Disclosure of Invention
Accordingly, the present invention is directed to a device protection method, system, protection device and computer readable storage medium, which can solve the problem that the existing security protection method is a traditional network security solution and is difficult to effectively immunize against network intrusion.
In order to achieve the above object, the technical scheme adopted in the embodiment of the invention is as follows.
In a first aspect, the present invention provides a device protection method, which adopts the following technical scheme.
The device protection method is applied to protection equipment, the protection equipment comprises a receiving network card set and a sending network card set, and the method comprises the following steps:
the receiving network card set receives information to be processed sent by the first equipment;
the sending network card group obtains the return data corresponding to the information to be processed and sends the return data to the first device or the second device.
Further, the protection device further includes a data exchange module, and the method further includes:
the data exchange module captures the information to be processed received by the receiving network card set, processes the information to be processed to obtain return data, and sends the return data to the sending network card set.
Further, the step of processing the information to be processed to obtain returned data includes:
extracting a return request in the information to be processed;
acquiring response data according to the return request;
and encrypting the response data by adopting a preset encryption method to obtain the return data.
Further, the method further comprises:
the data exchange module extracts the receiving equipment information of the information to be processed and sends the receiving equipment information to the sending network card group;
the sending network card group analyzes the receiving device information to obtain a receiving address, and sends the return data to a device corresponding to the receiving address, wherein the receiving address comprises a receiving address of a first device or a receiving address of a second device.
Further, the receiving device information includes an encryption address, and the step of the sending network card set analyzing the receiving device information to obtain a receiving address includes:
and the sending network card set decrypts the encrypted address by adopting a contracted decryption method to obtain the receiving address.
Further, the receiving equipment information comprises equipment identification, and the protection equipment further comprises an address library, wherein the address library stores receiving addresses of all the equipment;
the step of analyzing the receiving equipment information by the sending network card group to obtain a receiving address comprises the following steps:
and the sending network card group invokes a receiving address corresponding to the equipment identifier from the address library.
In a second aspect, the present invention provides a protection device, which adopts the following technical scheme.
The protection equipment comprises a receiving network card group and a sending network card group;
the receiving network card set is used for receiving the information to be processed sent by the first equipment and not returning data to any external equipment;
the network card sending set is used for rejecting information sent by any external device, obtaining return data corresponding to the information to be processed, and sending the return data to the first device or the second device.
Further, the protection device further comprises a data exchange module;
the data exchange module is used for capturing the information to be processed received by the receiving network card set, processing the information to be processed to obtain return data, and sending the return data to the sending network card set.
In a third aspect, the present invention provides an apparatus protection system, which adopts the following technical scheme.
The equipment protection system comprises protection equipment, first equipment and second equipment, wherein the protection equipment is in communication connection with the first equipment and the second equipment, and the protection equipment comprises a receiving network card group and a sending network card group;
the first device is used for sending information to be processed to the protection device;
the receiving network card set is used for receiving the information to be processed;
the sending network card set is configured to obtain return data corresponding to the information to be processed, and send the return data to the first device or the second device.
According to the equipment protection method, system, protection equipment and computer readable storage medium provided by the embodiment of the invention, the protection equipment receives the information to be processed sent by the first equipment through the receiving network card set, the sending network card set acquires the return data corresponding to the information to be processed, and then the return data is sent to the first equipment or the second equipment, namely the receiving network card set receives the external information, and the sending network card set sends the information to the external equipment.
In order to make the above objects, features and advantages of the present invention more comprehensible, preferred embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 shows a block schematic diagram of an apparatus protection system according to an embodiment of the present invention.
Fig. 2 is a schematic flow chart illustrating part of steps of a device protection method according to an embodiment of the present invention.
Fig. 3 is a schematic flow chart illustrating another part of steps of the device protection method according to the embodiment of the present invention.
Fig. 4 shows a schematic flow chart of a partial sub-step of step S102 in fig. 3.
Fig. 5 is a schematic flow chart illustrating a further part of steps of the device protection method according to the embodiment of the present invention.
Fig. 6 shows a block schematic diagram of a protective device according to an embodiment of the present invention.
Fig. 7 shows a block schematic diagram of an apparatus protection device according to an embodiment of the present invention.
Icon: 100-a device protection system; 110-a protective device; 120-a first device; 130-a second device; 140, receiving a network card group; 150-sending a network card group; 160-a data exchange module; 170-memory; 180-a processor; 190-equipment guard; 200-a receiving module; 210-a transmitting module.
Detailed Description
The following description of the embodiments of the present invention will be made clearly and completely with reference to the accompanying drawings, in which it is apparent that the embodiments described are only some embodiments of the present invention, but not all embodiments. The components of the embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the invention, as presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be made by a person skilled in the art without making any inventive effort, are intended to be within the scope of the present invention.
It is noted that relational terms such as "first" and "second", and the like, are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
Network devices such as an internet of things device and a communication device provide shared information resources and services for users in a network, for example, remote service of things to people and intelligent management and use of people to things. The internet of things and the internet are important modes of information exchange and communication, a large amount of life information such as work and entertainment of people depends on the network, and once network equipment such as the internet of things equipment and communication equipment receive attack invasion, huge loss can be caused.
At present, the safety protection of network equipment such as internet of things equipment and communication equipment is generally realized by methods such as equipment firewalls, blacklists, built-in immune computing modules and the like. However, hackers have a relatively mature cracking experience for such security protection methods. Therefore, such security methods have poor immune network intrusion effects.
Based on the above considerations, the embodiment of the present invention provides an equipment protection scheme, which introduces multiple angles from aspects of an equipment protection method, an equipment protection system 100, protection equipment 110, etc., so as to improve the poor effect of the existing safety protection method on immune network intrusion.
Referring to fig. 1, a block diagram of an equipment protection system 100 according to an embodiment of the present invention is shown, and the equipment protection method provided by the present invention is applied to the equipment protection system 100. The device protection system 100 includes a protection device 110, a first device 120, and a second device 130, where the protection device 110 is communicatively connected to the first device 120 and the second device 130 through a network, and the protection device 110 includes a receiving network card set 140 and a sending network card set 150.
The first device 120 is configured to send information to be processed to the guard device 110.
The receiving network card set 140 is configured to receive information to be processed. And, the receiving network card set 140 does not return data to any external device. That is, the receiving network card 140 receives only information transmitted from the external device, and does not perform data return.
The sending network card set 150 is configured to obtain return data corresponding to the information to be processed, and send the return data to the first device 120 or the second device 130. And, the transmitting network card set 150 rejects information transmitted by any external device, that is, only data is transmitted to the external device by the transmitting network card set 150.
Wherein the first device 120 and the second device 130 may each include a receiving network card set 140 and a transmitting network card set 150. At this time, the transmitting network card set 150 of the first device 120 transmits the information to be processed to the protection device 110, and the receiving network card set 140 of the first device 120 or the receiving network card set 140 of the second device 130 receives the return data transmitted by the protection device 110.
It should be understood that the first device 120 and the second device 130 may also be common network devices.
In the device protection system 100, the protection device 110 receives the information to be processed sent by the first device 120 through the receiving network card set 140, and after the sending network card set 150 obtains the return data corresponding to the information to be processed, the return data is sent to the first device 120 or the second device 130, that is, the receiving network card set 140 receives the external information, and sends the information to the external device through the sending network card set 150, the protection device 110 realizes data receiving and sending separation through the receiving network card set 140 and the sending network card set 150, and plays a role of disguising the unavailability of the network, so that the risk of data leakage after the device is invaded can be reduced to a certain extent, and meanwhile, the problem that the existing security protection method is difficult to effectively immunize against network invasion is solved.
With continued reference to fig. 1, fig. 1 includes a block diagram of a protective device 110 (i.e., the protective device 110 in the device protection system 100) according to an embodiment of the present invention. The manner of obtaining the return data corresponding to the information to be processed may be various, for example, the receiving network card set 140 itself may process the information to be processed to obtain the return data, or other functional modules of the protection device 110 may obtain the return data. In one embodiment, the protection device 110 provided in the embodiment of the present invention further includes a data exchange module 160 in addition to the receiving network card set 140 and the sending network card set 150 described in the foregoing description.
The data exchange module 160 is configured to capture information to be processed received by the receiving network card set 140, process the information to be processed to obtain return data, and send the return data to the sending network card set 150.
It should be understood that the data exchange module 160 may be a part of the receiving network card set 140 or the sending network card set 150, or may be a separate functional module.
In order to further describe the equipment protection scheme provided by the embodiment of the present invention, referring to fig. 2, a schematic flow chart of the equipment protection method provided by the embodiment of the present invention is provided. The method is applied to the protecting equipment 110 in the equipment protecting system 100, and based on the protecting equipment 110 including the receiving network card set 140 and the sending network card set 150, the method can include the following steps.
S101, the receiving network card set 140 receives the information to be processed sent by the first device 120.
The first device 120 sends the information to be processed to the protection device 110, and the receiving network card set 140 of the protection device 110 receives the information to be processed, and does not return any data for the information to be processed.
The first device 120 may package the information to be processed in a receiving request, send the information to the protection device 110, and receive the information to be processed by the network card set 140 in response to the receiving request.
S103, the sending network card set 150 obtains the return data corresponding to the information to be processed, and sends the return data to the first device 120 or the second device 130.
After the receiving network card set 140 receives the information to be processed, the sending network card set 150 obtains the return data corresponding to the information to be processed, and sends the return data to the first device 120 or the second device 130.
The return data may be sent to the first device 120 or the second device 130, which may be specified by the first device 120 that sends the information to be processed, or may be determined according to an agreed communication rule.
In the above device protection method, the protection device 110 receives the information to be processed sent by the external device and returns the data through the receiving network card set 140 and the sending network card set 150 which are separated by data transceiving, so as to realize the separation of data transceiving and play a role of unavailable disguised network, thereby reducing the risk of data leakage after the device is invaded to a certain extent, and simultaneously improving the problem that the existing safety protection method is difficult to effectively immunize against network invasion.
The manner of acquiring the return data corresponding to the information to be processed may be flexibly selected, for example, the sending network card set 150 may respond to the information to be processed to obtain the return data. In an implementation manner, referring to fig. 3, the device protection method provided by the embodiment of the present invention further includes step S102.
S102, the data exchange module 160 captures the information to be processed received by the receiving network card set 140, processes the information to be processed to obtain return data, and sends the return data to the sending network card set 150.
The data exchange module 160 may capture the information to be processed received by the receiving network card set 140 in various manners, for example, the data exchange module 160 may detect in real time whether the receiving network card set 140 receives the information to be processed, and if so, extract the information to be processed. The data exchange module 160 may be in internal communication with the receiving network card set 140, and the receiving network card set 140 may forward the information to be processed to the data exchange module 160 after receiving the information to be processed.
The information to be processed may be information that does not need to be returned by the protection device 110, or may be information that needs to be returned by the protection device 110. In one embodiment, whether the information to be processed needs to be returned to data may be determined according to whether there is a return request in the information to be processed, that is, if there is a return request in the information to be processed, the data needs to be returned to data.
It should be understood that the return request is merely a reference noun provided according to naming convention, and is not called a return request in actual application. The return request may be replaced with a return instruction or other noun that may indicate that the guard 110 needs to return data, such as a return identification.
Optionally, for S102, referring to fig. 4, a flow chart of a partial sub-step of S102 is implemented by processing information to be processed to obtain return data through the following steps.
S201, extracting a return request in the information to be processed.
It should be appreciated that the return request may be any one or any of HTTP requests, execution instructions, control instructions, and the like.
S202, response data are acquired according to the return request.
The manner of obtaining the response data may be to retrieve the response data corresponding to the return request stored in the protection device 110. The return request may be an execution instruction, and according to the return request, a corresponding algorithm or rule is executed, or the data acquisition device is controlled to acquire data, so as to obtain response data.
S203, encrypting the response data by adopting a preset encryption method to obtain the return data.
The encryption method may be a symmetric encryption algorithm, an asymmetric encryption algorithm, or a modulation method, for example, a DES symmetric encryption algorithm, a 3DES symmetric encryption algorithm, an RSA encryption algorithm, and the like. The encryption method may also be a newly designed encryption method.
Also, the encryption method guard device 110 and the device receiving the return data agree on the encryption method. That is, if the transmitting network card 150 is to transmit the return data to the first device 120, the encryption method is an encryption method agreed between the first device 120 and the protection device 110, and if the transmitting network card 150 is to transmit the return data to the second device 130, the encryption method is an encryption method agreed between the second device 130 and the protection device 110.
In one embodiment, the guard device 110 may further include a memory 170, and the agreed-upon encryption algorithm between the guard device 110 and the different devices may be stored in the memory 170 in the form of a data set, so that the data exchange module 160 may directly retrieve the encryption algorithm from the memory 170.
Through the steps S201 to S203, after the data exchange module 160 obtains the response data, the response data is encrypted to obtain the return data, that is, the return data is encrypted data, so that the data security can be further improved.
The return data corresponding to the information to be processed sent by the first device 120 may be returned to the first device 120 or may be sent to another device, that is, the second device 130. The object device to which the return data is to be sent may be specified by the first device 120 through the information to be processed, or may be determined by the protection device 110 according to the processing result of the information to be processed, or may be specified by a third party device (i.e., a device other than the first device 120 and the protection device 110).
For example, in one implementation manner, referring to fig. 5, a further flowchart of the device protection method provided by the embodiment of the present invention is shown, where the device protection method provided by the embodiment of the present invention further includes S104 in addition to the steps S101, S102, and S103 described above.
S104, the data exchange module 160 extracts the receiving device information of the information to be processed and sends the receiving device information to the sending network card set 150.
On this basis, S103 also includes step S103-1.
S103-1, the sending network card set 150 analyzes the information of the receiving device to obtain a receiving address, and sends the return data to the device corresponding to the receiving address.
Wherein the received address comprises the received address of the first device 120 or the received address of the second device 130.
In the present embodiment, the first device 120 designates the returned data transmission object to the protection device 110 by placing the reception device information into the information to be processed.
For data security of inter-device communication, the receiving device information in S104 may include an encrypted address or a device identifier, and on this basis, the above step S103-1 may be implemented by including, but not limited to, the following two ways to implement the network transmitting card group to parse the receiving device information, to obtain the receiving address.
Mode one: the transmitting network card set 150 decrypts the encrypted address by adopting a contracted decryption method to obtain the receiving address.
In another manner, the guard device 110 may further include an address library, where the address library stores the receiving addresses of the devices, and the address library may store the receiving addresses and the corresponding device identifiers in the form of a data set.
Mode two: the transmitting network card set 150 retrieves the receiving address corresponding to the device identifier from the address library.
The device protection method provided by the embodiment of the present invention may also be understood as a method for performing communication between the protection device 110 and other devices, where the other devices may be devices having the same structure (including the receiving network card set 140, the sending network card set 150, and the data exchange module 160) as the protection device 110, and the receiving network card set 140 receives information to be processed sent by an external device, and the sending network card set 150 sends return data corresponding to the information to be processed, so as to implement data transceiving separation, so that a current common attack mode is difficult to perform, and thus the current common attack mode can be immunized (suppressed) to a certain extent. Meanwhile, data receiving and transmitting are separated, and the risk of data leakage after equipment is invaded can be reduced.
Since the receiving network card set 140 does not return data to any external device, it can disguise the effect of no data return, and thus can immunize against partial network attacks.
Referring to fig. 6, a block diagram of a protective device 110 according to an embodiment of the present invention is shown, where the protective device 110 may be a terminal, and the internal structure may be as shown. In addition to the receiving network card set 140 and the transmitting network card set 150 provided above, a memory 170 and a processor 180 may be included. The memory 170, the processor 180, the receiving network card set 140 and the transmitting network card set 150 are electrically connected directly or indirectly to each other to realize data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines.
Wherein the memory 170 is used to store programs or data, e.g., an address library is part of the memory 170. The Memory 170 may be, but is not limited to, random access Memory (Random Access Memory, RAM), read Only Memory (ROM), programmable Read Only Memory (Programmable Read-Only Memory, PROM), erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), etc.
The processor 180 is configured to read/write data, computer programs or machine executable instructions stored in the memory 170 and perform corresponding functions. For example, the processor 180 executes computer programs or machine-executable instructions in the memory 170 to implement the device protection methods provided by embodiments of the present invention.
The receiving network card set 140 and the transmitting network card set 150 are used for establishing a communication connection between the protection device 110 and other communication terminals through a network, and for transceiving data through the receiving network card set 140 and the transmitting card issuing set.
It should be understood that the configuration shown in fig. 6 is merely a schematic diagram of the configuration of the protective apparatus 110, and that the protective apparatus 110 may also include more or fewer components than those shown in fig. 6, or have a different configuration than that shown in fig. 6. The components shown in fig. 6 may be implemented in hardware, software, or a combination thereof.
In order to perform the respective steps of the above-described embodiments and the various possible ways, an implementation of the device guard 190 is given below with reference to fig. 7, alternatively the device guard 190 may be implemented in the form of a computer program which may be run on the guard 110 as shown in fig. 6. The memory 170 of the guard device 110 may store various program modules constituting the device guard 190, such as the receiving module 200 and the transmitting module 210 shown in fig. 7. The computer program constituted by the respective program modules causes the processor 180 to execute the steps in the device protection method of the respective embodiments of the present invention described in the present specification.
For example, the guard device 110 illustrated in fig. 6 may perform step S101 through the receiving module 200 in the device guard 190 illustrated in fig. 7. The guard 110 may perform step S103 through the transmission module 210.
In one embodiment, a computer readable storage medium is provided having a computer program stored thereon, which when executed by the processor 180, performs the steps of: step S101, the receiving network card set 140 receives the information to be processed sent by the first device 120; in step S103, the sending network card set 150 obtains the return data corresponding to the information to be processed, and sends the return data to the first device 120 or the second device 130.
In the several embodiments provided in this application, it should be understood that the disclosed apparatus and method may be implemented in other manners as well. The apparatus embodiments described above are merely illustrative, for example, of the flowcharts and block diagrams in the figures that illustrate the architecture, functionality, and operation of possible implementations of apparatus, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present invention may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present invention may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present invention. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The above description is only of the preferred embodiments of the present invention and is not intended to limit the present invention, but various modifications and variations can be made to the present invention by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (6)
1. A method for protecting equipment, which is applied to protecting equipment, wherein the protecting equipment comprises a receiving network card set and a sending network card set, and the method comprises the following steps:
the receiving network card set receives information to be processed sent by the first equipment;
the sending network card group obtains the return data corresponding to the information to be processed and sends the return data to the first equipment or the second equipment;
the protection device further comprises a data exchange module, and the method further comprises:
the data exchange module captures the information to be processed received by the receiving network card group, processes the information to be processed to obtain return data, and sends the return data to the sending network card group;
the step of processing the information to be processed to obtain returned data comprises the following steps:
extracting a return request in the information to be processed;
acquiring response data according to the return request;
encrypting the response data by adopting a preset encryption method to obtain return data;
the method further comprises the steps of:
the data exchange module extracts the receiving equipment information of the information to be processed and sends the receiving equipment information to the sending network card group;
the sending network card group analyzes the receiving device information to obtain a receiving address, and sends the return data to a device corresponding to the receiving address, wherein the receiving address comprises a receiving address of a first device or a receiving address of a second device.
2. The device protection method according to claim 1, wherein the receiving device information includes an encrypted address, and the step of the sending network card group resolving the receiving device information to obtain a receiving address includes:
and the sending network card set decrypts the encrypted address by adopting a contracted decryption method to obtain the receiving address.
3. The apparatus protection method according to claim 1, wherein the reception apparatus information includes an apparatus identification, the protection apparatus further including an address library storing reception addresses of respective apparatuses;
the step of analyzing the receiving equipment information by the sending network card group to obtain a receiving address comprises the following steps:
and the sending network card group invokes a receiving address corresponding to the equipment identifier from the address library.
4. The protection device is characterized by comprising a receiving network card group, a sending network card group and a data exchange module;
the receiving network card set is used for receiving the information to be processed sent by the first equipment and not returning data to any external equipment;
the network card sending set is used for rejecting information sent by any external device, acquiring return data corresponding to the information to be processed, and sending the return data to the first device or the second device;
the data exchange module is used for capturing the information to be processed received by the receiving network card group, processing the information to be processed to obtain return data, and sending the return data to the sending network card group;
the data exchange module is further configured to: extracting a return request in the information to be processed; acquiring response data according to the return request; encrypting the response data by adopting a preset encryption method to obtain return data;
the data exchange module is further used for extracting the receiving equipment information of the information to be processed and sending the receiving equipment information to the sending network card group;
the sending network card set is further configured to parse the information of the receiving device to obtain a receiving address, and send the return data to a device corresponding to the receiving address, where the receiving address includes a receiving address of the first device or a receiving address of the second device.
5. The equipment protection system is characterized by comprising protection equipment, first equipment and second equipment, wherein the protection equipment is in communication connection with the first equipment and the second equipment, and comprises a receiving network card group, a sending network card group and a data exchange module;
the first device is used for sending information to be processed to the protection device;
the receiving network card set is used for receiving the information to be processed;
the sending network card set is used for acquiring return data corresponding to the information to be processed and sending the return data to the first equipment or the second equipment;
the data exchange module is used for capturing the information to be processed received by the receiving network card group, processing the information to be processed to obtain return data, and sending the return data to the sending network card group;
the data exchange module is further configured to: extracting a return request in the information to be processed; acquiring response data according to the return request; encrypting the response data by adopting a preset encryption method to obtain return data;
the data exchange module is further used for extracting the receiving equipment information of the information to be processed and sending the receiving equipment information to the sending network card group;
the sending network card set is further configured to parse the information of the receiving device to obtain a receiving address, and send the return data to a device corresponding to the receiving address, where the receiving address includes a receiving address of the first device or a receiving address of the second device.
6. A computer-readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the device protection method according to any one of claims 1-3.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111611319.4A CN114285649B (en) | 2021-12-27 | 2021-12-27 | Equipment protection method, system, protection equipment and computer readable storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111611319.4A CN114285649B (en) | 2021-12-27 | 2021-12-27 | Equipment protection method, system, protection equipment and computer readable storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114285649A CN114285649A (en) | 2022-04-05 |
| CN114285649B true CN114285649B (en) | 2024-04-02 |
Family
ID=80876039
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111611319.4A Active CN114285649B (en) | 2021-12-27 | 2021-12-27 | Equipment protection method, system, protection equipment and computer readable storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114285649B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN116192419B (en) * | 2022-11-15 | 2023-09-26 | 中亿(深圳)信息科技有限公司 | Application program data safety protection method and device based on Internet of things card |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6560630B1 (en) * | 1999-03-18 | 2003-05-06 | 3Com Corporation | Receive load balancing and fail over with multiple network interface cards |
| CN109842585A (en) * | 2017-11-27 | 2019-06-04 | 中国科学院沈阳自动化研究所 | Network information security protective unit and means of defence towards industrial embedded system |
| CN111131220A (en) * | 2019-12-19 | 2020-05-08 | 广州极尚网络技术有限公司 | Method, device, equipment and storage medium for data transmission among multi-network environments |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9288135B2 (en) * | 2013-12-13 | 2016-03-15 | International Business Machines Corporation | Managing data flows in software-defined network using network interface card |
-
2021
- 2021-12-27 CN CN202111611319.4A patent/CN114285649B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US6560630B1 (en) * | 1999-03-18 | 2003-05-06 | 3Com Corporation | Receive load balancing and fail over with multiple network interface cards |
| CN109842585A (en) * | 2017-11-27 | 2019-06-04 | 中国科学院沈阳自动化研究所 | Network information security protective unit and means of defence towards industrial embedded system |
| CN111131220A (en) * | 2019-12-19 | 2020-05-08 | 广州极尚网络技术有限公司 | Method, device, equipment and storage medium for data transmission among multi-network environments |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114285649A (en) | 2022-04-05 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| KR101681504B1 (en) | Hardware-based device authentication | |
| US20210144120A1 (en) | Service resource scheduling method and apparatus | |
| EP2854361A1 (en) | Apparatus and method for protecting communication pattern of network traffic | |
| CN109167802B (en) | Method, server and terminal for preventing session hijacking | |
| RU2018132840A (en) | System and methods for decrypting network traffic in a virtualized environment | |
| CN109474568B (en) | Detection method and system for realizing malicious attack by using domain pre-positioning technology | |
| US8191131B2 (en) | Obscuring authentication data of remote user | |
| Kumar et al. | Review on security and privacy concerns in Internet of Things | |
| CN110213263B (en) | Identity authentication method, equipment and storage medium based on alliance block chain | |
| CN111565203B (en) | Method, device and system for protecting service request and computer equipment | |
| CN109729000B (en) | Instant messaging method and device | |
| CN106330968B (en) | Identity authentication method and device for access equipment | |
| CN110581836B (en) | Data processing method, device and equipment | |
| CN114143068A (en) | Electric power internet of things gateway equipment container safety protection system and method thereof | |
| CN114285649B (en) | Equipment protection method, system, protection equipment and computer readable storage medium | |
| CN117118763A (en) | Method, device and system for data transmission | |
| EP4178159A1 (en) | Privacy preserving malicious network activity detection and mitigation | |
| KR101858207B1 (en) | System for security network | |
| CN111131192A (en) | Bypass protection method and device | |
| CN107911500B (en) | Method, equipment and device for positioning user based on situation awareness and storage medium | |
| CN115801442A (en) | Encrypted traffic detection method, security system and agent module | |
| CN116155538A (en) | Privacy protection method, device, electronic equipment and computer storage medium | |
| CN105871788B (en) | Password generation method and device for login server | |
| Darwish et al. | Privacy and security of cloud computing: a comprehensive review of techniques and challenges | |
| CN107948331B (en) | Big data information processing method and system and information collection equipment |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |