CN115065557B - Data security interaction method suitable for multiple systems - Google Patents

Data security interaction method suitable for multiple systems Download PDF

Info

Publication number
CN115065557B
CN115065557B CN202210940229.8A CN202210940229A CN115065557B CN 115065557 B CN115065557 B CN 115065557B CN 202210940229 A CN202210940229 A CN 202210940229A CN 115065557 B CN115065557 B CN 115065557B
Authority
CN
China
Prior art keywords
data
target
intranet
external network
transmission
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210940229.8A
Other languages
Chinese (zh)
Other versions
CN115065557A (en
Inventor
郭大琦
朱炯
张伟峰
龚成尧
姜蔚
刘瑜婧
李明
金杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
State Grid Zhejiang Electric Power Co Ltd Tonglu County Power Supply Co
State Grid Zhejiang Electric Power Co Ltd
Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Original Assignee
State Grid Zhejiang Electric Power Co Ltd Tonglu County Power Supply Co
State Grid Zhejiang Electric Power Co Ltd
Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by State Grid Zhejiang Electric Power Co Ltd Tonglu County Power Supply Co, State Grid Zhejiang Electric Power Co Ltd, Hangzhou Power Supply Co of State Grid Zhejiang Electric Power Co Ltd filed Critical State Grid Zhejiang Electric Power Co Ltd Tonglu County Power Supply Co
Priority to CN202210940229.8A priority Critical patent/CN115065557B/en
Publication of CN115065557A publication Critical patent/CN115065557A/en
Application granted granted Critical
Publication of CN115065557B publication Critical patent/CN115065557B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q50/00Information and communication technology [ICT] specially adapted for implementation of business processes of specific business sectors, e.g. utilities or tourism
    • G06Q50/06Energy or water supply
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y02TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
    • Y02DCLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
    • Y02D10/00Energy efficient computing, e.g. low power processors, power management or thermal management

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Health & Medical Sciences (AREA)
  • Economics (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • General Health & Medical Sciences (AREA)
  • Human Resources & Organizations (AREA)
  • Marketing (AREA)
  • Primary Health Care (AREA)
  • Public Health (AREA)
  • Tourism & Hospitality (AREA)
  • Physics & Mathematics (AREA)
  • Water Supply & Treatment (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a data security interaction method applicable to multiple systems, which comprises the steps of extracting a data target list in a data acquisition request, and classifying data targets in the data target list to obtain an intranet information target set and an extranet information target set; the first outer network terminal traverses the first outer network data on the basis of the outer network information target set to obtain first target data, and if the inner network information target set is an empty set, the first target data is encrypted and then sent to the second outer network terminal; if the intranet information target set is a non-empty set, the first intranet end transmits the intranet information target set to the first intranet end based on the first ferry transmission unit, and the first intranet end traverses the first intranet data based on the intranet information target set to obtain second target data; and the second external network end sends the second target data to the second internal network end based on the second ferry transmission unit.

Description

Data security interaction method suitable for multiple systems
Technical Field
The invention relates to the technical field of data processing, in particular to a data security interaction method applicable to multiple systems.
Background
As is known, power systems have many users, and many power data are stored in the power systems after long-term accumulation. The power data generally comprises desensitization data and non-desensitization data, wherein the desensitization data comprises data such as the overall power consumption of a certain area, the average electricity price of the certain area and the like; the desensitized data includes a large amount of user data, such as information about power consumption of a certain enterprise. Among them, data security of non-desensitized data is particularly important.
In some cases, data support of the power system is required by external systems, for example, government systems need to acquire some power data in the power system when making relevant power policies as data support in the policy making process. In the process, a government system requests data from the power system, and how to ensure the safety of the data when the power system interacts with an external system, particularly how to ensure the safety of non-desensitized data when the power system interacts with the external system, has become a focus problem for the power department.
Disclosure of Invention
The invention overcomes the defects of the prior art, provides a data security interaction method suitable for multiple systems, and can ensure the data security of non-desensitized data when an electric power system interacts with an external system.
In order to solve the technical problems, the technical scheme of the invention is as follows:
the embodiment of the invention provides a data security interaction method applicable to multiple systems, which comprises the following steps:
step 1, a first internal network end and a first external network end of a first system are constructed in advance, a first ferry transmission unit is established between the first internal network end and the first external network end, the first internal network end stores first internal network data, the first external network end stores first external network data, and the first ferry transmission unit keeps the first internal network end and the first external network end not directly connected;
step 2, after receiving a data acquisition request sent by a second external network terminal of a second system, a first external network terminal extracts a data target list in the data acquisition request, and classifies data targets in the data target list to obtain an internal network information target set and an external network information target set;
step 3, the first external network terminal traverses the first external network data based on the external network information target set to obtain first target data, and if the internal network information target set is an empty set, the first target data is encrypted and then sent to the second external network terminal;
step 4, if the intranet information target set is a non-empty set, the first extranet end transmits the intranet information target set to the first intranet end based on the first ferry transmission unit, and the first intranet end traverses the first intranet data based on the intranet information target set to obtain second target data;
and 5, encrypting the first target data and the second target data respectively and then sending the encrypted first target data and the encrypted second target data to a second external network terminal, wherein the second external network terminal sends the second target data to a second internal network terminal based on a second ferry transmission unit.
Further, step 1 comprises:
establishing a first gateway, a second gateway and a transfer storage module, connecting the first gateway with the transfer storage module, and connecting the transfer storage module with the second gateway to form a first ferry transmission unit;
establishing an external network instruction input module on the first ferry transmission unit, connecting the first network gate with a first external network end, and enabling the first network gate to be connected with the first external network end by the external network instruction input module in response to an inward transmission instruction;
an intranet instruction input module is built in the first ferry transmission unit, the second gate is connected with the first intranet end, and the intranet instruction input module responds to an outward transmission instruction to enable the second gate to be connected with the first intranet end.
Further, step 2 comprises:
the first external network terminal extracts a data target list in the data acquisition request to obtain the data grade of each data target in the data target list;
if the data grade of the data target is greater than or equal to a first preset grade, classifying the corresponding data target to an intranet information target set;
and if the data grade of the data target is less than a first preset grade, classifying the corresponding data target to an external network information target set.
Further, step 3 comprises:
the first external network terminal sequentially extracts the data labels of each data target in the external network information target set, and traverses the first external network data according to the data labels to obtain first target data;
after all data targets in the extranet information target set are judged to have first target data corresponding to the data targets respectively, acquiring a first number of the data targets in the intranet information target set;
if the first quantity is 0, the intranet information target set is judged to be an empty set, and the first target data is encrypted according to a first encryption strategy and then sent to a second intranet end.
Further, step 4 comprises:
the external network worker inputs an inward transmission instruction to the first ferry transmission unit through the external network instruction input module;
after the first ferry transmission unit verifies the inward transmission instruction, controlling a first network gate to be in a connected state so that a first outer network end transmits an inner network information target set to a transfer storage module through the first network gate;
after the first ferry transmission unit judges that the intranet information target set is completely transmitted to the transfer storage module, the first gateway is controlled to be in a disconnected state, and the second gateway is controlled to be in a connected state, so that the transfer storage module transmits the intranet information target set to the first intranet end through the second gateway;
after the first ferry transmission unit judges that the transfer storage module completely transmits the intranet information target set to the first intranet end, the second gateway and the first gateway are controlled to be in a disconnected state at the same time;
the first intranet end sequentially extracts the data labels of all the data targets in the intranet information target set, and traverses the first intranet data according to the data labels to obtain second target data.
Further, step 5 comprises:
the first intranet terminal obtains a transmission data quantity value of the second target data, and encrypts the second target data according to a second encryption strategy if the transmission data quantity value is judged to be smaller than or equal to a rated storage quantity value of the transfer storage module;
an intranet worker inputs an outbound transmission instruction to the first ferry transmission unit through the intranet instruction input module;
after the first ferry transmission unit verifies the outward transmission instruction, the second gatekeeper is controlled to be in a communication state, so that the first intranet end transmits second target data to the transit storage module through the second gatekeeper;
after judging that the second target data are completely transmitted to the transfer storage module, the first ferry transmission unit controls the second gateway to be in a disconnected state and the first gateway to be in a connected state, so that the transfer storage module transmits the second target data to the first external network end through the first gateway;
after the first ferry transmission unit judges that the transfer storage module completely transmits the second target data to the first external network end, the second gate and the first gate are controlled to be in a disconnected state at the same time;
the first external network adds a first transmission label to the first target data, adds a second transmission label to the second target data, and respectively sends the first target data added with the first transmission label and the second target data of the second transmission label to a second external network;
and after the second external network terminal identifies second target data based on the second transmission label, the second external network terminal sends the second target data to the second internal network terminal based on the second ferry transmission unit.
Further, the method also comprises the following steps:
if the transmission data quantity value is larger than the rated storage quantity value of the transit storage module, decomposing the second target data to obtain a plurality of target subdata, and sequencing the target subdata in a descending order according to the data quantity value of the target subdata to obtain a first data set;
sequentially selecting target subdata according to the sequence of the first data set, stopping the selection when the sum of the data magnitude of the selected target subdata is larger than a rated storage magnitude, deleting the last target subdata, and counting the rest target subdata to form a second data set;
counting a residual data quantity value of the second data set, and correcting the second data set according to the residual data quantity value to obtain a third data set;
after the target subdata is selected for multiple times to enable all the target subdata in the first data set to be located in the corresponding third data set, sequentially encrypting the target subdata in the third data set according to a second encryption strategy to obtain third target data;
counting all the third target data to generate a transmission set list, and sending a plurality of third target data to the first external network end through the first ferry transmission unit by the first internal network end;
and after judging that a plurality of third target data corresponding to the transmission set list are received, the first external network terminal packs the third target data to obtain second target data.
Further, the counting the remaining data quantity value of the second data set, and modifying the second data set according to the second data set to obtain a third data set includes:
counting the current data quantity values of all the selected target subdata in the second data set, and obtaining a containable storage quantity value according to the difference value between the rated storage quantity value and the current data quantity value;
and traversing the data quantity values of the unselected target subdata in the first data set in sequence, and classifying the corresponding target subdata into a second data set to obtain a third data set when the data quantity values of the target subdata which can contain the storage quantity values are judged and screened.
Further, the counting all the third target data to generate a transmission set list, and the sending, by the first intranet end, the plurality of third target data to the first extranet end sequentially through the first ferry transmission unit includes:
the rated storage quantity value of the transfer storage module is smaller than the actual capacity value of the transfer storage module, and the sum of the data quantity value and the rated storage quantity value of the transmission set list is smaller than the actual capacity value of the transfer storage module;
the third target data are counted to obtain a transmission set list, and when a first third target data are transmitted for the first time based on a first ferry transmission unit, the first internal network terminal transmits the third target data and the transmission set list to a first external network terminal respectively;
the first ferry transmission unit sends first feedback information to the first intranet end after completely transmitting the third target data and the transmission set list to the first extranet end;
and after receiving the first feedback information, the first internal network transmits the third target data to the first external network based on the first ferry transmission unit again.
Further, after the first extranet terminal determines that a plurality of third target data corresponding to the transmission set list are received, packing the third target data to obtain second target data includes:
the first external network side respectively counts all the received third target data to obtain data statistical information;
and after judging that the data statistical information corresponds to the transmission set list, packaging the third target data by the first external network end to obtain second target data.
The invention has the beneficial effects that:
(1) The data between the first internal network end and the first external network end of the first system are ferried through the first ferry transmission unit, the data transmission between the first internal network end and the first external network end is realized under the condition that the safety of the data in the first internal network end is ensured, and similarly, the data between the second internal network end and the second external network end of the second system are ferred through the second ferry transmission unit, and the data transmission between the second internal network end and the second external network end is realized under the condition that the safety of the data in the second internal network end is ensured; wherein, be provided with the transfer storage module in the ferry transmission unit for to the data storage of transfer, the in-process remains the not direct connection of intranet and extranet throughout, and external system can't directly permeate the intranet, can not constitute the threat to the data of intranet. In addition, the network gate is controlled by the staff, physical isolation is realized, and the staff corresponding to different network gates can be different, so that the safety of intranet data is further ensured; according to the scheme, the data transmission between the power system and the external system can be realized under the condition that the intranet data is continuously safe.
(2) The data target list in the data acquisition request is analyzed to obtain the data grade of each data target, so that an intranet information target set and an extranet information target set are obtained, and corresponding data crawling and complementary interference are carried out from an intranet end and an extranet end correspondingly; meanwhile, the scheme adopts encryption strategies of different levels for the crawled first target data and second target data, and improves the data security in the data transmission process under the condition of low data processing clothing degree; in addition, the classified crawling classified transmission scheme has the advantages that when data are sent to the second system, the data do not need to be classified again, further complex data processing is not needed, only data corresponding to an outer net need to be stored at an outer net end, and data corresponding to an inner net need to be stored at the inner net end.
(3) In the invention, considering that the transit storage module has a rated storage quantity value and can not finish the transmission of larger data volume at one time, the scheme lays out a batch transmission scheme, firstly, the transmission data volume value in the second target data is sequenced to obtain a first data set, and then the target subdata in the first data set is sequentially selected according to the rated storage quantity value to obtain a second set, so that the data volume in the second set is in the ferrying range of the transit storage module; in addition, in the scheme, in order to enable the data volume in the second set to be close to the rated storage volume value, a correction mode is designed, the second set is corrected to obtain third sets, so that the data volume value in each third set is the largest, and under some scenes, the number of the third sets can be reduced, so that the transmission times are reduced, and the transmission efficiency is improved; in addition, the transfer storage module has a rated storage quantity value, so that the intranet data volume transmitted at a single time can be limited, and the intranet data safety is further improved; according to the scheme, the actual capacity value of the transfer storage module is obtained according to the actual situation, the data volume of the transmission set list is considered in the process of calculating the data volume, and the data volume value in the third set can be ensured to be in the ferrying range of the transfer storage module.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the description of the embodiments will be briefly introduced below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and it is obvious for those skilled in the art to obtain other drawings based on these drawings without inventive exercise.
FIG. 1 is a schematic diagram of data transmission in a first system and a second system provided by the present invention;
Detailed Description
In order that the present invention may be more readily and clearly understood, a more particular description of the invention briefly described above will be rendered by reference to specific embodiments that are illustrated in the appended drawings.
The embodiment of the invention provides a data security interaction method applicable to multiple systems, which comprises the following steps 1-5:
step 1, a first intranet end and a first extranet end of a first system are constructed in advance, a first ferry transmission unit is established between the first intranet end and the first extranet end, the first intranet end stores first intranet data, and the first extranet end stores first extranet data.
Referring to fig. 1, the present invention will perform data transmission between a first system and a second system, and in practice, the first system may be a power grid system, the second system may be a government system, and the government system may request data from the power grid system, that is, data transmission between the first system and the second system is required. The first system comprises a first external network end and a first internal network end, and the second system comprises a second external network end and a second internal network end.
In some embodiments, step 1 comprises step 11-step 13:
step 11, establishing a first gateway, a second gateway and a transit storage module, connecting the first gateway with the transit storage module, and connecting the transit storage module with the second gateway to form a first ferry transmission unit, wherein the first ferry transmission unit keeps indirect connection between a first inner network end and a first outer network end.
Referring to fig. 1, because intranet data is generally data that is not desensitized, privacy and security requirements are relatively high, in order to ensure security of the intranet data, in the present solution, a first ferry unit is disposed between a first extranet end and a first intranet end to protect data in the first intranet end. The first ferry unit comprises a first network gate, a second network gate and a transfer storage module.
And step 12, establishing an external network command input module in the first ferrying transmission unit, connecting the first network gate with a first external network end, and responding to an inward transmission command by the external network command input module to establish connection between the first network gate and the first external network end.
It can be understood that the scheme is provided with an external network instruction input module, and can receive an inward transmission instruction input by a user and establish connection between the first gatekeeper and the first external network end. It can also be understood that, after the first gatekeeper is connected to the first external network end, the connection between the first external network end and the transfer storage module may be established, that is, data transmission may be performed between the first external network end and the transfer storage module.
It should be noted that, when the first gatekeeper is connected to the first external network, the second gatekeeper is disconnected from the transfer storage module, that is, the connection between the first internal network and the transfer storage module cannot be realized, so that the connection between the first internal network and the first external network cannot be directly established, and data in the first internal network is protected.
Step 13, an intranet instruction input module is established in the first ferry transmission unit, the second gatekeeper is connected with the first intranet end, and the intranet instruction input module responds to an outward transmission instruction to enable the second gatekeeper to be connected with the first intranet end.
Similar to step S12, it can be understood that the present solution is provided with an intranet instruction input module, which can receive an outbound transmission instruction input by a user, and establish a connection between the second gatekeeper and the first intranet terminal. It can also be understood that, after the second gatekeeper is connected to the first intranet end, the connection between the first intranet end and the transfer storage module can be established, that is, data transmission can be performed between the first intranet end and the transfer storage module.
It should be noted that, when the second gatekeeper is connected to the first intranet end, the first gatekeeper is disconnected from the transfer storage module, that is, the connection between the first extranet end and the transfer storage module cannot be realized, so that the connection between the first intranet end and the first extranet end cannot be directly established, and data in the first intranet end is protected.
And 2, after receiving a data acquisition request sent by a second external network terminal of the second system, the first external network terminal extracts a data target list in the data acquisition request and classifies data targets in the data target list to obtain an internal network information target set and an external network information target set.
It can be understood that, when the second system needs to request data from the first system, the second external network end of the second system may send a data request to the first external network end of the first system, and after receiving the data request, the first external network end may parse the data request to obtain a data target list in the data acquisition request, and then classify the data targets in the data target list to obtain an internal network information target set and an external network information target set.
In some embodiments, step 2 comprises steps 21-23:
and step 21, the first external network terminal extracts the data target list in the data acquisition request to obtain the data grade of each data target in the data target list.
It is understood that the present solution may rank data in the first system in advance, for example, the data may be ranked in dimensions of desensitized data and non-desensitized data, where the desensitized data has a higher data rank and the non-desensitized data has a lower data rank. The desensitization data is that a government system wants to request the whole electricity consumption of the area A from a power grid system, is low in privacy and can be stored in the first external network end; for example, the non-desensitization data is the power consumption of each user in the area a that the government system wants to request from the power grid system, and because the non-desensitization data is relatively private, the non-desensitization data can be stored in the first intranet to protect the data.
It should be noted that the present scheme is only illustrated in the dimension of desensitization data and non-desensitization data, and is not limited to desensitization data and non-desensitization data, and in practical applications, data may be divided according to multiple levels, which is not described herein again.
And step 22, if the data grade of the data target is greater than or equal to a first preset grade, classifying the corresponding data target into an intranet information target set.
According to the scheme, the data grade of each data target in the data target list is obtained, then the data grade is compared with a first preset grade, and the data targets with the data grade larger than or equal to the first preset grade are classified into the intranet information target set.
It can be understood that the data crawling can be performed in the first intranet terminal based on the intranet information target set according to the scheme.
And step 23, if the data grade of the data target is smaller than a first preset grade, classifying the corresponding data target to an extranet information target set.
If the data grade is less than the first preset grade, the scheme classifies the data targets with the data grade less than the first preset grade into the extranet information target set. It can be understood that the scheme can crawl data in the first extranet terminal based on the extranet information target set.
And 3, traversing the first external network data by the first external network terminal based on the external network information target set to obtain first target data, and encrypting the first target data and then sending the encrypted first target data to the second external network terminal if the internal network information target set is an empty set.
It can be understood that, in the scheme, the first extranet terminal is used for crawling the data of the extranet information target set to obtain the first target data, if the intranet information target set is an empty set, it is indicated that no intranet data needs to be transmitted, and the first target data can be directly sent to the second extranet terminal after being encrypted.
In some embodiments, step 3 comprises steps 31-33:
and step 31, the first extranet terminal sequentially extracts the data labels of each data object in the extranet information object set, and traverses the first extranet data according to the data labels to obtain first object data.
Each data object in the extranet information object set in the scheme has a corresponding data tag, for example, the data object can be document data, and the data tag can be information such as a corresponding file name.
And 32, after all the data targets in the extranet information target set are judged to have the first target data corresponding to the data targets respectively, acquiring a first number of the data targets in the intranet information target set.
According to the scheme, after all data targets in the external network information target set are judged to have the first target data corresponding to the data targets, the first number of the data targets in the internal network information target set is obtained.
And step 33, if the first quantity is 0, determining that the intranet information target set is an empty set, encrypting the first target data according to a first encryption strategy, and then sending the encrypted first target data to a second intranet end.
It can be understood that, if the first number is 0, it indicates that the intranet information target set is an empty set, and since there is no intranet data to be transmitted, the present solution encrypts the first target data according to the first encryption policy and then sends the encrypted first target data to the second intranet terminal.
The first encryption policy is for the external network data, and the protectiveness of the first encryption policy is not very high, so that the level of the corresponding first encryption policy does not need to be too high, for example, the first encryption policy may be a conventional security level or a reference security level.
And 4, if the intranet information target set is a non-empty set, the first outer intranet end transmits the intranet information target set to the first intranet end based on the first ferry transmission unit, and the first intranet end traverses the first intranet data based on the intranet information target set to obtain second target data.
If the intranet information target set is a non-empty set, it is indicated that intranet data exists in the requested data, the first intranet end of the scheme transmits the intranet information target set to the first intranet end based on the first ferry transmission unit, and the first intranet end traverses the first intranet data based on the intranet information target set to obtain second target data.
In some embodiments, step 4 includes steps 41-45:
and 41, inputting an inward transmission instruction to the first ferry transmission unit by an external network worker through the external network instruction input module.
Because the intranet information target set needs to be transmitted to the first intranet end, the intranet information target set needs to be transmitted by the first ferry transmission unit.
Referring to fig. 1, the extranet worker in the scheme can input an inward transmission instruction to the first ferry transmission unit through the extranet instruction input module.
And 42, after the first ferry transmission unit verifies the inward transmission instruction, controlling the first gatekeeper to be in a connected state so that the first outer network end transmits the intranet information target set to the transfer storage module through the first gatekeeper.
The first ferry transmission unit can verify the internal transmission instruction, and after the verification is passed, the first gatekeeper is controlled to be in a connected state, so that the first external network terminal transmits the intranet information target set to the transfer storage module through the first gatekeeper. Note that, the second gatekeeper is in an off state at this time.
And 43, after judging that the intranet information target set is completely transmitted to the transit storage module, the first transit transmission unit controls the first gateway to be in a disconnected state and the second gateway to be in a connected state, so that the transit storage module transmits the intranet information target set to the first intranet terminal through the second gateway.
It can be understood that, after the first ferry transmission unit determines that the intranet information target set is completely transmitted to the transit storage module, the first gatekeeper may be controlled to be in a disconnected state, and the second gatekeeper is in a connected state, so as to establish a connection between the second gatekeeper and the first intranet end, and enable the transit storage module to transmit the intranet information target set to the first intranet end through the second gatekeeper.
And step 44, after the first ferry transmission unit judges that the transfer storage module completely transmits the intranet information target set to the first intranet end, controlling the second gateway and the first gateway to be in a disconnected state at the same time.
It can be understood that, after the intranet information target set is transmitted to the first intranet end, the scheme may control the second gatekeeper and the first gatekeeper to be in a disconnected state at the same time, so as to protect data in the first intranet end.
And step 45, the first intranet end sequentially extracts the data labels of each data target in the intranet information target set, and traverses the first intranet data according to the data labels to obtain second target data.
After the first intranet end obtains the intranet information target set, the data tags of all data targets in the intranet information target set can be sequentially extracted, and the first intranet data is crawled to obtain second target data.
And 5, encrypting the first target data and the second target data respectively and then sending the encrypted first target data and the encrypted second target data to a second external network end, wherein the second external network end sends the second target data to a second internal network end based on a second ferry transmission unit.
According to the scheme, after the first target data and the second target data are obtained, the first target data and the second target data are encrypted respectively and then sent to the second external network terminal, wherein the second external network terminal sends the second target data to the second internal network terminal based on the second ferry transmission unit.
It should be noted that the second ferry transmission unit has a similar principle to the first ferry transmission unit, and referring to fig. 1, the second ferry transmission unit may include a third gatekeeper, a fourth gatekeeper and a transfer storage module similar to the first ferry transmission unit, the third gatekeeper is connected to the second external gatekeeper, the fourth gatekeeper is connected to the second internal gatekeeper, and the principle of the second ferry transmission unit is not described herein again.
In some embodiments, step 5 comprises steps 51-57:
and 51, the first intranet end acquires a transmission data quantity value of the second target data, and encrypts the second target data according to a second encryption strategy if the transmission data quantity value is judged to be less than or equal to a rated storage quantity value of the transit storage module.
It should be noted that, the transfer storage module in this scheme needs to have a data storage function because it is to transfer data, and its storage space corresponds to a rated storage quantity value, and if the transmission data quantity value of the second target data is less than or equal to the rated storage quantity value of the transfer storage module, it indicates that the second target data can be transmitted to the transfer storage module at one time, and this scheme may encrypt the second target data according to the second encryption policy.
In practical application, the rated storage quantity value can be set to be 1G or 2G, the set rated storage quantity value can limit the data transmission quantity each time, and when a large amount of data needs to be transmitted from the internal network to the external network, a certain time is consumed, so that the internal network data can be further protected.
The second encryption strategy is used for encrypting the intranet data, so that the corresponding encryption level needs to be higher, the security level can be a higher level or an ultrahigh level, and the complexity of a corresponding cracked algorithm is higher, so as to ensure the security of the intranet data.
And step 52, the intranet staff inputs an outward transmission instruction to the first ferry transmission unit through the intranet instruction input module.
Referring to fig. 1, when the intranet data is transmitted outwards, approval of an intranet worker is required, that is, the intranet worker is required to input an outwards transmission instruction to the first ferry transmission unit through the intranet instruction input module.
And step 53, after the first ferry transmission unit verifies the outward transmission instruction, controlling the second gatekeeper to be in a connected state, so that the first intranet end transmits second target data to the transit storage module through the second gatekeeper.
The first ferry transmission unit can verify the outward transmission instruction, and after the verification is passed, the second gatekeeper is controlled to be in a connected state, so that the first intranet end transmits second target data to the transfer storage module through the second gatekeeper. It should be noted that, at this time, the first gatekeeper is in an off state.
And step 54, after judging that the second target data is completely transmitted to the transit storage module, the first transit transmission unit controls the second gateway to be in a disconnected state and the first gateway to be in a connected state, so that the transit storage module transmits the second target data to the first external network end through the first gateway.
It can be understood that, after the first ferry transmission unit determines that the second target data is completely transmitted to the transit storage module, the second gatekeeper may be controlled to be in a disconnected state, and the first gatekeeper is in a connected state, and a connection between the first gatekeeper and the first external network end is established, so that the transit storage module transmits the second target data to the first external network end through the first gatekeeper.
And step 55, after the first ferry transmission unit judges that the transfer storage module completely transmits the second target data to the first external network end, controlling the second gateway and the first gateway to be in a disconnected state at the same time.
It can be understood that, after the second target data is transmitted to the first extranet terminal, the scheme controls the second gatekeeper and the first gatekeeper to be in the off state at the same time, so as to protect the data in the first extranet terminal.
And step 56, adding a first transmission label to the first target data by the first external network terminal, adding a second transmission label to the second target data, and respectively sending the first target data added with the first transmission label and the second target data of the second transmission label to the second external network terminal.
According to the scheme, a first transmission label is added to the first target data, a second transmission label is added to the second target data, and then the second target data and the second target data are respectively sent to the second external network terminal.
And 57, after the second external network terminal identifies second target data based on the second transmission label, sending the second target data to the second internal network terminal based on the second ferry transmission unit.
According to the scheme, after the first target data and the second target data are obtained, the first target data and the second target data are encrypted respectively and then sent to the second external network terminal, wherein the second external network terminal sends the second target data to the second internal network terminal based on the second ferry transmission unit. It should be noted that the second ferry transmission unit has a similar principle to the first ferry transmission unit, and the principle of the second ferry transmission unit is not described herein again.
On the basis of the above embodiment, the present solution further includes steps 61 to 66:
and 61, if the transmission data quantity value is larger than the rated storage quantity value of the transit storage module, decomposing the second target data to obtain a plurality of target subdata, and sequencing the target subdata in a descending order according to the data quantity value of the target subdata to obtain a first data set.
It can be understood that, if the transmission data quantity value is greater than the rated storage quantity value of the transit storage module, the second target data needs to be decomposed and transmitted, the scheme decomposes the second target data into a plurality of target sub-data, where the target sub-data may be, for example, a plurality of folders or a plurality of documents, each target sub-data has a corresponding data quantity value, and the scheme sorts the target sub-data in a descending order according to the data quantity values of the target sub-data to obtain the first data set.
It should be noted that the data size of the target sub-data ordered before the first data set is larger than the data size of the target sub-data ordered after the first data set.
And step 62, sequentially selecting the target subdata according to the sequence of the first data set, stopping the selection when the sum of the data quantity values of the selected target subdata is larger than a rated storage quantity value, deleting the last target subdata, and counting the rest target subdata to form a second data set.
According to the scheme, the target subdata is sequentially selected according to the sequence of the first data set, when the sum of the data quantity values of the selected target subdata is larger than the rated storage quantity value, the data quantity in the current selected set is larger than the ferry quantity of the transit storage module, and at the moment, the current selection is stopped; meanwhile, the last target subdata is deleted, so that the data volume in the current selection set is smaller than the ferry volume of the transit storage module, and the rest target subdata is counted to form a second data set.
It can be understood that the sum of the data values corresponding to the second data set selected by the scheme is smaller than the ferry amount of the transit storage module, and the second data set can be ferred by the transit storage module.
And 63, counting the residual data quantity value of the second data set, and correcting the second data set according to the residual data quantity value to obtain a third data set.
In addition, the scheme can also be used for counting the residual data quantity value of the second data set, and correcting the second data set according to the residual data quantity value to obtain a third data set.
In some embodiments, step 63 (counting the remaining data amount of the second data set, and modifying the second data set according to the second data set to obtain a third data set) includes steps 631-632:
step 631, counting the current data quantity values of all the target subdata selected in the second data set, and obtaining the containable storage quantity value according to the difference between the rated storage quantity value and the current data quantity value.
First, the present solution counts the current data size (e.g., 1.9G) of all the target sub-data selected in the second data set, and then obtains the storable amount (e.g., 0.1G) according to the difference between the nominal stored amount (e.g., 2G) and the current data size (e.g., 1.9G).
Step 632, sequentially traversing the data quantity values of the unselected target subdata in the first data set, and classifying the corresponding target subdata into a second data set to obtain a third data set when the data quantity values of the target subdata which is smaller than the storable quantity value are judged and screened.
According to the scheme, the data quantity values of the unselected target subdata in the first data set are traversed in sequence, and when the data quantity values of the target subdata which can contain the storage quantity values are judged and screened, the corresponding target subdata is classified into the second data set to obtain a third data set, so that the maximum data quantity value can be contained in the third data set.
Illustratively, the first data set includes 10 target sub-data, the second data set selects the first 4 target sub-data, the current data quantity of all the selected target sub-data is 1.9G, the difference between the current data quantity and the rated storage quantity 2G can be stored with a storage quantity of 0.1G, if the quantity of the 5 th target sub-data in the first data set is 0.2G, the quantity of the 6 th target sub-data is 0.05G, and the quantity of the 6 th target sub-data is smaller than the storable with a storage quantity of 0.1G, the present solution may add the 6 th target sub-data to the second data set to obtain a third data set, that is, the data quantity corresponding to the current third data set is 1.95G and is smaller than the ferry quantity 2G of the transit storage module.
And step 64, after the target subdata is selected for multiple times to enable all the target subdata in the first data set to be located in the corresponding third data set, sequentially encrypting the target subdata in the third data set according to a second encryption strategy to obtain third target data.
According to the scheme, target subdata is selected for multiple times to obtain multiple third data sets (for example, 3 third data sets can be obtained), all the target subdata in the first data set is located in the corresponding third data sets, and then the target subdata in the third data sets are sequentially encrypted according to a second encryption strategy to obtain third target data.
And step 65, counting all the third target data to generate a transmission set list, and sending the plurality of third target data to the first external network end by the first internal network end through the first ferry transmission unit in sequence.
According to the scheme, all the third target data are counted to generate the transmission set list, and it can be understood that the transmission set list comprises a plurality of third target data (for example, comprises 3 third target data), the first intranet terminal sends the plurality of third target data to the first extranet terminal through the first ferry transmission unit in sequence, and batch transmission of the intranet data is achieved.
In some embodiments, the step 65 (said counting all the third target data to generate a transmission set list, and the first intranet terminal sends a plurality of third target data to the first extranet terminal sequentially through the first ferry transmission unit) includes steps 651-654:
in step 651, the rated storage capacity value of the transfer storage module is smaller than the actual capacity value of the transfer storage module, and the sum of the data quantity value and the rated storage capacity value of the transmission set list is smaller than the actual capacity value of the transfer storage module.
In practical applications, since the rated storage capacity value of the relay storage module is smaller than the actual capacity value of the relay storage module, for example, the rated storage capacity value of the relay storage module is 2.5G, the actual storage capacity value of the relay storage module may be only 2G.
Meanwhile, in the process of transmitting the intranet data, the transmission set list is also transmitted, the transmission set list also has a corresponding data quantity value, and the data ferry can be carried out by utilizing the transit storage module only by determining that the sum of the data quantity value of the transmission set list and the rated storage quantity value is smaller than the actual capacity value of the transit storage module.
Step 652, counting the third target data to obtain a transmission set list, and when the first internal network transmits the first third target data for the first time based on the first ferry transmission unit, respectively transmitting the third target data and the transmission set list to the first external network.
It can be understood that, when the first intranet terminal first transmits the first third target data based on the first ferry transmission unit, the transmission set list needs to be sent, and therefore the third target data and the transmission set list need to be transmitted to the first extranet terminal respectively.
In step 653, the first ferry transmission unit sends the first feedback information to the first intranet terminal after completely transmitting the third target data and the transmission set list to the first extranet terminal.
Due to the fact that batch transmission is needed, feedback is needed after one transmission is completed, and the scheme sends first feedback information to the first intranet end after the third target data and the transmission set list are completely transmitted to the first intranet end.
In step 654, after receiving the first feedback information, the first internal network transmits the third target data to the first external network based on the first ferry transmission unit again.
It can be understood that, after receiving the first feedback information, the first internal network side transmits the third target data to the first external network side again based on the first ferry transmission unit until the data is completely transmitted.
And step 66, after judging that a plurality of third target data corresponding to the transmission set list are received, the first external network terminal packages the third target data to obtain second target data.
It can be understood that, after the data transmission is completed, the scheme may pack a plurality of third target data to obtain the second target data.
In some embodiments, step 66 (the first extranet end packages third target data to obtain second target data after determining that a plurality of third target data corresponding to the transmission set list are received) includes steps 661 to 662:
and step 661, the first external network side respectively counts all the received third target data to obtain data statistics information.
In order to ensure complete data transmission, the first external network terminal in the solution may respectively count all the received third target data to obtain data statistical information, where the data statistical information may be, for example, a corresponding data amount, and is not limited thereto.
Step 662, after determining that the data statistics information corresponds to the transmission set list, the first external network node packages the third target data to obtain second target data.
It can be understood that, after the data statistics information is judged to correspond to the transmission set list, the first external network node packs the third target data to obtain the second target data.
In addition to the above embodiments, the present invention may have other embodiments; all technical solutions formed by adopting equivalent substitutions or equivalent transformations fall within the protection scope of the claims of the present invention.

Claims (8)

1. The data security interaction method applicable to multiple systems is characterized by comprising the following steps:
step 1, a first internal network end and a first external network end of a first system are constructed in advance, a first ferry transmission unit is established between the first internal network end and the first external network end, the first internal network end stores first internal network data, the first external network end stores first external network data, and the first ferry transmission unit keeps the first internal network end and the first external network end not directly connected;
the step 1 comprises the following steps:
establishing a first gateway, a second gateway and a transfer storage module, connecting the first gateway with the transfer storage module, and connecting the transfer storage module with the second gateway to form a first ferry transmission unit;
establishing an external network command input module in the first ferry transmission unit, connecting the first network gate with a first external network end, and responding to an inward transmission command by the external network command input module to establish connection between the first network gate and the first external network end;
an intranet instruction input module is built in the first ferry transmission unit, the second gate is connected with a first intranet end, and the intranet instruction input module responds to an outward transmission instruction and enables the second gate to be connected with the first intranet end;
step 2, after receiving a data acquisition request sent by a second external network terminal of a second system, a first external network terminal extracts a data target list in the data acquisition request, and classifies data targets in the data target list to obtain an internal network information target set and an external network information target set;
step 3, the first external network terminal traverses the first external network data based on the external network information target set to obtain first target data, and if the internal network information target set is an empty set, the first target data is encrypted and then sent to the second external network terminal;
step 4, if the intranet information target set is a non-empty set, the first extranet end transmits the intranet information target set to the first intranet end based on the first ferry transmission unit, and the first intranet end traverses the first intranet data based on the intranet information target set to obtain second target data;
step 5, encrypting the first target data and the second target data respectively and then sending the encrypted first target data and the encrypted second target data to a second external network end, wherein the second external network end sends the second target data to a second internal network end based on a second ferry transmission unit, and the first target data and the second target data adopt encryption strategies of different levels;
the step 5 comprises the following steps:
the first intranet terminal obtains a transmission data quantity value of the second target data, and encrypts the second target data according to a second encryption strategy if the transmission data quantity value is judged to be smaller than or equal to a rated storage quantity value of the transfer storage module;
an intranet worker inputs an outbound transmission instruction to the first ferry transmission unit through the intranet instruction input module;
after the first ferry transmission unit verifies the outward transmission instruction, the second gatekeeper is controlled to be in a communication state, so that the first intranet end transmits second target data to the transit storage module through the second gatekeeper;
after judging that the second target data are completely transmitted to the transfer storage module, the first ferry transmission unit controls the second gateway to be in a disconnected state and the first gateway to be in a connected state, so that the transfer storage module transmits the second target data to the first external network end through the first gateway;
after the first ferry transmission unit judges that the transfer storage module completely transmits the second target data to the first external network end, the first ferry transmission unit controls the second network gate and the first network gate to be in a disconnected state at the same time;
the first external network adds a first transmission label to the first target data, adds a second transmission label to the second target data, and respectively sends the first target data added with the first transmission label and the second target data of the second transmission label to the second external network;
and after the second external network terminal identifies second target data based on the second transmission label, the second external network terminal sends the second target data to the second internal network terminal based on the second ferry transmission unit.
2. The method for secure interaction of data between multiple systems according to claim 1,
the step 2 comprises the following steps:
the first external network terminal extracts the data target list in the data acquisition request to obtain the data grade of each data target in the data target list;
if the data grade of the data target is greater than or equal to a first preset grade, classifying the corresponding data target to an intranet information target set;
and if the data grade of the data target is less than a first preset grade, classifying the corresponding data target to an external network information target set.
3. The method for secure interaction of data between multiple systems according to claim 2,
the step 3 comprises the following steps:
the first external network terminal sequentially extracts the data labels of each data target in the external network information target set, and traverses the first external network data according to the data labels to obtain first target data;
after all data targets in the extranet information target set are judged to have first target data corresponding to the data targets respectively, acquiring a first number of the data targets in the intranet information target set;
if the first quantity is 0, the intranet information target set is judged to be an empty set, and the first target data is encrypted according to a first encryption strategy and then sent to a second intranet end.
4. The method for secure interaction of data between multiple systems according to claim 2,
step 4 comprises the following steps:
the external network worker inputs an inward transmission instruction to the first ferry transmission unit through the external network instruction input module;
after the first ferry transmission unit verifies the inward transmission instruction, controlling a first network gate to be in a connected state so that a first outer network end transmits an inner network information target set to a transfer storage module through the first network gate;
after judging that the intranet information target set is completely transmitted to the transfer storage module, the first ferry transmission unit controls the first gateway to be in a disconnected state and the second gateway to be in a connected state, so that the transfer storage module transmits the intranet information target set to the first intranet end through the second gateway;
after the first ferry transmission unit judges that the transfer storage module completely transmits the intranet information target set to the first intranet end, the second gateway and the first gateway are controlled to be in a disconnected state at the same time;
the first intranet end sequentially extracts the data labels of all the data targets in the intranet information target set, and traverses the first intranet data according to the data labels to obtain second target data.
5. The method for secure interaction of data between multiple systems according to claim 1, further comprising:
if the transmission data quantity value is larger than the rated storage quantity value of the transit storage module, decomposing the second target data to obtain a plurality of target subdata, and sequencing the target subdata in a descending order according to the data quantity value of the target subdata to obtain a first data set;
sequentially selecting target subdata according to the sequence of the first data set, stopping the selection when the sum of the data magnitude of the selected target subdata is larger than a rated storage magnitude, deleting the last target subdata, and counting the rest target subdata to form a second data set;
counting the residual data quantity value of the second data set, and correcting the second data set according to the residual data quantity value to obtain a third data set;
after the target subdata is selected for multiple times to enable all the target subdata in the first data set to be located in the corresponding third data set, sequentially encrypting the target subdata in the third data set according to a second encryption strategy to obtain third target data;
counting all the third target data to generate a transmission set list, and sending a plurality of third target data to the first external network end through the first ferry transmission unit by the first internal network end;
and after judging that a plurality of third target data corresponding to the transmission set list are received, the first external network terminal packs the third target data to obtain second target data.
6. The method for secure interaction of data between multiple systems according to claim 5,
the counting of the residual data quantity value of the second data set, and the correcting of the second data set according to the second data set to obtain a third data set includes:
counting the current data quantity values of all the selected target subdata in the second data set, and obtaining a containable storage quantity value according to the difference value between the rated storage quantity value and the current data quantity value;
and sequentially traversing the data quantity values of the unselected target subdata in the first data set, and classifying the corresponding target subdata into a second data set to obtain a third data set when the data quantity values of the target subdata which is smaller than the storable quantity value are judged and screened.
7. The method for secure interaction of data between multiple systems according to claim 5,
the counting all the third target data to generate a transmission set list, and the first intranet terminal sends the plurality of third target data to the first extranet terminal through the first ferry transmission unit in sequence, including:
the rated storage quantity value of the transit storage module is smaller than the actual capacity value of the transit storage module, and the sum of the data quantity value and the rated storage quantity value of the transmission set list is smaller than the actual capacity value of the transit storage module;
the third target data are counted to obtain a transmission set list, and when a first third target data are transmitted for the first time based on a first ferry transmission unit, the first internal network terminal transmits the third target data and the transmission set list to a first external network terminal respectively;
the first ferrying transmission unit sends first feedback information to the first intranet end after completely transmitting the third target data and the transmission set list to the first extranet end;
and after receiving the first feedback information, the first internal network side transmits the third target data to the first external network side based on the first ferry transmission unit again.
8. The method for secure interaction of data between multiple systems according to claim 7,
after the first extranet terminal judges that a plurality of third target data corresponding to the transmission set list are received, packaging the third target data to obtain second target data, wherein the method comprises the following steps:
the first external network terminal respectively counts all the received third target data to obtain data statistical information;
and after the data statistical information is judged to correspond to the transmission set list, the first external network terminal packs the third target data to obtain second target data.
CN202210940229.8A 2022-08-05 2022-08-05 Data security interaction method suitable for multiple systems Active CN115065557B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210940229.8A CN115065557B (en) 2022-08-05 2022-08-05 Data security interaction method suitable for multiple systems

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210940229.8A CN115065557B (en) 2022-08-05 2022-08-05 Data security interaction method suitable for multiple systems

Publications (2)

Publication Number Publication Date
CN115065557A CN115065557A (en) 2022-09-16
CN115065557B true CN115065557B (en) 2022-11-04

Family

ID=83207306

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210940229.8A Active CN115065557B (en) 2022-08-05 2022-08-05 Data security interaction method suitable for multiple systems

Country Status (1)

Country Link
CN (1) CN115065557B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106951789A (en) * 2016-12-09 2017-07-14 中国电子科技集团公司第三十研究所 A kind of USB Anti-ferry methods based on safety label
CN107070951A (en) * 2017-05-25 2017-08-18 北京北信源软件股份有限公司 A kind of intranet security guard system and method
CN113254411A (en) * 2021-06-23 2021-08-13 国能信控互联技术有限公司 Cross-gatekeeper real-time database data synchronization method and system

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102196015B (en) * 2010-03-12 2015-04-22 新奥特(北京)视频技术有限公司 Manuscript system-based internal and external network data transmission method and system
JP6088853B2 (en) * 2013-02-27 2017-03-01 株式会社東芝 COMMUNICATION DEVICE, COMMUNICATION METHOD, AND COMMUNICATION PROGRAM
CN106060065A (en) * 2016-06-28 2016-10-26 山东中磁视讯股份有限公司 Communication system and method for use in restricted network environment
CN106067902A (en) * 2016-07-26 2016-11-02 中国南方电网有限责任公司信息中心 A kind of data transmit-receive control system based on message mechanism and method
US10447974B2 (en) * 2017-03-13 2019-10-15 Quanta Computer Inc. System for determining device location data in a data center
CN109977140B (en) * 2019-03-25 2022-04-05 中国农业银行股份有限公司 Transaction data query method, device and system
CN114500111B (en) * 2022-04-12 2022-07-15 国网浙江省电力有限公司 Multi-platform-based automatic project audit data processing method and system

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN106951789A (en) * 2016-12-09 2017-07-14 中国电子科技集团公司第三十研究所 A kind of USB Anti-ferry methods based on safety label
CN107070951A (en) * 2017-05-25 2017-08-18 北京北信源软件股份有限公司 A kind of intranet security guard system and method
CN113254411A (en) * 2021-06-23 2021-08-13 国能信控互联技术有限公司 Cross-gatekeeper real-time database data synchronization method and system

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
网间安全隔离技术分析研究;黄胜召等;《通信技术》;20100510(第05期);全文 *

Also Published As

Publication number Publication date
CN115065557A (en) 2022-09-16

Similar Documents

Publication Publication Date Title
EP3151462B1 (en) Transmission device, reception device, transmission method, and reception method
CN102713926B (en) Confidential information is revealed and is prevented system and method
US11620609B2 (en) Delivery method, device, system, unmanned vehicle and computer readable storage medium
CN103781100B (en) The policy control method and device of terminal peripheral hardware
CN106953909B (en) Intelligent charging monitoring system and control method for Internet of things card
CN107911370A (en) A kind of data ciphering method and device, data decryption method and device
CN110943914B (en) Intelligent gateway of power distribution room and control method
EP4287555A2 (en) Access control for digital data
CN111343131B (en) Data transmission method and device
CN106326736A (en) Data processing method and system
CN113779592A (en) Intelligent equipment shear plate data encryption system and method
CN115065557B (en) Data security interaction method suitable for multiple systems
US8572186B2 (en) Gateway device, method for controlling the same, and program storage medium arranged to relay transmission and reception of E-mails
CN109921919A (en) Data exchange system and method
CN106713364A (en) Dynamically changing home gateway access method and system in smart home
CN115442435B (en) Power distribution gateway monitoring method, system, power distribution station, equipment and medium
CN105812338A (en) Data access management and control method and network management equipment
CN107135109A (en) A kind of energy management terminal front end processor
CN116471069A (en) Data security processing supervision method and system based on Internet big data
CN112769809B (en) Maritime administration penalty data processing system, method, device and equipment
CN106850620A (en) A kind of charging equipment of electric automobile data safe transmission method and system
CN105491118B (en) A kind of avionics Ethernet data loading system
CN113411397A (en) Data secure transmission method and system based on Internet of things
CN109218320B (en) Website link security verification method and device, computer equipment and storage medium
KR101024270B1 (en) Method of datalink for remote control of automated system based on network

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant