CN110912940A - Isolated network transparent service access method and system based on double unidirectional switching equipment - Google Patents
Isolated network transparent service access method and system based on double unidirectional switching equipment Download PDFInfo
- Publication number
- CN110912940A CN110912940A CN201911352207.4A CN201911352207A CN110912940A CN 110912940 A CN110912940 A CN 110912940A CN 201911352207 A CN201911352207 A CN 201911352207A CN 110912940 A CN110912940 A CN 110912940A
- Authority
- CN
- China
- Prior art keywords
- data
- service
- agent program
- service request
- unidirectional
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 31
- 230000005540 biological transmission Effects 0.000 claims abstract description 80
- 230000009977 dual effect Effects 0.000 claims description 13
- 239000003795 chemical substances by application Substances 0.000 claims 2
- 239000013307 optical fiber Substances 0.000 claims 2
- 238000002955 isolation Methods 0.000 abstract description 12
- 230000006798 recombination Effects 0.000 abstract 1
- 238000005215 recombination Methods 0.000 abstract 1
- 230000008521 reorganization Effects 0.000 abstract 1
- 238000005516 engineering process Methods 0.000 description 5
- 238000010586 diagram Methods 0.000 description 4
- 238000004891 communication Methods 0.000 description 2
- 230000002776 aggregation Effects 0.000 description 1
- 238000004220 aggregation Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/10—Network architectures or network communication protocols for network security for controlling access to devices or network resources
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
- H04L63/0281—Proxies
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
- H04L63/0884—Network architectures or network communication protocols for network security for authentication of entities by delegation of authentication, e.g. a proxy authenticates an entity to be authenticated on behalf of this entity vis-à-vis an authentication entity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L67/00—Network arrangements or protocols for supporting network services or applications
- H04L67/01—Protocols
- H04L67/02—Protocols based on web technology, e.g. hypertext transfer protocol [HTTP]
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method and a system for isolating network transparent service access based on double unidirectional switching equipment. The service request end sends data to the preposed agent program; the preposed agent program receives the data and marks the identification reorganization data of the request end; transmitting data to a post-agent program through forward unidirectional transmission equipment; the post agent program analyzes the request and requests data from the service; the business service responds and returns data; the post-proxy receives the response data recombination; transmitting data to the pre-agent via the reverse unidirectional transmission device; the prepositive agent program analyzes the data to obtain the identifier of the request end and returns the data to the service request end. The method realizes that between two physical isolation networks, request data is safely accessed to unidirectional transmission from a preposed agent program through a unidirectional transmission link, response data is returned to a service request end from a postposed agent program through another reverse unidirectional link, and cross-network transparent access of services is completed.
Description
Technical Field
The invention belongs to the field of information security isolation transmission, in particular to a method and a system for isolating transparent service access of a network based on double-unidirectional switching equipment, which are suitable for realizing the transparent access of the service by utilizing two unidirectional non-feedback links between two physically isolated networks.
Background
In industries with confidential requirements, such as the party and the government protecting national secrets and the enterprises and public institutions protecting business secrets or client privacy, a common security means is to perform network physical isolation on different networks, related management regulations are provided at the mouths of the party and the government, an internal network is required to perform network physical isolation from the internet, and level protection carried out by the ministry of public security also has clear requirements on network isolation.
Recently, technologies such as big data, cloud computing, artificial intelligence and the like are developed vigorously, and the isolation of infrastructure of an underlying network enables the aggregation of multi-network coefficient data to become the bottleneck of the technical applications, so that how to complete the data transmission between isolated networks in a compliance and automatic manner becomes the key for landing of the technical applications such as big data and the like. At present, information security authentication departments such as public security, military and the like approve equipment such as a one-way optical gate, a two-dimensional code ferry and the like, and a sale permission of isolating transmission equipment is issued.
At present, the existing gatekeeper in the market can realize service access between different network domains, but the gatekeeper equipment does not block communication connection, attacks still have a carrier, only one-way channel connection is allowed for requirements, transmission of TCP protocol information is forbidden, and a scene of transparent access of cross-network services is required to be realized, so that the gatekeeper is not suitable.
Disclosure of Invention
Aiming at the requirement of transparent access to services between isolated networks, the problem that cross-network transparent access to services can be realized under the condition of keeping network isolation is required to be solved.
On one hand, the core of the method for isolating transparent service access based on the double-unidirectional non-feedback unidirectional transmission equipment provided by the invention is that a front-end agent program and a back-end agent program solve the problem that transparent service access cannot be carried out under the condition of network physical isolation by using two unidirectional transmission links, and the method comprises the following steps:
the method comprises the steps that a front proxy program opens a specific service proxy port as required, receives service request data, reconstructs a service request packet according to configuration information, records a requester user Identification (ID), and transmits the service request data to a service server through a forward unidirectional transmission link;
the post agent program receives the request data, and acquires a real service request interface through a configuration file to request the data;
the post agent program receives the return response data, inquires the original requester user identification ID, reconstructs the service response data, and transmits the service response data to the service request end through the reverse unidirectional transmission link;
the preposed agent program receives the response data, inquires the corresponding relation of the original requester user identification ID, reconstructs a service response data packet and returns the service response data packet to the service requester.
On the other hand, the invention provides a system for isolating transparent access to services based on a dual unidirectional feedback-free unidirectional transmission device, which comprises:
and the preposed agent program module receives the service request data and sends the data to the forward unidirectional transmission link, and simultaneously receives the service response data returned by the reverse unidirectional transmission link, analyzes and transmits the service response data to the service requester.
And the post-proxy program module is arranged at the service server side, receives the service request data transmitted by the forward unidirectional transmission link and transmits the service request data to the service request data, and receives the response data returned by the service and transmits the response data to the reverse unidirectional transmission link.
The forward unidirectional transmission switching equipment module provides a carrier for transmitting the service request data and transmits the service request data to the service server.
And the reverse unidirectional transmission switching equipment module is used for providing a carrier for transmitting the service response data and transmitting the service response data to the service request end.
The technical scheme has the following beneficial effects: by adopting the double one-way switching equipment, the isolation of the network is ensured by combining the physical layer disconnection technology and the link layer disconnection technology while the TCP connection between the physical isolation networks is cut off. The method adopts a front-back agent program, combines a TCP/IP protocol stripping and rebuilding technology and an application protocol stripping and recombining technology to realize the controllable one-way transmission of service data. The double unidirectional transmission link without feedback between the physical isolation networks can complete cross-network service data request access under the condition of ensuring that the safety protection requirements are met.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to the drawings without creative efforts.
FIG. 1 is a flow chart of the method of the present invention;
FIG. 2 is a block diagram of an embodiment of the system of the present invention;
FIG. 3 is a diagram illustrating packet reconstruction according to an embodiment of the present invention.
Detailed Description
The invention is described below with reference to specific examples:
in this embodiment, a WEB server exists at a service server, a service request client exists at a service request client, a pre-proxy program serves as a service proxy server, receives and forwards service request data to a forward unidirectional transmission link and receives and forwards service response data to the service request client, a post-proxy program serves as a service request proxy client, receives and forwards service request data to the service server and receives and forwards service response data to a reverse unidirectional transmission link, forward unidirectional switching equipment serves as a service request data transmission channel, and reverse unidirectional switching equipment serves as a service response data transmission channel.
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
As shown in fig. 1, a flow chart of isolated network transparent service access based on a dual unidirectional switching device according to an embodiment of the present invention is a flow chart of isolated network transparent service access based on a dual unidirectional switching device, where the method uses a pre-and post-proxy program to split, combine, and reconstruct TCP data streams, uses two unidirectional non-feedback links to respectively transmit request data and response data, and implements TCP data transmission to implement cross-network access while satisfying a network isolation requirement, and the method includes:
101, a pre-proxy program receives WEB service request data sent by an external network request terminal program such as a browser, analyzes and acquires data of a data packet and a connected requester user Identification (ID), reads configured forward unidirectional link connection information, reconstructs the data packet (including a source IP address of a host of the pre-proxy program, a source port of the host of the pre-proxy program, a destination IP address of a sending end of a forward unidirectional transmission link, a destination port of the sending end of the forward unidirectional transmission link, and a connection identification between a requester and a pre-proxy), and sends the data packet to forward unidirectional transmission equipment;
102 forward-direction one-way transmission equipment sending end receives request data, uses private protocol or method to encapsulate data again, and transmits the data to the receiving end of the equipment through one-way transmission medium, and the receiving end program analyzes the data, recombines the data and transmits the data to the post-agent program;
103, the post agent program receives and analyzes the request data, acquires data of a data packet, reads configured server side connection information, reconstructs the data packet (comprising a source IP address of a post agent program host, a source port of the post agent program host, a destination IP address of a service server side and a destination port of the service server side), and sends the request data;
104, the post agent program receives and analyzes the service response data, acquires data of a data packet, reads configured connection information of the reverse unidirectional link, reconstructs the data packet (comprising a source IP address of a host of the post agent program, a source port of the host of the post agent program, a target IP address of a sending end of the reverse unidirectional transmission link, a target port of the sending end of the reverse unidirectional transmission link and a connection identifier between a requester and a pre-agent), and sends the data packet to the reverse unidirectional transmission equipment;
105 the sending end of the reverse unidirectional transmission equipment receives the response data, uses a private protocol or a method to encapsulate the data again, and transmits the data to the receiving end of the equipment through a unidirectional transmission medium, and the receiving end program analyzes the data, recombines the data and forwards the data to the preposed agent program;
and 106, the front-end proxy receives the response data, analyzes and acquires the data of the data packet, queries and acquires the user identification ID of the connection requester, reconstructs the data packet from the data, and returns the data packet to the service requester to realize service access.
As shown in fig. 2, a block diagram of a structure of isolating network transparent service access based on dual unidirectional switching devices according to another embodiment of the present invention is shown, where the system includes:
21 a front proxy program module, which is used at the service request end to receive the request data, reconstruct and send to the sending end of the forward transmission equipment, receive the response data forwarded by the receiving end of the reverse transmission link, reconstruct and return to the service requester;
22 a forward one-way transmission equipment sending end module, which is used at a service request end for receiving service request data, uses a private protocol or a method for recombining the request data, and sends the request data to a transmission equipment receiving end through a transmission medium;
23 forward one-way transmission equipment receiving end module, at service end, receiving service request data, stripping private protocol or method, recombining request data, and sending to post agent program;
24, a post agent program module, which is used at the service end for receiving the request data, reconstructing and sending the request data to the service, receiving the response data, reconstructing and sending the response data to the sending end of the reverse transmission equipment;
25 a reverse one-way transmission equipment sending end module, which is arranged at a service end and used for receiving service response data, recombining the response data by utilizing a private protocol or a method and sending the response data to a transmission equipment receiving end through a transmission medium;
26 the receiving end module of the reverse unidirectional transmission equipment receives the service response data, strips the private protocol or method, recombines the response data and sends the response data to the front agent program at the service request end.
Fig. 3 is a schematic diagram of reconstructing a pre-proxy packet of an isolated network transparent service access method based on a dual unidirectional switching device according to another embodiment of the present invention, where the steps are as follows:
31 updating the source IP address of the data packet to a local IP address communicated with the sending end of the forward one-way transmission equipment;
32 updating the destination IP address of the data packet to the IP address of the transmitting end of the forward unidirectional transmission equipment;
33, updating the source PORT of the data packet to a random PORT communicated with the forward one-way transmission equipment sending end;
34 updating the destination PORT of the data packet to a receiving PORT set by the sending end of the forward unidirectional transmission device;
35, recording a requester user identification ID of the communication between the service request end and the front proxy socket by a self-defined field, wherein the requester user identification ID is used for route identification of reverse response data;
36 request data field sent by service request end.
The method is characterized in that the steps are the same as the steps for assembling the response data packet by the post-agent program, and the pre-agent receives the response data packet, inquires Socket connection information according to the requester user identification ID of the data packet header and returns the Socket connection information to the corresponding service request end.
Claims (12)
1. A method for isolating network transparent service access based on double one-way switching equipment is characterized in that the method is applied to data one-way transmission based on a two-way non-feedback link between physically isolated networks to realize cross-network transparent access of services. The method comprises the following steps:
the preposed agent program receives the service request data, marks and recombines the service request data packet and sends the service request data packet to the forward one-way transmission equipment; the one-way transmission equipment transmits the request data to a post-agent program by using a private protocol (mode); the post agent program analyzes the request data and requests the data from the service; the post agent program receives the response data, marks and recombines the response data packet and sends the response data packet to the reverse one-way transmission equipment; the one-way transmission device transmits the response data to the prepositive agent program by using a private protocol (mode); and the preposed agent program receives the response data, analyzes the response data to remove the identifier and sends a service request end to finish access.
2. The method for isolating network transparent service access based on dual unidirectional switch equipment as claimed in claim 1, wherein the pre-proxy program receives service request data, identifies, reassembles service request data packet and sends to the forward unidirectional transmission equipment, adopting the following steps:
step 1: the preposed agent program acquires service request data and analyzes the service request data to acquire data;
step 2: reconstructing a data packet (modifying a source IP, a target IP, a source PORT and a target PORT of the data packet and attaching a requester identification ID) according to the configuration information of the transmission channel, and sending the data to a forward one-way transmission device A end;
and step 3: and recording the connection corresponding relation according to the user identification ID of the requester.
3. The method for isolating the transparent service access of the network based on the dual unidirectional switch device as claimed in claim 1, wherein the unidirectional transmission device uses a private protocol (manner) to transmit the request data to the post-agent, and the following steps are adopted:
step 1: the A end of the transmission equipment receives data and reconstructs the data by using a private protocol (method);
step 2: the data is transmitted to the B end of the transmission equipment through a unidirectional transmission medium (unidirectional optical fiber or two-dimensional code encoding and decoding);
and step 3: and the transmission equipment B-end program receives the data, reconstructs a data packet (modifies a source IP, a destination IP, a source PORT and a destination PORT of the data packet) according to the channel configuration information and sends the data packet to the post-agent program.
4. The method for isolating network transparent service access based on dual unidirectional switch equipment as claimed in claim 1, wherein the post agent programmer parses the request data and requests data to the service, adopting the following steps:
step 1: the post agent program receives the data, analyzes the data and obtains a user identifier;
step 2: inquiring configuration information, acquiring a target IP and a target PORT corresponding to the data, reconstructing a data packet (modifying a source IP, the target IP, the source PORT and the target PORT of the data packet), and sending the data packet to a service;
and step 3: and recording the connection corresponding relation according to the ID of the user identifier of the requester.
5. The method for isolating the transparent service access of the network based on the dual unidirectional switch device as claimed in claim 1, wherein the post agent program receives the response data, identifies, reassembles the response data packet and sends to the reverse unidirectional transmission device, adopting the following steps:
step 1: the post agent program receives the business service return data;
step 2: inquiring the connection corresponding relation, acquiring a requester user identification ID, and reconstructing a data packet (modifying a source IP, a target IP, a source PORT, a target PORT and an additional requester user identification ID of the data packet);
and step 3: and sending the data to the reverse unidirectional transmission equipment according to the configuration.
6. The method for isolating the transparent service access of the network based on the dual unidirectional switch device as claimed in claim 1, wherein the unidirectional transmission device uses a private protocol (manner) to transmit the response data to the pre-proxy, and the following steps are adopted:
step 1: the transmission device A' end receives data and uses a private protocol (method) to reconstruct the data;
step 2: the data is transmitted to the B' end of the transmission equipment through a unidirectional transmission medium (unidirectional optical fiber or two-dimensional code encoding and decoding);
and step 3: and the program at the B' end of the transmission equipment receives the data, reconstructs a data packet (modifies the source IP, the destination IP, the source PORT and the destination PORT of the data packet) according to the channel configuration information and sends the data packet to the preposed agent program.
7. The method for isolating the transparent service access of the network based on the dual unidirectional switch device as claimed in claim 1, wherein the pre-agent program receives the response data, analyzes to remove the identifier and sends the service request end to complete the access, and the following steps are adopted:
step 1: the preposed agent program receives the response data packet;
step 2: analyzing data, acquiring a requester user Identification (ID), inquiring the corresponding relation of local connection, and recombining response data (modifying a source IP, a target IP, a source PORT and a target PORT of a data packet);
and step 3: and returning the response data to the service request terminal.
8. A system for isolating network transparent service access based on double one-way switching equipment is characterized in that the system is applied to data one-way transmission based on a two-way non-feedback link between physically isolated networks to realize cross-network transparent access of services. The system comprises:
and the preposed agent program module receives the service request data and sends the data to the forward unidirectional transmission link at the service request end, and simultaneously receives the service response data returned by the reverse unidirectional transmission link, analyzes and transmits the service response data to the service requester.
And the post-proxy program module is arranged at the service server side, receives the service request data transmitted by the forward unidirectional transmission link and transmits the service request data to the service request data, and receives the response data returned by the service and transmits the response data to the reverse unidirectional transmission link.
The forward unidirectional transmission link equipment module provides a carrier for transmitting the service request data and transmits the service request data to the service server.
And the reverse unidirectional transmission link equipment module is used for providing a carrier for transmitting the service response data and transmitting the service response data to the service request end.
9. The system for isolating network transparent service access based on dual unidirectional switching devices according to claim 8, wherein the pre-proxy module is implemented by receiving, reconstructing, recording Socket correspondence of service request data in claim 2 and sending the service request data to the forward unidirectional transmission link.
10. The system for isolating network transparent service access based on bi-directional switching equipment as claimed in claim 8, wherein the post-proxy module is implemented by receiving, analyzing, recording Socket correspondence of the service request data in claim 4, and sending the service request data.
11. The system for isolating network transparent service access based on bi-directional and unidirectional switch equipment as claimed in claim 8, wherein the post-agent program module is implemented by receiving response data, querying Socket correspondence, reconstructing, and sending to a reverse unidirectional transmission link in claim 5.
12. The system for isolating network transparent service access based on dual unidirectional switching devices according to claim 8, wherein the pre-proxy module is implemented by adopting the receiving, reconstructing, querying Socket correspondence of the service response data in claim 7 and returning the service response data to the service requester.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911352207.4A CN110912940A (en) | 2019-12-25 | 2019-12-25 | Isolated network transparent service access method and system based on double unidirectional switching equipment |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201911352207.4A CN110912940A (en) | 2019-12-25 | 2019-12-25 | Isolated network transparent service access method and system based on double unidirectional switching equipment |
Publications (1)
Publication Number | Publication Date |
---|---|
CN110912940A true CN110912940A (en) | 2020-03-24 |
Family
ID=69827492
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201911352207.4A Pending CN110912940A (en) | 2019-12-25 | 2019-12-25 | Isolated network transparent service access method and system based on double unidirectional switching equipment |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN110912940A (en) |
Cited By (13)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111526124A (en) * | 2020-03-26 | 2020-08-11 | 郑州信大捷安信息技术股份有限公司 | Isolated communication system and method based on internal and external networks |
CN112019542A (en) * | 2020-08-28 | 2020-12-01 | 航天科工网络信息发展有限公司 | Cross-network safety e-mail system |
CN112491927A (en) * | 2020-12-15 | 2021-03-12 | 厦门市美亚柏科信息股份有限公司 | Method and system for bypassing network port shielding |
CN112637149A (en) * | 2020-12-11 | 2021-04-09 | 广东电力通信科技有限公司 | Data communication method between asymmetric security policy partitions |
CN112751857A (en) * | 2020-12-28 | 2021-05-04 | 山东浪潮通软信息科技有限公司 | Data security exchange method and device for cloud application and enterprise application |
CN113542274A (en) * | 2021-07-15 | 2021-10-22 | 南京中孚信息技术有限公司 | Cross-domain data transmission method, device, server and storage medium |
CN114301691A (en) * | 2021-12-29 | 2022-04-08 | 威创集团股份有限公司 | Distributed signal one-way transmission isolation method, device, equipment and storage medium |
CN114650124A (en) * | 2020-12-18 | 2022-06-21 | 中国联合网络通信集团有限公司 | Synchronization method and device for data transmission |
CN115314544A (en) * | 2022-08-05 | 2022-11-08 | 成都卫士通信息产业股份有限公司 | TCP data one-way transmission method, device, equipment and medium |
CN115412616A (en) * | 2022-08-26 | 2022-11-29 | 南京中孚信息技术有限公司 | Transmission control protocol data processing method and device and electronic equipment |
FR3128073A1 (en) | 2021-10-12 | 2023-04-14 | Nidec Psa Emotors | Stator of rotating electric machine |
CN116319733A (en) * | 2022-09-09 | 2023-06-23 | ***政治工作部军事人力资源保障中心 | Cross-network service switching system and method |
CN116647598A (en) * | 2023-07-24 | 2023-08-25 | 中航金网(北京)电子商务有限公司 | Cross-network data exchange method, device, system, server and storage medium |
Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102932368A (en) * | 2012-11-15 | 2013-02-13 | 北京锐安科技有限公司 | Cross network http safety access method and system |
CN103491072A (en) * | 2013-09-06 | 2014-01-01 | 北京信息控制研究所 | Boundary access control method based on double one-way separation gatekeepers |
CN103997495A (en) * | 2014-05-23 | 2014-08-20 | 中国人民解放军理工大学 | Security isolation file transmission control method |
WO2014176805A1 (en) * | 2013-04-28 | 2014-11-06 | Tencent Technology (Shenzhen) Company Limited | Method, apparatus, and system for business processing |
US20160285913A1 (en) * | 2015-03-27 | 2016-09-29 | International Business Machines Corporation | Creating network isolation between virtual machines |
CN107454094A (en) * | 2017-08-23 | 2017-12-08 | 北京明朝万达科技股份有限公司 | A kind of data interactive method and system |
CN107809415A (en) * | 2017-08-07 | 2018-03-16 | 国网河南省电力公司 | Network isolation system and its implementation based on double half-duplex channel transmission technologys |
KR20180028742A (en) * | 2016-09-09 | 2018-03-19 | 한국전자통신연구원 | 2-way communication apparatus capable of changing communication mode and method thereof |
CN109547456A (en) * | 2018-12-07 | 2019-03-29 | 北京万维兴业科技有限责任公司 | There is the network isolation system of controllable interaction capabilities based on information one-way transmission technology |
CN109698837A (en) * | 2019-02-01 | 2019-04-30 | 重庆邮电大学 | A kind of tertiary-structure network based on one-way transmission physical medium and DEU data exchange unit and method |
CN110557378A (en) * | 2019-08-02 | 2019-12-10 | 西安飞机工业(集团)有限责任公司 | network boundary security isolation and information one-way transmission system and transmission method |
-
2019
- 2019-12-25 CN CN201911352207.4A patent/CN110912940A/en active Pending
Patent Citations (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102932368A (en) * | 2012-11-15 | 2013-02-13 | 北京锐安科技有限公司 | Cross network http safety access method and system |
WO2014176805A1 (en) * | 2013-04-28 | 2014-11-06 | Tencent Technology (Shenzhen) Company Limited | Method, apparatus, and system for business processing |
CN103491072A (en) * | 2013-09-06 | 2014-01-01 | 北京信息控制研究所 | Boundary access control method based on double one-way separation gatekeepers |
CN103997495A (en) * | 2014-05-23 | 2014-08-20 | 中国人民解放军理工大学 | Security isolation file transmission control method |
US20160285913A1 (en) * | 2015-03-27 | 2016-09-29 | International Business Machines Corporation | Creating network isolation between virtual machines |
KR20180028742A (en) * | 2016-09-09 | 2018-03-19 | 한국전자통신연구원 | 2-way communication apparatus capable of changing communication mode and method thereof |
CN107809415A (en) * | 2017-08-07 | 2018-03-16 | 国网河南省电力公司 | Network isolation system and its implementation based on double half-duplex channel transmission technologys |
CN107454094A (en) * | 2017-08-23 | 2017-12-08 | 北京明朝万达科技股份有限公司 | A kind of data interactive method and system |
CN109547456A (en) * | 2018-12-07 | 2019-03-29 | 北京万维兴业科技有限责任公司 | There is the network isolation system of controllable interaction capabilities based on information one-way transmission technology |
CN109698837A (en) * | 2019-02-01 | 2019-04-30 | 重庆邮电大学 | A kind of tertiary-structure network based on one-way transmission physical medium and DEU data exchange unit and method |
CN110557378A (en) * | 2019-08-02 | 2019-12-10 | 西安飞机工业(集团)有限责任公司 | network boundary security isolation and information one-way transmission system and transmission method |
Non-Patent Citations (1)
Title |
---|
穆成坡: "《军事网络与通信安全技术》", 31 January 2018, 北京理工大学出版社, pages: 233 * |
Cited By (21)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN111526124A (en) * | 2020-03-26 | 2020-08-11 | 郑州信大捷安信息技术股份有限公司 | Isolated communication system and method based on internal and external networks |
CN111526124B (en) * | 2020-03-26 | 2022-06-24 | 郑州信大捷安信息技术股份有限公司 | Isolated communication system and method based on internal and external networks |
CN112019542A (en) * | 2020-08-28 | 2020-12-01 | 航天科工网络信息发展有限公司 | Cross-network safety e-mail system |
CN112019542B (en) * | 2020-08-28 | 2022-09-30 | 航天科工网络信息发展有限公司 | Cross-network safe e-mail system |
CN112637149B (en) * | 2020-12-11 | 2023-09-01 | 广东电力通信科技有限公司 | Data communication method between asymmetric security policy partitions |
CN112637149A (en) * | 2020-12-11 | 2021-04-09 | 广东电力通信科技有限公司 | Data communication method between asymmetric security policy partitions |
CN112491927A (en) * | 2020-12-15 | 2021-03-12 | 厦门市美亚柏科信息股份有限公司 | Method and system for bypassing network port shielding |
CN114650124B (en) * | 2020-12-18 | 2023-10-03 | 中国联合网络通信集团有限公司 | Synchronization method and device for data transmission |
CN114650124A (en) * | 2020-12-18 | 2022-06-21 | 中国联合网络通信集团有限公司 | Synchronization method and device for data transmission |
CN112751857A (en) * | 2020-12-28 | 2021-05-04 | 山东浪潮通软信息科技有限公司 | Data security exchange method and device for cloud application and enterprise application |
CN112751857B (en) * | 2020-12-28 | 2022-07-12 | 山东浪潮通软信息科技有限公司 | Data security exchange method and device for cloud application and enterprise application |
CN113542274A (en) * | 2021-07-15 | 2021-10-22 | 南京中孚信息技术有限公司 | Cross-domain data transmission method, device, server and storage medium |
FR3128073A1 (en) | 2021-10-12 | 2023-04-14 | Nidec Psa Emotors | Stator of rotating electric machine |
CN114301691B (en) * | 2021-12-29 | 2022-10-25 | 威创集团股份有限公司 | Distributed signal one-way transmission isolation method, device, equipment and storage medium |
CN114301691A (en) * | 2021-12-29 | 2022-04-08 | 威创集团股份有限公司 | Distributed signal one-way transmission isolation method, device, equipment and storage medium |
CN115314544A (en) * | 2022-08-05 | 2022-11-08 | 成都卫士通信息产业股份有限公司 | TCP data one-way transmission method, device, equipment and medium |
CN115314544B (en) * | 2022-08-05 | 2023-12-15 | 成都卫士通信息产业股份有限公司 | TCP data unidirectional transmission method, device, equipment and medium |
CN115412616A (en) * | 2022-08-26 | 2022-11-29 | 南京中孚信息技术有限公司 | Transmission control protocol data processing method and device and electronic equipment |
CN116319733A (en) * | 2022-09-09 | 2023-06-23 | ***政治工作部军事人力资源保障中心 | Cross-network service switching system and method |
CN116319733B (en) * | 2022-09-09 | 2024-06-11 | ***政治工作部军事人力资源保障中心 | Cross-network service switching system and method |
CN116647598A (en) * | 2023-07-24 | 2023-08-25 | 中航金网(北京)电子商务有限公司 | Cross-network data exchange method, device, system, server and storage medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN110912940A (en) | Isolated network transparent service access method and system based on double unidirectional switching equipment | |
CA2611776C (en) | Method and communication unit for communicating between communication apparatuses | |
US6704866B1 (en) | Compression and encryption protocol for controlling data flow in a network | |
CN108833487A (en) | A kind of TCP transmission protocol agent method | |
CN108234523B (en) | Multi-level internal and external network data interaction system applied to television station | |
CN110557378A (en) | network boundary security isolation and information one-way transmission system and transmission method | |
DE10142959A1 (en) | Method, system and computer for negotiating a security relationship on the application layer | |
CN115189920A (en) | Cross-network domain communication method and related device | |
CN101867586A (en) | Method and system for realizing cross network segment signaling interworking of videoconference system | |
CN114615082B (en) | System and method for simulating TCP duplex safety communication by using forward and reverse gatekeepers | |
CN1863152B (en) | Method for transmitting various messages between internal network users | |
US6947431B1 (en) | Wireless data communications with header suppression and reconstruction | |
CN105897665B (en) | Method for realizing TCP transmission in satellite network environment and corresponding gateway | |
CA2997246A1 (en) | Hybrid data transport solution, in particular for satellite links | |
Jiang | New ip networking for network 2030 | |
CN111585653A (en) | Double-unidirectional isolation exchange method based on optical fiber communication | |
CN111182071A (en) | Method for intranet penetration and service release | |
KR20210037178A (en) | System and method for supporting between heterogeneous networks communication using unidirectional communication | |
CN110351308B (en) | Virtual private network communication method and virtual private network device | |
CN113572678A (en) | Instant messaging method realized based on websocket | |
CN108848099A (en) | A kind of port mapping system and its port mapping method based on reversed multi-connection | |
CN116319733B (en) | Cross-network service switching system and method | |
CN117439815B (en) | Intranet penetration system and method based on reverse transparent bridging | |
JP7193760B2 (en) | Communication device and communication method | |
CN110768997B (en) | U-shaped magnet network access system and method based on one-way transmission protocol |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |