CN115242432A - Cross-domain time synchronization device and method - Google Patents

Cross-domain time synchronization device and method Download PDF

Info

Publication number
CN115242432A
CN115242432A CN202210660655.6A CN202210660655A CN115242432A CN 115242432 A CN115242432 A CN 115242432A CN 202210660655 A CN202210660655 A CN 202210660655A CN 115242432 A CN115242432 A CN 115242432A
Authority
CN
China
Prior art keywords
time synchronization
information
signal
time
isolation
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202210660655.6A
Other languages
Chinese (zh)
Other versions
CN115242432B (en
Inventor
李扬
徐兵杰
胡金龙
马荔
黄伟
张帅
杨杰
周创
罗钰杰
张亮亮
吴梅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN202210660655.6A priority Critical patent/CN115242432B/en
Publication of CN115242432A publication Critical patent/CN115242432A/en
Application granted granted Critical
Publication of CN115242432B publication Critical patent/CN115242432B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J3/00Time-division multiplex systems
    • H04J3/02Details
    • H04J3/06Synchronising arrangements
    • H04J3/0635Clock or time synchronisation in a network
    • H04J3/0638Clock or time synchronisation among nodes; Internode synchronisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J3/00Time-division multiplex systems
    • H04J3/02Details
    • H04J3/06Synchronising arrangements
    • H04J3/0635Clock or time synchronisation in a network
    • H04J3/0682Clock or time synchronisation in a network by delay compensation, e.g. by compensation of propagation delay or variations thereof, by ranging
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Synchronisation In Digital Transmission Systems (AREA)
  • Electric Clocks (AREA)

Abstract

The invention discloses a cross-domain time synchronization device and a method thereof. According to the invention, the risk of sensitive information leakage through the interactive information is reduced by carrying out isolation examination on the interactive information in the time synchronization process; meanwhile, through isolation and recovery of the time synchronization signal, time synchronization is not directly performed between the two networks, correlation between the information of the time synchronization of the internal network and the information of the time synchronization of the external network is reduced, the risk that sensitive information is hidden in the synchronization information can be reduced, potential safety hazards introduced by a time synchronization system in a cross-domain process are obviously reduced, and the safety of the cross-domain time synchronization is improved.

Description

Cross-domain time synchronization device and method
Technical Field
The present invention relates to the field of time synchronization technologies, and in particular, to a cross-domain time synchronization apparatus and method.
Background
Currently, in the related art. On the one hand, networks with different security levels often need to be interconnected. However, different networks are in different security domains, different security levels, and different information access rights. If two networks are directly connected, many security issues may arise. In order to secure networks of different security levels, isolation is usually used. On the other hand, the interconnection and interworking between different networks need to be based on the same time reference, and are usually realized by adopting time synchronization. However, the time signal may involve interaction of timestamp information, signaling information, and the like in the cross-network and cross-domain transmission process, and the interaction information may be introduced into a hidden channel, resulting in inflow and outflow of illegal information, and even causing intrusion of external attacks, which may cause serious security risks to the network.
Disclosure of Invention
The invention mainly aims to provide a cross-domain time synchronization device and a cross-domain time synchronization method, and aims to solve the technical problem that the current cross-domain time synchronization process may cause inflow or outflow of illegal information and cause serious potential safety hazards to a network.
In order to achieve the above object, the present invention provides a cross-domain time synchronization device, which includes a time synchronization information isolation examination module and a time synchronization signal isolation recovery module; wherein:
the time synchronization information isolation examination module is used for carrying out safety isolation and examination on the received external network time synchronization interaction information and the internal network time synchronization interaction information and judging whether sensitive information exists in the external network time synchronization interaction information and the internal network time synchronization interaction information or not;
and the time synchronization signal isolation and recovery module is used for executing the time synchronization of the outer network and the time synchronization of the inner network according to the time synchronization interaction information of the outer network and the time synchronization interaction information of the inner network respectively.
Optionally, the time synchronization information isolation auditing module includes an extranet time synchronization information security interaction unit, an intranet time synchronization information security interaction unit and a time synchronization information security isolation unit; wherein:
the external network time synchronization information safety interaction unit is used for time synchronization information interaction transmission between the external network time synchronization device and the cross-domain time synchronization device;
the intranet time synchronization information safety interaction unit is used for time synchronization information interaction transmission between the intranet time synchronization device and the cross-domain time synchronization device;
the time synchronization information security isolation unit is used for isolating and checking the time synchronization information of the external network and the time synchronization information of the internal network.
Optionally, the external network time synchronization information security interaction unit includes:
the external network interface is used for connecting an external network time synchronization device;
the outer network isolation unit interface is used for connecting the time synchronization information safety isolation unit;
the isolation encryption authentication subunit is used for decrypting information input to the extranet interface and encrypting and authenticating information sent to the extranet interface;
and the external network security examination subunit is provided with a firewall with a preset security policy, carries out security examination on the decryption information output by the isolation encryption authentication subunit, and sends the examined information to the time synchronization information security isolation unit through an external network isolation unit interface.
Optionally, the intranet time synchronization information security interaction unit includes:
the intranet interface is used for connecting an intranet time synchronization device;
the intranet isolation unit interface is used for connecting the time synchronization information safety isolation unit;
the isolation encryption authentication subunit is used for decrypting and authenticating the information input to the intranet interface and encrypting and authenticating the information sent to the intranet interface;
the intranet safety examination subunit is provided with a firewall with a preset safety strategy, carries out safety examination on the decryption information output by the isolation encryption authentication subunit, and sends the examined information to the time synchronization information safety isolation unit through an intranet isolation unit interface.
Optionally, the time synchronization information security isolation unit:
the isolation unit outer net interface is connected with the outer net isolation unit interface;
the internal network interface of the isolation unit is connected with the internal network isolation unit interface;
the clock keeping interface is connected with the time synchronization signal isolation recovery module, sends the information of the extranet time synchronization information security interaction unit and the intranet time synchronization information security interaction unit to the time synchronization signal isolation recovery module, and sends the information of the extranet time synchronization information security interaction unit and the intranet time synchronization information security interaction unit;
and the isolation examination subunit is connected with the clock maintaining interface, performs safety examination and flow direction control on information received by the clock maintaining interface and sent by the outer network time synchronization information safety interaction unit and the inner network time synchronization information safety interaction unit, and transmits corresponding information to the outer network time synchronization information safety interaction unit or the network time synchronization information safety interaction unit through the outer network interface or the inner network interface of the isolation unit if the information is judged to be safe.
Optionally, the time synchronization signal isolation recovery module includes an external network time synchronization signal transmission unit, an internal network time synchronization signal transmission unit, and a clock holding unit; wherein:
the external network time synchronization signal transmission unit is used for carrying out time synchronization on the external network time synchronization device and the cross-network time synchronization device according to the external network time synchronization mutual information;
the intranet time synchronization signal transmission unit is used for carrying out time synchronization on the intranet time synchronization device and the cross-network time synchronization device according to the intranet time synchronization interaction information;
the clock holding unit provides local clock signals for the outer network time synchronization signal transmission unit and the inner network time synchronization signal transmission unit.
Optionally, the external network time synchronization signal transmitting unit includes:
the time signal generating subunit is used for generating a time synchronization signal according to the local clock signal provided by the clock holding unit and sending the time synchronization signal to the external network and the time signal measuring subunit;
the time signal receiving subunit is used for receiving the time synchronization signal sent by the external network and converting the time synchronization signal into a signal which can be measured by the time signal measuring subunit;
and the time signal measuring subunit is used for measuring the signals sent by the time signal generating subunit and the time signal receiving subunit to obtain the signal arrival time and/or the signal interval.
Optionally, the intranet time synchronization signal transmission unit includes:
the time signal generating subunit is used for generating a time synchronization signal according to the local clock signal provided by the clock holding unit and sending the time synchronization signal to the intranet and the time measuring subunit;
the time signal receiving subunit is used for receiving the time synchronization signal sent by the intranet and converting the time synchronization signal into a signal which can be measured by the time signal measuring subunit;
and the time signal measuring subunit is used for measuring the signals sent by the event generating subunit and the time signal receiving subunit to obtain the signal arrival time and/or the signal interval.
Optionally, the clock holding unit includes:
the outer network time signal measuring interface receives the local time signal measuring information of the outer network time synchronization signal transmission unit and transmits the local time signal measuring information to the delay compensation calculating subunit;
the time synchronization information interface receives the time synchronization interactive information of the outer network and the local time signal measurement information of the time synchronization signal transmission unit of the inner network;
the time delay compensation calculating subunit receives the local time signal measuring information sent by the external network time signal measuring interface and the external network time synchronization interactive information sent by the time synchronization information interface, performs time delay compensation calculation on the local clock, and corrects the local clock;
the intranet time signal measuring interface receives local time signal measuring information of the intranet time synchronization signal transmission unit, transmits the information to the time synchronization information isolation examination module through the time synchronization information interface, interacts with the intranet time synchronization equipment, and corrects the time of the intranet time synchronization equipment.
Optionally, the number of the external network time synchronization information security interaction unit and the number of the external network time synchronization signal transmission units are set to be a plurality, and the number of the internal network time synchronization information security interaction unit and the number of the internal network time synchronization signal transmission units are set to be a plurality.
In order to achieve the above object, the present application further proposes a cross-domain time synchronization method for a cross-domain time synchronization apparatus as described above, the method comprising the following steps:
the received extranet time synchronization interactive information and intranet time synchronization interactive information are safely isolated and audited through a time synchronization information isolation audit module, and whether sensitive information exists in the extranet time synchronization interactive information and the intranet time synchronization interactive information or not is judged;
and executing the outer network time synchronization and the inner network time synchronization respectively according to the outer network time synchronization interactive information and the inner network time synchronization interactive information through the time synchronization signal isolation and recovery module.
The invention provides a cross-domain time synchronization device and a method thereof. According to the invention, the risk of sensitive information leakage through the interactive information is reduced by carrying out isolation examination on the interactive information in the time synchronization process; meanwhile, through isolation and recovery of the time synchronization signal, time synchronization is not directly performed between the two networks, correlation between the information of the time synchronization of the internal network and the information of the time synchronization of the external network is reduced, the risk that sensitive information is hidden in the synchronization information can be reduced, potential safety hazards introduced by a time synchronization system in a cross-domain process are obviously reduced, and the safety of the cross-domain time synchronization is improved.
Drawings
Fig. 1 is a schematic structural diagram of a cross-domain time synchronization apparatus according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a time synchronization information isolation examination module according to an embodiment of the present invention;
FIG. 3 is a schematic diagram of an external network time synchronization signal transmitting unit according to an embodiment of the present invention;
FIG. 4 is a schematic diagram of an intranet time synchronization signal transmission unit according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a clock holding unit according to an embodiment of the present invention.
The implementation, functional features and advantages of the objects of the present invention will be further explained with reference to the accompanying drawings.
Detailed Description
It should be understood that the specific embodiments described herein are merely illustrative of the invention and do not limit the invention.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
It should be noted that all directional indicators (such as up, down, left, right, front, back \8230;) in the embodiments of the present invention are only used to explain the relative positional relationship between the components, the motion situation, etc. in a specific posture (as shown in the attached drawings), and if the specific posture is changed, the directional indicator is changed accordingly.
In addition, the technical solutions in the embodiments may be combined with each other, but it must be based on the realization of those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the combination of the technical solutions should be considered to be absent, and is not within the protection scope of the invention.
Currently, in the related art, a cross-domain time synchronization process may cause inflow or outflow of illegal information, which causes a serious potential safety hazard to a network.
To solve this problem, various embodiments of the cross-domain time synchronization apparatus and method of the present invention are proposed. According to the cross-domain time synchronization device and method provided by the invention, the risk of sensitive information leakage through the interactive information is reduced by carrying out isolation examination on the interactive information in the time synchronization process; meanwhile, through the isolation and recovery of the time synchronization signal, the two networks are not directly time-synchronized, the correlation between the information of the time synchronization of the internal network and the information of the time synchronization of the external network is reduced, the risk that sensitive information is hidden in the synchronization information can be reduced, the potential safety hazard introduced by the time synchronization system in the cross-domain process is obviously reduced, and the safety of the cross-domain time synchronization is improved.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a cross-domain time synchronization apparatus according to an embodiment of the present invention.
The embodiment provides a cross-domain time synchronization device, which comprises a review module and a time synchronization signal isolation recovery module, wherein the review module comprises time synchronization information.
The time synchronization information isolation and examination module is used for carrying out safety isolation and examination on the internal network time synchronization interaction information and the external network time synchronization interaction information, and reducing the risk of sensitive information leakage through the interaction information. The time synchronization signal isolation recovery module separates the time synchronization of the internal network from the time synchronization of the external network, so that the time synchronization is not directly performed between the internal network and the external network, the relevance of the interactive information of the time synchronization of the internal network and the time synchronization of the external network is reduced, and the risk that sensitive information is hidden in the interactive information is reduced.
In this embodiment, the time synchronization information isolation examination module mainly includes an extranet time synchronization information security interaction unit, a time synchronization information security isolation unit, and an intranet time synchronization information security interaction unit.
The external network time synchronization information safety interaction unit realizes an information safety interaction function when time synchronization is carried out between the external network time synchronization device and the cross-domain time synchronization device. The intranet time synchronization information safety interaction unit realizes an information safety interaction function when time synchronization is carried out between the intranet time synchronization device and the cross-domain time synchronization device. The time synchronization information security isolation unit completes isolation and examination of time synchronization interaction information between the inner network and the outer network.
In this embodiment, the time synchronization signal isolation and recovery module includes an external network time synchronization signal transmission unit, a clock holding unit, and an internal network time synchronization signal transmission unit.
The outer network time synchronization signal transmission unit completes time synchronization between the outer network time synchronization device and the cross-network time synchronization device. And the intranet time synchronization signal transmission unit completes the time synchronization between the intranet time synchronization device and the cross-network time synchronization device. The clock holding unit completes high stability and high accuracy holding of the local clock and provides local clock signals for the outer network time synchronization signal transmission unit and the inner network time synchronization signal transmission unit.
Referring to fig. 2, fig. 2 is a schematic diagram of a time synchronization information isolation examination module, which includes an extranet time synchronization information security interaction unit, an intranet time synchronization information security interaction unit, and a time synchronization information security isolation unit.
In this embodiment, the external network time synchronization information security interaction unit mainly includes an external network interface, an isolation authentication encryption subunit, an external network security examination subunit, and an external network isolation unit interface.
The external network interface is used for carrying out time synchronization information interaction with external network equipment. The isolation encryption authentication subunit completes decryption authentication of the input information of the external network interface and encryption and authentication functions of the information required to be output to the external interface. The outer network security isolation subunit completes the security examination and other functions of the outer network interface input information after decryption, and prevents an outer network attacker from entering the internal network through an illegal means through the design of a firewall with a certain security policy.
Specifically, according to the time synchronization protocol, the format and length of the interactive information, the reasonableness of the information itself, and the like are subjected to security review. And if the information is judged to be safe, the information is transmitted to the time synchronization information through the external network isolation unit interface to safely isolate and protect the time synchronization information. The external network isolation unit interface is used for information interaction between the external network time synchronization information security interaction unit and the time synchronization information security isolation unit.
In this embodiment, the intranet time synchronization information security interaction unit mainly includes an extranet interface, an isolation authentication encryption subunit, an intranet security review subunit, and an intranet isolation unit interface.
The intranet interface is used for carrying out time synchronization information interaction with the extranet equipment. The isolation encryption authentication subunit completes the decryption authentication of the input information of the intranet interface and the encryption and authentication functions of the information required to be output to the internal interface. The intranet safety isolation subunit completes the safety examination and other functions of the decrypted intranet interface input information, and prevents the intranet information from being output through a secret channel through the design of a firewall with a certain safety strategy.
Specifically, according to the time synchronization protocol, the format and length of the interactive information, the reasonableness of the information itself, and the like are subjected to security review. And if the information is judged to be safe, transmitting the information to the time synchronization information through the intranet isolation unit interface for safety isolation. The intranet isolation unit interface is used for information interaction between the intranet time synchronization information safety interaction unit and the time synchronization information safety isolation unit.
In this embodiment, the time synchronization information security isolation unit mainly includes an isolation unit extranet interface, an isolation unit intranet interface, an isolation examination subunit, and a clock maintenance interface.
The isolation unit outer network interface is used for information interaction with the outer network time synchronization information safety interaction unit. The intranet interface of the isolation unit is used for carrying out information interaction with the intranet time synchronization information safety interaction unit. The clock holding interface is used for carrying out information interaction with a clock holding unit of the time synchronization signal isolation recovery module, transmitting information output by the outer network time synchronization information security interaction unit and the inner network time synchronization information security interaction unit to the clock holding unit on one hand, and transmitting information output by the clock holding unit to the outer network time synchronization information security interaction unit and the inner network time synchronization information security interaction unit to the isolation examination subunit on the other hand.
The isolation examination subunit is used for carrying out security examination and flow control on the information received by the clock holding interface from the clock holding unit. And according to the time synchronization protocol, safety examination is carried out on the format, the length, the reasonability and the like of the interactive information. And transmitting corresponding information to the external network time synchronization information safety interaction unit or the network time synchronization information safety interaction unit through the external network interface or the internal network interface of the isolation unit if the safety is judged to be safe.
Referring to fig. 3, fig. 3 is a schematic diagram of an extranet time synchronization signal transfer unit. The external network time synchronization signal transmission unit comprises a time signal generation subunit, a time signal receiving subunit and a time signal measuring subunit.
The time signal generating subunit generates a time synchronization signal output to the external network according to the local clock signal transmitted by the clock holding unit and the requirement of a time synchronization protocol. The output time synchronization signal may be an optical signal or an electrical signal, and the time signal generation subunit mainly modulates the original time synchronization signal onto the corresponding optical signal or electrical signal.
Meanwhile, the original time synchronization signal is transmitted to the time signal measuring sub-unit. The time signal receiving subunit is configured to receive a time synchronization signal (which may be an optical signal or an electrical signal) input by the external network, and convert the time synchronization signal into a signal that can be measured by the time signal measuring subunit. The time signal measuring sub-unit is used for time measurement, and according to different protocols, the sending time of the output time synchronization signal and the arrival time of the input time synchronization signal can be measured, and the time interval of the two time signals can also be directly measured. Finally, these time measurement information are sent to the clock holding unit.
Referring to fig. 4, fig. 4 is a schematic diagram of an intranet time synchronization signal transmission unit. The intranet time synchronization signal transmission unit comprises a time signal generation subunit, a time signal receiving subunit and a time signal measurement subunit.
The time signal generating subunit generates a time synchronization signal output to the intranet according to the local clock signal transmitted by the clock holding unit and the requirement of a time synchronization protocol. The output time synchronization signal may be an optical signal or an electrical signal, and the time signal generation subunit mainly modulates the original time synchronization signal onto the corresponding optical signal or electrical signal.
Meanwhile, the original time synchronization signal is transmitted to the time signal measuring subunit. The time signal receiving subunit is configured to receive a time synchronization signal (which may be an optical signal or an electrical signal) input by the intranet, and convert the time synchronization signal into a signal that can be measured by the time signal measuring subunit. The time signal measurement sub-unit is used for time measurement, and according to different protocols, the sending time of the output time synchronization signal and the arrival time of the input time synchronization signal can be measured, and the time interval of the two time signals can also be directly measured. Finally, these time measurement information are sent to the clock holding unit.
Referring to fig. 5, fig. 5 is a schematic diagram of a clock holding unit. The clock holding unit comprises an external network time signal measurement information interface, an internal network time signal measurement information interface, a time synchronization information interface, a delay compensation calculation subunit and a local clock.
The external network time signal measuring interface receives the local time signal measuring information from the external network time synchronization signal transmission unit and transmits the local time signal measuring information to the delay compensation calculation subunit. The delay compensation calculation subunit receives the local time signal measurement information transmitted from the external network time signal measurement interface and also receives the time synchronization mutual information from the external network received from the time synchronization information interface, carries out delay compensation calculation on the local clock according to the corresponding time synchronization protocol and the information, and transmits the result of delay compensation settlement to the local clock for correcting the local clock. The intranet time signal measurement information interface receives local time signal measurement information of the intranet time synchronization signal transmission unit, transmits the information to the time synchronization information isolation examination module through the time synchronization information interface, and finally interacts with time synchronization equipment of the intranet for time correction of the intranet time synchronization equipment.
It should be noted that, in an actual implementation process, the cross-network time synchronization method and apparatus provided in the present application may include 1 or more external network units (including an external network time synchronization information security interaction unit and an external network time synchronization signal transmission unit) and internal network units (including an internal network time synchronization information security interaction unit and an internal network time synchronization signal transmission unit).
In the embodiment, a cross-domain time synchronization device and a cross-domain time synchronization method are provided, aiming at the safety problem of a time synchronization system in a cross-domain process, by carrying out isolation examination on interactive information in the time synchronization process, the risk of sensitive information leakage through the interactive information is reduced; meanwhile, through the isolation and recovery of the time synchronization signal, the two networks are not directly time-synchronized, the correlation between the information of the time synchronization of the internal network and the information of the time synchronization of the external network is reduced, the risk that sensitive information is hidden in the synchronization information can be reduced, the potential safety hazard introduced by the time synchronization system in the cross-domain process is obviously reduced, and the safety of the cross-domain time synchronization is improved.
The above are only preferred embodiments of the invention, and not intended to limit the scope of the invention, and all equivalent structures or equivalent flow transformations that may be applied to the present specification and drawings, or applied directly or indirectly to other related technical fields, are included in the scope of the invention.

Claims (10)

1. A cross-domain time synchronization device is characterized by comprising a time synchronization information isolation examination module and a time synchronization signal isolation recovery module; wherein:
the time synchronization information isolation examination module is used for carrying out safety isolation and examination on the received external network time synchronization interaction information and the internal network time synchronization interaction information and judging whether sensitive information exists in the external network time synchronization interaction information and the internal network time synchronization interaction information or not;
and the time synchronization signal isolation recovery module is used for executing the time synchronization of the outer network and the time synchronization of the inner network according to the time synchronization interaction information of the outer network and the time synchronization interaction information of the inner network respectively.
2. The cross-domain time synchronization device according to claim 1, wherein the time synchronization information isolation examination module comprises an extranet time synchronization information security interaction unit, an intranet time synchronization information security interaction unit and a time synchronization information security isolation unit; wherein:
the external network time synchronization information safety interaction unit is used for time synchronization information interaction transmission between the external network time synchronization device and the cross-domain time synchronization device;
the intranet time synchronization information safety interaction unit is used for time synchronization information interaction transmission between the intranet time synchronization device and the cross-domain time synchronization device;
the time synchronization information security isolation unit is used for isolating and checking the time synchronization information of the outer network and the time synchronization information of the inner network.
3. The cross-domain time synchronization apparatus of claim 2, wherein the extranet time synchronization information security interaction unit comprises:
the external network interface is used for connecting an external network time synchronization device;
the outer network isolation unit interface is used for connecting the time synchronization information safety isolation unit;
the isolation encryption and authentication subunit is used for decrypting information input to the extranet interface and encrypting and authenticating information sent to the extranet interface;
and the external network security examination subunit is provided with a firewall with a preset security policy, carries out security examination on the decryption information output by the isolation encryption authentication subunit, and sends the examined information to the time synchronization information security isolation unit through an external network isolation unit interface.
4. The cross-domain time synchronization device according to claim 3, wherein the intranet time synchronization information security interaction unit comprises:
the intranet interface is used for connecting an intranet time synchronization device;
the intranet isolation unit interface is used for connecting the time synchronization information safety isolation unit;
the isolation encryption authentication subunit is used for decrypting and authenticating the information input to the intranet interface and encrypting and authenticating the information sent to the intranet interface;
the intranet safety examination subunit is provided with a firewall with a preset safety strategy, carries out safety examination on the decryption information output by the isolation encryption authentication subunit, and sends the examined information to the time synchronization information safety isolation unit through an intranet isolation unit interface.
5. The cross-domain time synchronization apparatus of claim 4, wherein the time synchronization information security isolation unit:
the isolation unit outer net interface is connected with the outer net isolation unit interface;
the internal network interface of the isolation unit is connected with the internal network isolation unit interface;
the clock maintaining interface is connected with the time synchronization signal isolation and recovery module, sends the information of the outer network time synchronization information security interaction unit and the inner network time synchronization information security interaction unit to the time synchronization signal isolation and recovery module, and sends the information of the outer network time synchronization information security interaction unit and the inner network time synchronization information security interaction unit;
and the isolation examination subunit is connected with the clock maintaining interface, performs safety examination and flow direction control on information received by the clock maintaining interface and sent by the outer network time synchronization information safety interaction unit and the inner network time synchronization information safety interaction unit, and transmits corresponding information to the outer network time synchronization information safety interaction unit or the network time synchronization information safety interaction unit through the outer network interface or the inner network interface of the isolation unit if the information is judged to be safe.
6. The cross-domain time synchronization apparatus according to claim 5, wherein the time synchronization signal isolation recovery module comprises an external network time synchronization signal transmission unit, an internal network time synchronization signal transmission unit and a clock holding unit; wherein:
the external network time synchronization signal transmission unit is used for carrying out time synchronization on the external network time synchronization device and the cross-network time synchronization device according to the external network time synchronization mutual information;
the intranet time synchronization signal transmission unit is used for carrying out time synchronization on the intranet time synchronization device and the cross-network time synchronization device according to the intranet time synchronization interaction information;
the clock holding unit provides local clock signals for the external network time synchronization signal transmission unit and the internal network time synchronization signal transmission unit.
7. The cross-domain time synchronization apparatus of claim 6, wherein the outer network time synchronization signal transfer unit comprises:
the time signal generating subunit is used for generating a time synchronization signal according to the local clock signal provided by the clock holding unit and sending the time synchronization signal to the external network and the time signal measuring subunit;
the time signal receiving subunit is used for receiving the time synchronization signal sent by the external network and converting the time synchronization signal into a signal which can be measured by the time signal measuring subunit;
and the time signal measuring subunit is used for measuring the signals sent by the time signal generating subunit and the time signal receiving subunit to obtain the signal arrival time and/or the signal interval.
The intranet time synchronization signal transmission unit includes:
the time signal generating subunit is used for generating a time synchronization signal according to the local clock signal provided by the clock holding unit and sending the time synchronization signal to the intranet and the time measuring subunit;
the time signal receiving subunit is used for receiving the time synchronization signal sent by the intranet and converting the time synchronization signal into a signal which can be measured by the time signal measuring subunit;
and the time signal measuring subunit is used for measuring the signals sent by the event generating subunit and the time signal receiving subunit to obtain the signal arrival time and/or the signal interval.
8. The cross-domain time synchronization apparatus of claim 6, wherein the clock holding unit comprises:
the external network time signal measuring interface receives the local time signal measuring information of the external network time synchronization signal transmission unit and transmits the local time signal measuring information to the delay compensation calculating subunit;
the time synchronization information interface receives the time synchronization interaction information of the outer network and the local time signal measurement information of the time synchronization signal transmission unit of the inner network;
the time delay compensation calculating subunit receives the local time signal measuring information sent by the external network time signal measuring interface and the external network time synchronization interactive information sent by the time synchronization information interface, performs time delay compensation calculation on the local clock, and corrects the local clock;
the intranet time signal measuring interface receives local time signal measuring information of the intranet time synchronization signal transmission unit, transmits the information to the time synchronization information isolation examination module through the time synchronization information interface, interacts with the intranet time synchronization equipment, and performs time correction on the intranet time synchronization equipment.
9. The cross-domain time synchronizer according to claim 6, wherein the number of the external network time synchronization information security interaction unit and the number of the external network time synchronization signal transmission unit are provided, and the number of the internal network time synchronization information security interaction unit and the internal network time synchronization signal transmission unit are provided.
10. A cross-domain time synchronization method for the cross-domain time synchronization apparatus according to any one of claims 1-9, the method comprising the steps of:
the received time synchronization interactive information of the outer network and the time synchronization interactive information of the inner network are safely isolated and examined through a time synchronization information isolation examination module, and whether sensitive information exists in the time synchronization interactive information of the outer network and the time synchronization interactive information of the inner network is judged;
and executing the outer network time synchronization and the inner network time synchronization respectively according to the outer network time synchronization interactive information and the inner network time synchronization interactive information through the time synchronization signal isolation and recovery module.
CN202210660655.6A 2022-06-13 2022-06-13 Cross-domain time synchronization device and method Active CN115242432B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210660655.6A CN115242432B (en) 2022-06-13 2022-06-13 Cross-domain time synchronization device and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210660655.6A CN115242432B (en) 2022-06-13 2022-06-13 Cross-domain time synchronization device and method

Publications (2)

Publication Number Publication Date
CN115242432A true CN115242432A (en) 2022-10-25
CN115242432B CN115242432B (en) 2023-05-16

Family

ID=83669928

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210660655.6A Active CN115242432B (en) 2022-06-13 2022-06-13 Cross-domain time synchronization device and method

Country Status (1)

Country Link
CN (1) CN115242432B (en)

Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070282951A1 (en) * 2006-02-10 2007-12-06 Selimis Nikolas A Cross-domain solution (CDS) collaborate-access-browse (CAB) and assured file transfer (AFT)
CN102710409A (en) * 2012-06-04 2012-10-03 中广传播集团有限公司 Time synchronizing device with safety isolation function
CN102790774A (en) * 2012-07-31 2012-11-21 北京江南天安科技有限公司 Method and device capable of allowing internal network to obtain time information
CN102820994A (en) * 2012-08-20 2012-12-12 广州易宝信息技术有限公司 Data exchange device and data exchange method for network isolation environment
CN106998333A (en) * 2017-05-24 2017-08-01 山东省计算中心(国家超级计算济南中心) A kind of bilateral network security isolation system and method
CN108111536A (en) * 2018-01-15 2018-06-01 中国科学院信息工程研究所 A kind of application-level security cross-domain communication method and system
CN108111409A (en) * 2016-11-25 2018-06-01 华为技术有限公司 The method and apparatus for establishing disjoint paths
CN109495202A (en) * 2018-12-20 2019-03-19 北京明朝万达科技股份有限公司 A kind of method for synchronizing time and device
CN114553509A (en) * 2022-02-14 2022-05-27 国网山东省电力公司信息通信公司 Information internal and external network video conference intercommunication system and method based on isolation device

Patent Citations (9)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070282951A1 (en) * 2006-02-10 2007-12-06 Selimis Nikolas A Cross-domain solution (CDS) collaborate-access-browse (CAB) and assured file transfer (AFT)
CN102710409A (en) * 2012-06-04 2012-10-03 中广传播集团有限公司 Time synchronizing device with safety isolation function
CN102790774A (en) * 2012-07-31 2012-11-21 北京江南天安科技有限公司 Method and device capable of allowing internal network to obtain time information
CN102820994A (en) * 2012-08-20 2012-12-12 广州易宝信息技术有限公司 Data exchange device and data exchange method for network isolation environment
CN108111409A (en) * 2016-11-25 2018-06-01 华为技术有限公司 The method and apparatus for establishing disjoint paths
CN106998333A (en) * 2017-05-24 2017-08-01 山东省计算中心(国家超级计算济南中心) A kind of bilateral network security isolation system and method
CN108111536A (en) * 2018-01-15 2018-06-01 中国科学院信息工程研究所 A kind of application-level security cross-domain communication method and system
CN109495202A (en) * 2018-12-20 2019-03-19 北京明朝万达科技股份有限公司 A kind of method for synchronizing time and device
CN114553509A (en) * 2022-02-14 2022-05-27 国网山东省电力公司信息通信公司 Information internal and external network video conference intercommunication system and method based on isolation device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
李超: "基于可信计算的跨网数据安全交换技术", 《计算机工程与设计》 *

Also Published As

Publication number Publication date
CN115242432B (en) 2023-05-16

Similar Documents

Publication Publication Date Title
US11606341B2 (en) Apparatus for use in a can system
KR101938312B1 (en) Different units same security apparatus based on internet of things
CN103491072A (en) Boundary access control method based on double one-way separation gatekeepers
EP2132894A1 (en) System and method for implementing content protection in a wireless digital system
CN101911639A (en) The method of protection bi-directional communication channel and realize the device of this method
JPH10145360A (en) Prevention system of wrong copy, monitoring node and transmitting and receiving node
US20200045540A1 (en) Method and system for securing communication links using enhanced authentication
CN112702318A (en) Communication encryption method, decryption method, client and server
KR101023708B1 (en) Data Protection Method and Apparatus for SCADA Network Based on MODBUS Protocol
KR20090102469A (en) System and method for data protection and security of scada network based on dnp
CN110637299B (en) Smooth transition of content type changes for streaming content
JP2007039166A (en) Remote monitoring system for elevator
CN112491780A (en) Communication system and method
Kornaros et al. Trustnet: ensuring normal-world and trusted-world can-bus networking
CN115242432B (en) Cross-domain time synchronization device and method
US7266694B2 (en) Network relay device, communication device and network relay method
Wagner et al. Retrofitting Integrity Protection into Unused Header Fields of Legacy Industrial Protocols
Mundt Two methods of authenticated positioning
CN111935112B (en) Cross-network data security ferrying device and method based on serial
CN111698263B (en) Beidou satellite navigation data transmission method and system
WO2018226295A1 (en) Avoiding link integrity failures on displayport during hcdp 2.2 by using sink side optimizations
KR102419057B1 (en) Message security system and method of railway communication network
WO2016182313A1 (en) System and method for processing beacon data
CN103888438A (en) Train data communication system using information safety technology
CN110311911B (en) Traffic facility monitoring method and device and server

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant