CN114500068B - Information data exchange system based on safety isolation gatekeeper - Google Patents
Information data exchange system based on safety isolation gatekeeper Download PDFInfo
- Publication number
- CN114500068B CN114500068B CN202210123454.2A CN202210123454A CN114500068B CN 114500068 B CN114500068 B CN 114500068B CN 202210123454 A CN202210123454 A CN 202210123454A CN 114500068 B CN114500068 B CN 114500068B
- Authority
- CN
- China
- Prior art keywords
- intranet
- processing unit
- external network
- isolation
- key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000002955 isolation Methods 0.000 title claims abstract description 88
- 238000004891 communication Methods 0.000 claims abstract description 15
- 238000001514 detection method Methods 0.000 claims description 39
- 241000700605 Viruses Species 0.000 claims description 11
- 238000001914 filtration Methods 0.000 claims description 7
- 238000000034 method Methods 0.000 description 5
- 230000005540 biological transmission Effects 0.000 description 4
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 238000007689 inspection Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0227—Filtering policies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/04—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
- H04L63/0428—Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1408—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
Abstract
The invention provides an information data exchange system based on a safety isolation gatekeeper, which comprises an intranet processing unit, an extranet processing unit and a safety isolation gatekeeper, wherein the safety isolation gatekeeper comprises an isolation control chip, an isolation storage unit, an intranet electronic switch and an extranet electronic switch, the intranet electronic switch, the isolation storage unit and the extranet electronic switch are sequentially connected in series between the intranet processing unit and the extranet processing unit, the isolation control chip is respectively and electrically connected with the intranet electronic switch and the extranet electronic switch, and is in communication connection with the intranet processing unit and the extranet processing unit, when information data exchange between the intranet and the extranet is carried out through the isolation storage unit, the isolation control chip carries out envelope encryption on the data, so that an intruder cannot obtain the content of pure data of the intranet/extranet even if the isolation storage unit is subjected to a physical connection intrusion event, and information data leakage is avoided.
Description
Technical Field
The invention relates to the technical field of network information security, in particular to an information data exchange method based on a security isolation gatekeeper.
Background
At present, the domestic network information technology is developed rapidly, but the information security problem is increased, for example, various network viruses are layered endlessly, and once the network viruses invade a computer system, the computer use is affected. In order to avoid the attack of the network virus of the external network, the enterprise generally stores important information data in the internal network, and sets a safety isolation gatekeeper between the internal network and the external network, wherein the safety isolation gatekeeper is connected with the internal network through an internal network processing unit, is connected with the external network through an external network processing unit, and comprises an internal network switch, an isolation storage unit and an external network switch which are sequentially connected in series between the internal network processing unit and the external network processing unit.
The safety isolation net gate is used for carrying out ferry transmission on information data between the internal network and the external network by enabling the first switch and the second switch to be not simultaneously connected, so that safety isolation is realized. For example, when the external network data is transmitted to the intranet, the second switch is firstly turned on, and the first switch is turned off, so that the external network data is firstly subjected to safety detection by the external network processing unit, the detected external network data is transmitted to the isolation storage unit by the second switch, then the second switch is turned off, and the first switch is turned on, so that the external network data in the isolation storage unit is transmitted to the intranet by the first switch and the intranet processing unit, and safety isolation is realized in the transmission process.
However, the information data exchanged and transmitted between the intranet and the extranet can be temporarily stored in the isolated storage unit, so that once the isolated storage unit has a physical connection intrusion event, the information data temporarily stored in the isolated storage unit can be leaked.
Disclosure of Invention
The technical problem to be solved by the invention is how to avoid information data leakage in the process of information data exchange and transmission between the intranet and the extranet.
In order to solve the technical problems, the present invention provides an information data exchange system based on a security isolation gatekeeper, comprising:
the intranet processing unit is in communication connection with an intranet, and is used for receiving intranet data from the intranet, carrying out safety detection on the intranet data so as to strip out detected intranet pure data for storage and scheduling, and sending switch control signals outwards;
the external network processing unit is in communication connection with an external network, and is used for receiving external network data from the external network, carrying out safety detection on the external network data so as to strip out the detected external network pure data for storage and scheduling, and sending a switch control signal outwards;
the safety isolation net gate comprises an isolation control chip, an isolation storage unit, an intranet electronic switch and an extranet electronic switch, wherein the intranet electronic switch, the isolation storage unit and the extranet electronic switch are sequentially connected in series between the intranet processing unit and the extranet processing unit, the intranet electronic switch and the extranet electronic switch are disconnected in a normal state, and the isolation control chip is respectively and electrically connected with the intranet electronic switch and the extranet electronic switch and is in communication connection with the intranet processing unit and the extranet processing unit so as to receive switch control signals from the intranet processing unit and/or the extranet processing unit;
under the condition that the isolation control chip receives a switch control signal from the intranet processing unit, a first master key and a first plaintext key are created, the first plaintext key is used for carrying out envelope encryption on the first plaintext key to generate a first ciphertext key, the first master key is sent to the extranet processing unit, the first plaintext key is used for encrypting the intranet pure data stripped by the intranet processing unit, the first plaintext key is destroyed, and the first ciphertext key is sent to the intranet processing unit to bind the encrypted intranet pure data; then the isolation control chip controls the intranet electronic switch to be connected according to the switch control signal so that the intranet processing unit sends the bound first ciphertext key and encrypted intranet pure data to the isolation storage unit through the intranet electronic switch, then the isolation control chip controls the intranet electronic switch to be disconnected and controls the extranet electronic switch to be connected so that the isolation storage unit sends the bound first ciphertext key and encrypted intranet pure data to the extranet processing unit through the extranet electronic switch; the external network processing unit decrypts the first ciphertext key by using the first master key to obtain the first plaintext key, decrypts the encrypted internal network pure data by using the first plaintext key to obtain internal network pure data, and then sends the internal network pure data to the external network to realize information data exchange;
under the condition that the isolation control chip receives a switch control signal from the external network processing unit, a second master key and a second plaintext key are created, the second master key is used for carrying out envelope encryption on the second plaintext key to generate a second ciphertext key, the second master key is sent to the internal network processing unit, the second plaintext key is used for encrypting the external network pure data stripped by the external network processing unit, the second plaintext key is destroyed, and the second ciphertext key is sent to the external network processing unit to bind the encrypted external network pure data; then the isolation control chip controls the external network electronic switch to be switched on according to the switch control signal so that the external network processing unit sends the bound second ciphertext key and encrypted external network pure data to the isolation storage unit through the external network electronic switch, and then the isolation control chip controls the external network electronic switch to be switched off and controls the internal network electronic switch to be switched on so that the isolation storage unit sends the bound second ciphertext key and encrypted external network pure data to the internal network processing unit through the internal network electronic switch; and the intranet processing unit decrypts the second ciphertext key by using the second master key to obtain the second plaintext key, decrypts the encrypted extranet pure data by using the second plaintext key to obtain the extranet pure data, and then sends the extranet pure data to the intranet to realize information data exchange.
Preferably, the intranet processing unit includes an intranet port for communication connection with an intranet.
Preferably, the external network processing unit includes an external network port for communication connection with an external network.
Preferably, the external network processing unit includes an external network filtering unit electrically connected to the external network port, for filtering, detecting and classifying external network data received through the external network port.
Preferably, the security detection of the intranet data by the intranet processing unit includes virus detection, firewall detection and/or intrusion protection detection.
Preferably, the security detection performed by the external network processing unit on the external network data includes virus detection, firewall detection and/or intrusion protection detection.
Preferably, the intranet processing unit is further configured to confirm the identity of the user receiving and transmitting intranet data.
Preferably, the external network processing unit is further configured to confirm the identity of the user receiving and transmitting the external network data.
The invention has the following beneficial effects: in the process of information data exchange and transmission between the internal network and the external network, the pure data of the internal network and the external network passing through the isolated storage unit are encrypted by the plaintext key, and the encrypted plaintext key is destroyed, so that even if the isolated storage unit is subjected to a physical connection intrusion event, an intruder can only acquire the encrypted pure data of the internal network and the external network and the ciphertext key bound with the encrypted pure data of the internal network and the external network, but cannot acquire the encrypted plaintext key, so that the encrypted pure data of the internal network and the external network cannot be decrypted, the content of the pure data of the internal network and the external network cannot be known, and information data leakage is avoided. After the encrypted internal/external network pure data and the ciphertext key bound with the encrypted internal/external network pure data are sent to the external/internal network processing unit, the external/internal network processing unit decrypts the ciphertext key by using the master key to obtain a plaintext key for encrypting the internal/external network pure data, so that the encrypted internal/external network pure data can be decrypted by using the plaintext key to obtain the content of the internal/external network pure data, and information data exchange is realized.
Drawings
Fig. 1 is a schematic diagram of a secure isolation gatekeeper-based information data exchange system.
Detailed Description
The invention is further described in detail below in connection with the detailed description.
The information data exchange system based on the safe isolation net gate is shown in fig. 1, and comprises an intranet processing unit 3, an outer net processing unit 4, an isolation control chip 5, an isolation storage unit 6, an intranet electronic switch 7 and an outer net electronic switch 8, wherein the safe isolation net gate is formed by the isolation control chip 5, the isolation storage unit 6, the intranet electronic switch 7 and the outer net electronic switch 8, the intranet electronic switch 7, the isolation storage unit 6 and the outer net electronic switch 8 are sequentially connected between the intranet processing unit 3 and the outer net processing unit 4 in series, and the isolation control chip 5 is respectively and electrically connected with the isolation storage unit 6, the intranet electronic switch 7 and the outer net electronic switch 8 and is in communication connection with the intranet processing unit 3 and the outer net processing unit 4.
The intranet processing unit 3 includes an intranet port for carrying out communication connection with the intranet 1, and after the intranet processing unit 3 is connected with the intranet 1 through the intranet port communication thereof, if receiving the intranet data from the intranet 1, then carrying out safety inspection such as virus detection, firewall detection, intrusion protection detection and the like on the intranet data so as to strip out the intranet pure data passing through detection to store and dispatch, and sending a switch control signal to the isolation control chip 5 when receiving the intranet data from the intranet 1.
The external network processing unit 4 includes an external network port for performing communication connection with the external network 2 and an external network filtering unit electrically connected to the external network port, and after the external network processing unit 4 is connected to the external network 2 through the external network port, if external network data from the external network 2 is received, the external network filtering unit performs filtering detection and classification on the external network data first, and the external network processing unit 4 performs security detection such as virus detection, firewall detection, intrusion protection detection, etc. on the external network data to strip out the detected external network pure data for storage and scheduling, and sends a switch control signal to the isolation control chip 5 when receiving the external network data from the external network 2.
Normally, the intranet electronic switch 7 and the extranet electronic switch 8 are disconnected, so that the intranet processing unit 3 and the extranet processing unit 4 are not mutually connected.
When intranet data is transmitted from the intranet 1 to the external network 2, the intranet processing unit 3 firstly receives the intranet data from the intranet 1, then the intranet processing unit 3 performs safety detection such as virus detection, firewall detection, intrusion protection detection and the like on the intranet data so as to strip out the detected intranet pure data for storage and scheduling, and sends a switch control signal to the isolation control chip 5 when the intranet data from the intranet 1 is received; under the condition that the isolation control chip 5 receives a switch control signal from the intranet processing unit 3, a first master key and a first plaintext key for envelope encryption are created, then the first plaintext key is used for envelope encryption to generate a first ciphertext key, the first master key is sent to the extranet processing unit 4, then the first plaintext key is used for encrypting the intranet pure data stripped by the intranet processing unit 3, the first plaintext key is destroyed, and then the first ciphertext key is sent to the intranet processing unit 3 to bind the encrypted intranet pure data; then the isolation control chip 5 controls the intranet electronic switch 7 to be switched on according to a switch control signal from the intranet processing unit 3 so that the intranet processing unit 3 sends the bound first ciphertext key and encrypted intranet pure data to the isolation storage unit 6 through the intranet electronic switch 7, then the isolation control chip 5 controls the intranet electronic switch 7 to be switched off and controls the extranet electronic switch 8 to be switched on so that the isolation storage unit 6 sends the bound first ciphertext key and the encrypted intranet pure data to the extranet processing unit 4 through the extranet electronic switch 8; then the external network processing unit 4 decrypts the first ciphertext key by using the first master key to obtain a first plaintext key, decrypts the encrypted internal network pure data by using the first plaintext key to obtain internal network pure data, and then sends the internal network pure data to the external network 2 to realize information data exchange.
In the above process, the intranet pure data passing through the isolation storage unit 6 is encrypted by the plaintext key, and the plaintext key used for encryption is destroyed, so that even if the isolation storage unit 6 is physically connected with an intrusion event, an intruder can only obtain the encrypted intranet pure data and the ciphertext key bound with the encrypted intranet pure data, but cannot obtain the plaintext key used for encryption, so that the encrypted intranet pure data cannot be decrypted, and the content of the intranet pure data cannot be known, thereby avoiding information data leakage. After the encrypted intranet pure data and the ciphertext key bound with the encrypted intranet pure data are sent to the external network processing unit 4, the external network processing unit 4 decrypts the ciphertext key by using the master key to obtain a plaintext key for encrypting the intranet pure data, so that the encrypted intranet pure data can be decrypted by using the plaintext key to obtain the content of the intranet pure data, and information data exchange is realized.
When external network data is transmitted from the external network 2 to the internal network 1, the external network processing unit 4 receives the external network data from the external network 2, then the external network processing unit 4 performs security detection such as virus detection, firewall detection, intrusion protection detection and the like on the external network data to strip out the detected external network pure data for storage and scheduling, and sends a switch control signal to the isolation control chip 5 when the external network data from the external network 2 is received; under the condition that the isolation control chip 5 receives a switch control signal from the external network processing unit 4, a second master key and a second plaintext key for envelope encryption are created, then the second plaintext key is used for envelope encryption to generate a second ciphertext key, the second master key is sent to the internal network processing unit 3, the second plaintext key is used for encrypting the external network pure data stripped by the external network processing unit 4, the second plaintext key is destroyed, and then the second ciphertext key is sent to the external network processing unit 4 to bind the encrypted external network pure data; then the isolation control chip 5 controls the external network electronic switch 8 to be turned on according to a switch control signal from the external network processing unit 4 so that the external network processing unit 4 sends the bound second ciphertext key and the encrypted external network pure data to the isolation storage unit 6 through the external network electronic switch 8, then the isolation control chip 5 controls the external network electronic switch 8 to be turned off and controls the internal network electronic switch 7 to be turned on so that the isolation storage unit 6 sends the bound second ciphertext key and the encrypted external network pure data to the internal network processing unit 3 through the internal network electronic switch 7; then the intranet processing unit 3 decrypts the second ciphertext key by using the second master key to obtain a second plaintext key, decrypts the encrypted extranet pure data by using the second plaintext key to obtain extranet pure data, and then sends the extranet pure data to the intranet 1 to realize information data exchange.
In the above process, the external network pure data passing through the isolation storage unit 6 is encrypted by the plaintext key, and the plaintext key used for encryption is destroyed, so that even if the isolation storage unit 6 has a physical connection intrusion event, an intruder can only obtain the encrypted external network pure data and the ciphertext key bound with the encrypted external network pure data, but cannot obtain the plaintext key used for encryption, so that the encrypted external network pure data cannot be decrypted, and the content of the external network pure data cannot be known, thereby avoiding information data leakage. After the encrypted external network pure data and the ciphertext key bound with the encrypted external network pure data are sent to the intranet processing unit 3, the intranet processing unit 3 decrypts the ciphertext key by utilizing the master key to obtain a plaintext key for encrypting the external network pure data, so that the encrypted external network pure data can be decrypted by utilizing the plaintext key to obtain the content of the external network pure data, and information data exchange is realized.
The above-described embodiments are provided for the present invention only and are not intended to limit the scope of patent protection. Insubstantial changes and substitutions can be made by one skilled in the art in light of the teachings of the invention, as yet fall within the scope of the claims.
Claims (8)
1. An information data exchange system based on a security isolation gatekeeper, comprising:
the intranet processing unit (3) is in communication connection with the intranet (1) and is used for receiving intranet data from the intranet (1), carrying out safety detection on the intranet data so as to strip out the detected intranet pure data for storage and scheduling, and sending a switch control signal outwards;
the external network processing unit (4) is in communication connection with the external network (2) and is used for receiving external network data from the external network (2), carrying out safety detection on the external network data so as to strip out the detected external network pure data for storage and scheduling, and sending a switch control signal outwards;
the safe isolation network gate comprises an isolation control chip (5), an isolation storage unit (6), an intranet electronic switch (7) and an extranet electronic switch (8), wherein the intranet electronic switch (7), the isolation storage unit (6) and the extranet electronic switch (8) are sequentially connected in series between the intranet processing unit (3) and the extranet processing unit (4), the intranet electronic switch (7) and the extranet electronic switch (8) are disconnected in a normal state, and the isolation control chip (5) is respectively and electrically connected with the isolation storage unit (6), the intranet electronic switch (7) and the extranet electronic switch (8) and is in communication connection with the intranet processing unit (3) and the extranet processing unit (4) so as to receive switch control signals from the intranet processing unit (3) and/or the extranet processing unit (4);
under the condition that a switch control signal from the intranet processing unit (3) is received, the isolation control chip (5) creates a first master key and a first plaintext key, then uses the first master key to encrypt the first plaintext key in an envelope to generate a first ciphertext key, then sends the first master key to the extranet processing unit (4), then uses the first plaintext key to encrypt the intranet pure data stripped by the intranet processing unit (3), then destroys the first plaintext key, and then sends the first ciphertext key to the intranet processing unit (3) to bind the encrypted intranet pure data; then the isolation control chip (5) controls the intranet electronic switch (7) to be connected according to the switch control signal so that the intranet processing unit (3) sends the bound first ciphertext key and the encrypted intranet pure data to the isolation storage unit (6) through the intranet electronic switch (7), and then the isolation control chip (5) controls the intranet electronic switch (7) to be disconnected and controls the extranet electronic switch (8) to be connected so that the isolation storage unit (6) sends the bound first ciphertext key and the encrypted intranet pure data to the extranet processing unit (4) through the extranet electronic switch (8); the external network processing unit (4) decrypts the first ciphertext key by utilizing the first master key to obtain the first plaintext key, decrypts the encrypted internal network pure data by utilizing the first plaintext key to obtain the internal network pure data, and then sends the internal network pure data to the external network (2) to realize information data exchange;
under the condition that a switch control signal from the external network processing unit (4) is received, the isolation control chip (5) creates a second master key and a second plaintext key, then uses the second master key to carry out envelope encryption on the second plaintext key to generate a second ciphertext key, then sends the second master key to the internal network processing unit (3), then uses the second plaintext key to encrypt the external network pure data stripped by the external network processing unit (4), destroys the second plaintext key, and then sends the second ciphertext key to the external network processing unit (4) to bind the encrypted external network pure data; then the isolation control chip (5) controls the external network electronic switch (8) to be turned on according to the switch control signal so that the external network processing unit (4) sends the bound second ciphertext key and the encrypted external network pure data to the isolation storage unit (6) through the external network electronic switch (8), and then the isolation control chip (5) controls the external network electronic switch (8) to be turned off and controls the internal network electronic switch (7) to be turned on so that the isolation storage unit (6) sends the bound second ciphertext key and the encrypted external network pure data to the internal network processing unit (3) through the internal network electronic switch (7); the intranet processing unit (3) decrypts the second ciphertext key by utilizing the second master key to obtain the second plaintext key, decrypts the encrypted extranet pure data by utilizing the second plaintext key to obtain the extranet pure data, and then sends the extranet pure data to the intranet (1) to realize information data exchange.
2. The information data exchange system based on a security isolation gatekeeper according to claim 1, wherein the intranet processing unit (3) comprises an intranet port for communication connection with an intranet (1).
3. The information data exchange system based on a security isolation gatekeeper according to claim 1 or 2, characterized in that the external network processing unit (4) comprises an external network port for communication connection with an external network (2).
4. A secure and isolated gatekeeper-based information data exchange system according to claim 3, wherein the external network processing unit (4) comprises an external network filtering unit electrically connected to the external network port for filtering detection and classification of external network data received via the external network port.
5. The information data exchange system based on the security isolation gatekeeper according to claim 1, wherein the security detection of the intranet data by the intranet processing unit (3) comprises virus detection, firewall detection and/or intrusion protection detection.
6. The information data exchange system based on the security isolation gatekeeper according to claim 1 or 5, wherein the security detection of the external network data by the external network processing unit (4) comprises virus detection, firewall detection and/or intrusion protection detection.
7. The information data exchange system based on the security isolation gatekeeper according to claim 1, wherein the intranet processing unit (3) is further configured to confirm the identity of a user receiving and transmitting intranet data.
8. The information data exchange system based on a security isolation gatekeeper according to claim 1 or 7, wherein the external network processing unit (4) is further configured to confirm the identity of the subscriber transceiving the external network data.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210123454.2A CN114500068B (en) | 2022-02-10 | 2022-02-10 | Information data exchange system based on safety isolation gatekeeper |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210123454.2A CN114500068B (en) | 2022-02-10 | 2022-02-10 | Information data exchange system based on safety isolation gatekeeper |
Publications (2)
Publication Number | Publication Date |
---|---|
CN114500068A CN114500068A (en) | 2022-05-13 |
CN114500068B true CN114500068B (en) | 2024-01-09 |
Family
ID=81477608
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210123454.2A Active CN114500068B (en) | 2022-02-10 | 2022-02-10 | Information data exchange system based on safety isolation gatekeeper |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN114500068B (en) |
Families Citing this family (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN115220666B (en) * | 2022-09-21 | 2022-12-23 | 南京中岱得存储技术有限公司 | Independent cloud storage device and data circulation method applying same |
CN116545749A (en) * | 2023-06-06 | 2023-08-04 | 智云算能科技(深圳)有限公司 | Intelligent data safety transmission system |
Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005236605A (en) * | 2004-02-19 | 2005-09-02 | Hitachi Communication Technologies Ltd | Encryption communication apparatus |
CN204719759U (en) * | 2015-07-09 | 2015-10-21 | 河北软创实业有限公司 | A kind of computer network virus shielding system |
CN106941494A (en) * | 2017-03-30 | 2017-07-11 | 中国电力科学研究院 | A kind of security isolation gateway and its application method suitable for power information acquisition system |
CN106998333A (en) * | 2017-05-24 | 2017-08-01 | 山东省计算中心(国家超级计算济南中心) | A kind of bilateral network security isolation system and method |
CN111556062A (en) * | 2020-05-06 | 2020-08-18 | 国网电力科学研究院有限公司 | Network security isolation device with one-way import function and method |
CN111756777A (en) * | 2020-08-28 | 2020-10-09 | 腾讯科技(深圳)有限公司 | Data transmission method, data processing device, data processing apparatus, and computer storage medium |
CN112187791A (en) * | 2020-09-27 | 2021-01-05 | 酒泉钢铁(集团)有限责任公司 | Data safety transmission system for industrial control |
CN112565288A (en) * | 2020-12-21 | 2021-03-26 | 南京南瑞信息通信科技有限公司 | Method and system for executing internal network acquisition and control instruction on external network |
CN212850561U (en) * | 2020-09-25 | 2021-03-30 | 安徽健坤通信股份有限公司 | Network safety isolation device for realizing intranet information safety |
CN112671530A (en) * | 2019-11-21 | 2021-04-16 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
CN113407990A (en) * | 2021-05-26 | 2021-09-17 | 杭州安恒信息技术股份有限公司 | Data circulation processing method, device, system, electronic device and storage medium |
CN113472801A (en) * | 2021-07-12 | 2021-10-01 | 中国人民解放军陆军勤务学院 | Physically isolated network communication method and module |
CN113949523A (en) * | 2021-08-30 | 2022-01-18 | 国网安徽省电力有限公司电力科学研究院 | Cross-network transmission system and method for individual soldier |
Family Cites Families (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP3914861B2 (en) * | 2002-11-29 | 2007-05-16 | Necインフロンティア株式会社 | Communications system |
US20170357801A1 (en) * | 2016-06-09 | 2017-12-14 | JPS Engineering Corp. | Isolation system for cybersecurity |
JP6730740B2 (en) * | 2017-12-25 | 2020-07-29 | 株式会社アクセル | Processing device, processing method, processing program, and cryptographic processing system |
US11196718B2 (en) * | 2019-12-12 | 2021-12-07 | Patrick Scott Heller | Method of secure data storage and transfer |
-
2022
- 2022-02-10 CN CN202210123454.2A patent/CN114500068B/en active Active
Patent Citations (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2005236605A (en) * | 2004-02-19 | 2005-09-02 | Hitachi Communication Technologies Ltd | Encryption communication apparatus |
CN204719759U (en) * | 2015-07-09 | 2015-10-21 | 河北软创实业有限公司 | A kind of computer network virus shielding system |
CN106941494A (en) * | 2017-03-30 | 2017-07-11 | 中国电力科学研究院 | A kind of security isolation gateway and its application method suitable for power information acquisition system |
CN106998333A (en) * | 2017-05-24 | 2017-08-01 | 山东省计算中心(国家超级计算济南中心) | A kind of bilateral network security isolation system and method |
CN112671530A (en) * | 2019-11-21 | 2021-04-16 | 华控清交信息科技(北京)有限公司 | Data processing method and device and data processing device |
CN111556062A (en) * | 2020-05-06 | 2020-08-18 | 国网电力科学研究院有限公司 | Network security isolation device with one-way import function and method |
CN111756777A (en) * | 2020-08-28 | 2020-10-09 | 腾讯科技(深圳)有限公司 | Data transmission method, data processing device, data processing apparatus, and computer storage medium |
CN212850561U (en) * | 2020-09-25 | 2021-03-30 | 安徽健坤通信股份有限公司 | Network safety isolation device for realizing intranet information safety |
CN112187791A (en) * | 2020-09-27 | 2021-01-05 | 酒泉钢铁(集团)有限责任公司 | Data safety transmission system for industrial control |
CN112565288A (en) * | 2020-12-21 | 2021-03-26 | 南京南瑞信息通信科技有限公司 | Method and system for executing internal network acquisition and control instruction on external network |
CN113407990A (en) * | 2021-05-26 | 2021-09-17 | 杭州安恒信息技术股份有限公司 | Data circulation processing method, device, system, electronic device and storage medium |
CN113472801A (en) * | 2021-07-12 | 2021-10-01 | 中国人民解放军陆军勤务学院 | Physically isolated network communication method and module |
CN113949523A (en) * | 2021-08-30 | 2022-01-18 | 国网安徽省电力有限公司电力科学研究院 | Cross-network transmission system and method for individual soldier |
Non-Patent Citations (1)
Title |
---|
基于双端口SRAM的网闸设计;李洪波;应一凡;朱献;;电脑知识与技术(12);第2835-2836页 * |
Also Published As
Publication number | Publication date |
---|---|
CN114500068A (en) | 2022-05-13 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN114500068B (en) | Information data exchange system based on safety isolation gatekeeper | |
JP3145407B2 (en) | Signal transmission system and communication system | |
US20040086121A1 (en) | Secure automatic dependant surveillance | |
CN106656510A (en) | Encryption key acquisition method and system | |
WO2000049764A1 (en) | Data authentication system employing encrypted integrity blocks | |
WO2008087640A2 (en) | Secure archive | |
CN101227279A (en) | Device, system and method for encrypting and deciphering audio signal | |
JPH04154233A (en) | Communication concealing method | |
CN110336788A (en) | A kind of data safety exchange method of internet of things equipment and mobile terminal | |
CN101923654A (en) | Ultrahigh frequency reader-writer suitable for remote security control by different users | |
CN111988289B (en) | EPA industrial control network security test system and method | |
KR20100078323A (en) | Data protection method and apparatus for scada network based on modbus protocol | |
CN112261053A (en) | Network gate system communication method based on embedded multi-core processing mode | |
CN101197822B (en) | System for preventing information leakage and method based on the same | |
Kent | Encryption-based protection for interactive user/computer communication | |
CN101699456A (en) | Computer security system and method thereof | |
CN107733590A (en) | The data transmission device and method of a kind of high-speed bus | |
CN112202773A (en) | Computer network information security monitoring and protection system based on internet | |
CN112804265B (en) | Unidirectional network gate interface circuit, method and readable storage medium | |
CN107317925A (en) | Mobile terminal | |
CN112600799A (en) | Encryption system and operation mode for data transmission | |
Jianguang et al. | The security research of network access control system | |
CN112632583A (en) | Internet of things integrated management system | |
CN201204603Y (en) | Conducted interference unit for Ethernet | |
JPS60102038A (en) | Cipher communication system |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |