CN114666172A - Internal and external network isolation communication system and method - Google Patents
Internal and external network isolation communication system and method Download PDFInfo
- Publication number
- CN114666172A CN114666172A CN202210572671.XA CN202210572671A CN114666172A CN 114666172 A CN114666172 A CN 114666172A CN 202210572671 A CN202210572671 A CN 202210572671A CN 114666172 A CN114666172 A CN 114666172A
- Authority
- CN
- China
- Prior art keywords
- external network
- intranet
- network
- communication
- access request
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Small-Scale Networks (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides an internal and external network isolation communication system and method for solving the problem that the existing local area network and the internet cannot communicate with each other, and belongs to the technical field of the internet. The system comprises an external network device, an internal network device, a cloud transfer server and a network bridge. The method comprises the following steps: selecting to execute a first working mode or a second working mode, and adjusting a communication connection mode among the cloud transfer server, the network bridge and the external network equipment based on a selection result; and establishing an intranet access state of the external network or an intranet access external network working state, and executing a corresponding access communication process based on a determined result. The internal and external network isolation communication system and method can realize the data interaction of the internal and external networks. Meanwhile, due to the isolation of the network bridge, the authorization authentication of the cloud transfer server and the interaction of three items of specified data protocol specifications of a user, the safety of the intranet network is effectively guaranteed not to be affected.
Description
Technical Field
The invention relates to the technical field of internet, in particular to an internal and external network isolation communication system and method.
Background
The internet of things is used as a high-level integration and comprehensive application of a new-generation information technology, has the characteristics of strong permeability, large driving effect and good comprehensive benefit, and is a further promotion for the development of information industry after computers, the internet and mobile communication networks.
However, due to the considerations of network integrity, etc., the local lan is usually completely physically isolated from the internet, i.e., the local lan cannot communicate with the internet. With the rise and landing of the industrial internet and the internet of things, the limited development of interconnection and intercommunication of the internal network and the external network is imperative on the premise of ensuring the ultrahigh security level of the local area network.
Disclosure of Invention
The invention provides an internal and external network isolation communication system and method for solving the problem that the existing local area network and the internet cannot communicate with each other. The internal and external network isolation communication system and method can realize the data interaction of the internal and external networks. Meanwhile, due to the isolation of the network bridge and the authorization authentication of the cloud transfer server, the user specifies three interaction items of the data protocol specification, and the safety of the intranet network is effectively guaranteed not to be influenced.
The technical scheme adopted by the invention is as follows:
an intra-and extranet isolated communication system, said system having a first mode of operation and/or a second mode of operation;
in the first mode of operation, the system comprises:
the cloud transfer server is used for cleaning and filtering data contained in the extranet access request according to a user-specified data protocol specification, retaining pure data to be transmitted, caching the pure data to be transmitted after the intranet access request is cleaned and filtered according to the user-specified data protocol specification, and performing authorization authentication on the communication connection application;
the external network equipment is used for initiating an external network access request and carrying out access communication response on the internal network access request by the target external network equipment; the communication connection between the external network equipment and the cloud transfer server is applied for authorization authentication of the cloud transfer server, and after authorization is obtained, the external network equipment and the cloud transfer server communicate through the Internet;
the network bridge is communicated with the cloud transfer server; the network bridge is used for pulling and transmitting pure data which needs to be transmitted after the external network access request is cleaned and filtered according to a data protocol specification specified by a user, cleaning and filtering the data in the internal network access request according to the data protocol specification specified by the user, and reserving the pure data which needs to be transmitted;
the intranet equipment communicates with the network bridge through a local area network, initiates an intranet access request, and performs access communication response on the intranet access request by the target intranet equipment;
in the second mode of operation, the system comprises:
the network bridge is used for cleaning and filtering data contained in the external network access request or the internal network access request according to a data protocol specification specified by a user, and retaining pure data to be transmitted and transmitting the pure data;
the external network equipment is used for initiating an external network access request and carrying out access communication response on the internal network access request by the target external network equipment;
the cloud transfer server is used for carrying out authorization authentication on communication connection application between the external network equipment and the network bridge, establishing communication connection between the external network equipment and the network bridge after authorization is obtained, and simultaneously feeding back the current IP address of the network bridge to the external network equipment through the Internet;
the intranet equipment communicates with the network bridge through a local area network, initiates an intranet access request, and performs access communication response on the intranet access request by the target intranet equipment.
Furthermore, the extranet equipment and the intranet equipment respectively have unique and fixed identification information; the external network communication request initiated by the external network equipment comprises the identification information of the internal network equipment of the target; the intranet communication request initiated by the intranet equipment comprises identification information of the target extranet equipment.
Further, in the first working mode, the network bridge and the cloud transfer server communicate with each other through a mobile phone network;
and in the second working mode, the communication between the external network equipment and the network bridge and the communication between the cloud transfer server and the network bridge are carried out through a mobile phone network.
Further, the bridge has an outer and an inner mcu module; and the outer mcu module and the inner mcu module perform data interaction through a data interaction channel.
Furthermore, the outer mcu module includes a chip for running program load, and the built-in program in the chip does not support an action of changing the built-in program by using a communication interface.
Furthermore, the inner mcu module contains a chip for carrying the running program, and the built-in program in the chip does not support the action of changing the built-in program by using the communication interface.
Furthermore, the data interaction channel is performed in a hardware bus mode.
Further, the hardware bus includes, but is not limited to, UART, USB, CAN, RS 485.
The internal and external network isolation communication method based on the internal and external network isolation communication system comprises the following steps:
step S1, selecting to execute the first working mode or the second working mode, and adjusting the communication connection manner among the cloud transfer server, the network bridge, and the external network device based on the selection result;
step S2, establishing an extranet access intranet state or an intranet access extranet working state, and executing a corresponding extranet access communication flow in the first working mode, an intranet access communication flow in the first working mode, an extranet access communication flow in the second working mode, or an intranet access communication flow in the second working mode based on the determination result.
Further, in step S2, the extranet access communication process in the first operating mode specifically includes the following steps:
step S2A1, the external network equipment initiates an external network access connection request to the cloud transfer server, and the cloud transfer server performs authorization and authentication on the external network access request;
if the authorization is obtained, establishing communication connection between the external network equipment and the cloud transfer server, uploading data contained in the external network access request to the cloud transfer server, and executing the next step;
if not, refusing the external network access request;
step S2A2, the cloud transit server performs data cleaning and filtering on data contained in the external network access request according to a data protocol specification specified by a user, retains pure data to be transmitted, and then transmits the pure data to the network bridge;
step S2A3, the network bridge receives pure data and sends the pure data to the target intranet equipment to perform extranet access communication response;
the intranet access communication process in the first working mode specifically comprises the following steps:
step S2B1, the intranet equipment initiates an intranet access request to the network bridge;
step S2B2, the network bridge cleans and filters the data contained in the intranet access request according to the data protocol specification appointed by the user, retains the pure data to be transmitted, and then transmits the pure data to the cloud transit server for caching;
step S2B3, the target extranet equipment initiates a communication connection application to the cloud transit server; step S2B4, the cloud transit server carries out authorization and authentication on the communication connection application;
if the authorization is obtained, establishing communication connection between the cloud transfer server and the external network equipment; the extranet equipment pulls the pure data cached on the cloud transfer server to perform intranet access communication response;
the external network access communication process in the second working mode specifically comprises the following steps:
step S2C1, the external network equipment initiates an external network access request to the network bridge, and the cloud transit server performs authorization and authentication on the external network access request;
if the authorization is obtained, establishing communication connection between the external network equipment and the network bridge, and simultaneously feeding back the current IP address of the network bridge to the external network equipment by the cloud transfer server to execute the next step;
if not, refusing the external network access request;
step S2C2, the network bridge cleans and filters the data contained in the external network access request according to the data protocol specification appointed by the user, retains the pure data to be transmitted, and sends the pure data to the target intranet equipment to perform the external network access communication response;
the intranet access communication process in the second working mode specifically comprises the following steps:
step S2D1, the intranet equipment initiates an intranet access request to the network bridge;
step S2D2, the network bridge cleans and filters the data contained in the intranet access request according to the data protocol specification specified by the user, and retains the pure data to be transmitted;
step S2D3, the target extranet equipment initiates a communication connection application to the cloud transfer server, and the cloud transfer server performs authorization authentication on the communication connection application;
if the authorization is obtained, the communication connection between the external network equipment and the network bridge is established, and meanwhile, the cloud transfer server feeds back the current IP address of the network bridge to the external network equipment to carry out an internal network access communication response;
if not, the intranet access request is refused.
The invention has the beneficial effects that:
the invention provides an internal and external network isolation communication system and method for solving the problem that the existing local area network and the internet cannot communicate with each other. The system comprises an external network device, an internal network device, a cloud transfer server and a network bridge. The method comprises the following steps: step S1, selecting to execute the first working mode or the second working mode, and adjusting the communication connection manner among the cloud transfer server, the network bridge, and the external network device based on the selection result; step S2, establishing an extranet access intranet state or an intranet access extranet working state, and executing a corresponding extranet access communication flow in the first working mode, an intranet access communication flow in the first working mode, an extranet access communication flow in the second working mode, or an intranet access communication flow in the second working mode based on the determination result. The internal and external network isolation communication system and method can realize data interaction of the internal and external networks. Meanwhile, due to the isolation of the network bridge, the authorization authentication of the cloud transfer server and the interaction of three items of specified data protocol specifications of a user, the safety of the intranet network is effectively guaranteed not to be affected.
Drawings
In order to more clearly illustrate the embodiments of the present application or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present application, and other drawings can be obtained by those skilled in the art without creative efforts.
Fig. 1 is a schematic diagram of a logical connection structure of a system in a first operating mode in embodiment 1.
Fig. 2 is a schematic diagram of a logical connection structure of a system in a second operating mode in embodiment 1.
Wherein the reference numerals are:
1-extranet equipment, 2-intranet equipment, 3-cloud transfer server and 4-network bridge;
41-outer mcu module, 42-inner mcu module.
Detailed Description
In the following, only certain exemplary embodiments are briefly described. As those skilled in the art will recognize, the described embodiments may be modified in various different ways, all without departing from the spirit or scope of the present invention. Accordingly, the drawings and description are to be regarded as illustrative in nature, and not as restrictive.
In the description of the present invention, it is to be understood that the terms "central," "longitudinal," "lateral," "length," "width," "thickness," "upper," "lower," "front," "rear," "left," "right," "vertical," "horizontal," "top," "bottom," "inner," "outer," "clockwise," "counterclockwise," "axial," "radial," "circumferential," and the like are used in the orientations and positional relationships indicated in the drawings for convenience in describing the invention and to simplify the description, and are not intended to indicate or imply that the referenced device or element must have a particular orientation, be constructed and operated in a particular orientation, and are not to be considered limiting of the invention.
The following disclosure provides many different embodiments or examples for implementing different features of the invention. To simplify the disclosure of the present invention, the components and arrangements of specific examples are described below. Of course, they are merely examples and are not intended to limit the present invention.
Embodiments of the invention are described in detail below with reference to the accompanying drawings.
Due to the consideration of network completeness and the like, the local area network is completely physically isolated from the internet, that is, the local area network cannot communicate with the internet. With the rise and landing of industrial internet and internet of things, the limited development of interconnection and intercommunication of internal and external networks is imperative on the premise of ensuring the ultrahigh security level of a local area network.
Therefore, the embodiment provides an intranet and extranet isolated communication system, which has a first operation mode and/or a second operation mode.
In the first operating mode, the system includes an external network device 1, an internal network device 2, a cloud transit server 3, and a network bridge 4, as shown in fig. 1.
The cloud transit server 3 is used for cleaning and filtering data contained in the external network access request according to the user-specified data protocol specification, retaining pure data to be transmitted, caching the pure data to be transmitted after the internal network access request is cleaned and filtered according to the user-specified data protocol specification, and performing authorization authentication on the communication connection application.
The data protocol specification specified by the user can be a personalized communication protocol specification designed for a specific user, and can also be various standard protocol specifications such as http and html, and the essence of the whole data communication method is not influenced.
The external network device 1 is configured to initiate an external network access request, and perform an access communication response on the internal network access request by the target external network device 1. The external network equipment 1 and the cloud transfer server 3 are authorized and authenticated by the cloud transfer server 3, and after obtaining authorization, the external network equipment and the cloud transfer server communicate through the internet.
The extranet equipment 1 comprises Internet of things equipment and/or industrial Internet equipment.
The network bridge 4 communicates with the cloud relay server 3. The network bridge 4 is used for pulling and transmitting pure data which needs to be transmitted after the external network access request is cleaned and filtered according to the data protocol specification specified by the user, cleaning and filtering the data in the internal network access request according to the data protocol specification specified by the user, and reserving the pure data which needs to be transmitted.
The intranet equipment 2 communicates with the network bridge 4 through a local area network, initiates an intranet access request, and makes an access communication response to the intranet access request through the target intranet equipment 2.
In the second operating mode, the system includes an external network device 1, an internal network device 2, a cloud transit server 3, and a network bridge 4, as shown in fig. 2.
The network bridge 4 is used for cleaning and filtering data contained in the external network access request or the internal network access request according to a data protocol specification specified by a user, and retaining pure data to be transmitted and transmitting the pure data;
the external network device 1 is configured to initiate an external network access request, and perform an access communication response on the internal network access request by the target external network device 1.
The cloud relay server 3 is configured to perform authorization and authentication on a communication connection application between the external network device 1 and the network bridge 4, and establish a communication connection between the external network device 1 and the network bridge after obtaining authorization. And simultaneously, the cloud transit server 3 feeds back the current IP address of the network bridge 4 to the external network device 1 through the internet.
The intranet equipment 2 communicates with the network bridge 4 through a local area network, initiates an intranet access request, and makes an access communication response to the intranet access request through the target intranet equipment 2.
In the system in the embodiment, the internal and external network data interactive communication can be realized. Meanwhile, due to the isolation of the network bridge, the authorization authentication of the cloud transfer server and the interaction of three items of specified data protocol specifications of a user, the safety of the intranet network is effectively guaranteed not to be affected.
Further, the extranet device 1 and the intranet device 2 have unique and fixed identification information, respectively. The extranet communication request initiated by the extranet device 1 includes the identification information of the intranet device 2 of the target. The intranet communication request initiated by the intranet equipment 2 includes identification information of the target extranet equipment 1.
For example, when the external network transmits to the internal network, the IP address that needs to be transmitted to the final internal network device may be taken as the identification information, so that the data interaction confusion between the external network devices and the internal network devices may be prevented.
Further, in the first operating mode, the network bridge 4 and the cloud transfer server 3 communicate with each other through a mobile phone network.
The existing mobile phone network is wide in coverage range, so that the convenience and the high efficiency of the mobile phone network can be fully realized, and the equipment arrangement cost input is reduced.
In the second operating mode, the communication between the external network device 1 and the network bridge 4, and the communication between the cloud transfer server 3 and the network bridge 4 are performed through a mobile phone network.
Further, the bridge 4 has an outer mcu module 41 and an inner mcu module 42; the outer mcu module 41 and the inner mcu module 42 perform data interaction through a data interaction channel.
The outer mcu module 41 and the inner mcu module 42 can both perform data cleaning and filtering according to a data protocol specification specified by a user, retain pure data to be transmitted, and perform pure data transmission.
Further, the outer mcu module 41 includes a chip for carrying a running program, and the built-in program in the chip does not support an action of changing the built-in program by using a communication interface.
Further, the inner mcu module 42 includes a chip for running a program bearer, and the built-in program in the chip does not support an action of changing the built-in program by using the communication interface.
The chips of the outer mcu module 41 and the inner mcu module 42 do not adopt an operating system such as liunx or windows which is easy to attack, and programs which only run on a single chip microcomputer are designed by themselves, and do not support program downloading, burning, and other actions for changing built-in programs through a communication interface. The program is completely solidified in the chip, and hackers cannot invade and modify the operation solidified program on the singlechip through the internal and external network connection ports, so that the data security is ensured.
Furthermore, the data interaction channel is performed in a hardware bus mode.
Further, the hardware bus includes, but is not limited to, UART, USB, CAN, RS 485.
The data interaction channel adopts hardware bus to communicate and interact data, so that a TCP connection between two sides of the double networks is effectively cut off, and the physical mechanism isolation is carried out when illegal data access which does not meet communication rules is carried out.
The following is a specific case:
for example, there are 5 devices in the extranet environment, and the numbers are device a, device B, device C, device D, and device E, respectively. There are 4 devices in the intranet environment, numbered device T1, device T2, device T3, and device T4, respectively. The extranet and the intranet cannot communicate directly. In the first mode of operation, when device a in the extranet environment needs to communicate with device T4 in the intranet environment. The equipment A firstly initiates an external network connection communication request to the cloud transfer server through the Internet, and establishes formal connection after obtaining authorization authentication. After the device A transmits data contained in the external network communication request to the cloud transfer server through the Internet, the cloud transfer server firstly performs data cleaning and filtering according to a data protocol specification specified by a user, only pure data needing to be transmitted is reserved, and then the pure data is transmitted to the network bridge through the mobile phone network. The bridge receives the pure data and sends it to device T4 for communication.
Example 2
An intranet-extranet isolated communication method based on the intranet-extranet isolated communication system in embodiment 1, the method comprising the steps of:
step S1, selecting to execute the first working mode or the second working mode, and adjusting the communication connection manner among the cloud relay server 3, the network bridge 4, and the external network device 1 based on the selection result;
step S2, establishing an extranet access intranet state or an intranet access extranet working state, and executing a corresponding extranet access communication flow in the first working mode, an intranet access communication flow in the first working mode, an extranet access communication flow in the second working mode, or an intranet access communication flow in the second working mode based on the determination result.
Further, in step S2, the extranet access communication process in the first operating mode specifically includes the following steps:
step S2a1, the extranet device 1 initiates an extranet access connection request to the cloud relay server 3, and the cloud relay server 3 performs authorization and authentication on the extranet access request;
if the authorization is obtained, establishing communication connection between the external network equipment 1 and the cloud transfer server 3, uploading data contained in the external network access request to the cloud transfer server 3, and executing the next step;
if not, refusing the external network access request;
step S2a2, the cloud transit server 3 performs data cleaning and filtering on data included in the extranet access request according to a data protocol specification specified by a user, retains pure data to be transferred, and then transfers the pure data to the bridge 4;
step S2A3, the network bridge 4 receives pure data, sends the pure data to the target intranet equipment 2, and carries out extranet access communication response;
the intranet access communication process in the first working mode specifically comprises the following steps:
step S2B1, the intranet device 2 initiates an intranet access request to the network bridge 4;
step S2B2, the network bridge 4 performs data cleaning and filtering on the data included in the intranet access request according to the data protocol specification specified by the user, retains the pure data to be transferred, and then transfers the pure data to the cloud transfer server 3 for caching;
step S2B3, the target extranet device 1 initiates a communication connection application to the cloud relay server 3; step S2B4, the cloud transit server 3 performs authorization and authentication on the communication connection application;
if the authorization is obtained, establishing communication connection between the cloud transfer server 3 and the external network equipment 1, and pulling pure data cached in the cloud transfer server 3 by the external network equipment 1 to perform intranet access communication response;
the external network access communication process in the second working mode specifically comprises the following steps:
step S2C1, the extranet device 1 initiates an extranet access request to the network bridge 4, and the cloud relay server 3 performs authorization and authentication on the extranet access request;
if the authorization is obtained, establishing communication connection between the external network equipment 1 and the network bridge 4, and simultaneously feeding back the current IP address of the network bridge 4 to the external network equipment 1 by the cloud transfer server 3 to execute the next step;
if not, refusing the external network access request;
step S2C2, the network bridge 4 cleans and filters the data contained in the external network access request according to the data protocol specification appointed by the user, retains the pure data to be transmitted, and sends the pure data to the target intranet equipment 2 to perform the external network access communication response;
the intranet access communication process in the second working mode specifically comprises the following steps:
step S2D1, the intranet device 2 initiates an intranet access request to the network bridge 4;
step S2D2, the network bridge 4 cleans and filters the data contained in the intranet access request according to the specification of the user-specified data protocol, and retains the pure data to be transmitted;
step S2D3, the target extranet device 1 initiates a communication connection application to the cloud relay server 3, and the cloud relay server 3 performs authorization and authentication on the communication connection application;
if the authorization is obtained, the communication connection between the external network equipment 1 and the network bridge 4 is established, and meanwhile, the cloud transfer server 3 feeds back the current IP address of the network bridge 4 to the external network equipment 1 to perform intranet access communication response;
if not, the intranet access request is refused.
The method in the embodiment can realize the isolated communication of the internal network and the external network under various access communication flows in various modes, has wide application range and ensures the safety of the network data of the internal network.
Claims (10)
1. An intranet and extranet isolated communication system, wherein the system has a first mode of operation and/or a second mode of operation;
in the first mode of operation, the system comprises:
the cloud transfer server is used for cleaning and filtering data contained in the extranet access request according to a user-specified data protocol specification, retaining pure data to be transmitted, caching the pure data to be transmitted after the intranet access request is cleaned and filtered according to the user-specified data protocol specification, and performing authorization authentication on the communication connection application;
the external network equipment is used for initiating an external network access request and carrying out access communication response on the internal network access request by the target external network equipment; the communication connection between the external network equipment and the cloud transfer server is applied for authorization authentication of the cloud transfer server, and after authorization is obtained, the external network equipment and the cloud transfer server communicate through the Internet;
the network bridge is communicated with the cloud transfer server; the network bridge is used for pulling and transmitting pure data which needs to be transmitted after the external network access request is cleaned and filtered according to a data protocol specification specified by a user, cleaning and filtering the data in the internal network access request according to the data protocol specification specified by the user, and reserving the pure data which needs to be transmitted;
the intranet equipment is communicated with the network bridge through a local area network, an intranet access request is initiated, and the intranet equipment of a target makes an access communication response to the intranet access request;
in the second mode of operation, the system comprises:
the network bridge is used for cleaning and filtering data contained in the external network access request or the internal network access request according to a data protocol specification specified by a user, and reserving pure data to be transmitted and transmitting the pure data;
the external network equipment is used for initiating an external network access request and carrying out access communication response on the internal network access request by the target external network equipment;
the cloud transfer server is used for carrying out authorization authentication on communication connection application between the external network equipment and the network bridge, establishing communication connection between the external network equipment and the network bridge after authorization is obtained, and simultaneously feeding back the current IP address of the network bridge to the external network equipment through the Internet;
the intranet equipment is communicated with the network bridge through a local area network, an intranet access request is initiated, and the target intranet equipment performs access communication response on the intranet access request.
2. The intranet and extranet isolated communication system of claim 1, wherein the extranet device and the intranet device have unique fixed identification information, respectively; the external network communication request initiated by the external network equipment comprises the identification information of the internal network equipment of the target; the intranet communication request initiated by the intranet equipment comprises identification information of the target extranet equipment.
3. The intranet and extranet isolated communication system of claim 1, wherein in the first operating mode, the network bridge and the cloud transfer server communicate with each other through a mobile phone network;
and in the second working mode, the communication between the external network equipment and the network bridge and the communication between the cloud transfer server and the network bridge are carried out through a mobile phone network.
4. The intranet and extranet isolated communication system of claim 1, wherein the network bridge has an outer mcu module and an inner mcu module; and the outer mcu module and the inner mcu module carry out data interaction through a data interaction channel.
5. The system according to claim 4, wherein the outer mcu module includes a chip for running a program bearer, and the built-in program in the chip does not support an action of changing the built-in program by using the communication interface.
6. The system according to claim 4, wherein the inner mcu module includes a chip for running a program bearer, and the built-in program in the chip does not support an action of changing the built-in program by using the communication interface.
7. The Intranet and Intranet isolated communication system according to claim 4, wherein said data communication channel is implemented by means of hardware bus.
8. The system according to claim 7, wherein the hardware bus comprises UART, USB, CAN, RS 485.
9. An internal and external network isolation communication method, which is a specific application process of the internal and external network isolation communication system according to any one of claims 1 to 7, and is characterized by comprising the following steps:
step S1, selecting to execute the first working mode or the second working mode, and adjusting the communication connection manner among the cloud transfer server, the network bridge, and the external network device based on the selection result;
step S2, establishing an extranet access intranet state or an intranet access extranet working state, and executing a corresponding extranet access communication flow in the first working mode, an intranet access communication flow in the first working mode, an extranet access communication flow in the second working mode, or an intranet access communication flow in the second working mode based on the determination result.
10. The method for isolated communication between an internal network and an external network according to claim 9, wherein in step S2, the external network access communication process in the first operating mode specifically includes the following steps:
step S2A1, the external network equipment initiates an external network access connection request to the cloud transfer server, and the cloud transfer server performs authorization and authentication on the external network access request;
if the authorization is obtained, establishing communication connection between the external network equipment and the cloud transfer server, uploading data contained in the external network access request to the cloud transfer server, and executing the next step;
if not, refusing the external network access request;
step S2A2, the cloud transit server performs data cleaning and filtering on data contained in the external network access request according to a data protocol specification specified by a user, retains pure data to be transmitted, and then transmits the pure data to the network bridge;
step S2A3, the network bridge receives pure data and sends the pure data to the target intranet equipment to perform extranet access communication response;
the intranet access communication process in the first working mode specifically comprises the following steps:
step S2B1, the intranet equipment initiates an intranet access request to the network bridge;
step S2B2, the network bridge cleans and filters the data contained in the intranet access request according to the data protocol specification appointed by the user, retains the pure data to be transmitted, and then transmits the pure data to the cloud transit server for caching;
step S2B3, the target extranet equipment initiates a communication connection application to the cloud transit server; step S2B4, the cloud transit server carries out authorization and authentication on the communication connection application;
if the authorization is obtained, establishing communication connection between the cloud transfer server and the external network equipment; the extranet equipment pulls the pure data cached on the cloud transfer server to perform intranet access communication response;
the external network access communication process in the second working mode specifically comprises the following steps:
step S2C1, the external network equipment initiates an external network access request to the network bridge, and the cloud transit server performs authorization and authentication on the external network access request;
if the authorization is obtained, establishing communication connection between the external network equipment and the network bridge, and simultaneously feeding back the current IP address of the network bridge to the external network equipment by the cloud transfer server to execute the next step;
if not, refusing the external network access request;
step S2C2, the network bridge cleans and filters the data contained in the external network access request according to the user-specified data protocol standard, retains the pure data to be transmitted, and sends the pure data to the target internal network device to make external network access communication response;
the intranet access communication process in the second working mode specifically comprises the following steps:
step S2D1, the intranet equipment initiates an intranet access request to the network bridge;
step S2D2, the network bridge cleans and filters the data contained in the intranet access request according to the data protocol specification specified by the user, and retains the pure data to be transmitted;
step S2D3, the external network equipment of the target initiates a communication connection application to the cloud transfer server, and the cloud transfer server performs authorization authentication on the communication connection application;
if the authorization is obtained, the communication connection between the external network equipment and the network bridge is established, and meanwhile, the cloud transfer server feeds back the current IP address of the network bridge to the external network equipment to carry out an internal network access communication response;
if not, the intranet access request is refused.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210572671.XA CN114666172B (en) | 2022-05-25 | 2022-05-25 | Internal and external network isolation communication system and method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210572671.XA CN114666172B (en) | 2022-05-25 | 2022-05-25 | Internal and external network isolation communication system and method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114666172A true CN114666172A (en) | 2022-06-24 |
| CN114666172B CN114666172B (en) | 2022-07-29 |
Family
ID=82038418
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210572671.XA Active CN114666172B (en) | 2022-05-25 | 2022-05-25 | Internal and external network isolation communication system and method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114666172B (en) |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1893417A (en) * | 2005-07-06 | 2007-01-10 | 邓学锋 | Internal and external network information safety transmission system and method |
| US20120281706A1 (en) * | 2011-05-06 | 2012-11-08 | Puneet Agarwal | Systems and methods for cloud bridging between intranet resources and cloud resources |
| US20130283050A1 (en) * | 2012-04-23 | 2013-10-24 | Anil Gupta | Wireless client authentication and assignment |
| CN104202300A (en) * | 2014-08-06 | 2014-12-10 | 广东电网公司电力科学研究院 | Data communication method and device based on network isolating device |
| CN111212034A (en) * | 2019-12-18 | 2020-05-29 | 珠海伟诚科技股份有限公司 | MQTT-based internal and external network data communication system and method thereof |
-
2022
- 2022-05-25 CN CN202210572671.XA patent/CN114666172B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1893417A (en) * | 2005-07-06 | 2007-01-10 | 邓学锋 | Internal and external network information safety transmission system and method |
| US20120281706A1 (en) * | 2011-05-06 | 2012-11-08 | Puneet Agarwal | Systems and methods for cloud bridging between intranet resources and cloud resources |
| US20130283050A1 (en) * | 2012-04-23 | 2013-10-24 | Anil Gupta | Wireless client authentication and assignment |
| CN104202300A (en) * | 2014-08-06 | 2014-12-10 | 广东电网公司电力科学研究院 | Data communication method and device based on network isolating device |
| CN111212034A (en) * | 2019-12-18 | 2020-05-29 | 珠海伟诚科技股份有限公司 | MQTT-based internal and external network data communication system and method thereof |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114666172B (en) | 2022-07-29 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN100464518C (en) | Green internet-accessing system based on concentrated management and dictributed control, and method therefor | |
| EP2339792B1 (en) | Method for accessing USB device attached to home gateway, home gateway and terminal | |
| WO2012092735A1 (en) | Internet of things network system and data processing method | |
| CN109450948A (en) | Data transmission method and device | |
| CN105450676A (en) | Network sharing method and device, and network sharing system | |
| CN103236976B (en) | A kind of multirouting method that POS WIFI and Ethernet coexist | |
| CN105159256A (en) | Web service-based intelligent household control system | |
| US7599387B2 (en) | DCE to DTE connection adapter for communication device | |
| WO2010149019A1 (en) | Implementation method for non-transparent transmission, non-transparent bridge and communication system | |
| CN102299834A (en) | Data sharing method, equipment and system for local area network | |
| US20120173051A1 (en) | OEM safe aftermarket gateway | |
| CN104270317B (en) | A kind of control method, system and the router of router operation application program | |
| JP3859490B2 (en) | Communication path switch connection control system | |
| CN114666172B (en) | Internal and external network isolation communication system and method | |
| CN109587230A (en) | A kind of Internet of Things remote control terminal and control method | |
| JP2012070225A (en) | Network relay device and transfer control system | |
| CN104135459A (en) | Access control system and access control method thereof | |
| CN114221829B (en) | Edge side intelligent home management method and system | |
| CN114978563B (en) | Method and device for blocking IP address | |
| CN104092674A (en) | Router network security detection method and system based on set top box | |
| KR101496963B1 (en) | WebRTC based VoIP Phone | |
| CN105721453A (en) | Network isolation system and network videocorder | |
| CN110289979A (en) | The management method of bridge and network | |
| KR100628320B1 (en) | Apparatus for accelerating VPN IPsec | |
| US11979377B2 (en) | Internet connection management system for information communication device, method therefor, and internet connection management program installed in information communication device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |