[go: up one dir, main page]

CN103166933A - System and method for data safe exchange - Google Patents

System and method for data safe exchange Download PDF

Info

Publication number
CN103166933A
CN103166933A CN2011104218685A CN201110421868A CN103166933A CN 103166933 A CN103166933 A CN 103166933A CN 2011104218685 A CN2011104218685 A CN 2011104218685A CN 201110421868 A CN201110421868 A CN 201110421868A CN 103166933 A CN103166933 A CN 103166933A
Authority
CN
China
Prior art keywords
data
intranet
outer net
swap
subelement
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN2011104218685A
Other languages
Chinese (zh)
Other versions
CN103166933B (en
Inventor
李志鹏
王洪波
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Tols Tianxiang Net An Information Technology Co ltd
Original Assignee
BEIJING TOPWALK INFORMATION TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by BEIJING TOPWALK INFORMATION TECHNOLOGY Co Ltd filed Critical BEIJING TOPWALK INFORMATION TECHNOLOGY Co Ltd
Priority to CN201110421868.5A priority Critical patent/CN103166933B/en
Publication of CN103166933A publication Critical patent/CN103166933A/en
Application granted granted Critical
Publication of CN103166933B publication Critical patent/CN103166933B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Landscapes

  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention provides a system and a method for data safe exchange. The system comprises an inner network data exchange module and an outer network data exchange module. The inner network data exchange module comprises a management configuration unit and an inner network data exchange unit. The outer network data exchange module comprises an outer network data exchange unit. The management configuration unit directly establishes the inner network data exchange unit and an inner network data server. The outer network data exchange unit is in relative configuration with an outer data server. According to the system and the method for the data safe exchange, under the premise that data exchange safety among networks is guaranteed, the current situation that data exchange among the networks is achieved by means of depending on a client side with client side software installed is eliminated.

Description

A kind of data security switching system and method
Technical field
The present invention relates to field of data exchange, more particularly, relate to a kind of data security switching system and method.
Background technology
Along with the sustainable development of Enterprise's Electronic Commercial, electronic government affairs, it is day by day urgent and frequently common that the internal-external network of reciprocity isolation carries out the demand of exchanges data.For example: the exchanges data of E-Government intranet and extranet, broadcasting and TV are compiled exchanges data of exchanges data, tax system internal network and the Internet of broadcasting internal network and the Internet etc.Based on the different present situation of the safe class of internal-external network, at present, generally use GAP Technology to realize exchanges data between internal-external network, to guarantee the fail safe of exchanges data between internal-external network.
Fig. 1 is the topological structure schematic diagram of the GAP Technology of classics in prior art.With reference to Fig. 1, the gateway of disposing between inner network and external network comprises the Intranet processing unit, isolation and switching control unit and outer net processing unit; With on Intranet client that the Intranet processing unit is connected, the Intranet client software is installed, with the outer net client software is installed, Intranet client and outer net client interrelated (can carry out exchanges data between the two) on outer net client that the outer net processing unit is connected.when the executing data switching task, the Intranet client is by the associated configuration of Intranet client software foundation with the intranet data server, data server comprises file server and database server, realize the Intranet client to the monitoring of specific data in the intranet data server, monitored data comprise database table or the interior file of file server in database server, the outer net client is by the associated configuration of outer net client software foundation with the outer net data server, realize the monitoring of specific data in the external network data server of outer net client, after configuration is completed, monitored data in monitored data in the intranet data server and outer net data server are bound, monitored data change in the intranet data server, the for example additions and deletions of the additions and deletions of data or described file File in described database table, the Intranet client is by the data content (Intranet swap data) of Intranet client software collection change, and with the Intranet processing unit of Intranet switched data transmission to gateway, the Intranet processing unit is by isolation and switching control unit, realize that the outer net processing unit is to the collection of Intranet swap data, Intranet switched data transmission after the outer net processing unit will gather is to the outer net client, the outer net client realizes the relevant slotting work of writing of the monitored data of external network data server by the outer net client software.In the outer net database server, during monitored data change, the exchanges data principle of outer net swap data is identical with the exchange principle of Intranet swap data.
Can find out, in the data exchange process of GAP Technology, client is being born the send and receive work of switched data transmission by the client software that is arranged on self, and described client comprises Intranet client and outer net client; GAP Technology is realized the exchanges data between internal-external network, depend on the client that client software is installed, this specific character must cause the hidden danger of GAP Technology existence and stability deficiency in data exchange process, for example the operation of client software relies on the operating system be arranged in the client application system, the compatibility of itself and operating system and the ruuning situation of operating system self is unpredictable and take precautions against, when client breaks down, will make ongoing exchanges data tasks interrupt.
Summary of the invention
In view of this, the invention provides a kind of data security switching system, rely in order to eliminate the present situation that the client that client software is installed realizes the inter-network data secure exchange, under the prerequisite of ensuring data exchange safety property, realize stable inter-network data secure exchange.
For achieving the above object, the invention provides following technical scheme:
A kind of data security switching system, comprise: be deployed in intranet data Switching Module and outer net data exchange module between Inside and outside network, described intranet data Switching Module is connected with Intranet, described outer net data exchange module is connected with outer net, described intranet data Switching Module is connected by encrypted link with described outer net data exchange module, described intranet data Switching Module comprises: administration configuration unit and intranet data crosspoint, and described outer net data exchange module comprises: outer net exchanges data unit;
Described administration configuration unit, be used for setting up the associated configuration of described intranet data crosspoint and intranet data server, realize monitoring to specific data in described intranet data server by network, and set up the associated configuration of described outer net exchanges data unit and outer net data server, realize monitoring to specific data in described outer net data server by network, set up the exchanges data task, with monitored data in described intranet data server, reach data binding monitored in described outer net data server in described exchanges data task;
Described intranet data crosspoint, be used for active obtaining Intranet swap data, described Intranet swap data is carried out safety detection to be processed, data after buffer memory is processed by safety detection, data after buffer memory are reduced to described Intranet swap data, the Intranet swap data after reduction is ferried to described outer net exchanges data unit; And the outer net swap data of the described outer net exchanges data of reception unit ferry-boat, and described outer net swap data is pushed to described intranet data server;
Described outer net exchanges data unit, be used for active obtaining outer net swap data, described outer net swap data is carried out safety detection to be processed, the data that buffer memory is processed by safety detection, data after buffer memory are reduced to described outer net swap data, the outer net swap data after reduction is ferried to described intranet data crosspoint; And receive the Intranet swap data that described intranet data crosspoint is ferried, and described Intranet swap data is pushed to described outer net data server.
The present invention also provides a kind of data security switching method, and described method is based on data security switching system described above, and described method comprises step:
The associated configuration of intranet data crosspoint and intranet data server is set up in A, administration configuration unit, and the associated configuration of outer net exchanges data unit and outer net data server, sets up the exchanges data task;
B, described intranet data crosspoint active obtaining Intranet swap data carry out safety detection to described Intranet swap data and process, and the data that buffer memory is processed by safety detection are reduced to described Intranet swap data with the data after buffer memory;
C, described intranet data crosspoint use the Intranet swap data after proprietary protocol transmits described reduction by encrypted link;
Intranet swap data after D, the described reduction of described outer net exchanges data unit reception is pushed to described outer net data server with described Intranet swap data.
The present invention also provides a kind of data security switching method, and described method is based on data security switching system described above, and described method comprises step:
The associated configuration of intranet data crosspoint and intranet data server is set up in a, administration configuration unit, and the associated configuration of outer net exchanges data unit and outer net data server, sets up the exchanges data task;
B, described outer net exchanges data unit active obtaining outer net swap data carries out safety detection to described outer net swap data and processes, and the data that buffer memory is processed by safety detection are reduced to described outer net swap data with the data after buffer memory;
C, described outer net exchanges data unit uses the outer net swap data after proprietary protocol transmits described reduction by encrypted link;
D, described intranet data crosspoint receive the outer net swap data after described reduction, and described outer net swap data is pushed to described intranet data server.
By above technical scheme, can find out, the embodiment of the present invention provides is deployed in data security switching system between internal-external network, after the client upload configuration information, itself just can realize monitoring, send and receive to swap data, the monitoring of its swap data, and send and receive is independent of client, be no longer dependent on client software, the stability of client no longer affects the stability of internal-external network exchanges data; And the data security switching system that the embodiment of the present invention provides adopts Double Data Switching Module system, swap data is carried out high-intensity safety detection process, and has guaranteed the fail safe of exchanges data.The data security switching system that the embodiment of the present invention provides, under the prerequisite of ensuring data exchange safety property, eliminated and relied on the present situation that the client that client software is installed realizes the inter-network data secure exchange, realized stable inter-network data secure exchange.
Description of drawings
In order to be illustrated more clearly in the embodiment of the present invention or technical scheme of the prior art, the below will do to introduce simply to the accompanying drawing of required use in embodiment or description of the Prior Art, apparently, accompanying drawing in the following describes is only some embodiments of the present invention, for those of ordinary skills, under the prerequisite of not paying creative work, can also obtain according to these accompanying drawings other accompanying drawing.
Fig. 1 is the topological structure schematic diagram of the GAP Technology of classics in prior art;
Fig. 2 is the structured flowchart of data security switching system of the present invention;
Fig. 3 is the structured flowchart of administration configuration of the present invention unit;
Fig. 4 is the structured flowchart of intranet data crosspoint of the present invention;
Fig. 5 is the structured flowchart of outer net exchanges data of the present invention unit;
Fig. 6 is that the present invention realizes that Intranet is to the method flow diagram of the exchanges data of outer net;
Fig. 7 is that the present invention realizes that outer net is to the method flow diagram of the exchanges data of Intranet;
Fig. 8 is the flow chart of data security switching method of the present invention;
Fig. 9 is another structured flowchart of invention data security switching system.
Embodiment
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, obviously, described embodiment is only the present invention's part embodiment, rather than whole embodiment.Based on the embodiment in the present invention, those of ordinary skills belong to the scope of protection of the invention not making the every other embodiment that obtains under the creative work prerequisite.
The invention provides a kind of data security switching system, rely in order to eliminate the present situation that client software is realized the inter-network data exchange, under the prerequisite of ensuring data exchange safety property, realize stablizing efficient inter-network data exchange.
Fig. 2 is the structured flowchart of data security switching system of the present invention.As shown in Figure 2, be the data security switching system between outer net and Intranet, the data security switching system comprises intranet data Switching Module 100 and outer net data exchange module 200.Intranet data Switching Module 100 is connected with Intranet, and outer net data exchange module 200 is connected with outer net, by encrypted link, adopts proprietary protocol communication between intranet data Switching Module 100 and outer net data exchange module 200.Intranet data Switching Module 100 comprises administration configuration unit 110 and intranet data crosspoint 120; Outer net data exchange module 200 comprises outer net exchanges data unit 210.
wherein, administration configuration unit 110, the exchanges data task that is used for the described data security switching system of administration configuration, set up the associated configuration of intranet data crosspoint 120 and intranet data server, realize the monitoring of specific data in internal network data server by network, and set up the associated configuration of outer net exchanges data unit 210 and outer net data server, realize the monitoring of specific data in external network data server by network, described Intranet or outer net data server comprise Intranet or outer net file server and database server, by setting up the exchanges data task, with monitored data in described intranet data server, reach data binding monitored in described outer net data server in described exchanges data task.In described Intranet or outer net data server, monitored specific data comprises database table or the interior file of file server in database server.
Fig. 3 is the structured flowchart of administration configuration of the present invention unit.With reference to Fig. 3, administration configuration unit 110 can comprise:
Configuration subelement 111, be used for configuring the configuration information of described intranet data server and described outer net data server, set up respectively being connected of described intranet data crosspoint and described intranet data server, and being connected of described outer net exchanges data unit and described outer net data server;
Monitoring subelement 112 is used for by network, described intranet data server specific data being monitored, and by network, specific data in described outer net data server is monitored; During monitored data change in described intranet data server, notify described intranet data crosspoint, so that described intranet data crosspoint active obtaining Intranet swap data, when reaching the monitored data change in described outer net data server, notify described outer net exchanges data unit, so that the described outer net swap data of described outer net exchanges data unit active obtaining;
Related subelement 113 is used for setting up the exchanges data task, with monitored data in described intranet data server, reaches data binding monitored in described outer net data server in described exchanges data task;
Configuration information storing sub-units 114, for the configuration information of storing described data security switching system, described configuration information comprises the configuration information of described intranet data server and described outer net data server.
Administration configuration unit 110 is when the exchanges data task of configuration data security exchange system, described configuration subelement 111 directly configures the relevant configuration information of intranet data server and outer net data server, but the database of the intranet and extranet that this relevant configuration information can be the user to be uploaded or IP address, user name, password operating database table or the file etc. of file, thereby set up respectively intranet data crosspoint 120 and intranet data server, outer net exchanges data unit 210 is connected with the outer net data server; Described monitoring subelement 112 is after described configuration subelement is completed configuration, can realize by network the administrative relationships of intranet data crosspoint 120 and intranet data server, and the administrative relationships of outer net exchanges data unit 210 and outer net data server, wherein administrative relationships comprise described monitoring subelement 112 by the monitoring of specific data in 120 pairs of described intranet data servers of intranet data crosspoint, and described monitoring subelement 112 is by the monitoring of specific data in the described outer net data server in 210 pairs of unit of outer net exchanges data; After setting up administrative relationships, described related subelement 113 is by setting up the exchanges data task, with the resource information unification on outer net and intranet data server in administration configuration unit 110, to need the data monitored in the intranet data server in this exchanges data task, bind with the data that need in the outer net data server to monitor.
Preferably, described monitoring subelement 112 can further comprise: trigger subelement and notice subelement;
The trigger subelement, for the trigger that utilizes described intranet data server and described outer net data server to insert, monitor the specific data in described intranet data server and described outer net data server, when described trigger changes at described specific data, send data movement message to described notice subelement;
Described notice subelement, be used for receiving described data movement message, during monitored data change in described intranet data server, notify described intranet data crosspoint, so that described intranet data crosspoint active obtaining Intranet swap data, during monitored data change in described outer net data server, notify described outer net exchanges data unit, so that the described outer net swap data of described outer net exchanges data unit active obtaining.
Administration configuration unit 110 is when the configuration data switching task, can utilize database features by described trigger subelement, insert trigger with the data of monitoring appointment in database, in case monitored specific data changes, trigger is informed the corresponding data movement content of described notice subelement, and described data movement content comprises Intranet swap data and outer net swap data.
By administration configuration of the present invention unit, certain table of outer grid database certain table with the intranet data storehouse can be associated together, data variation in this outer net database table will be by data security switching system automatic transmission of the present invention in the table in this intranet data storehouse so, and Intranet is consistent therewith to outer net the transmission of data principle.Need to prove, administration configuration unit 110 is after completing the respective associated configuration, intranet data crosspoint 120 just can be asked the intranet data server by the direct network receiving, the Real Time Monitoring that administration configuration unit 110 just can be realized monitored data by intranet data crosspoint 120; The outer net data server just can be asked by the direct network receiving in outer net exchanges data unit 210, the Real Time Monitoring that administration configuration unit 110 just can be realized monitored data by outer net exchanges data unit 210.
All configuration informations of data security switching system are all managed by the configuration information storing sub-units 114 of the administration configuration unit 110 of intranet data Switching Module 100, and 114 pairs of configuration informations of configuration information storing sub-units are regularly verified and upgrade; Because outer net data exchange module 200 is connected with outer net, its fail safe can not get ensureing, therefore outer net data exchange module 200 is not stored any configuration information, the configuration information that it is required, entirely by the administration configuration unit 110 of intranet data Switching Module 100 by the encrypted link real-time Transmission; All configuration informations of administration configuration unit 110 storage data security switching systems of the present invention, the configuration information real-time, interactive of assurance intranet data Switching Module 100 and outer net data exchange module 200.Such setting has guaranteed that configuration information is not maliciously tampered and reveals.
The exchanges data task of administration configuration unit 110 management data security exchange systems comprises: the priority adjustment of the startup of Intranet or outer net switched data transmission and termination, Intranet or outer net switched data transmission etc.; The exchanges data task of managing intranet exchanges data unit 120 and outer net exchanges data unit 210.
Preferably, administration configuration unit 110 can also comprise the statistical analysis subelement, and described statistical analysis subelement is used for statistical analysis is carried out in the system journal of described data security switching system; Wherein, system journal is data security switching system of the present invention, the statistical daily record and the information that produce in each functional unit course of work, described statistical analysis subelement gathers the log information that each functional unit produces in exchanges data, and specific aim is carried out analytic statistics and gone out the information such as successful exchanges data amount, not successful exchanges data amount, exchanges data termination.
Intranet data crosspoint 120, be used for active obtaining Intranet swap data, described Intranet swap data is carried out safety detection to be processed, data after buffer memory is processed by safety detection, data after buffer memory are reduced to described Intranet swap data, the Intranet swap data after reduction is ferried to outer net exchanges data unit 210; And the outer net swap data of reception outer net exchanges data unit 210 ferry-boats, and described outer net swap data is pushed to described intranet data server.
Fig. 4 is the structured flowchart of intranet data crosspoint of the present invention.With reference to Fig. 4, intranet data crosspoint 120 comprises: interior network interface subelement 121, the first safety detection subelement 122, the first buffer memory subelements 123 and the first ferry-boat subelement 124.
Interior network interface subelement 121 is used for connecting described intranet data server, and active obtaining Intranet swap data sends described Intranet swap data to first safety detection subelement 122; And the outer net swap data that intranet data crosspoint 120 is received is pushed to described intranet data server;
The first safety detection subelement 122, being used for that the Intranet swap data that receives is carried out safety detection processes, described safety detection is processed and is specially: the ICP/IP protocol of peeling off the outer net swap data that obtains, generate clear data, this clear data is carried out fine granularity format checking, depth content filtration and checking and killing virus.Wherein, the fine granularity format checking comprises: field length inspection, number range inspection, Boolean condition judgement, identity card format checking, large field inspection and file format inspection, the file format inspection judges the true form of file according to file eigenvalue.Depth content is filtered and is comprised: specific field, full table, full text part filtration or replacement, url filtering.Checking and killing virus comprises this basic antivirus engine of use kappa, data are carried out checking and killing virus, but killing Windows, Linux is viral.To send by the data that safety detection is processed the first buffer memory subelement 123 to;
The first buffer memory subelement 123, be used for receiving the also data of buffer memory the first safety detection subelement 122 transmission, data after buffer memory are reduced to described Intranet swap data, described reduction is processed and is specially: data after described buffer memory are carried out the ICP/IP protocol encapsulation, send the Intranet swap data after reduction to described the first ferry-boat subelement 124;
Preferably, but the first buffer memory subelement 123 outer net swap data of receiving of buffer memory intranet data crosspoint 120 also, and send the outer net swap data after buffer memory to interior network interface subelement 121;
The first ferry-boat subelement 124 is used for the Intranet swap data after described reduction, ferries to outer net exchanges data unit 210; And the outer net swap data of reception outer net exchanges data unit 210 ferry-boats, and send described outer net swap data to interior network interface subelement 121, preferably also can first send described outer net swap data to first buffer memory subelement 123, after the first buffer memory subelement 123 described outer net swap datas of buffer memory, then send it to interior network interface subelement 121; The first ferry-boat subelement 124 is connected with encrypted link, is used for realizing swap data at intranet data Switching Module 100, and the transmission of 200 of outer net data exchange modules, and by the outside network data Switching Module 200 transmission configuration information and instructions of encrypted link.The first ferry-boat subelement 124 sends the configuration information of administration configuration unit 110 management to outer net data exchange module 200 by encrypted link, realizes mutual between the two of configuration information.
Fig. 5 is the structured flowchart of outer net exchanges data of the present invention unit.With reference to Fig. 5, outer net exchanges data unit 210 comprises: outer network interface subelement 211, the second safety detection subelement 212, the second buffer memory subelements 213 and the second ferry-boat subelement 214.
Outer network interface subelement 211 is used for connecting described outer net data server, and active obtaining outer net swap data sends described outer net swap data to second safety detection subelement 212; And the Intranet swap data of outer net exchanges data unit 210 receptions is pushed to described outer net data server;
The second safety detection subelement 212 is used for that the outer net swap data that receives is carried out safety detection and processes, and will send by the data that safety detection is processed the second buffer memory subelement 213 to;
Need to prove, the safety detection that the second 212 pairs, safety detection subelement outer net swap data carries out is out processed identical with the performed safety detection of 122 pairs of Intranet swap datas of the first safety detection subelement.
The second buffer memory subelement 213 is used for receiving the also data of buffer memory the second safety detection subelement 212 transmission, and the data after buffer memory are reduced to described outer net swap data, sends the outer net swap data after reduction to second ferry-boat subelement 214;
Preferably, the second buffer memory subelement 213 also can reach the Intranet swap data of buffer memory outer net exchanges data unit 210 receptions, and sends the Intranet swap data after buffer memory to outer network interface subelement 211;
Need to prove, it is identical with the performed reduction processing of the Intranet swap data processed by safety detection after 123 pairs of buffer memorys of the first buffer memory subelement that reduction that the second buffer memory subelement 213 carries out is processed.
The second ferry-boat subelement 214 is used for the outer net swap data after described reduction, ferries to intranet data crosspoint 120; And the Intranet swap data of reception intranet data crosspoint 120 ferry-boats, and send described Intranet swap data to outer network interface subelement 211, preferably also can first send described Intranet swap data to second buffer memory subelement 213, after the second buffer memory subelement 213 described Intranet swap datas of buffer memory, then send it to outer network interface subelement 211.The second ferry-boat subelement 214 is connected with encrypted link, be used for realizing that swap data is at intranet data Switching Module 100, with the transmission of 200 of outer net data exchange modules, and receive the configuration information and instruction that the administration configuration unit 110 of intranet data Switching Module 100 transmits by encrypted link.The second ferry-boat subelement 214 receives the configuration information that intranet data Switching Modules 100 transmit, realize configuration information 200 of intranet data Switching Module 100 and outer net data exchange modules alternately, realize the configuration effort of outer net data exchange module 200.
Need to prove, the outer network interface subelement 211 of outer net data exchange module 200, the configuration effort that initiatively connects outer net data server, active obtaining outer net swap data is completed on administration configuration unit 110.Administration configuration unit 110 configuration outer net data servers, and this configuration information is conveyed to outer net data exchange module 200 by encrypted link, after outer net data exchange module 200 receives configuration information, complete deploy content, be connected the related data exchange with the outer net data server and connect, realize the function of active obtaining outer net swap data, propelling movement Intranet swap data;
The configuration effort that interior network interface subelement 121 obtains the Intranet swap data is also completed on administration configuration unit 110, administration configuration unit 110 directly set up and the intranet data server between connection, in realizing, the Intranet swap data of network interface subelement 121 obtains with the outer net swap data and pushes;
Administration configuration unit 110 is connected with the intranet data server by being connected of the outer network interface subelement 211 of configuration and outer net data server, interior network interface subelement 121, complete outer net data, services resource and the related of intranet data Service Source and docking, set up one or more tasks, the exchanges data of finally completing between internal-external network is used;
take Intranet to outer net the transmission of data library file as example, data security switching system of the present invention is broken away from client software, the principle that realizes the intranet and extranet exchanges data describes: the data security switching system is set up intranet data storehouse server and intranet data Switching Module 100 by administration configuration unit 110, the outer net database server is related with 200 of outer net data exchange modules, administration configuration unit 110 configures the IP address, user name, after the information such as password, the data security switching system just can obtain by network the access limit of associated databases or table, after configuration is completed, the data security switching system utilizes database function, set up corresponding trigger in database, this trigger carries out Real Time Monitoring to database or the table of transmission, in case have new data to write in the database of Intranet or table, can inform intranet data Switching Module 100, intranet data Switching Module 100 goes to this database or table to carry out the read work of given content, be transferred to subsequently outer net data exchange module 200, realize that intranet data writes outer grid database automatically.Outer net is identical therewith to the principle of Intranet the transmission of data library file.
The embodiment of the present invention provides is deployed in data security switching system between internal-external network, after the client upload configuration information, itself just can realize monitoring, send and receive to swap data, the monitoring of its swap data, send and receive is independent of client, be no longer dependent on client software, the stability of client no longer affects the stability of internal-external network swap data; And the data security switching system that the embodiment of the present invention provides adopts Double Data Switching Module system, swap data is carried out high-intensity safety detection process, and has guaranteed the fail safe of exchanges data.The data security switching system that the embodiment of the present invention provides under the prerequisite of ensuring data exchange safety property, has been eliminated and has been relied on the present situation that the client that client software is installed realizes the inter-network data secure exchange, has realized stable inter-network data exchange.
Fig. 6 is that the present invention realizes that Intranet is to the method flow diagram of the exchanges data of outer net.With reference to Fig. 6, the method is based on data security switching system described above, and the method can comprise step:
The associated configuration of described intranet data crosspoint and intranet data server is set up in S10, administration configuration unit, and the associated configuration of described outer net exchanges data unit and outer net data server, sets up the exchanges data task;
step S10 is specially: the configuration information that configures described intranet data server and described outer net data server, set up being connected of described intranet data crosspoint and described intranet data server, realize monitoring to specific data in described intranet data server by network, and set up being connected of described outer net exchanges data unit and described outer net data server, realize monitoring to specific data in described outer net data server by network, set up the exchanges data task, with monitored data in described intranet data server, reach data binding monitored in described outer net data server in described exchanges data task.
S11, described intranet data crosspoint active obtaining Intranet swap data carry out safety detection to described Intranet swap data and process, and the data that buffer memory is processed by safety detection are reduced to described Intranet swap data with the data after buffer memory;
S12, described intranet data crosspoint use the Intranet swap data after proprietary protocol transmits described reduction processing by encrypted link;
Intranet swap data after S13, the described reduction of described outer net exchanges data unit reception is pushed to described outer net data server with described Intranet swap data.
Preferably, step S13 can also be after the Intranet swap data after the described reduction of reception, the described Intranet swap data of buffer memory, then the Intranet swap data after buffer memory is pushed to described outer net data server.
Fig. 7 is that the present invention realizes that outer net is to the method flow diagram of the exchanges data of Intranet.With reference to Fig. 7, the method is based on data security switching system described above, and the method can comprise step:
The associated configuration of described intranet data crosspoint and intranet data server is set up in step S20, administration configuration unit, and the associated configuration of described outer net exchanges data unit and outer net data server, sets up the exchanges data task;
Step S21, described outer net exchanges data unit active obtaining outer net swap data carries out safety detection to described outer net swap data and processes, and the data that buffer memory is processed by safety detection are reduced to described outer net swap data with the data after buffer memory;
Step S22, described outer net exchanges data unit is by encrypted link, uses proprietary protocol to transmit outer net swap data after described reduction is processed;
Step S23, described intranet data crosspoint receive the outer net swap data after described reduction, and described outer net swap data is pushed to described intranet data server.
Preferably, step S23 can also be after the outer net swap data after the described reduction of reception, the described outer net swap data of buffer memory, then the outer net swap data after buffer memory is pushed to described intranet data server.
Fig. 8 is the flow chart of data security switching method of the present invention.In conjunction with Fig. 2, Fig. 4, Fig. 5 and shown in Figure 8, the method is based on the associated configuration of administration configuration unit 110 built vertical intranet data crosspoints 120 and intranet data server, on the basis of the associated configuration of outer net exchanges data unit 210 and outer net data server.
Wherein, carry out intranet data when exchange, namely when Intranet during to the outer net swap data, this flow process specifically comprises:
Step S100, interior network interface subelement 121 active obtaining Intranet swap datas, and send this Intranet swap data to first safety detection subelement 122, first this Intranet swap data of 122 pairs, safety detection subelement carries out safety detection to be processed, the data that to process by safety detection send the first buffer memory subelement 123 to;
The data that step S101, the first buffer memory subelement 123 buffer memorys are processed by safety detection, data after buffer memory are reduced to described Intranet swap data, and the Intranet swap data after reducing transmits the second buffer memory subelement 213 by the first ferry-boat subelement 124 and the second ferry-boat subelement 214;
The Intranet swap data that step S102, the second buffer memory subelement 213 buffer memorys receive by outer network interface subelement 211, is pushed to the outer net data server with the Intranet swap data after buffer memory.
When carrying out the outer net exchanges data, namely when outer net during to the Intranet swap data, this flow process specifically comprises:
Step S200, outer network interface subelement 211 active obtaining outer net swap datas, and this outer net swap data is sent into the second safety detection subelement 212, second this outer net swap data of 212 pairs, safety detection subelement carries out safety detection to be processed, data after safety detection is processed send the second buffer memory subelement 213 to;
The data that step S201, the second buffer memory subelement 213 buffer memorys are processed by safety detection, data after buffer memory are reduced to described outer net swap data, after reducing, the outer net swap data by the second ferry-boat subelement 214, the first ferry-boat subelement 124, sends the first buffer memory subelement 123 to;
The outer net swap data that step S202, the first buffer memory subelement 123 buffer memorys receive by interior network interface subelement 121, is pushed to the intranet data server with the outer net swap data after buffer memory.
Fig. 9 is another structured flowchart of data security switching system of the present invention.Compare with the structured flowchart of data security switching system shown in Figure 2, data security switching system shown in Figure 9 is on the basis of data security switching system shown in Figure 2, and intranet data Switching Module 100 also comprises: the first priority unit 130, Fisrt fault isolated location 140, the first breakpoint retransmission unit 150 and the first Load Balance Unit 160; Outer net data exchange module 200 also comprises: the second priority unit 220, the second Fault Isolation unit 230, the second breakpoint retransmission unit 240 and the second Load Balance Unit 250.
Wherein, the first priority unit 130 and the second priority unit 220, be configured for a plurality of priority of support to the business of access data security switching system, guarantee the business energy prioritised transmission that real-time is high, simultaneously the advanced tasks of access is dispatched, this scheduling comprises the task bandwidth scheduling, tasks carrying cycle, frequency scheduling;
Fisrt fault isolated location 140 and the second Fault Isolation unit 230 are used for the data exchange service of each operation is carried out independent start stop operation, so that during single traffic failure, do not affect the exchanges data of other business.When the business at intranet data Switching Module 100 places broke down, 140 pairs of these business of Fisrt fault isolated location were carried out independent start stop operation, and simultaneous instruction system discharges this task resource automatically, ensured that other tasks normally move; When the business at outer net data exchange module 200 places broke down, second this business of Fault Isolation 230 pairs of unit was carried out independent start stop operation, and simultaneous instruction system discharges this task resource automatically, ensured that other tasks normally move.
The first breakpoint retransmission unit 150 and the second breakpoint retransmission unit 240 are used in the situation that the switched data transmission accidental interruption, and when the assurance system is recovered, swap data retransmits or resumes, and the situation that swap data is lost do not occur.When outer net during to the Intranet swap data, when 110 pairs of administration configuration unit swap data carries out the statistical analysis processing, if interrupting appears in the transmission of swap data, the first breakpoint retransmission unit 150 records interrupt historical point and part swap data, send instruction to the second breakpoint retransmission unit 240, instruction outer net data exchange module 200 retransmits this swap data or resumes the breakpoint data.
The first Load Balance Unit 160 and the second Load Balance Unit 250, be used between the parallel data security switching system provided by the present invention of many covers, automatically allocating task load, when a sets of data security exchange system broke down, automaticallying switch by the first Load Balance Unit 160 and the second Load Balance Unit 250 was dispatched to other data security switching system.
Further, intranet data Switching Module 100 also can arrange the system journal memory cell, is used for the storage system daily record.
Further, intranet data Switching Module 100 also can arrange the log audit unit, is used for the user and operates audit, file synchronization audit, system journal audit, isomery log audit and database synchronization and audit.
Further, intranet data Switching Module 100 also can arrange the statistical report form unit, and the swap data that is used to administration configuration unit 110 statistical analyses to process provides graphical form.
Further, can dispose gateway between intranet data Switching Module 100 and outer net data exchange module 200.
Obviously, above-mentioned all functional units manage by administration configuration unit 110, are determined the startup of above-mentioned all functions unit or are closed by administration configuration unit 110, and the information of above-mentioned all functions unit all feeds back to administration configuration unit 110.
To the above-mentioned explanation of the disclosed embodiments, make this area professional and technical personnel can realize or use the present invention.Multiple modification to these embodiment will be apparent concerning those skilled in the art, and General Principle as defined herein can be in the situation that do not break away from the spirit or scope of the present invention, realization in other embodiments.Therefore, the present invention will can not be restricted to these embodiment shown in this article, but will meet the widest scope consistent with principle disclosed herein and features of novelty.

Claims (10)

1. data security switching system, it is characterized in that, comprise: be deployed in intranet data Switching Module and outer net data exchange module between Inside and outside network, described intranet data Switching Module is connected with Intranet, described outer net data exchange module is connected with outer net, described intranet data Switching Module is connected by encrypted link with described outer net data exchange module, described intranet data Switching Module comprises: administration configuration unit and intranet data crosspoint, and described outer net data exchange module comprises: outer net exchanges data unit;
Described administration configuration unit, be used for setting up the associated configuration of described intranet data crosspoint and intranet data server, realize monitoring to specific data in described intranet data server by network, and set up the associated configuration of described outer net exchanges data unit and outer net data server, realize monitoring to specific data in described outer net data server by network, set up the exchanges data task, with monitored data in described intranet data server, reach data binding monitored in described outer net data server in described exchanges data task;
Described intranet data crosspoint, be used for active obtaining Intranet swap data, described Intranet swap data is carried out safety detection to be processed, data after buffer memory is processed by safety detection, data after buffer memory are reduced to described Intranet swap data, the Intranet swap data after reduction is ferried to described outer net exchanges data unit; And the outer net swap data of the described outer net exchanges data of reception unit ferry-boat, and described outer net swap data is pushed to described intranet data server;
Described outer net exchanges data unit, be used for active obtaining outer net swap data, described outer net swap data is carried out safety detection to be processed, the data that buffer memory is processed by safety detection, data after buffer memory are reduced to described outer net swap data, the outer net swap data after reduction is ferried to described intranet data crosspoint; And receive the Intranet swap data that described intranet data crosspoint is ferried, and described Intranet swap data is pushed to described outer net data server.
2. data security switching system according to claim 1, is characterized in that, described administration configuration unit comprises:
The configuration subelement, be used for configuring the configuration information of described intranet data server and described outer net data server, set up respectively being connected of described intranet data crosspoint and described intranet data server, and being connected of described outer net exchanges data unit and described outer net data server;
The monitoring subelement is used for by network, described intranet data server specific data being monitored, and by network, specific data in described outer net data server is monitored; During monitored data change in described intranet data server, notify described intranet data crosspoint, so that described intranet data crosspoint active obtaining Intranet swap data, when reaching the monitored data change in described outer net data server, notify described outer net exchanges data unit, so that the described outer net swap data of described outer net exchanges data unit active obtaining;
Related subelement is used for setting up the exchanges data task, with monitored data in described intranet data server, reaches data binding monitored in described outer net data server in described exchanges data task;
The configuration information storing sub-units, for the configuration information of storing described data security switching system, described configuration information comprises the configuration information of described intranet data server and described outer net data server.
3. data security switching system according to claim 2, is characterized in that, described monitoring subelement comprises: trigger subelement and notice subelement;
Described trigger subelement, for the trigger that utilizes described intranet data server and described outer net data server to insert, monitor the specific data in described intranet data server and described outer net data server, when described trigger changes at described specific data, send data movement message to described notice subelement;
Described notice subelement, be used for receiving described data movement message, during monitored data change in described intranet data server, notify described intranet data crosspoint, so that described intranet data crosspoint active obtaining Intranet swap data, during monitored data change in described outer net data server, notify described outer net exchanges data unit, so that the described outer net swap data of described outer net exchanges data unit active obtaining.
4. data security switching system according to claim 1, is characterized in that, described intranet data crosspoint comprises: interior network interface subelement, the first safety detection subelement, the first buffer memory subelement and the first ferry-boat subelement;
Described interior network interface subelement, be used for connecting described intranet data server, active obtaining Intranet swap data, send described Intranet swap data to described the first safety detection subelement, and the outer net swap data that described intranet data crosspoint is received is pushed to described intranet data server;
Described the first safety detection subelement, being used for that the Intranet swap data that receives is carried out safety detection processes, described safety detection is processed the ICP/IP protocol that is specially the Intranet swap data of peeling off reception, the data of peeling off after TCP/IP are carried out the fine granularity format checking, depth content is filtered and checking and killing virus, will send by the data that safety detection is processed described the first buffer memory subelement to;
Described the first buffer memory subelement, be used for receiving the also data of described the first safety detection subelement transmission of buffer memory, data after buffer memory are reduced to described Intranet swap data, described reduction is specially carries out the ICP/IP protocol encapsulation to data after described buffer memory, sends the Intranet swap data after reduction to described the first ferry-boat subelement;
Described the first ferry-boat subelement is used for the Intranet swap data after described reduction, ferries to outer net exchanges data unit; And the outer net swap data of the described outer net exchanges data of reception unit ferry-boat, and send described outer net swap data to described interior network interface subelement.
5. data security switching system according to claim 1, is characterized in that, described outer net exchanges data unit comprises: outer network interface subelement, the second safety detection subelement, the second buffer memory subelement and the second ferry-boat subelement;
Described outer network interface subelement is used for connecting described outer net data server, and active obtaining outer net swap data sends described outer net swap data to described the second safety detection subelement; And the Intranet swap data of described outer net exchanges data unit reception is pushed to described outer net data server;
Described the second safety detection subelement, being used for that the outer net swap data that receives is carried out safety detection processes, described safety detection is processed the ICP/IP protocol that is specially the outer net swap data of peeling off reception, the data of peeling off after TCP/IP are carried out the fine granularity format checking, depth content is filtered and checking and killing virus, will send by the data that safety detection is processed described the second buffer memory subelement to;
Described the second buffer memory subelement, be used for receiving the also data of described the second safety detection subelement transmission of buffer memory, data after buffer memory are reduced to described outer net swap data, described reduction is specially carries out the ICP/IP protocol encapsulation to data after described buffer memory, sends the outer net swap data after reduction to described the second ferry-boat subelement;
Described the second ferry-boat subelement is used for the outer net swap data after described reduction, and ferry-boat is to described intranet data crosspoint; And receive the Intranet swap data that described intranet data crosspoint is ferried, and send described Intranet swap data to described outer network interface subelement.
6. data security switching system according to claim 1 and 2, is characterized in that, described administration configuration unit also comprises:
The statistical analysis subelement is used for statistical analysis is carried out in the system journal of described data security switching system.
7. data security switching system according to claim 1, it is characterized in that, described intranet data Switching Module also comprises: the first priority unit, the Fisrt fault isolated location, the first breakpoint retransmission unit and the first Load Balance Unit, described outer net data exchange module also comprises: the second priority unit, the second Fault Isolation unit, the second breakpoint retransmission unit and the second Load Balance Unit;
Described the first priority unit and described the second priority unit are used in conjunction with, be used for a plurality of priority of the data exchange service of access data security switching system are configured, guarantee the high data exchange service prioritised transmission of real-time, simultaneously the high-level data reciprocal exchange of business of access is dispatched;
Described Fisrt fault isolated location and described the second Fault Isolation unit matching are used, and are used for the data exchange service of independent each operation of start and stop, so that during individual data reciprocal exchange of business fault, do not affect the exchanges data of other data exchange services;
Described the first breakpoint retransmission unit and described the second breakpoint retransmission unit are used in conjunction with, and are used in the situation that the switched data transmission accidental interruption, and when the assurance system is recovered, swap data retransmits or resumes;
Described the first Load Balance Unit and described the second Load Balance Unit are used in conjunction with, and are used between the parallel described data security switching system of many covers allocating task load automatically.
8. a data security switching method, is characterized in that, described method is based on the described data security switching system of claim 1-7 any one, and described method comprises step:
The associated configuration of intranet data crosspoint and intranet data server is set up in A, administration configuration unit, and the associated configuration of outer net exchanges data unit and outer net data server, sets up the exchanges data task;
B, described intranet data crosspoint active obtaining Intranet swap data carry out safety detection to described Intranet swap data and process, and the data that buffer memory is processed by safety detection are reduced to described Intranet swap data with the data after buffer memory;
C, described intranet data crosspoint use the Intranet swap data after proprietary protocol transmits described reduction by encrypted link;
Intranet swap data after D, the described reduction of described outer net exchanges data unit reception is pushed to described outer net data server with described Intranet swap data.
9. data security switching method according to claim 8, it is characterized in that, described steps A is specially: the configuration information that configures described intranet data server and described outer net data server, set up being connected of described intranet data crosspoint and described intranet data server, realize monitoring to specific data in described intranet data server by network, and set up being connected of described outer net exchanges data unit and described outer net data server, realize monitoring to specific data in described outer net data server by network, set up the exchanges data task, with monitored data in described intranet data server, reach data binding monitored in described outer net data server in described exchanges data task.
10. a data security switching method, is characterized in that, described method is based on the described data security switching system of claim 1-7 any one, and described method comprises step:
The associated configuration of intranet data crosspoint and intranet data server is set up in a, administration configuration unit, and the associated configuration of outer net exchanges data unit and outer net data server, sets up the exchanges data task;
B, described outer net exchanges data unit active obtaining outer net swap data carries out safety detection to described outer net swap data and processes, and the data that buffer memory is processed by safety detection are reduced to described outer net swap data with the data after buffer memory;
C, described outer net exchanges data unit uses the outer net swap data after proprietary protocol transmits described reduction by encrypted link;
D, described intranet data crosspoint receive the outer net swap data after described reduction, and described outer net swap data is pushed to described intranet data server.
CN201110421868.5A 2011-12-15 2011-12-15 A kind of data security switching system and method Active CN103166933B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201110421868.5A CN103166933B (en) 2011-12-15 2011-12-15 A kind of data security switching system and method

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201110421868.5A CN103166933B (en) 2011-12-15 2011-12-15 A kind of data security switching system and method

Publications (2)

Publication Number Publication Date
CN103166933A true CN103166933A (en) 2013-06-19
CN103166933B CN103166933B (en) 2015-08-19

Family

ID=48589679

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201110421868.5A Active CN103166933B (en) 2011-12-15 2011-12-15 A kind of data security switching system and method

Country Status (1)

Country Link
CN (1) CN103166933B (en)

Cited By (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104036347A (en) * 2014-05-30 2014-09-10 国家电网公司 Enterprise-level multi-path information content management system and method
CN104270344A (en) * 2014-09-12 2015-01-07 北京天行网安信息技术有限责任公司 Quintillion gatekeeper
CN104486289A (en) * 2014-10-30 2015-04-01 中国人民解放军信息工程大学 Data one-way transmission method and system
CN104780215A (en) * 2015-04-21 2015-07-15 广州多益网络科技有限公司 File transfer system and method thereof
CN104967760A (en) * 2014-10-17 2015-10-07 北京宇航系统工程研究所 A Digital Facsimile System Automatically Transitioning Between Physically Isolated Networks
CN105141599A (en) * 2015-08-17 2015-12-09 山东超越数控电子有限公司 Multi-chip network encryption system based on physical isolation
CN105208043A (en) * 2015-10-13 2015-12-30 网易(杭州)网络有限公司 Outer network agent module, inner network agent module and data transmitting method and system
CN105516094A (en) * 2015-11-27 2016-04-20 蓝网科技股份有限公司 Industrial computer based internal-external network data exchange method and apparatus
CN105991520A (en) * 2015-01-29 2016-10-05 朗新科技股份有限公司 Inner/outer network interaction method and system
CN106060065A (en) * 2016-06-28 2016-10-26 山东中磁视讯股份有限公司 Communication system and method for use in restricted network environment
CN106067902A (en) * 2016-07-26 2016-11-02 中国南方电网有限责任公司信息中心 A kind of data transmit-receive control system based on message mechanism and method
CN106302532A (en) * 2016-09-30 2017-01-04 广州特道信息科技有限公司 Data boundary safety detecting system
CN106330963A (en) * 2016-10-11 2017-01-11 江苏电力信息技术有限公司 Cross-network multi-node log collecting method
CN106936780A (en) * 2015-12-30 2017-07-07 北京明朝万达科技股份有限公司 A kind of method for monitoring network and system
CN107800713A (en) * 2017-11-10 2018-03-13 北京明朝万达科技股份有限公司 The secure exchange method and system of data between a kind of net
CN107948169A (en) * 2017-11-29 2018-04-20 成都东方盛行电子有限责任公司 A kind of network interconnection system and method based on proprietary protocol communication
CN108109625A (en) * 2017-12-21 2018-06-01 北京华夏电通科技有限公司 Mobile phone speech identifies intranet and extranet Transmission system and method
CN108228318A (en) * 2017-12-29 2018-06-29 上海优刻得信息科技有限公司 Method, host, system and the storage medium that cloud container communicates with managing device
CN108270590A (en) * 2016-12-30 2018-07-10 上海申铁杰能信息科技有限公司 A kind of high security network communication system for railway equipment maintenance management
CN109120647A (en) * 2018-10-31 2019-01-01 武汉光谷联众大数据技术有限责任公司 A kind of security exchange system
CN110049139A (en) * 2019-05-05 2019-07-23 广东电网有限责任公司 A kind of service broker's forwarding service system
CN111541718A (en) * 2020-05-15 2020-08-14 国家电网有限公司 Internal and external network interaction method and system of power terminal and data transmission method
CN111917584A (en) * 2020-08-04 2020-11-10 中科信安(深圳)信息技术有限公司 Data security exchange system and heterogeneous data conversion method
CN111935070A (en) * 2020-06-18 2020-11-13 云南电网有限责任公司信息中心 Data security exchange system and method based on automatic arrangement
CN112243026A (en) * 2020-09-25 2021-01-19 中国铁道科学研究院集团有限公司 Railway data interaction system and method
CN112468571A (en) * 2020-11-24 2021-03-09 中国联合网络通信集团有限公司 Intranet and extranet data synchronization method and device, electronic equipment and storage medium
CN112862606A (en) * 2019-11-28 2021-05-28 中国电力科学研究院有限公司 Electric power transaction high-concurrency data reporting method and system
CN113114622A (en) * 2021-03-08 2021-07-13 北京世纪安图数码科技发展有限责任公司 Real estate registration multi-source heterogeneous data exchange method
CN113110354A (en) * 2021-04-29 2021-07-13 中国信息通信研究院 Ferry-based industrial data security system and method
CN114039788A (en) * 2021-11-15 2022-02-11 绿盟科技集团股份有限公司 Strategy transmission method, network gate system, electronic equipment and storage medium
CN114095184A (en) * 2020-07-15 2022-02-25 中国航发上海商用航空发动机制造有限责任公司 Data transmission system and transmission method thereof
CN114520745A (en) * 2022-04-15 2022-05-20 北京全路通信信号研究设计院集团有限公司 Method and system for controlling read-write permission to realize data safety ferry and electronic equipment
CN116707943A (en) * 2023-06-26 2023-09-05 中银金融科技有限公司 a data exchange system
CN118740432A (en) * 2024-06-12 2024-10-01 中北大学 A data security exchange system based on the Internet of Things

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110324319A (en) * 2019-06-11 2019-10-11 福建亿安智能技术有限公司 A kind of network data security management-control method based on one-way transmission

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030079009A1 (en) * 2001-09-10 2003-04-24 Ricoh Company, Ltd. Gatekeeper apparatus and communication system
CN101286978A (en) * 2008-05-22 2008-10-15 上海交通大学 Semantic complete TCP connection isolation and control method and system
US20090059784A1 (en) * 2002-09-19 2009-03-05 At&T Intellectual Property I, L.P. Data and voice messaging system
CN101645876A (en) * 2008-08-04 2010-02-10 中国测绘科学研究院 Automatic network switching method and system
CN102006307A (en) * 2010-12-16 2011-04-06 中国电子科技集团公司第三十研究所 Application proxy-based network management system isolation control device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20030079009A1 (en) * 2001-09-10 2003-04-24 Ricoh Company, Ltd. Gatekeeper apparatus and communication system
US20090059784A1 (en) * 2002-09-19 2009-03-05 At&T Intellectual Property I, L.P. Data and voice messaging system
CN101286978A (en) * 2008-05-22 2008-10-15 上海交通大学 Semantic complete TCP connection isolation and control method and system
CN101645876A (en) * 2008-08-04 2010-02-10 中国测绘科学研究院 Automatic network switching method and system
CN102006307A (en) * 2010-12-16 2011-04-06 中国电子科技集团公司第三十研究所 Application proxy-based network management system isolation control device

Cited By (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104036347A (en) * 2014-05-30 2014-09-10 国家电网公司 Enterprise-level multi-path information content management system and method
CN104270344A (en) * 2014-09-12 2015-01-07 北京天行网安信息技术有限责任公司 Quintillion gatekeeper
CN104270344B (en) * 2014-09-12 2018-05-11 北京天行网安信息技术有限责任公司 10000000000 gateways
CN104967760B (en) * 2014-10-17 2018-07-06 北京宇航系统工程研究所 A kind of digital facsimile system of the operation of the automatic ferry between network is physically isolated
CN104967760A (en) * 2014-10-17 2015-10-07 北京宇航系统工程研究所 A Digital Facsimile System Automatically Transitioning Between Physically Isolated Networks
CN104486289A (en) * 2014-10-30 2015-04-01 中国人民解放军信息工程大学 Data one-way transmission method and system
CN104486289B (en) * 2014-10-30 2017-09-29 中国人民解放军信息工程大学 Data unidirectional transmission method and system
CN105991520A (en) * 2015-01-29 2016-10-05 朗新科技股份有限公司 Inner/outer network interaction method and system
CN104780215A (en) * 2015-04-21 2015-07-15 广州多益网络科技有限公司 File transfer system and method thereof
CN105141599A (en) * 2015-08-17 2015-12-09 山东超越数控电子有限公司 Multi-chip network encryption system based on physical isolation
CN105208043A (en) * 2015-10-13 2015-12-30 网易(杭州)网络有限公司 Outer network agent module, inner network agent module and data transmitting method and system
CN105208043B (en) * 2015-10-13 2019-02-12 网易(杭州)网络有限公司 Outer net proxy module, Intranet proxy module, data transmission method and system
CN105516094A (en) * 2015-11-27 2016-04-20 蓝网科技股份有限公司 Industrial computer based internal-external network data exchange method and apparatus
CN106936780B (en) * 2015-12-30 2019-06-11 北京明朝万达科技股份有限公司 A kind of method for monitoring network and system
CN106936780A (en) * 2015-12-30 2017-07-07 北京明朝万达科技股份有限公司 A kind of method for monitoring network and system
CN106060065A (en) * 2016-06-28 2016-10-26 山东中磁视讯股份有限公司 Communication system and method for use in restricted network environment
CN106067902A (en) * 2016-07-26 2016-11-02 中国南方电网有限责任公司信息中心 A kind of data transmit-receive control system based on message mechanism and method
CN106302532A (en) * 2016-09-30 2017-01-04 广州特道信息科技有限公司 Data boundary safety detecting system
CN106330963A (en) * 2016-10-11 2017-01-11 江苏电力信息技术有限公司 Cross-network multi-node log collecting method
CN108270590A (en) * 2016-12-30 2018-07-10 上海申铁杰能信息科技有限公司 A kind of high security network communication system for railway equipment maintenance management
CN108270590B (en) * 2016-12-30 2024-06-04 上海申铁杰能信息科技有限公司 High-safety network communication system for railway equipment maintenance management
CN107800713A (en) * 2017-11-10 2018-03-13 北京明朝万达科技股份有限公司 The secure exchange method and system of data between a kind of net
CN107948169A (en) * 2017-11-29 2018-04-20 成都东方盛行电子有限责任公司 A kind of network interconnection system and method based on proprietary protocol communication
CN108109625A (en) * 2017-12-21 2018-06-01 北京华夏电通科技有限公司 Mobile phone speech identifies intranet and extranet Transmission system and method
CN108228318A (en) * 2017-12-29 2018-06-29 上海优刻得信息科技有限公司 Method, host, system and the storage medium that cloud container communicates with managing device
CN109120647A (en) * 2018-10-31 2019-01-01 武汉光谷联众大数据技术有限责任公司 A kind of security exchange system
CN110049139A (en) * 2019-05-05 2019-07-23 广东电网有限责任公司 A kind of service broker's forwarding service system
CN110049139B (en) * 2019-05-05 2022-06-14 广东电网有限责任公司 Service proxy forwarding service system
CN112862606A (en) * 2019-11-28 2021-05-28 中国电力科学研究院有限公司 Electric power transaction high-concurrency data reporting method and system
CN111541718B (en) * 2020-05-15 2022-02-08 国家电网有限公司 Internal and external network interaction method and system of power terminal and data transmission method
CN111541718A (en) * 2020-05-15 2020-08-14 国家电网有限公司 Internal and external network interaction method and system of power terminal and data transmission method
CN111935070A (en) * 2020-06-18 2020-11-13 云南电网有限责任公司信息中心 Data security exchange system and method based on automatic arrangement
CN114095184A (en) * 2020-07-15 2022-02-25 中国航发上海商用航空发动机制造有限责任公司 Data transmission system and transmission method thereof
CN111917584B (en) * 2020-08-04 2023-04-21 中科信安(深圳)信息技术有限公司 Data security exchange system and heterogeneous data conversion method
CN111917584A (en) * 2020-08-04 2020-11-10 中科信安(深圳)信息技术有限公司 Data security exchange system and heterogeneous data conversion method
CN112243026A (en) * 2020-09-25 2021-01-19 中国铁道科学研究院集团有限公司 Railway data interaction system and method
CN112468571B (en) * 2020-11-24 2022-02-01 中国联合网络通信集团有限公司 Intranet and extranet data synchronization method and device, electronic equipment and storage medium
CN112468571A (en) * 2020-11-24 2021-03-09 中国联合网络通信集团有限公司 Intranet and extranet data synchronization method and device, electronic equipment and storage medium
CN113114622A (en) * 2021-03-08 2021-07-13 北京世纪安图数码科技发展有限责任公司 Real estate registration multi-source heterogeneous data exchange method
CN113110354A (en) * 2021-04-29 2021-07-13 中国信息通信研究院 Ferry-based industrial data security system and method
CN114039788A (en) * 2021-11-15 2022-02-11 绿盟科技集团股份有限公司 Strategy transmission method, network gate system, electronic equipment and storage medium
CN114039788B (en) * 2021-11-15 2023-05-26 绿盟科技集团股份有限公司 Policy transmission method, gateway system, electronic equipment and storage medium
CN114520745A (en) * 2022-04-15 2022-05-20 北京全路通信信号研究设计院集团有限公司 Method and system for controlling read-write permission to realize data safety ferry and electronic equipment
CN114520745B (en) * 2022-04-15 2022-08-09 北京全路通信信号研究设计院集团有限公司 Method and system for controlling read-write permission to realize data safety ferry and electronic equipment
CN116707943A (en) * 2023-06-26 2023-09-05 中银金融科技有限公司 a data exchange system
CN118740432A (en) * 2024-06-12 2024-10-01 中北大学 A data security exchange system based on the Internet of Things

Also Published As

Publication number Publication date
CN103166933B (en) 2015-08-19

Similar Documents

Publication Publication Date Title
CN103166933A (en) System and method for data safe exchange
Rehmani et al. Software defined networks-based smart grid communication: A comprehensive survey
CN105359459B (en) A method, device and system for realizing virtualized network management
CN112817791B (en) Mobile terminal monitoring method for working face cluster mining state
CN109379217B (en) A kind of different producer's arranging service device of Metropolitan Area Network (MAN)
CN103973476A (en) Gateway, and gateway hot backup system and method
US12298994B2 (en) Raw/sanitized data modeling
CN104468648A (en) Data processing system and method
CN106412061A (en) Linux-based log folder remote transmission system
US20190372352A1 (en) Method and device for controlling solar energy system, central controller and solar energy system
CN115460051A (en) Equipment linkage model configuration method based on industry Internet of things scene
CN102820993A (en) Network resource monitoring system and network resource monitoring method
CN105376305B (en) A kind of system for cloud computing Intelligent disaster recovery system
US12425887B2 (en) Preplanned site swap
CN102083091A (en) Network management alarm managing method and system, and alarm collecting server
CN107247648A (en) Method, the apparatus and system of remote items system supervisory are realized based on Docker
US20250168062A1 (en) Real-time inventory for cloud network resources
CN108183945A (en) Civil air defense constructions and installations device intelligence management system based on technology of Internet of things
CN110809262B (en) A method for operation and maintenance management of Internet of things equipment based on COAP protocol
US20090225756A1 (en) Information transmission system
CN103096361B (en) The exchange method of performance statistic and device in a kind of wireless local area network (WLAN) system
CN112653569A (en) Equipment management method, device and system
CN103929455A (en) Asynchronous file transmission system and method comprising network storage equipment
CN115484208A (en) Distributed drainage system and method based on cloud security resource pool
CN108012242B (en) Early warning short message issuing system and method compatible with operator interface

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant
CP01 Change in the name or title of a patent holder

Address after: 100084 No. 2 Building 2A201, 202, No. 1 Yuan, Nongda South Road, Haidian District, Beijing

Patentee after: TOLS TIANXIANG NET AN INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 100084 No. 2 Building 2A201, 202, No. 1 Yuan, Nongda South Road, Haidian District, Beijing

Patentee before: BEIJING TOPWALK INFORMATION TECHNOLOGY Co.,Ltd.

CP01 Change in the name or title of a patent holder
CP02 Change in the address of a patent holder

Address after: 100096 101, 1st to 7th floors, Building 3, Yard 6, Jianfeng Road (South Extension), Haidian District, Beijing

Patentee after: TOLS TIANXIANG NET AN INFORMATION TECHNOLOGY Co.,Ltd.

Address before: 100084 2a201, 202, building 2, yard 1, Nongda South Road, Haidian District, Beijing

Patentee before: TOLS TIANXIANG NET AN INFORMATION TECHNOLOGY Co.,Ltd.

CP02 Change in the address of a patent holder