CN115242432B - Cross-domain time synchronization device and method - Google Patents
Cross-domain time synchronization device and method Download PDFInfo
- Publication number
- CN115242432B CN115242432B CN202210660655.6A CN202210660655A CN115242432B CN 115242432 B CN115242432 B CN 115242432B CN 202210660655 A CN202210660655 A CN 202210660655A CN 115242432 B CN115242432 B CN 115242432B
- Authority
- CN
- China
- Prior art keywords
- time synchronization
- information
- external network
- signal
- unit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/02—Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04J—MULTIPLEX COMMUNICATION
- H04J3/00—Time-division multiplex systems
- H04J3/02—Details
- H04J3/06—Synchronising arrangements
- H04J3/0635—Clock or time synchronisation in a network
- H04J3/0638—Clock or time synchronisation among nodes; Internode synchronisation
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04J—MULTIPLEX COMMUNICATION
- H04J3/00—Time-division multiplex systems
- H04J3/02—Details
- H04J3/06—Synchronising arrangements
- H04J3/0635—Clock or time synchronisation in a network
- H04J3/0682—Clock or time synchronisation in a network by delay compensation, e.g. by compensation of propagation delay or variations thereof, by ranging
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/08—Network architectures or network communication protocols for network security for authentication of entities
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Hardware Design (AREA)
- Computer Security & Cryptography (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Synchronisation In Digital Transmission Systems (AREA)
- Electric Clocks (AREA)
Abstract
The invention discloses a cross-domain time synchronization device and a method, wherein the device comprises a time synchronization information isolation examination module and a time synchronization signal isolation recovery module. According to the invention, through isolating and examining the interactive information in the time synchronization process, the risk of leakage of the sensitive information through the interactive information is reduced; meanwhile, through isolation and recovery of the time synchronization signals, direct time synchronization is not carried out between the two networks, and the association between the information of internal network time synchronization and the information of external network time synchronization is reduced, so that the risk that sensitive information is hidden in the synchronization information can be reduced, the potential safety hazard introduced in the cross-domain process of the time synchronization system is obviously reduced, and the safety of cross-domain time synchronization is improved.
Description
Technical Field
The present invention relates to the field of time synchronization technologies, and in particular, to a cross-domain time synchronization device and method.
Background
Currently, in the related art. On the one hand, networks with different security levels often require interworking. However, different networks are in different security domains, the security level is different, and the information access rights are different. Many security problems may occur if two networks are directly connected. To ensure the security of networks of different security levels, isolation methods are generally used. On the other hand, interconnection and interworking between different networks need to be based on the same time reference, and are usually realized by adopting time synchronization. However, the time signal may involve interactions of timestamp information, signaling information, etc. during the cross-network and cross-domain transfer, and these interactions may introduce hidden channels, resulting in inflow and outflow of illegal information, and even intrusion of external attack, which causes serious potential safety hazard to the network.
Disclosure of Invention
The invention mainly aims to provide a cross-domain time synchronization device and a cross-domain time synchronization method, and aims to solve the technical problem that illegal information possibly flows in or out in the current cross-domain time synchronization process, and serious potential safety hazards are caused to a network.
In order to achieve the above object, the present invention provides a cross-domain time synchronization device, which includes a time synchronization information isolation examination module and a time synchronization signal isolation recovery module; wherein:
the time synchronization information isolation examination module is used for carrying out safety isolation and examination on the received external network time synchronization interaction information and internal network time synchronization interaction information and judging whether sensitive information exists in the external network time synchronization interaction information and the internal network time synchronization interaction information;
and the time synchronization signal isolation and recovery module is used for executing external network time synchronization and internal network time synchronization according to the external network time synchronization interaction information and the internal network time synchronization interaction information respectively.
Optionally, the time synchronization information isolation examination module comprises an external network time synchronization information security interaction unit, an internal network time synchronization information security interaction unit and a time synchronization information security isolation unit; wherein:
the external network time synchronization information security interaction unit is used for time synchronization information interaction transmission between the external network time synchronization device and the cross-domain time synchronization device;
the internal network time synchronization information security interaction unit is used for time synchronization information interaction transmission between the internal network time synchronization device and the cross-domain time synchronization device;
the time synchronization information safety isolation unit is used for isolating and checking the time synchronization information of the external network and the time synchronization information of the internal network.
Optionally, the external network time synchronization information security interaction unit includes:
the external network interface is used for connecting an external network time synchronization device;
the external network isolation unit interface is used for connecting the time synchronization information security isolation unit;
the isolation encryption authentication subunit is used for decrypting information input by the external network interface and encrypting and authenticating information sent by the external network interface;
and the external network security inspection subunit is provided with a firewall with a preset security policy, performs security inspection on the decryption information output by the isolation encryption authentication subunit, and sends the inspected information to the time synchronization information security isolation unit through an external network isolation unit interface.
Optionally, the intranet time synchronization information security interaction unit includes:
the intranet interface is used for connecting an intranet time synchronization device;
the intranet isolation unit interface is used for connecting the time synchronization information security isolation unit;
the isolated encryption authentication subunit is used for decrypting and authenticating information input by the intranet interface and encrypting and authenticating information sent to the intranet interface;
and the intranet security inspection subunit is provided with a firewall with a preset security policy, performs security inspection on the decryption information output by the isolation encryption authentication subunit, and sends the inspected information to the time synchronization information security isolation unit through an intranet isolation unit interface.
Optionally, the time synchronization information security isolation unit:
the isolation unit external network interface is connected with the external network isolation unit interface;
the isolation unit intranet interface is connected with the intranet isolation unit interface;
the clock holding interface is connected with the time synchronization signal isolation and recovery module, and is used for sending information of the external network time synchronization information security interaction unit and the internal network time synchronization information security interaction unit to the time synchronization signal isolation and recovery module and sending information of the external network time synchronization information security interaction unit and the internal network time synchronization information security interaction unit;
and the isolation examination sub-unit is connected with the clock holding interface, performs security examination and flow direction control on the information sent by the external network time synchronization information security interaction unit and the internal network time synchronization information security interaction unit received by the clock holding interface, and if the information is judged to be secure, transmits the corresponding information to the external network time synchronization information security interaction unit or the network time synchronization information security interaction unit through the external network interface of the isolation unit or the internal network interface of the isolation unit.
Optionally, the time synchronization signal isolation and recovery module comprises an external network time synchronization signal transmission unit, an internal network time synchronization signal transmission unit and a clock holding unit; wherein:
the external network time synchronization signal transmission unit is used for performing time synchronization on the external network time synchronization device and the cross-network time synchronization device according to external network time synchronization interaction information;
the intranet time synchronization signal transmission unit is used for synchronizing time of the intranet time synchronization device and the cross-network time synchronization device according to intranet time synchronization interaction information;
the clock holding unit provides local clock signals for the external network time synchronization signal transmission unit and the internal network time synchronization signal transmission unit.
Optionally, the external network time synchronization signal transmission unit includes:
a time signal generating subunit for generating a time synchronization signal according to the local clock signal provided by the clock holding unit, and transmitting the time synchronization signal to the external network and the time signal measuring subunit;
the time signal receiving subunit is used for receiving the time synchronization signal sent by the external network and converting the time synchronization signal into a signal which can be measured by the time signal measuring subunit;
and the time signal measurement subunit is used for measuring the signals transmitted by the time signal generation subunit and the time signal receiving subunit to obtain the signal arrival time and/or the signal interval.
Optionally, the intranet time synchronization signal transmission unit includes:
the time signal generating subunit is used for generating a time synchronizing signal according to the local clock signal provided by the clock holding unit and transmitting the time synchronizing signal to the intranet and the time measuring subunit;
the time signal receiving subunit is used for receiving the time synchronization signal sent by the intranet and converting the time synchronization signal into a signal which can be measured by the time signal measuring subunit;
and the time signal measurement subunit is used for measuring the signals sent by the event generation subunit and the time signal receiving subunit to obtain the signal arrival time and/or the signal interval.
Optionally, the clock holding unit includes:
the external network time signal measuring interface receives the local time signal measuring information of the external network time synchronous signal transmission unit and transmits the local time signal measuring information to the delay compensation calculation subunit;
the time synchronization information interface is used for receiving the external network time synchronization interaction information and the local time signal measurement information of the internal network time synchronization signal transmission unit;
the delay compensation calculation subunit receives the local time signal measurement information sent by the external network time signal measurement interface and the external network time synchronization interaction information sent by the time synchronization information interface, performs delay compensation calculation on the local clock, and corrects the local clock;
and the intranet time signal measuring interface is used for receiving the local time signal measuring information of the intranet time synchronizing signal transmitting unit, transmitting the information to the time synchronizing information isolation examination module through the time synchronizing information interface, interacting with intranet time synchronizing equipment and carrying out time correction on the intranet time synchronizing equipment.
Optionally, the external network time synchronization information security interaction unit and the external network time synchronization signal transmission unit are set to be a plurality of, and the internal network time synchronization information security interaction unit and the internal network time synchronization signal transmission unit are set to be a plurality of.
In order to achieve the above object, the present application further proposes a cross-domain time synchronization method for a cross-domain time synchronization device as described above, the method comprising the steps of:
the time synchronization information isolation examination module is used for carrying out safety isolation and examination on the received external network time synchronization interaction information and internal network time synchronization interaction information and judging whether sensitive information exists in the external network time synchronization interaction information and the internal network time synchronization interaction information;
and executing external network time synchronization and internal network time synchronization according to the external network time synchronization interaction information and the internal network time synchronization interaction information respectively through the time synchronization signal isolation recovery module.
The invention provides a cross-domain time synchronization device and a method, wherein the device comprises a time synchronization information isolation examination module and a time synchronization signal isolation recovery module. According to the invention, through isolating and examining the interactive information in the time synchronization process, the risk of leakage of the sensitive information through the interactive information is reduced; meanwhile, through isolation and recovery of the time synchronization signals, direct time synchronization is not carried out between the two networks, and the association between the information of internal network time synchronization and the information of external network time synchronization is reduced, so that the risk that sensitive information is hidden in the synchronization information can be reduced, the potential safety hazard introduced in the cross-domain process of the time synchronization system is obviously reduced, and the safety of cross-domain time synchronization is improved.
Drawings
Fig. 1 is a schematic structural diagram of a cross-domain time synchronization device according to an embodiment of the present invention;
FIG. 2 is a schematic diagram of a time synchronization information isolation inspection module according to an embodiment of the present invention;
fig. 3 is a schematic diagram of an external network time synchronization signal transmission unit according to an embodiment of the present invention;
fig. 4 is a schematic diagram of an intranet time synchronization signal transmission unit according to an embodiment of the present invention;
fig. 5 is a schematic diagram of a clock holding unit according to an embodiment of the invention.
The achievement of the objects, functional features and advantages of the present invention will be further described with reference to the accompanying drawings, in conjunction with the embodiments.
Detailed Description
It should be understood that the specific embodiments described herein are for purposes of illustration only and are not intended to limit the scope of the invention.
The technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is apparent that the described embodiments are only some embodiments of the present invention, not all embodiments. All other embodiments, based on the embodiments of the invention, which would be apparent to one of ordinary skill in the art without inventive effort are within the scope of the invention.
It should be noted that all directional indicators (such as up, down, left, right, front, and rear … …) in the embodiments of the invention are merely used to explain the relative positional relationship, movement, etc. between the components in a particular posture (as shown in the drawings), and if the particular posture is changed, the directional indicators are changed accordingly.
In addition, the technical solutions of the embodiments may be combined with each other, but it is necessary that the technical solutions are based on the fact that the technical solutions can be realized by those skilled in the art, and when the technical solutions are contradictory or cannot be realized, the technical solutions should be considered that the combination does not exist and is not within the scope of protection claimed by the invention.
Currently, in the related art, the cross-domain time synchronization process may cause illegal information to flow in or flow out, which causes serious potential safety hazard to the network.
To solve this problem, various embodiments of the cross-domain time synchronization apparatus and method of the present invention are presented. According to the cross-domain time synchronization device and method, the risk of leakage of sensitive information through the interactive information is reduced by performing isolation examination on the interactive information in the time synchronization process; meanwhile, through isolation and recovery of the time synchronization signals, direct time synchronization is not carried out between the two networks, and the association between the information of internal network time synchronization and the information of external network time synchronization is reduced, so that the risk that sensitive information is hidden in the synchronization information can be reduced, the potential safety hazard introduced in the cross-domain process of the time synchronization system is obviously reduced, and the safety of cross-domain time synchronization is improved.
Referring to fig. 1, fig. 1 is a schematic structural diagram of a cross-domain time synchronization device according to an embodiment of the present invention.
The embodiment provides a cross-domain time synchronization device, which comprises a time synchronization information giving examination module and a time synchronization signal isolation recovery module.
The time synchronization information isolation examination module is used for carrying out safety isolation and examination on the time synchronization interaction information of the intranet and the time synchronization interaction information of the extranet, and reducing the risk of leakage of sensitive information through the interaction information. The time synchronization signal isolation and recovery module separates the time synchronization of the intranet and the time synchronization of the external network, so that the time synchronization is not directly carried out between the intranet and the external network, the relevance of the interaction information of the time synchronization of the intranet and the time synchronization of the external network is reduced, and the risk that the sensitive information is hidden in the interaction information is reduced.
In this embodiment, the time synchronization information isolation and examination module mainly includes three parts, namely an external network time synchronization information security interaction unit, a time synchronization information security isolation unit and an internal network time synchronization information security interaction unit.
The external network time synchronization information security interaction unit realizes an information security interaction function when time synchronization is carried out between the external network time synchronization device and the cross-domain time synchronization device. The intranet time synchronization information safety interaction unit realizes an information safety interaction function when time synchronization is carried out between the intranet time synchronization device and the cross-domain time synchronization device. The time synchronization information safety isolation unit is used for isolating and checking time synchronization interaction information between the intranet and the extranet.
In this embodiment, the time synchronization signal isolation and recovery module includes an external network time synchronization signal transmission unit, a clock holding unit, and an internal network time synchronization signal transmission unit.
The external network time synchronization signal transmission unit completes time synchronization between the external network time synchronization device and the cross-network time synchronization device. The intranet time synchronization signal transmission unit completes time synchronization between the intranet time synchronization device and the cross-network time synchronization device. The clock holding unit is used for holding the local clock with high stability and high accuracy and providing local clock signals for the external network time synchronization signal transmission unit and the internal network time synchronization signal transmission unit.
Referring to fig. 2, fig. 2 is a schematic diagram of a time synchronization information isolation inspection module, where the time synchronization information isolation inspection module includes an external network time synchronization information security interaction unit, an internal network time synchronization information security interaction unit, and a time synchronization information security isolation unit.
In this embodiment, the external network time synchronization information security interaction unit mainly includes an external network interface, an isolation authentication encryption subunit, an external network security inspection subunit and an external network isolation unit interface.
The external network interface is used for carrying out time synchronization information interaction with the external network equipment. The isolated encryption authentication subunit completes the decryption authentication of the information input by the external network interface and the encryption and authentication functions of the information required to be output to the external interface. The external network security isolation subunit completes the functions of security inspection and the like after the external network interface input information is decrypted, and prevents external network attackers from entering the internal network through illegal means through the firewall design with a certain security policy.
Specifically, the format, length, and rationality of the information itself, etc. of the interactive information are security checked according to the time synchronization protocol. If the information is judged to be safe, the information is transmitted to the time synchronization information safety isolation safety through the external network isolation unit interface. The external network isolation unit interface is used for information interaction between the external network time synchronization information security interaction unit and the time synchronization information security isolation unit.
In this embodiment, the intranet time synchronization information security interaction unit mainly includes an external network interface, an isolated authentication encryption subunit, an intranet security inspection subunit and an intranet isolation unit interface.
The internal network interface is used for carrying out time synchronization information interaction with the external network equipment. The isolated encryption authentication subunit completes the decryption authentication of the information input by the intranet interface and the encryption and authentication functions of the information required to be output to the internal interface. The intranet safety isolation subunit completes the functions of safety examination and the like after the intranet interface input information is decrypted, and prevents the intranet information from being output through a secret channel through a firewall design with a certain safety strategy.
Specifically, the format, length, and rationality of the information itself, etc. of the interactive information are security checked according to the time synchronization protocol. If the information is judged to be safe, the information is transmitted to the time synchronization information safety isolation safety through the intranet isolation unit interface. The intranet isolation unit interface is used for information interaction between the intranet time synchronization information security interaction unit and the time synchronization information security isolation unit.
In this embodiment, the time synchronization information security isolation unit mainly includes an isolation unit external network interface, an isolation unit internal network interface, an isolation inspection subunit, and a clock holding interface.
The isolation unit external network interface is used for carrying out information interaction with the external network time synchronization information security interaction unit. The internal network interface of the isolation unit is used for carrying out information interaction with the internal network time synchronization information security interaction unit. The clock holding interface is used for carrying out information interaction with the clock holding unit of the time synchronization signal isolation recovery module, on one hand, information output by the external network time synchronization information safety interaction unit and the internal network time synchronization information safety interaction unit is transmitted to the clock holding unit, and on the other hand, information output by the receiving clock holding unit to the external network time synchronization information safety interaction unit and the internal network time synchronization information safety interaction unit is transmitted to the isolation examination subunit.
The isolation examination subunit is used for performing security examination and flow control on the information received by the clock holding interface from the clock holding unit. And according to the time synchronization protocol, carrying out security examination on the format, the length, the rationality and the like of the interaction information. And if the information is judged to be safe, transmitting the corresponding information to an external network time synchronization information safety interaction unit or a network time synchronization information safety interaction unit through an external network interface of the isolation unit or an internal network interface of the isolation unit.
Referring to fig. 3, fig. 3 is a schematic diagram of an external network time synchronization signal transmission unit. The external network time synchronization signal transmission unit comprises a time signal generation subunit, a time signal receiving subunit and a time signal measurement subunit.
The time signal generating subunit generates a time synchronization signal output to the external network according to the local clock signal transmitted by the clock holding unit and the requirement of the time synchronization protocol. The output time synchronization signal may be an optical signal or an electrical signal, and the time signal generating subunit mainly modulates the original time synchronization signal onto the corresponding optical signal or electrical signal.
Meanwhile, the original time synchronization signal is transferred to the time signal measurement subunit. The time signal receiving subunit is configured to receive a time synchronization signal (which may be an optical signal or an electrical signal) input by the external network, and convert the time synchronization signal into a signal that can be measured by the time signal measuring subunit. The time signal measurement subunit is used for time measurement, and according to different protocols, it is possible to measure the sending time of the output time synchronization signal and the arrival time of the input time synchronization signal, and it is also possible to directly measure the time intervals of the two time signals. Finally, these time measurement information are sent to the clock holding unit.
Referring to fig. 4, fig. 4 is a schematic diagram of an intranet time synchronization signal transmission unit. The intranet time synchronization signal transmission unit comprises a time signal generation subunit, a time signal receiving subunit and a time signal measurement subunit.
The time signal generating subunit generates a time synchronization signal output to the intranet according to the local clock signal transmitted by the clock holding unit and the requirement of the time synchronization protocol. The output time synchronization signal may be an optical signal or an electrical signal, and the time signal generating subunit mainly modulates the original time synchronization signal onto the corresponding optical signal or electrical signal.
Meanwhile, the original time synchronization signal is transferred to the time signal measurement subunit. The time signal receiving subunit is configured to receive a time synchronization signal (which may be an optical signal or an electrical signal) input by the intranet, and convert the time synchronization signal into a signal that can be measured by the time signal measuring subunit. The time signal measurement subunit is used for time measurement, and according to different protocols, it is possible to measure the sending time of the output time synchronization signal and the arrival time of the input time synchronization signal, and it is also possible to directly measure the time intervals of the two time signals. Finally, these time measurement information are sent to the clock holding unit.
Referring to fig. 5, fig. 5 is a schematic diagram of a clock holding unit. The clock holding unit comprises an external network time signal measurement information interface, an internal network time signal measurement information interface, a time synchronization information interface, a delay compensation calculation subunit and a local clock.
The external network time signal measuring interface receives the local time signal measuring information from the external network time synchronous signal transmitting unit and transmits the local time signal measuring information to the delay compensation calculating subunit. The delay compensation calculation subunit receives the local time signal measurement information transmitted by the external network time signal measurement interface and also receives the time synchronization interaction information from the external network received by the time synchronization information interface, and according to the corresponding time synchronization protocol, carries out delay compensation calculation on the local clock according to the information, and transmits the delay compensation settlement result to the local clock for correcting the local clock. The internal network time signal measurement information interface receives local time signal measurement information of the internal network time synchronization signal transmission unit, transmits the information to the time synchronization information isolation examination module through the time synchronization information interface, and finally interacts with time synchronization equipment of the internal network for time correction of the time synchronization equipment of the internal network.
In an actual implementation process, the cross-network time synchronization method and apparatus provided in the present application may include 1 or more external network units (including an external network time synchronization information security interaction unit and an external network time synchronization signal transmission unit) and internal network units (including an internal network time synchronization information security interaction unit and an internal network time synchronization signal transmission unit).
In the embodiment, a cross-domain time synchronization device and a method are provided, aiming at the safety problem faced by a time synchronization system in the cross-domain process, the risk of leakage of sensitive information through interactive information is reduced by carrying out isolation examination on the interactive information in the time synchronization process; meanwhile, through isolation and recovery of the time synchronization signals, direct time synchronization is not carried out between the two networks, and the association between the information of internal network time synchronization and the information of external network time synchronization is reduced, so that the risk that sensitive information is hidden in the synchronization information can be reduced, the potential safety hazard introduced in the cross-domain process of the time synchronization system is obviously reduced, and the safety of cross-domain time synchronization is improved.
The foregoing description is only of the preferred embodiments of the invention, and is not intended to limit the scope of the invention, but rather is intended to cover any equivalent structure or equivalent flow scheme disclosed in the specification and drawings, or any other related art, directly or indirectly, as desired.
Claims (3)
1. The cross-domain time synchronization device is characterized by comprising a time synchronization information isolation examination module and a time synchronization signal isolation recovery module; wherein:
the time synchronization information isolation examination module is used for carrying out safety isolation and examination on the received external network time synchronization interaction information and internal network time synchronization interaction information and judging whether sensitive information exists in the external network time synchronization interaction information and the internal network time synchronization interaction information;
the time synchronization signal isolation and recovery module is used for executing external network time synchronization and internal network time synchronization according to the external network time synchronization interaction information and the internal network time synchronization interaction information respectively;
the time synchronization information isolation examination module comprises an external network time synchronization information security interaction unit, an internal network time synchronization information security interaction unit and a time synchronization information security isolation unit; wherein:
the external network time synchronization information security interaction unit is used for time synchronization information interaction transmission between the external network time synchronization device and the cross-domain time synchronization device;
the internal network time synchronization information security interaction unit is used for time synchronization information interaction transmission between the internal network time synchronization device and the cross-domain time synchronization device;
the time synchronization information safety isolation unit is used for isolating and checking the time synchronization information of the external network and the time synchronization information of the internal network; the external network time synchronization information security interaction unit comprises:
the external network interface is used for connecting an external network time synchronization device;
the external network isolation unit interface is used for connecting the time synchronization information security isolation unit;
the isolation encryption authentication subunit is used for decrypting information input by the external network interface and encrypting and authenticating information sent by the external network interface;
the external network security inspection subunit is provided with a firewall with a preset security policy, performs security inspection on the decryption information output by the isolation encryption authentication subunit, and sends the inspected information to the time synchronization information security isolation unit through an external network isolation unit interface;
the intranet time synchronization information security interaction unit comprises:
the intranet interface is used for connecting an intranet time synchronization device;
the intranet isolation unit interface is used for connecting the time synchronization information security isolation unit;
the isolated encryption authentication subunit is used for decrypting and authenticating information input by the intranet interface and encrypting and authenticating information sent to the intranet interface;
the intranet security inspection subunit is provided with a firewall with a preset security policy, performs security inspection on the decryption information output by the isolation encryption authentication subunit, and sends the inspected information to the time synchronization information security isolation unit through an intranet isolation unit interface;
the time synchronization information security isolation unit:
the isolation unit external network interface is connected with the external network isolation unit interface;
the isolation unit intranet interface is connected with the intranet isolation unit interface;
the clock holding interface is connected with the time synchronization signal isolation and recovery module, and is used for sending information of the external network time synchronization information security interaction unit and the internal network time synchronization information security interaction unit to the time synchronization signal isolation and recovery module and sending information of the external network time synchronization information security interaction unit and the internal network time synchronization information security interaction unit;
the isolation examination sub-unit is connected with the clock holding interface, and is used for carrying out safety examination and flow direction control on the information sent by the external network time synchronization information safety interaction unit and the internal network time synchronization information safety interaction unit received by the clock holding interface, and if the information is judged to be safe, the corresponding information is transmitted to the external network time synchronization information safety interaction unit or the network time synchronization information safety interaction unit through the external network interface of the isolation unit or the internal network interface of the isolation unit;
the time synchronization signal isolation and recovery module comprises an external network time synchronization signal transmission unit, an internal network time synchronization signal transmission unit and a clock holding unit; wherein:
the external network time synchronization signal transmission unit is used for performing time synchronization on the external network time synchronization device and the cross-network time synchronization device according to external network time synchronization interaction information;
the intranet time synchronization signal transmission unit is used for synchronizing time of the intranet time synchronization device and the cross-network time synchronization device according to intranet time synchronization interaction information;
the clock holding unit provides local clock signals for the external network time synchronization signal transmission unit and the internal network time synchronization signal transmission unit;
the external network time synchronization signal transfer unit includes:
a time signal generating subunit for generating a time synchronization signal according to the local clock signal provided by the clock holding unit, and transmitting the time synchronization signal to the external network and the time signal measuring subunit;
the time signal receiving subunit is used for receiving the time synchronization signal sent by the external network and converting the time synchronization signal into a signal which can be measured by the time signal measuring subunit;
the time signal measuring subunit is used for measuring the signals sent by the time signal generating subunit and the time signal receiving subunit to obtain signal arrival time and/or signal interval;
the intranet time synchronization signal transmission unit comprises:
the time signal generating subunit is used for generating a time synchronizing signal according to the local clock signal provided by the clock holding unit and transmitting the time synchronizing signal to the intranet and the time measuring subunit;
the time signal receiving subunit is used for receiving the time synchronization signal sent by the intranet and converting the time synchronization signal into a signal which can be measured by the time signal measuring subunit;
the time signal measuring subunit is used for measuring the signals sent by the event generating subunit and the time signal receiving subunit to obtain signal arrival time and/or signal interval;
the clock holding unit includes:
the external network time signal measuring interface receives the local time signal measuring information of the external network time synchronous signal transmission unit and transmits the local time signal measuring information to the delay compensation calculation subunit;
the time synchronization information interface is used for receiving the external network time synchronization interaction information and the local time signal measurement information of the internal network time synchronization signal transmission unit;
the delay compensation calculation subunit receives the local time signal measurement information sent by the external network time signal measurement interface and the external network time synchronization interaction information sent by the time synchronization information interface, performs delay compensation calculation on the local clock, and corrects the local clock;
and the intranet time signal measuring interface is used for receiving the local time signal measuring information of the intranet time synchronizing signal transmitting unit, transmitting the information to the time synchronizing information isolation examination module through the time synchronizing information interface, interacting with intranet time synchronizing equipment and carrying out time correction on the intranet time synchronizing equipment.
2. The cross-domain time synchronization device according to claim 1, wherein the number of the external network time synchronization information security interaction units and the external network time synchronization signal transmission units is several, and the number of the internal network time synchronization information security interaction units and the internal network time synchronization signal transmission units is several.
3. A method of cross-domain time synchronization for a cross-domain time synchronization device according to any of claims 1-2, the method comprising the steps of:
the time synchronization information isolation examination module is used for carrying out safety isolation and examination on the received external network time synchronization interaction information and internal network time synchronization interaction information and judging whether sensitive information exists in the external network time synchronization interaction information and the internal network time synchronization interaction information;
and executing external network time synchronization and internal network time synchronization according to the external network time synchronization interaction information and the internal network time synchronization interaction information respectively through the time synchronization signal isolation recovery module.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210660655.6A CN115242432B (en) | 2022-06-13 | 2022-06-13 | Cross-domain time synchronization device and method |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202210660655.6A CN115242432B (en) | 2022-06-13 | 2022-06-13 | Cross-domain time synchronization device and method |
Publications (2)
Publication Number | Publication Date |
---|---|
CN115242432A CN115242432A (en) | 2022-10-25 |
CN115242432B true CN115242432B (en) | 2023-05-16 |
Family
ID=83669928
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202210660655.6A Active CN115242432B (en) | 2022-06-13 | 2022-06-13 | Cross-domain time synchronization device and method |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN115242432B (en) |
Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102710409A (en) * | 2012-06-04 | 2012-10-03 | 中广传播集团有限公司 | Time synchronizing device with safety isolation function |
CN102790774A (en) * | 2012-07-31 | 2012-11-21 | 北京江南天安科技有限公司 | Method and device capable of allowing internal network to obtain time information |
CN102820994A (en) * | 2012-08-20 | 2012-12-12 | 广州易宝信息技术有限公司 | Data exchange device and data exchange method for network isolation environment |
CN106998333A (en) * | 2017-05-24 | 2017-08-01 | 山东省计算中心(国家超级计算济南中心) | A kind of bilateral network security isolation system and method |
CN108111409A (en) * | 2016-11-25 | 2018-06-01 | 华为技术有限公司 | The method and apparatus for establishing disjoint paths |
CN108111536A (en) * | 2018-01-15 | 2018-06-01 | 中国科学院信息工程研究所 | A kind of application-level security cross-domain communication method and system |
CN109495202A (en) * | 2018-12-20 | 2019-03-19 | 北京明朝万达科技股份有限公司 | A kind of method for synchronizing time and device |
CN114553509A (en) * | 2022-02-14 | 2022-05-27 | 国网山东省电力公司信息通信公司 | Information internal and external network video conference intercommunication system and method based on isolation device |
Family Cites Families (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8769127B2 (en) * | 2006-02-10 | 2014-07-01 | Northrop Grumman Systems Corporation | Cross-domain solution (CDS) collaborate-access-browse (CAB) and assured file transfer (AFT) |
-
2022
- 2022-06-13 CN CN202210660655.6A patent/CN115242432B/en active Active
Patent Citations (8)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102710409A (en) * | 2012-06-04 | 2012-10-03 | 中广传播集团有限公司 | Time synchronizing device with safety isolation function |
CN102790774A (en) * | 2012-07-31 | 2012-11-21 | 北京江南天安科技有限公司 | Method and device capable of allowing internal network to obtain time information |
CN102820994A (en) * | 2012-08-20 | 2012-12-12 | 广州易宝信息技术有限公司 | Data exchange device and data exchange method for network isolation environment |
CN108111409A (en) * | 2016-11-25 | 2018-06-01 | 华为技术有限公司 | The method and apparatus for establishing disjoint paths |
CN106998333A (en) * | 2017-05-24 | 2017-08-01 | 山东省计算中心(国家超级计算济南中心) | A kind of bilateral network security isolation system and method |
CN108111536A (en) * | 2018-01-15 | 2018-06-01 | 中国科学院信息工程研究所 | A kind of application-level security cross-domain communication method and system |
CN109495202A (en) * | 2018-12-20 | 2019-03-19 | 北京明朝万达科技股份有限公司 | A kind of method for synchronizing time and device |
CN114553509A (en) * | 2022-02-14 | 2022-05-27 | 国网山东省电力公司信息通信公司 | Information internal and external network video conference intercommunication system and method based on isolation device |
Non-Patent Citations (1)
Title |
---|
基于可信计算的跨网数据安全交换技术;李超;《计算机工程与设计》;全文 * |
Also Published As
Publication number | Publication date |
---|---|
CN115242432A (en) | 2022-10-25 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US11606341B2 (en) | Apparatus for use in a can system | |
KR101938312B1 (en) | Different units same security apparatus based on internet of things | |
CN103491072A (en) | Boundary access control method based on double one-way separation gatekeepers | |
EP1788745B1 (en) | Communication apparatus | |
US11212671B2 (en) | Method and system for securing communication links using enhanced authentication | |
KR20130132759A (en) | Mechanism for internal processing of content through partial authentication on secondary channel | |
CN101911639A (en) | The method of protection bi-directional communication channel and realize the device of this method | |
CN105262597A (en) | Network access authentication method, client terminal, access device and authentication device | |
KR101023708B1 (en) | Data Protection Method and Apparatus for SCADA Network Based on MODBUS Protocol | |
CN112491780B (en) | Communication system and method | |
CN110637299B (en) | Smooth transition of content type changes for streaming content | |
CN114125027B (en) | Communication establishment method and device, electronic equipment and storage medium | |
Pirker et al. | Global and secured uav authentication system based on hardware-security | |
WO2015178597A1 (en) | System and method for updating secret key using puf | |
CN115242432B (en) | Cross-domain time synchronization device and method | |
US10207725B2 (en) | Method and device for transmitting signal among compartments of train | |
Kornaros et al. | Trustnet: ensuring normal-world and trusted-world can-bus networking | |
CN103823702A (en) | Application installation method and electronic equipment | |
CN106169955A (en) | The safety certifying method of distribution network terminal wireless maintenance and system | |
US7266694B2 (en) | Network relay device, communication device and network relay method | |
US20110026707A1 (en) | Communication apparatus | |
EP3038375A1 (en) | Communication verification system and method of using the same | |
KR101413428B1 (en) | Apparatas and method for enhancing a security of vehicle communication network | |
Aichhorn et al. | Investigating the impact of network security on the line current differential protection system | |
US20240007442A1 (en) | Gateway and method for operating a gateway |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |