CN115118459A - Method and equipment for realizing secure data exchange based on security card and isolation card heterogeneous - Google Patents
Method and equipment for realizing secure data exchange based on security card and isolation card heterogeneous Download PDFInfo
- Publication number
- CN115118459A CN115118459A CN202210627044.1A CN202210627044A CN115118459A CN 115118459 A CN115118459 A CN 115118459A CN 202210627044 A CN202210627044 A CN 202210627044A CN 115118459 A CN115118459 A CN 115118459A
- Authority
- CN
- China
- Prior art keywords
- card
- network
- host
- intranet
- data
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000002955 isolation Methods 0.000 title claims abstract description 72
- 238000000034 method Methods 0.000 title claims abstract description 28
- 238000012545 processing Methods 0.000 claims abstract description 35
- 230000009977 dual effect Effects 0.000 claims abstract description 6
- 230000006870 function Effects 0.000 claims description 17
- 238000007689 inspection Methods 0.000 claims description 11
- 239000000284 extract Substances 0.000 claims description 6
- 230000008569 process Effects 0.000 claims description 6
- 230000003139 buffering effect Effects 0.000 claims description 3
- 230000002093 peripheral effect Effects 0.000 claims description 3
- 230000003993 interaction Effects 0.000 claims description 2
- 238000007726 management method Methods 0.000 description 21
- 230000005540 biological transmission Effects 0.000 description 20
- 231100000279 safety data Toxicity 0.000 description 5
- 230000003068 static effect Effects 0.000 description 3
- 230000009286 beneficial effect Effects 0.000 description 2
- 238000004891 communication Methods 0.000 description 2
- 238000013461 design Methods 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 239000013307 optical fiber Substances 0.000 description 2
- 230000002159 abnormal effect Effects 0.000 description 1
- 230000001133 acceleration Effects 0.000 description 1
- 230000004075 alteration Effects 0.000 description 1
- 238000012550 audit Methods 0.000 description 1
- 238000013497 data interchange Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000007781 pre-processing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
- 238000012546 transfer Methods 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0209—Architectural arrangements, e.g. perimeter networks or demilitarized zones
Landscapes
- Engineering & Computer Science (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer And Data Communications (AREA)
Abstract
The invention discloses a method and equipment for realizing secure data exchange based on the isomerism of a security card and an isolation card, which comprise an internal and external network security card, the isolation card and an internal and external network host, wherein the internal and external network security card is a network card designed aiming at the network security function based on a programmable network chip and has higher expandability and processing performance. The isolation card is a dual PCIE interface card which is based on a programmable network chip, is designed aiming at the network isolation function and has higher expandability and data handling efficiency. The internal and external network hosts have independent security cards and host operating systems respectively and are connected to the isolation card through PCIE interfaces respectively.
Description
Technical Field
The invention relates to the technical field of computer communication, in particular to a method for realizing secure data exchange based on heterogeneous security cards and isolation cards. The invention also relates to internal and external network safety data exchange equipment suitable for the high-speed internet environment.
Background
For communication security between a trusted network (intranet) and an untrusted network (extranet), a mode of network isolation is usually adopted.
As published: chinese patent application publication No. CN111740993A, 10/02/2020, discloses a secure data exchange method for intranet and extranet: the system comprises an internal and external network safety data exchange platform, wherein the internal and external network safety data exchange platform performs unified user authentication and unified routing management based on an API (application programming interface) of data transmission of a big data middlebox, and comprises an internal network platform management area and an external network platform management area, and data exchange is performed between the internal network platform management area and the external network platform management area through a safety gatekeeper;
the intranet platform management area comprises a data exchange server for data exchange and a security authentication server for security audit, the intranet platform management area is connected with other application servers A through the API interface and the FTP server for data transmission, the data transmission is carried out between the other application servers A and the intranet platform management area through the FTP, and the data transmission between the other application servers A and the intranet platform management area needs to be subjected to security authentication of the security authentication server;
the data transmission modes of the outer network platform management area and the inner network platform management area are the same, the outer network platform management area is connected with other application servers B through the API interface and the FTP server for data transmission, and the data transmission of the other application servers B and the outer network platform management area needs to be subjected to security authentication of a security authentication server.
The traditional network isolation mode (such as a gatekeeper) generally has low transmission efficiency, is only suitable for static data exchange, and has poor applicability to network data streams.
PCIE (Peripheral Component Interconnect-Express) is a high-speed serial computer expansion bus standard, and is a common device Interconnect bus with high applicability in a computer system at present. The method has the advantages of improving the transmission bandwidth of the equipment and reducing the complexity and the design cost of the board card design.
The programmable network chip is an SoC (System On chip) chip which integrates a large amount of network service preprocessing and hardware application acceleration coprocessors On the basis of an embedded CPU (Central processing Unit), can effectively improve the processing efficiency of network services and reduce the power consumption.
Disclosure of Invention
The invention provides a method and equipment for realizing secure data exchange based on heterogeneous security cards and isolation cards, which are used for solving the problems that the common transmission efficiency of a conventional network isolation mode is low, the method and equipment are only suitable for static data exchange, and the applicability to network data streams is poor.
In order to achieve the above object, an embodiment of the present invention provides a method for implementing secure data exchange based on heterogeneous security cards and isolation cards, where the method includes: including intranet, extranet and isolation card, the extranet includes extranet safety card and extranet host computer, the intranet includes intranet host computer and intranet safety card, the extranet with through keep apart the card between the intranet and carry out data interchange, this method still includes:
the external network equipment comprises the external network safety card for receiving network messages and the external network host for extracting effective data, and the external network equipment is based on the external network safety card and the external network host
Checking, identifying and processing the network message, extracting effective data and marking the serial number of the data block;
the isolation card equipment receives the data blocks of the external network, judges the serial numbers of the data blocks to be expected serial numbers and carries the expected serial numbers to the internal network;
the intranet equipment comprises the intranet and intranet safety card for receiving network messages and the intranet host for receiving effective data, and after the intranet equipment receives the effective data, the intranet equipment further checks and processes the effective data according to management configuration and sends the effective data to the intranet service server.
Preferably, if the external network host receives a normal network message, further performing deep data inspection, such as WAF protection, mailing content identification, HTTP access control, file transmission inspection and the like, according to the deployed host software, and if the inspection is performed by stripping an original message protocol, extracting effective data to perform next processing.
Further, if the external network host extracts valid data, a software sending interface is called, the available space for receiving Ring by the internal network host is judged, if the available space is available, the processed data blocks are marked with serial numbers and are marked with the local available space for receiving Ring, then the memory address and the length for sending Ring are filled, and a PCIE interface register at the local end is written to inform the DMA controller to send the data.
Preferably, the isolated card receives the data block sent by the external network host and performs specific processing. Sending the serial number of the data block to a sending queue corresponding to Ring of the intranet terminal, checking whether the next expected serial number exists in a buffer queue of the current Ring, and repeating the step if the next expected serial number exists in the buffer queue of the current Ring; otherwise, waiting for receiving the next data block.
Further, the sending queue of the isolation card notifies a DMA controller of a target PCIE interface, and carries the data blocks in the queue to the available memory addresses recorded in the host Ring at the opposite end in sequence.
Preferably, the intranet host determines whether data recorded in the local Ring is received, and if the data is received, records the marked local Ring available space to the local Ring, and submits the marked local Ring available space to subsequent processing. And the intranet host receives the valid data, judges that the intranet is connected with the internal server and sends the intranet safety card according to configuration check, and otherwise, discards the intranet safety card. And the intranet safety card receives the network message, checks the network message according to the management configuration and sends the network message to the intranet server.
Correspondingly, the invention provides internal and external network security data exchange equipment suitable for a high-speed internet environment, which is characterized in that: the system comprises an intranet and an extranet, wherein the extranet comprises an extranet safety card and an extranet host, the intranet comprises an intranet host and an intranet safety card, the two extranet hosts and the intranet host are provided with independent safety cards and host operating systems and are respectively connected to an isolation card through a PCIE interface;
the safety card is a network card which is based on a programmable network chip and designed aiming at the network safety function, and has higher expandability and processing performance;
the isolation card is a dual PCIE interface card which is based on a programmable network chip, is designed aiming at the network isolation function and has higher expandability and data handling efficiency.
Preferably, the security card has 4 gigabit ethernet interfaces and one PCIE interface. The PCIE interface has 128 pairs of transmit-receive cache rings (rings), and each Ring can be individually bound to a single CPU core of the intranet and extranet host to improve processing performance. Each PCIE interface is provided with an independent DMA controller, and can directly transfer data in the internal and external network host system memory to the memory of the isolation card without the participation of a host CPU or an isolation card CPU, so as to realize the zero copy technology.
The isolation card has no network interface and 2 PCIE interfaces, each PCIE interface has 64 pairs of transceiving buffer rings (Ring), and each Ring can be independently bound to a single CPU core of an internal and external network host to improve the processing performance. Each PCIE interface of the 2 PCIE interfaces is provided with an independent DMA controller, and data in the internal and external network host system memory can be directly transferred to the memory of the isolation card without the participation of a host CPU or an isolation card CPU, so that the zero copy technology is realized. The isolation card is mainly responsible for order-preserving carrying and burst buffering of data across internal and external networks.
Further, the security card supports security functions such as session statistics, access control based on quintuple, QoS control, security label processing, DDoS attack protection and the like besides the basic network card function.
The matched host software of the matched host software safety card is a network card driver in a kernel module form, and can also support a user mode driver (DPDK mode).
The host software matched with the isolation card is in a user mode driving mode and is mainly responsible for interaction between data to be subjected to internal and external network crossing and the isolation card, and the back-end host receives the data sent by the isolation card.
In summary, compared with the prior art, the technical solution provided by the present invention has the following beneficial effects:
the invention discloses a method and equipment for realizing safety data exchange based on the isomerism of a safety card and an isolation card, wherein the equipment comprises an internal network and an external network, the external network comprises an external network safety card and an external network host, the internal network comprises an internal network host and an internal network safety card, and the two internal and external network hosts are provided with respective independent safety cards and host operating systems and are respectively connected to the isolation card through a PCIE interface. The method comprises the following steps: the external network safety card checks, identifies and processes the network message by the external network host, extracts effective data and marks the serial number of the data block; the isolation card equipment receives the data blocks of the external network, judges the serial numbers of the data blocks to be expected serial numbers and carries the expected serial numbers to the internal network; the intranet equipment comprises the intranet and intranet safety card for receiving network messages and the intranet host for receiving effective data, and after the intranet equipment receives the effective data, the intranet equipment further checks and processes the effective data according to management configuration and sends the effective data to the intranet service server.
The invention adds abundant network security functions on the basis of the traditional network isolation equipment, improves the product performance, and reduces the deployment cost and the purchase cost of the product. The isolation card in the invention uses two PCIE interfaces to directly connect the internal and external network host systems, and improves the reliability of connection and data transmission compared with the similar products adopting optical fibers, twisted pairs or coaxial cables while ensuring the transmission performance.
In the invention, each PCIE interface has at least 64 pairs of transceiving buffer rings (Ring), supports the multi-path multi-core CPU host environment, and improves the parallel processing efficiency compared with the prior similar products.
The programmable intelligent PCIE card is adopted, so that the expandability is high, and more service processing functions can be realized in the card.
Drawings
The present invention will be described in further detail with reference to the accompanying drawings.
Fig. 1 is a schematic flowchart of a method for implementing secure data exchange based on heterogeneous security cards and isolation cards according to an embodiment of the present invention;
FIG. 2 is a flow chart of the security card processing according to an embodiment of the present invention;
FIG. 3 is a flowchart illustrating the processing of the quarantine card in an embodiment of the present invention;
Detailed Description
As stated in the background of the present application, the conventional network isolation mode (such as gatekeeper) generally has low transmission efficiency, is only suitable for static data exchange, and has poor applicability to network data flow.
In view of the problems in the background art, the present application provides a method for implementing secure data exchange based on heterogeneous security card and isolation card, which not only can protect various attacks related to a network protocol, but also can support deep security monitoring based on data content while implementing network isolation fast transmission. Thereby meeting the requirements of specific users with extremely high network data transmission and security requirements.
The application provides a method for achieving safety data exchange based on security card and isolation card heterogeneity, which is characterized by comprising an internal network, an external network and an isolation card, wherein the external network comprises an external network security card and an external network host, the internal network comprises an internal network host and an internal network security card, and data exchange is conducted between the external network and the internal network through the isolation card; the external network equipment comprises the external network security card for receiving network messages and the external network host for extracting effective data;
according to the check, identification and processing of the network message by the external network security card and the external network host, extracting effective data and marking the serial number of a data block;
the isolation card equipment receives the data blocks of the external network, judges the serial numbers of the data blocks to be expected serial numbers and carries the expected serial numbers to the internal network;
the intranet equipment comprises the intranet and intranet safety card for receiving network messages and the intranet host for receiving effective data, and after the intranet equipment receives the effective data, the intranet equipment further checks and processes the effective data according to management configuration and sends the effective data to the intranet service server.
Referring to fig. 1, the present invention includes an intranet and extranet security card, an isolation card, and supporting host software.
The safety card is a network card designed aiming at the network safety function based on a programmable network chip, and has higher expandability and processing performance.
The isolation card is a dual PCIE interface card which is based on a programmable network chip, is designed aiming at the network isolation function and has higher expandability and data handling efficiency.
The product adopts a single-device double-host mode, and two independent internal and external network hosts are provided with respective independent security cards and host operating systems and are respectively connected to the isolation card through a PCIE interface.
Based on the above framework, the technical solution of the specific embodiment of the present invention is as follows:
(1) and the external network host receives the normal network message, further performs deep data inspection such as WAF protection, mailing content identification, HTTP access control, file transmission inspection and the like according to the deployed host software, and extracts effective data for further processing if the inspection passes through stripping of an original message protocol.
(2) And the outer network host extracts effective data, calls a software sending interface, judges the available space of the inner network host for receiving Ring, marks the serial number of the processed data block, marks the local available space for receiving Ring, fills the address and length of the Ring sending memory, writes a local PCIE interface register at the local end and informs the DMA controller to send the Ring if the Ring is available.
(3) And the isolation card receives the data block sent by the external network host and performs specific processing. Sending the serial number of the data block to a sending queue corresponding to Ring of the intranet terminal, checking whether the next expected serial number exists in a buffer queue of the current Ring, and repeating the step if the next expected serial number exists in the buffer queue of the current Ring; otherwise, waiting for the next data block to be received.
(4) And the sending queue of the isolation card informs a DMA (direct memory access) controller of a target PCIE (peripheral component interface express) interface to carry the data blocks in the queue to the available memory addresses recorded in the Ring of the host at the opposite end in sequence.
(5) And the intranet host judges whether the data recorded in the local Ring is received or not, and if the data is received, the marked local Ring available space is recorded to the local Ring and submitted for subsequent processing. And the intranet host receives the valid data, judges whether to pass the connection with the internal server and sends an intranet safety card according to configuration check, and if not, discards the intranet safety card. And the intranet safety card receives the network message, checks the network message according to the management configuration and sends the network message to the intranet server.
After the outer network security card receives the network message, security check (message format check, access control, DDoS attack check, security label check, QoS control and the like) is carried out according to the management configuration, and if the message is identified to be abnormal, the message is directly discarded; otherwise, the message is handed over to the external network host for processing.
After receiving the message handed over by the external network security card, the external network host can further perform deep data inspection according to deployed host software, such as WAF protection, mailing content identification, HTTP access control, file transmission inspection and the like, and if the inspection is passed, an original message protocol is stripped, and effective data is extracted for further processing; otherwise, the message is refused to pass.
And after the outer network host extracts effective data, calling a software sending interface, firstly checking an available space corresponding to Ring of the inner network host, if available, marking a serial number of a processed data block, marking the local received Ring available space, filling a memory address and a length for sending Ring, writing a PCIE interface register at the local end, and informing the DMA controller to send the data.
When the isolation card receives the data block sent by the external network host, firstly checking the serial number of the data block, if the serial number is an expected serial number, directly sending the data block to a sending queue corresponding to Ring of the internal network end, checking whether the next expected serial number exists in a current Ring buffering queue, and if the next expected serial number exists, repeating the step; otherwise, waiting for the next data block to be received. If the received data block sequence number does not meet the expectation, it is added to the current Ring's buffer queue and waits for the next data block to be received.
The sending queue of the isolation card informs a DMA controller of a target PCIE interface to carry the data blocks in the queue to the available memory addresses recorded in the host Ring at the opposite end in sequence.
And polling by the intranet host software to check whether each record in the local Ring receives data, recording the opposite end receiving Ring available space marked in the data block to the local Ring if the data is received, and submitting the data block to a subsequent processing process.
After receiving the valid data, the intranet host can further perform data check according to the management configuration, and if the check is passed, the intranet host is connected with an intranet service server according to the configuration and packages the data into a required network to be sent; otherwise, the data is discarded.
After receiving the network message sent by the intranet host, the intranet security card can perform further security check or service processing (such as adding necessary security labels) according to the management configuration, and then send the message to the intranet service server through the network interface.
The network message sent from the internal network to the external network is consistent with the flow.
Therefore, the technical scheme has the following advantages:
the invention adds abundant network security functions on the basis of the traditional network isolation equipment, improves the product performance and reduces the deployment cost and purchase cost of the product.
The isolation card in the invention uses two PCIE interfaces to directly connect the internal and external network host systems, and improves the reliability of connection and data transmission compared with the similar products adopting optical fibers, twisted pairs or coaxial cables while ensuring the transmission performance.
In the invention, each PCIE interface has at least 64 pairs of transceiving buffer rings (Ring), supports the multi-path multi-core CPU host environment, and improves the parallel processing efficiency compared with the prior similar products.
The embodiment of the invention also provides internal and external network security data exchange equipment suitable for a high-speed internet environment, as shown in fig. 1, the internal and external network security data exchange equipment comprises an internal network and an external network, wherein the external network comprises an external network security card 1 and an external network host 3, the internal network comprises an internal network host 4 and an internal network security card 2, the two internal and external network hosts are provided with respective independent security cards and host operating systems and are respectively connected to an isolation card 5 through a PCIE interface;
the safety card is a network card which is based on a programmable network chip and designed aiming at the network safety function, and has higher expandability and processing performance;
the isolation card is a dual PCIE interface card which is based on a programmable network chip, is designed aiming at the network isolation function and has higher expandability and data handling efficiency.
In summary, compared with the prior art, the technical solutions provided by the embodiments of the present invention have the following beneficial effects:
the invention discloses a method and equipment for realizing secure data exchange based on the isomerism of a security card and an isolation card, which comprise an internal and external network security card, the isolation card and an internal and external network host, wherein the internal and external network security card is a network card designed aiming at the network security function based on a programmable network chip and has higher expandability and processing performance. The isolation card is a dual PCIE interface card which is based on a programmable network chip, is designed aiming at the network isolation function and has higher expandability and data handling efficiency. The internal and external network hosts have independent security cards and host operating systems respectively and are connected to the isolation card through PCIE interfaces respectively.
Although embodiments of the present invention have been shown and described, it will be appreciated by those skilled in the art that various changes, modifications, substitutions and alterations can be made in these embodiments without departing from the principles and spirit of the invention, the scope of which is defined in the appended claims and their equivalents.
Claims (10)
1. A method for realizing secure data exchange based on security card and isolation card isomerism is characterized in that: the system comprises an internal network, an external network and an isolation card, wherein the external network comprises an external network security card and an external network host, the internal network comprises an internal network host and an internal network security card, and data exchange is carried out between the external network and the internal network through the isolation card;
the external network equipment comprises the external network safety card for receiving network messages and the external network host for extracting effective data, and the external network equipment is based on the external network safety card and the external network host
Checking, identifying and processing the network message, extracting effective data and marking the serial number of the data block;
the isolation card equipment receives the data blocks of the external network and carries the data blocks to the internal network when judging that the serial numbers of the data blocks are expected serial numbers;
the intranet equipment comprises the intranet and intranet safety card for receiving network messages and the intranet host for receiving effective data, and after the intranet equipment receives the effective data, the intranet equipment further checks and processes the effective data according to management configuration and sends the effective data to the intranet service server.
2. The method of claim 1, further comprising:
if the external network host receives normal network messages, further performing deep data inspection according to the deployed host software, and if the inspection passes the original message protocol stripping, extracting effective data and performing the next processing.
3. The method of claim 1, further comprising:
if the external network host extracts effective data, a software sending interface is called, the available space for receiving Ring is judged by the internal network host, if the available space is available, the processed data block is marked with a serial number, the local available space for receiving Ring is marked, then the internal memory address and the length for sending Ring are filled, and a local PCIE interface register is written to inform the DMA controller to send the data.
4. The method of claim 1, further comprising:
and the isolation card receives the data blocks sent by the external network host, performs specific processing, sends the serial numbers of the data blocks to a sending queue corresponding to Ring of the internal network end, checks whether a next expected serial number exists in a current buffering queue of Ring, repeats the step if the next expected serial number exists, and otherwise waits for receiving the next data block, and the sending queue of the isolation card informs a DMA (direct memory access) controller of a target PCIE (peripheral component interface express) interface to sequentially carry the data blocks in the queue to available memory addresses recorded in Ring of the host at the opposite end.
5. The method of claim 1, further comprising:
the intranet host judges whether data recorded in the local Ring is received or not, if yes, the marked local Ring available space is recorded in the local Ring and submitted for subsequent processing, the intranet host receives effective data, judges through connection with an internal server according to configuration check and sends an intranet safety card, and if not, the intranet safety card is discarded, receives a network message, checks according to management configuration and sends the network message to the intranet server.
6. An intranet and extranet security data exchange apparatus suitable for use in a high speed internet environment according to claim 5, wherein:
the host software matched with the host software safety card is a network card driver in a kernel module form and can also support a user mode driver (DPDK mode), the host software matched with the isolation card is in the user mode driver mode and is mainly responsible for interaction between data to be crossed with an internal network and an external network and the isolation card, and a back-end host receives the data sent by the isolation card.
7. An internal and external network security data exchange device suitable for high-speed internet environment is characterized in that: the system comprises an intranet and an extranet, wherein the extranet comprises an extranet safety card and an extranet host, the intranet comprises an intranet host and an intranet safety card, the two extranet hosts and the intranet host are provided with independent safety cards and host operating systems and are respectively connected to an isolation card through a PCIE interface;
the safety card is a network card which is based on a programmable network chip and designed aiming at the network safety function, and has higher expandability and processing performance;
the isolation card is a dual PCIE interface card which is based on a programmable network chip, is designed aiming at the network isolation function and has higher expandability and data handling efficiency.
8. An intranet security data exchange device applicable to a high-speed internet environment according to claim 7, wherein:
the security card is provided with 4 gigabit Ethernet interfaces and a PCIE interface, the PCIE interface is provided with 128 pairs of transceiving cache rings (Ring), each Ring can be independently bound to a single CPU core of an internal and external network host to improve the processing performance, and each PCIE interface is provided with an independent DMA controller.
9. An intranet and extranet secure data exchange apparatus suitable for use in a high speed internet environment according to claim 7, wherein:
the isolation card has no network interface and 2 PCIE interfaces, each PCIE interface has 64 pairs of transceiving buffer rings (Ring), each Ring can be independently bound to a single CPU core of an internal and external network host to improve the processing performance, and each PCIE interface of the 2 PCIE interfaces has an independent DMA controller.
10. An intranet and extranet secure data exchange apparatus suitable for use in a high speed internet environment according to claim 7, wherein:
the security card supports session statistics, access control based on quintuple, QoS control, security label processing and DDoS attack protection security functions besides the basic network card function.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210627044.1A CN115118459A (en) | 2022-06-02 | 2022-06-02 | Method and equipment for realizing secure data exchange based on security card and isolation card heterogeneous |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210627044.1A CN115118459A (en) | 2022-06-02 | 2022-06-02 | Method and equipment for realizing secure data exchange based on security card and isolation card heterogeneous |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN115118459A true CN115118459A (en) | 2022-09-27 |
Family
ID=83325944
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210627044.1A Pending CN115118459A (en) | 2022-06-02 | 2022-06-02 | Method and equipment for realizing secure data exchange based on security card and isolation card heterogeneous |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115118459A (en) |
Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105227451A (en) * | 2014-06-25 | 2016-01-06 | 华为技术有限公司 | A kind of message processing method and device |
| CN106502951A (en) * | 2016-10-21 | 2017-03-15 | 南京南瑞集团公司 | PCIE interface data ferry-boat card and its method for ferry-boat data |
| CN207382349U (en) * | 2017-07-24 | 2018-05-18 | 深圳市祈飞科技有限公司 | Gateway isolation card based on FPGA and the network safety isolator comprising the isolation card |
| CN109218308A (en) * | 2018-09-14 | 2019-01-15 | 上海赋华网络科技有限公司 | A kind of data high-speed secure exchange method based on intelligent network adapter |
| CN109802898A (en) * | 2019-02-01 | 2019-05-24 | 深圳市比速智网技术有限公司 | Multilink data transmission method, reception device and storage medium |
| CN110191107A (en) * | 2019-05-16 | 2019-08-30 | 南瑞集团有限公司 | A kind of nuclear power Special safety Net Strobe System and data processing method |
| CN111488219A (en) * | 2020-04-07 | 2020-08-04 | 中国科学院自动化研究所 | Ethernet data flow recording method for high-speed data acquisition system |
| CN112422421A (en) * | 2020-11-23 | 2021-02-26 | 北京交通大学 | Multi-path data packet transmission method of heterogeneous network |
| CN112887267A (en) * | 2021-01-05 | 2021-06-01 | 天津七所精密机电技术有限公司 | Network isolation system with message authentication function and method thereof |
| CN216210993U (en) * | 2021-11-08 | 2022-04-05 | 中铁信安(北京)信息安全技术有限公司 | Data communication bidirectional ferry isolating device |
-
2022
- 2022-06-02 CN CN202210627044.1A patent/CN115118459A/en active Pending
Patent Citations (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN105227451A (en) * | 2014-06-25 | 2016-01-06 | 华为技术有限公司 | A kind of message processing method and device |
| CN106502951A (en) * | 2016-10-21 | 2017-03-15 | 南京南瑞集团公司 | PCIE interface data ferry-boat card and its method for ferry-boat data |
| CN207382349U (en) * | 2017-07-24 | 2018-05-18 | 深圳市祈飞科技有限公司 | Gateway isolation card based on FPGA and the network safety isolator comprising the isolation card |
| CN109218308A (en) * | 2018-09-14 | 2019-01-15 | 上海赋华网络科技有限公司 | A kind of data high-speed secure exchange method based on intelligent network adapter |
| CN109802898A (en) * | 2019-02-01 | 2019-05-24 | 深圳市比速智网技术有限公司 | Multilink data transmission method, reception device and storage medium |
| CN110191107A (en) * | 2019-05-16 | 2019-08-30 | 南瑞集团有限公司 | A kind of nuclear power Special safety Net Strobe System and data processing method |
| CN111488219A (en) * | 2020-04-07 | 2020-08-04 | 中国科学院自动化研究所 | Ethernet data flow recording method for high-speed data acquisition system |
| CN112422421A (en) * | 2020-11-23 | 2021-02-26 | 北京交通大学 | Multi-path data packet transmission method of heterogeneous network |
| CN112887267A (en) * | 2021-01-05 | 2021-06-01 | 天津七所精密机电技术有限公司 | Network isolation system with message authentication function and method thereof |
| CN216210993U (en) * | 2021-11-08 | 2022-04-05 | 中铁信安(北京)信息安全技术有限公司 | Data communication bidirectional ferry isolating device |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7492710B2 (en) | Packet flow control | |
| US6381666B1 (en) | Method and apparatus for extending the range of the universal serial bus protocol | |
| US6526446B1 (en) | Hardware only transmission control protocol segmentation for a high performance network interface card | |
| US7634650B1 (en) | Virtualized shared security engine and creation of a protected zone | |
| US6717943B1 (en) | System and method for routing and processing data packets | |
| JP4743894B2 (en) | Method and apparatus for improving security while transmitting data packets | |
| CN101867511B (en) | Pause frame sending method, associated equipment and system | |
| US9356844B2 (en) | Efficient application recognition in network traffic | |
| US20040240435A1 (en) | Obtaining a destination address so that a network interface device can write network data without headers directly into host memory | |
| US7660322B2 (en) | Shared adapter | |
| US8885480B2 (en) | Packet priority in a network processor | |
| US9998373B2 (en) | Data routing acceleration | |
| CN104270393B (en) | Network isolation system | |
| US20100162382A1 (en) | Packet processing method and toe hardware | |
| US6742075B1 (en) | Arrangement for instigating work in a channel adapter based on received address information and stored context information | |
| CN112769905B (en) | NUMA (non uniform memory access) architecture based high-performance network card performance optimization method under Feiteng platform | |
| CN107528923B (en) | Data transmission method of network adapter and network adapter | |
| US7580410B2 (en) | Extensible protocol processing system | |
| US7523179B1 (en) | System and method for conducting direct data placement (DDP) using a TOE (TCP offload engine) capable network interface card | |
| JP3439320B2 (en) | Data communication method, data communication device, and data communication program recording medium | |
| US20120041998A1 (en) | Network Interface for Accelerating XML Processing | |
| CN115118459A (en) | Method and equipment for realizing secure data exchange based on security card and isolation card heterogeneous | |
| CN105471718B (en) | A kind of implementation method of full duplex message queue | |
| US7330904B1 (en) | Communication of control information and data in client/server systems | |
| US20080002701A1 (en) | Network interface card virtualization based on hardware resources and software rings |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |