CN115242432B - Cross-domain time synchronization device and method - Google Patents

Cross-domain time synchronization device and method Download PDF

Info

Publication number
CN115242432B
CN115242432B CN202210660655.6A CN202210660655A CN115242432B CN 115242432 B CN115242432 B CN 115242432B CN 202210660655 A CN202210660655 A CN 202210660655A CN 115242432 B CN115242432 B CN 115242432B
Authority
CN
China
Prior art keywords
time synchronization
information
external network
signal
unit
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202210660655.6A
Other languages
Chinese (zh)
Other versions
CN115242432A (en
Inventor
李扬
徐兵杰
胡金龙
马荔
黄伟
张帅
杨杰
周创
罗钰杰
张亮亮
吴梅
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
CETC 30 Research Institute
Original Assignee
CETC 30 Research Institute
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by CETC 30 Research Institute filed Critical CETC 30 Research Institute
Priority to CN202210660655.6A priority Critical patent/CN115242432B/en
Publication of CN115242432A publication Critical patent/CN115242432A/en
Application granted granted Critical
Publication of CN115242432B publication Critical patent/CN115242432B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J3/00Time-division multiplex systems
    • H04J3/02Details
    • H04J3/06Synchronising arrangements
    • H04J3/0635Clock or time synchronisation in a network
    • H04J3/0638Clock or time synchronisation among nodes; Internode synchronisation
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04JMULTIPLEX COMMUNICATION
    • H04J3/00Time-division multiplex systems
    • H04J3/02Details
    • H04J3/06Synchronising arrangements
    • H04J3/0635Clock or time synchronisation in a network
    • H04J3/0682Clock or time synchronisation in a network by delay compensation, e.g. by compensation of propagation delay or variations thereof, by ranging
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Synchronisation In Digital Transmission Systems (AREA)
  • Electric Clocks (AREA)

Abstract

The invention discloses a cross-domain time synchronization device and a method, wherein the device comprises a time synchronization information isolation examination module and a time synchronization signal isolation recovery module. According to the invention, through isolating and examining the interactive information in the time synchronization process, the risk of leakage of the sensitive information through the interactive information is reduced; meanwhile, through isolation and recovery of the time synchronization signals, direct time synchronization is not carried out between the two networks, and the association between the information of internal network time synchronization and the information of external network time synchronization is reduced, so that the risk that sensitive information is hidden in the synchronization information can be reduced, the potential safety hazard introduced in the cross-domain process of the time synchronization system is obviously reduced, and the safety of cross-domain time synchronization is improved.

Description

Cross-domain time synchronization device and method
Technical Field
The present invention relates to the field of time synchronization technologies, and in particular, to a cross-domain time synchronization device and method.
Background
Currently, in the related art. On the one hand, networks with different security levels often require interworking. However, different networks are in different security domains, the security level is different, and the information access rights are different. Many security problems may occur if two networks are directly connected. To ensure the security of networks of different security levels, isolation methods are generally used. On the other hand, interconnection and interworking between different networks need to be based on the same time reference, and are usually realized by adopting time synchronization. However, the time signal may involve interactions of timestamp information, signaling information, etc. during the cross-network and cross-domain transfer, and these interactions may introduce hidden channels, resulting in inflow and outflow of illegal information, and even intrusion of external attack, which causes serious potential safety hazard to the network.
Disclosure of Invention
The invention mainly aims to provide a cross-domain time synchronization device and a cross-domain time synchronization method, and aims to solve the technical problem that illegal information possibly flows in or out in the current cross-domain time synchronization process, and serious potential safety hazards are caused to a network.
In order to achieve the above object, the present invention provides a cross-domain time synchronization device, which includes a time synchronization information isolation examination module and a time synchronization signal isolation recovery module; wherein:
the time synchronization information isolation examination module is used for carrying out safety isolation and examination on the received external network time synchronization interaction information and internal network time synchronization interaction information and judging whether sensitive information exists in the external network time synchronization interaction information and the internal network time synchronization interaction information;
and the time synchronization signal isolation and recovery module is used for executing external network time synchronization and internal network time synchronization according to the external network time synchronization interaction information and the internal network time synchronization interaction information respectively.
Optionally, the time synchronization information isolation examination module comprises an external network time synchronization information security interaction unit, an internal network time synchronization information security interaction unit and a time synchronization information security isolation unit; wherein:
the external network time synchronization information security interaction unit is used for time synchronization information interaction transmission between the external network time synchronization device and the cross-domain time synchronization device;
the internal network time synchronization information security interaction unit is used for time synchronization information interaction transmission between the internal network time synchronization device and the cross-domain time synchronization device;
the time synchronization information safety isolation unit is used for isolating and checking the time synchronization information of the external network and the time synchronization information of the internal network.
Optionally, the external network time synchronization information security interaction unit includes:
the external network interface is used for connecting an external network time synchronization device;
the external network isolation unit interface is used for connecting the time synchronization information security isolation unit;
the isolation encryption authentication subunit is used for decrypting information input by the external network interface and encrypting and authenticating information sent by the external network interface;
and the external network security inspection subunit is provided with a firewall with a preset security policy, performs security inspection on the decryption information output by the isolation encryption authentication subunit, and sends the inspected information to the time synchronization information security isolation unit through an external network isolation unit interface.
Optionally, the intranet time synchronization information security interaction unit includes:
the intranet interface is used for connecting an intranet time synchronization device;
the intranet isolation unit interface is used for connecting the time synchronization information security isolation unit;
the isolated encryption authentication subunit is used for decrypting and authenticating information input by the intranet interface and encrypting and authenticating information sent to the intranet interface;
and the intranet security inspection subunit is provided with a firewall with a preset security policy, performs security inspection on the decryption information output by the isolation encryption authentication subunit, and sends the inspected information to the time synchronization information security isolation unit through an intranet isolation unit interface.
Optionally, the time synchronization information security isolation unit:
the isolation unit external network interface is connected with the external network isolation unit interface;
the isolation unit intranet interface is connected with the intranet isolation unit interface;
the clock holding interface is connected with the time synchronization signal isolation and recovery module, and is used for sending information of the external network time synchronization information security interaction unit and the internal network time synchronization information security interaction unit to the time synchronization signal isolation and recovery module and sending information of the external network time synchronization information security interaction unit and the internal network time synchronization information security interaction unit;
and the isolation examination sub-unit is connected with the clock holding interface, performs security examination and flow direction control on the information sent by the external network time synchronization information security interaction unit and the internal network time synchronization information security interaction unit received by the clock holding interface, and if the information is judged to be secure, transmits the corresponding information to the external network time synchronization information security interaction unit or the network time synchronization information security interaction unit through the external network interface of the isolation unit or the internal network interface of the isolation unit.
Optionally, the time synchronization signal isolation and recovery module comprises an external network time synchronization signal transmission unit, an internal network time synchronization signal transmission unit and a clock holding unit; wherein:
the external network time synchronization signal transmission unit is used for performing time synchronization on the external network time synchronization device and the cross-network time synchronization device according to external network time synchronization interaction information;
the intranet time synchronization signal transmission unit is used for synchronizing time of the intranet time synchronization device and the cross-network time synchronization device according to intranet time synchronization interaction information;
the clock holding unit provides local clock signals for the external network time synchronization signal transmission unit and the internal network time synchronization signal transmission unit.
Optionally, the external network time synchronization signal transmission unit includes:
a time signal generating subunit for generating a time synchronization signal according to the local clock signal provided by the clock holding unit, and transmitting the time synchronization signal to the external network and the time signal measuring subunit;
the time signal receiving subunit is used for receiving the time synchronization signal sent by the external network and converting the time synchronization signal into a signal which can be measured by the time signal measuring subunit;
and the time signal measurement subunit is used for measuring the signals transmitted by the time signal generation subunit and the time signal receiving subunit to obtain the signal arrival time and/or the signal interval.
Optionally, the intranet time synchronization signal transmission unit includes:
the time signal generating subunit is used for generating a time synchronizing signal according to the local clock signal provided by the clock holding unit and transmitting the time synchronizing signal to the intranet and the time measuring subunit;
the time signal receiving subunit is used for receiving the time synchronization signal sent by the intranet and converting the time synchronization signal into a signal which can be measured by the time signal measuring subunit;
and the time signal measurement subunit is used for measuring the signals sent by the event generation subunit and the time signal receiving subunit to obtain the signal arrival time and/or the signal interval.
Optionally, the clock holding unit includes:
the external network time signal measuring interface receives the local time signal measuring information of the external network time synchronous signal transmission unit and transmits the local time signal measuring information to the delay compensation calculation subunit;
the time synchronization information interface is used for receiving the external network time synchronization interaction information and the local time signal measurement information of the internal network time synchronization signal transmission unit;
the delay compensation calculation subunit receives the local time signal measurement information sent by the external network time signal measurement interface and the external network time synchronization interaction information sent by the time synchronization information interface, performs delay compensation calculation on the local clock, and corrects the local clock;
and the intranet time signal measuring interface is used for receiving the local time signal measuring information of the intranet time synchronizing signal transmitting unit, transmitting the information to the time synchronizing information isolation examination module through the time synchronizing information interface, interacting with intranet time synchronizing equipment and carrying out time correction on the intranet time synchronizing equipment.
Optionally, the external network time synchronization information security interaction unit and the external network time synchronization signal transmission unit are set to be a plurality of, and the internal network time synchronization information security interaction unit and the internal network time synchronization signal transmission unit are set to be a plurality of.
In order to achieve the above object, the present application further proposes a cross-domain time synchronization method for a cross-domain time synchronization device as described above, the method comprising the steps of:
the time synchronization information isolation examination module is used for carrying out safety isolation and examination on the received external network time synchronization interaction information and internal network time synchronization interaction information and judging whether sensitive information exists in the external network time synchronization interaction information and the internal network time synchronization interaction information;
and executing external network time synchronization and internal network time synchronization according to the external network time synchronization interaction information and the internal network time synchronization interaction information respectively through the time synchronization signal isolation recovery module.
The invention provides a cross-domain time synchronization device and a method, wherein the device comprises a time synchronization information isolation examination module and a time synchronization signal isolation recovery module. According to the invention, through isolating and examining the interactive information in the time synchronization process, the risk of leakage of the sensitive information through the interactive information is reduced; meanwhile, through isolation and recovery of the time synchronization signals, direct time synchronization is not carried out between the two networks, and the association between the information of internal network time synchronization and the information of external network time synchronization is reduced, so that the risk that sensitive information is hidden in the synchronization information can be reduced, the potential safety hazard introduced in the cross-domain process of the time synchronization system is obviously reduced, and the safety of cross-domain time synchronization is improved.
Drawings
Fig. 1 is a schematic structural diagram of a cross-domain time synchronization device according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a time synchronization information isolation inspection module according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an external network time synchronization signal transmission unit according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an intranet time synchronization signal transmission unit according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a clock holding unit according to an embodiment of the invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, based on the embodiments of the invention, which would be apparent to one of ordinary skill in the art without inventive effort are within the scope of the invention.
It should be noted that all directional indicators (such as up, down, left, right, front, and rear … …) in the embodiments of the invention are merely used to explain the relative positional relationship, movement, etc. between the components in a particular posture (as shown in the drawings), and if the particular posture is changed, the directional indicators are changed accordingly.
In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary that the technical solutions are based on the fact that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the technical solutions should be considered that the combination does not exist and is not within the scope of protection claimed by the invention.
Currently, in the related art, the cross-domain time synchronization process may cause illegal information to flow in or flow out, which causes serious potential safety hazard to the network.
To solve this problem, various embodiments of the cross-domain time synchronization apparatus and method of the present invention are presented. According to the cross-domain time synchronization device and method, the risk of leakage of sensitive information through the interactive information is reduced by performing isolation examination on the interactive information in the time synchronization process; meanwhile, through isolation and recovery of the time synchronization signals, direct time synchronization is not carried out between the two networks, and the association between the information of internal network time synchronization and the information of external network time synchronization is reduced, so that the risk that sensitive information is hidden in the synchronization information can be reduced, the potential safety hazard introduced in the cross-domain process of the time synchronization system is obviously reduced, and the safety of cross-domain time synchronization is improved.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a cross-domain time synchronization device according to an embodiment of the present invention.
The embodiment provides a cross-domain time synchronization device, which comprises a time synchronization information giving examination module and a time synchronization signal isolation recovery module.
The time synchronization information isolation examination module is used for carrying out safety isolation and examination on the time synchronization interaction information of the intranet and the time synchronization interaction information of the extranet, and reducing the risk of leakage of sensitive information through the interaction information. The time synchronization signal isolation and recovery module separates the time synchronization of the intranet and the time synchronization of the external network, so that the time synchronization is not directly carried out between the intranet and the external network, the relevance of the interaction information of the time synchronization of the intranet and the time synchronization of the external network is reduced, and the risk that the sensitive information is hidden in the interaction information is reduced.
In this embodiment, the time synchronization information isolation and examination module mainly includes three parts, namely an external network time synchronization information security interaction unit, a time synchronization information security isolation unit and an internal network time synchronization information security interaction unit.
The external network time synchronization information security interaction unit realizes an information security interaction function when time synchronization is carried out between the external network time synchronization device and the cross-domain time synchronization device. The intranet time synchronization information safety interaction unit realizes an information safety interaction function when time synchronization is carried out between the intranet time synchronization device and the cross-domain time synchronization device. The time synchronization information safety isolation unit is used for isolating and checking time synchronization interaction information between the intranet and the extranet.
In this embodiment, the time synchronization signal isolation and recovery module includes an external network time synchronization signal transmission unit, a clock holding unit, and an internal network time synchronization signal transmission unit.
The external network time synchronization signal transmission unit completes time synchronization between the external network time synchronization device and the cross-network time synchronization device. The intranet time synchronization signal transmission unit completes time synchronization between the intranet time synchronization device and the cross-network time synchronization device. The clock holding unit is used for holding the local clock with high stability and high accuracy and providing local clock signals for the external network time synchronization signal transmission unit and the internal network time synchronization signal transmission unit.
Referring to fig. 2, fig. 2 is a schematic diagram of a time synchronization information isolation inspection module, where the time synchronization information isolation inspection module includes an external network time synchronization information security interaction unit, an internal network time synchronization information security interaction unit, and a time synchronization information security isolation unit.
In this embodiment, the external network time synchronization information security interaction unit mainly includes an external network interface, an isolation authentication encryption subunit, an external network security inspection subunit and an external network isolation unit interface.
The external network interface is used for carrying out time synchronization information interaction with the external network equipment. The isolated encryption authentication subunit completes the decryption authentication of the information input by the external network interface and the encryption and authentication functions of the information required to be output to the external interface. The external network security isolation subunit completes the functions of security inspection and the like after the external network interface input information is decrypted, and prevents external network attackers from entering the internal network through illegal means through the firewall design with a certain security policy.
Specifically, the format, length, and rationality of the information itself, etc. of the interactive information are security checked according to the time synchronization protocol. If the information is judged to be safe, the information is transmitted to the time synchronization information safety isolation safety through the external network isolation unit interface. The external network isolation unit interface is used for information interaction between the external network time synchronization information security interaction unit and the time synchronization information security isolation unit.
In this embodiment, the intranet time synchronization information security interaction unit mainly includes an external network interface, an isolated authentication encryption subunit, an intranet security inspection subunit and an intranet isolation unit interface.
The internal network interface is used for carrying out time synchronization information interaction with the external network equipment. The isolated encryption authentication subunit completes the decryption authentication of the information input by the intranet interface and the encryption and authentication functions of the information required to be output to the internal interface. The intranet safety isolation subunit completes the functions of safety examination and the like after the intranet interface input information is decrypted, and prevents the intranet information from being output through a secret channel through a firewall design with a certain safety strategy.
Specifically, the format, length, and rationality of the information itself, etc. of the interactive information are security checked according to the time synchronization protocol. If the information is judged to be safe, the information is transmitted to the time synchronization information safety isolation safety through the intranet isolation unit interface. The intranet isolation unit interface is used for information interaction between the intranet time synchronization information security interaction unit and the time synchronization information security isolation unit.
In this embodiment, the time synchronization information security isolation unit mainly includes an isolation unit external network interface, an isolation unit internal network interface, an isolation inspection subunit, and a clock holding interface.
The isolation unit external network interface is used for carrying out information interaction with the external network time synchronization information security interaction unit. The internal network interface of the isolation unit is used for carrying out information interaction with the internal network time synchronization information security interaction unit. The clock holding interface is used for carrying out information interaction with the clock holding unit of the time synchronization signal isolation recovery module, on one hand, information output by the external network time synchronization information safety interaction unit and the internal network time synchronization information safety interaction unit is transmitted to the clock holding unit, and on the other hand, information output by the receiving clock holding unit to the external network time synchronization information safety interaction unit and the internal network time synchronization information safety interaction unit is transmitted to the isolation examination subunit.
The isolation examination subunit is used for performing security examination and flow control on the information received by the clock holding interface from the clock holding unit. And according to the time synchronization protocol, carrying out security examination on the format, the length, the rationality and the like of the interaction information. And if the information is judged to be safe, transmitting the corresponding information to an external network time synchronization information safety interaction unit or a network time synchronization information safety interaction unit through an external network interface of the isolation unit or an internal network interface of the isolation unit.
Referring to fig. 3, fig. 3 is a schematic diagram of an external network time synchronization signal transmission unit. The external network time synchronization signal transmission unit comprises a time signal generation subunit, a time signal receiving subunit and a time signal measurement subunit.
The time signal generating subunit generates a time synchronization signal output to the external network according to the local clock signal transmitted by the clock holding unit and the requirement of the time synchronization protocol. The output time synchronization signal may be an optical signal or an electrical signal, and the time signal generating subunit mainly modulates the original time synchronization signal onto the corresponding optical signal or electrical signal.
Meanwhile, the original time synchronization signal is transferred to the time signal measurement subunit. The time signal receiving subunit is configured to receive a time synchronization signal (which may be an optical signal or an electrical signal) input by the external network, and convert the time synchronization signal into a signal that can be measured by the time signal measuring subunit. The time signal measurement subunit is used for time measurement, and according to different protocols, it is possible to measure the sending time of the output time synchronization signal and the arrival time of the input time synchronization signal, and it is also possible to directly measure the time intervals of the two time signals. Finally, these time measurement information are sent to the clock holding unit.
Referring to fig. 4, fig. 4 is a schematic diagram of an intranet time synchronization signal transmission unit. The intranet time synchronization signal transmission unit comprises a time signal generation subunit, a time signal receiving subunit and a time signal measurement subunit.
The time signal generating subunit generates a time synchronization signal output to the intranet according to the local clock signal transmitted by the clock holding unit and the requirement of the time synchronization protocol. The output time synchronization signal may be an optical signal or an electrical signal, and the time signal generating subunit mainly modulates the original time synchronization signal onto the corresponding optical signal or electrical signal.
Meanwhile, the original time synchronization signal is transferred to the time signal measurement subunit. The time signal receiving subunit is configured to receive a time synchronization signal (which may be an optical signal or an electrical signal) input by the intranet, and convert the time synchronization signal into a signal that can be measured by the time signal measuring subunit. The time signal measurement subunit is used for time measurement, and according to different protocols, it is possible to measure the sending time of the output time synchronization signal and the arrival time of the input time synchronization signal, and it is also possible to directly measure the time intervals of the two time signals. Finally, these time measurement information are sent to the clock holding unit.
Referring to fig. 5, fig. 5 is a schematic diagram of a clock holding unit. The clock holding unit comprises an external network time signal measurement information interface, an internal network time signal measurement information interface, a time synchronization information interface, a delay compensation calculation subunit and a local clock.
The external network time signal measuring interface receives the local time signal measuring information from the external network time synchronous signal transmitting unit and transmits the local time signal measuring information to the delay compensation calculating subunit. The delay compensation calculation subunit receives the local time signal measurement information transmitted by the external network time signal measurement interface and also receives the time synchronization interaction information from the external network received by the time synchronization information interface, and according to the corresponding time synchronization protocol, carries out delay compensation calculation on the local clock according to the information, and transmits the delay compensation settlement result to the local clock for correcting the local clock. The internal network time signal measurement information interface receives local time signal measurement information of the internal network time synchronization signal transmission unit, transmits the information to the time synchronization information isolation examination module through the time synchronization information interface, and finally interacts with time synchronization equipment of the internal network for time correction of the time synchronization equipment of the internal network.
In an actual implementation process, the cross-network time synchronization method and apparatus provided in the present application may include 1 or more external network units (including an external network time synchronization information security interaction unit and an external network time synchronization signal transmission unit) and internal network units (including an internal network time synchronization information security interaction unit and an internal network time synchronization signal transmission unit).
In the embodiment, a cross-domain time synchronization device and a method are provided, aiming at the safety problem faced by a time synchronization system in the cross-domain process, the risk of leakage of sensitive information through interactive information is reduced by carrying out isolation examination on the interactive information in the time synchronization process; meanwhile, through isolation and recovery of the time synchronization signals, direct time synchronization is not carried out between the two networks, and the association between the information of internal network time synchronization and the information of external network time synchronization is reduced, so that the risk that sensitive information is hidden in the synchronization information can be reduced, the potential safety hazard introduced in the cross-domain process of the time synchronization system is obviously reduced, and the safety of cross-domain time synchronization is improved.
The foregoing description is only of the preferred embodiments of the invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalent structure or equivalent flow scheme disclosed in the specification and drawings, or any other related art, directly or indirectly, as desired.

Claims (3)

1. The cross-domain time synchronization device is characterized by comprising a time synchronization information isolation examination module and a time synchronization signal isolation recovery module; wherein:
the time synchronization information isolation examination module is used for carrying out safety isolation and examination on the received external network time synchronization interaction information and internal network time synchronization interaction information and judging whether sensitive information exists in the external network time synchronization interaction information and the internal network time synchronization interaction information;
the time synchronization signal isolation and recovery module is used for executing external network time synchronization and internal network time synchronization according to the external network time synchronization interaction information and the internal network time synchronization interaction information respectively;
the time synchronization information isolation examination module comprises an external network time synchronization information security interaction unit, an internal network time synchronization information security interaction unit and a time synchronization information security isolation unit; wherein:
the external network time synchronization information security interaction unit is used for time synchronization information interaction transmission between the external network time synchronization device and the cross-domain time synchronization device;
the internal network time synchronization information security interaction unit is used for time synchronization information interaction transmission between the internal network time synchronization device and the cross-domain time synchronization device;
the time synchronization information safety isolation unit is used for isolating and checking the time synchronization information of the external network and the time synchronization information of the internal network; the external network time synchronization information security interaction unit comprises:
the external network interface is used for connecting an external network time synchronization device;
the external network isolation unit interface is used for connecting the time synchronization information security isolation unit;
the isolation encryption authentication subunit is used for decrypting information input by the external network interface and encrypting and authenticating information sent by the external network interface;
the external network security inspection subunit is provided with a firewall with a preset security policy, performs security inspection on the decryption information output by the isolation encryption authentication subunit, and sends the inspected information to the time synchronization information security isolation unit through an external network isolation unit interface;
the intranet time synchronization information security interaction unit comprises:
the intranet interface is used for connecting an intranet time synchronization device;
the intranet isolation unit interface is used for connecting the time synchronization information security isolation unit;
the isolated encryption authentication subunit is used for decrypting and authenticating information input by the intranet interface and encrypting and authenticating information sent to the intranet interface;
the intranet security inspection subunit is provided with a firewall with a preset security policy, performs security inspection on the decryption information output by the isolation encryption authentication subunit, and sends the inspected information to the time synchronization information security isolation unit through an intranet isolation unit interface;
the time synchronization information security isolation unit:
the isolation unit external network interface is connected with the external network isolation unit interface;
the isolation unit intranet interface is connected with the intranet isolation unit interface;
the clock holding interface is connected with the time synchronization signal isolation and recovery module, and is used for sending information of the external network time synchronization information security interaction unit and the internal network time synchronization information security interaction unit to the time synchronization signal isolation and recovery module and sending information of the external network time synchronization information security interaction unit and the internal network time synchronization information security interaction unit;
the isolation examination sub-unit is connected with the clock holding interface, and is used for carrying out safety examination and flow direction control on the information sent by the external network time synchronization information safety interaction unit and the internal network time synchronization information safety interaction unit received by the clock holding interface, and if the information is judged to be safe, the corresponding information is transmitted to the external network time synchronization information safety interaction unit or the network time synchronization information safety interaction unit through the external network interface of the isolation unit or the internal network interface of the isolation unit;
the time synchronization signal isolation and recovery module comprises an external network time synchronization signal transmission unit, an internal network time synchronization signal transmission unit and a clock holding unit; wherein:
the external network time synchronization signal transmission unit is used for performing time synchronization on the external network time synchronization device and the cross-network time synchronization device according to external network time synchronization interaction information;
the intranet time synchronization signal transmission unit is used for synchronizing time of the intranet time synchronization device and the cross-network time synchronization device according to intranet time synchronization interaction information;
the clock holding unit provides local clock signals for the external network time synchronization signal transmission unit and the internal network time synchronization signal transmission unit;
the external network time synchronization signal transfer unit includes:
a time signal generating subunit for generating a time synchronization signal according to the local clock signal provided by the clock holding unit, and transmitting the time synchronization signal to the external network and the time signal measuring subunit;
the time signal receiving subunit is used for receiving the time synchronization signal sent by the external network and converting the time synchronization signal into a signal which can be measured by the time signal measuring subunit;
the time signal measuring subunit is used for measuring the signals sent by the time signal generating subunit and the time signal receiving subunit to obtain signal arrival time and/or signal interval;
the intranet time synchronization signal transmission unit comprises:
the time signal generating subunit is used for generating a time synchronizing signal according to the local clock signal provided by the clock holding unit and transmitting the time synchronizing signal to the intranet and the time measuring subunit;
the time signal receiving subunit is used for receiving the time synchronization signal sent by the intranet and converting the time synchronization signal into a signal which can be measured by the time signal measuring subunit;
the time signal measuring subunit is used for measuring the signals sent by the event generating subunit and the time signal receiving subunit to obtain signal arrival time and/or signal interval;
the clock holding unit includes:
the external network time signal measuring interface receives the local time signal measuring information of the external network time synchronous signal transmission unit and transmits the local time signal measuring information to the delay compensation calculation subunit;
the time synchronization information interface is used for receiving the external network time synchronization interaction information and the local time signal measurement information of the internal network time synchronization signal transmission unit;
the delay compensation calculation subunit receives the local time signal measurement information sent by the external network time signal measurement interface and the external network time synchronization interaction information sent by the time synchronization information interface, performs delay compensation calculation on the local clock, and corrects the local clock;
and the intranet time signal measuring interface is used for receiving the local time signal measuring information of the intranet time synchronizing signal transmitting unit, transmitting the information to the time synchronizing information isolation examination module through the time synchronizing information interface, interacting with intranet time synchronizing equipment and carrying out time correction on the intranet time synchronizing equipment.
2. The cross-domain time synchronization device according to claim 1, wherein the number of the external network time synchronization information security interaction units and the external network time synchronization signal transmission units is several, and the number of the internal network time synchronization information security interaction units and the internal network time synchronization signal transmission units is several.
3. A method of cross-domain time synchronization for a cross-domain time synchronization device according to any of claims 1-2, the method comprising the steps of:
the time synchronization information isolation examination module is used for carrying out safety isolation and examination on the received external network time synchronization interaction information and internal network time synchronization interaction information and judging whether sensitive information exists in the external network time synchronization interaction information and the internal network time synchronization interaction information;
and executing external network time synchronization and internal network time synchronization according to the external network time synchronization interaction information and the internal network time synchronization interaction information respectively through the time synchronization signal isolation recovery module.
CN202210660655.6A 2022-06-13 2022-06-13 Cross-domain time synchronization device and method Active CN115242432B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210660655.6A CN115242432B (en) 2022-06-13 2022-06-13 Cross-domain time synchronization device and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210660655.6A CN115242432B (en) 2022-06-13 2022-06-13 Cross-domain time synchronization device and method

Publications (2)

Publication Number Publication Date
CN115242432A CN115242432A (en) 2022-10-25
CN115242432B true CN115242432B (en) 2023-05-16

Family

ID=83669928

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210660655.6A Active CN115242432B (en) 2022-06-13 2022-06-13 Cross-domain time synchronization device and method

Country Status (1)

Country Link
CN (1) CN115242432B (en)

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710409A (en) * 2012-06-04 2012-10-03 中广传播集团有限公司 Time synchronizing device with safety isolation function
CN102790774A (en) * 2012-07-31 2012-11-21 北京江南天安科技有限公司 Method and device capable of allowing internal network to obtain time information
CN102820994A (en) * 2012-08-20 2012-12-12 广州易宝信息技术有限公司 Data exchange device and data exchange method for network isolation environment
CN106998333A (en) * 2017-05-24 2017-08-01 山东省计算中心(国家超级计算济南中心) A kind of bilateral network security isolation system and method
CN108111409A (en) * 2016-11-25 2018-06-01 华为技术有限公司 The method and apparatus for establishing disjoint paths
CN108111536A (en) * 2018-01-15 2018-06-01 中国科学院信息工程研究所 A kind of application-level security cross-domain communication method and system
CN109495202A (en) * 2018-12-20 2019-03-19 北京明朝万达科技股份有限公司 A kind of method for synchronizing time and device
CN114553509A (en) * 2022-02-14 2022-05-27 国网山东省电力公司信息通信公司 Information internal and external network video conference intercommunication system and method based on isolation device

Family Cites Families (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8769127B2 (en) * 2006-02-10 2014-07-01 Northrop Grumman Systems Corporation Cross-domain solution (CDS) collaborate-access-browse (CAB) and assured file transfer (AFT)

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102710409A (en) * 2012-06-04 2012-10-03 中广传播集团有限公司 Time synchronizing device with safety isolation function
CN102790774A (en) * 2012-07-31 2012-11-21 北京江南天安科技有限公司 Method and device capable of allowing internal network to obtain time information
CN102820994A (en) * 2012-08-20 2012-12-12 广州易宝信息技术有限公司 Data exchange device and data exchange method for network isolation environment
CN108111409A (en) * 2016-11-25 2018-06-01 华为技术有限公司 The method and apparatus for establishing disjoint paths
CN106998333A (en) * 2017-05-24 2017-08-01 山东省计算中心(国家超级计算济南中心) A kind of bilateral network security isolation system and method
CN108111536A (en) * 2018-01-15 2018-06-01 中国科学院信息工程研究所 A kind of application-level security cross-domain communication method and system
CN109495202A (en) * 2018-12-20 2019-03-19 北京明朝万达科技股份有限公司 A kind of method for synchronizing time and device
CN114553509A (en) * 2022-02-14 2022-05-27 国网山东省电力公司信息通信公司 Information internal and external network video conference intercommunication system and method based on isolation device

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
基于可信计算的跨网数据安全交换技术;李超;《计算机工程与设计》;全文 *

Also Published As

Publication number Publication date
CN115242432A (en) 2022-10-25

Similar Documents

Publication Publication Date Title
US11606341B2 (en) Apparatus for use in a can system
KR101938312B1 (en) Different units same security apparatus based on internet of things
CN103491072A (en) Boundary access control method based on double one-way separation gatekeepers
EP1788745B1 (en) Communication apparatus
US11212671B2 (en) Method and system for securing communication links using enhanced authentication
KR20130132759A (en) Mechanism for internal processing of content through partial authentication on secondary channel
CN101911639A (en) The method of protection bi-directional communication channel and realize the device of this method
CN105262597A (en) Network access authentication method, client terminal, access device and authentication device
KR101023708B1 (en) Data Protection Method and Apparatus for SCADA Network Based on MODBUS Protocol
CN112491780B (en) Communication system and method
CN110637299B (en) Smooth transition of content type changes for streaming content
CN114125027B (en) Communication establishment method and device, electronic equipment and storage medium
Pirker et al. Global and secured uav authentication system based on hardware-security
WO2015178597A1 (en) System and method for updating secret key using puf
CN115242432B (en) Cross-domain time synchronization device and method
US10207725B2 (en) Method and device for transmitting signal among compartments of train
Kornaros et al. Trustnet: ensuring normal-world and trusted-world can-bus networking
CN103823702A (en) Application installation method and electronic equipment
CN106169955A (en) The safety certifying method of distribution network terminal wireless maintenance and system
US7266694B2 (en) Network relay device, communication device and network relay method
US20110026707A1 (en) Communication apparatus
EP3038375A1 (en) Communication verification system and method of using the same
KR101413428B1 (en) Apparatas and method for enhancing a security of vehicle communication network
Aichhorn et al. Investigating the impact of network security on the line current differential protection system
US20240007442A1 (en) Gateway and method for operating a gateway

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant