[go: up one dir, main page]

CN112261053A - Network gate system communication method based on embedded multi-core processing mode - Google Patents

Network gate system communication method based on embedded multi-core processing mode Download PDF

Info

Publication number
CN112261053A
CN112261053A CN202011148034.7A CN202011148034A CN112261053A CN 112261053 A CN112261053 A CN 112261053A CN 202011148034 A CN202011148034 A CN 202011148034A CN 112261053 A CN112261053 A CN 112261053A
Authority
CN
China
Prior art keywords
data
file
external network
intranet
communication method
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011148034.7A
Other languages
Chinese (zh)
Inventor
袁彩霞
童璐
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Hangzhou Ben Wave Information Technology Co ltd
Original Assignee
Hangzhou Ben Wave Information Technology Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Hangzhou Ben Wave Information Technology Co ltd filed Critical Hangzhou Ben Wave Information Technology Co ltd
Priority to CN202011148034.7A priority Critical patent/CN112261053A/en
Publication of CN112261053A publication Critical patent/CN112261053A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/0227Filtering policies
    • H04L63/0236Filtering by address, protocol, port number or service, e.g. IP-address or URL
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/06Protocols specially adapted for file transfer, e.g. file transfer protocol [FTP]

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)
  • Computer And Data Communications (AREA)

Abstract

The invention discloses a gatekeeper system communication method based on an embedded multi-core processing mode, which comprises the following steps: the method comprises the steps that data are input into an external network and then are transmitted into the external network through a gateway system, an external network client in the external network receives the data, when an external network user needs to transmit an office file, the file is transmitted into a file conversion system through the external client, and the file is converted after the file conversion system receives the file; according to the invention, the intranet filtering host is used, so that important information in the intranet can not be transmitted to the outer network due to manual negligence, and the information safety of the intranet is further protected; the invention sets the document conversion program by using the file conversion system, thereby eliminating virus programs in the document and further protecting the data security of intranet users.

Description

Network gate system communication method based on embedded multi-core processing mode
Technical Field
The invention relates to the technical field of network security equipment, in particular to a gatekeeper system communication method based on an embedded multi-core processing mode.
Background
The network gate is an information safety device which uses a solid-state switch read-write medium with multiple control functions to connect two independent host systems. Because two independent host systems are isolated through the gatekeeper, physical connection, logical connection and information transmission protocols for communication do not exist between the systems, information exchange does not exist according to the protocols, and only non-protocol ferry is performed in a data file form, but the existing gatekeeper system communication device has many problems or defects:
in the existing network gate system, after receiving data, an intranet user manually screens and sets the data, and the data processing in the manner depends on the human level to ensure the data security of the intranet, so that the data contains virus data which cannot be manually detected, and the data security of the intranet has certain hidden danger; in the existing network gate system, when an intranet user transmits data to an external network, the data and information in the intranet can be leaked, so that the information safety of the intranet cannot be guaranteed; data transmitted in the existing gatekeeper system contains office files, the files contain data of users in the intranet read by virus files, and workers can generate negligence and undetected conditions on the office files, so that the information safety of the intranet is influenced.
Disclosure of Invention
The present invention is directed to solve the problems in the background art and provides a gatekeeper system communication method based on an embedded multi-core processing mode, which includes the following steps:
s1, the user of the external network uses the client of the external network to input the data into the external network;
s2, the data are processed by the external network filtering host, the data are audited and IP detected by the external network filtering host, and then the audited and detected data are sorted and packaged by the external network filtering host;
s3, the external network filtering host transmits the filtered data to the gateway system through data transmission;
s4, the gatekeeper system transmits the processed data to an intranet, the intranet is distributed to a specified intranet client, and the intranet client performs simple manual review on the data and then uses the data;
s5, when the internal network needs to transmit external information, the internal network firstly detects and audits the manual audit check data;
s6, after the data after manual review is sorted, the data are transmitted to an intranet filtering host;
s7, after receiving the arranged data, the internal network filtering host searches and eliminates the IP address and the user information of the data, then arranges the data and transmits the data to the gateway system;
s8, after receiving the arranged data, the network gate system transmits the data to the external network through data transmission, and an external network client in the external network receives the data;
s9, when the user of the external network needs to transmit the office file, the file is transmitted to the file conversion system through the external client;
and S10, after the file conversion system receives the file, converting the picture or format of the file, converting data in the file, and then arranging and sending the processed file to the intranet client.
Preferably, the data in S1 includes various data such as document content, delivery information, package metadata, and the like.
Preferably, when the data is processed by the extranet filtering host in S2, the content and the IP address in the data are detected, and a trusted IP is set, and the trusted IP can continue to be transmitted through the extranet filtering host, while the untrusted IP and the data with the virus are eliminated by the extranet filtering host.
Preferably, the data transmission in S3 completely complies with the information transmission protocol for transmission.
Preferably, the gateway in S4 transmits data transmitted according to the information transmission protocol to the intranet.
Preferably, the manual review in S5 strictly follows the OA/BPM review procedure.
Preferably, the data transmission after the manual review in S6 completely complies with the information transmission protocol for transmission.
Preferably, the S7 will clear the key program information from the intranet user and arrange the program information to be transmitted to the gatekeeper system according to the information transmission protocol.
Preferably, the transmission of the files and data in S8 and S9 completely complies with the information transmission protocol.
Preferably, in S10, the file conversion system performs picture conversion or program conversion on the file.
Compared with the prior art, the invention has the beneficial effects that:
(1) according to the invention, the external network filtering host is used, the program is set for screening, the trust option is set when external data is received, the transmission is refused without knowing the source, the IP retrieval is carried out, and the transmission is refused by an abnormal IP address, so that the safety of the external network data can be ensured not only by manually checking the data when the external network data enters the internal network, and the internal network is safer;
(2) according to the invention, the intranet filtering host is used, the data output screening program is set, and the information is erased or returned under the condition of outputting intranet information, so that important information in the intranet is not transmitted to the outer network due to manual negligence, and the information safety of the intranet is further protected;
(3) the invention sets the document conversion program by using the file conversion system, and converts the data in the document into pictures or other forms, thereby eliminating virus programs in the document and further protecting the data security of intranet users.
Drawings
Fig. 1 is a flow chart of a communication method of the present invention.
Detailed Description
The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Example 1
A communication method of a gatekeeper system based on an embedded multi-core processing mode comprises the following steps:
s1, the user of the external network uses the client of the external network to input the data into the external network;
s2, the data are processed by the external network filtering host, the data are audited and IP detected by the external network filtering host, and then the audited and detected data are sorted and packaged by the external network filtering host;
s3, the external network filtering host transmits the filtered data to the gateway system through data transmission;
s4, the gatekeeper system transmits the processed data to an intranet, the intranet is distributed to a specified intranet client, and the intranet client performs simple manual review on the data and then uses the data;
s5, when the internal network needs to transmit external information, the internal network firstly detects and audits the manual audit check data;
s6, after the data after manual review is sorted, the data are transmitted to an intranet filtering host;
s7, after receiving the arranged data, the internal network filtering host searches and eliminates the IP address and the user information of the data, then arranges the data and transmits the data to the gateway system;
and S8, after receiving the sorted data, the network gate system transmits the data to the external network through data transmission, and the external network client in the external network receives the data.
The data in S1 includes various data such as file content, delivery information, package metadata, and the like.
When the data is processed by the extranet filtering host in S2, the content and the IP address in the data are detected, and a trusted IP is set, and the trusted IP can continue to be transmitted through the extranet filtering host, while the untrusted IP and the data with the virus are eliminated by the extranet filtering host.
The data transmission in the S3 completely complies with the information transmission protocol for transmission.
The gateway in S4 transmits data transmitted according to the information transmission protocol to the intranet.
And in the S5, the manual review strictly follows the OA/BPM review process.
The data transmission after the manual review in S6 completely complies with the information transmission protocol for transmission.
The S7 will clear the key program information from the intranet user and arrange it for transmission to the gatekeeper system according to the information transmission protocol.
The transmission of the S8 data complies with the information transfer protocol for transmission.
The system communication method comprises the steps that data of an external network is transmitted to an internal network, and information of the internal network is transmitted to the external network, so that the data transmission is safer.
Example 2
A communication method of a gatekeeper system based on an embedded multi-core processing mode comprises the following steps: s1, the user of the external network uses the client of the external network to input the data into the external network;
s1, the user of the external network uses the client of the external network to input the data into the external network;
s2, the data are processed by the external network filtering host, the data are audited and IP detected by the external network filtering host, and then the audited and detected data are sorted and packaged by the external network filtering host;
s3, the external network filtering host transmits the filtered data to the gateway system through data transmission;
s4, the gatekeeper system transmits the processed data to an intranet, the intranet is distributed to a specified intranet client, and the intranet client performs simple manual review on the data and then uses the data;
s5, when the internal network needs to transmit external information, the internal network firstly detects and audits the manual audit check data;
s6, after the data after manual review is sorted, the data are transmitted to an intranet filtering host;
s7, after receiving the arranged data, the internal network filtering host searches and eliminates the IP address and the user information of the data, then arranges the data and transmits the data to the gateway system;
s8, after receiving the arranged data, the network gate system transmits the data to the external network through data transmission, and an external network client in the external network receives the data;
s9, when the user of the external network needs to transmit the office file, the file is transmitted to the file conversion system through the external client;
and S10, after the file conversion system receives the file, converting the picture or format of the file, converting data in the file, and then arranging and sending the processed file to the intranet client.
The data in S1 includes various data such as file content, delivery information, package metadata, and the like.
When the data is processed by the extranet filtering host in S2, the content and the IP address in the data are detected, and a trusted IP is set, and the trusted IP can continue to be transmitted through the extranet filtering host, while the untrusted IP and the data with the virus are eliminated by the extranet filtering host.
The data transmission in the S3 completely complies with the information transmission protocol for transmission.
The gateway in S4 transmits data transmitted according to the information transmission protocol to the intranet.
And in the S5, the manual review strictly follows the OA/BPM review process.
The data transmission after the manual review in S6 completely complies with the information transmission protocol for transmission.
The S7 will clear the key program information from the intranet user and arrange it for transmission to the gatekeeper system according to the information transmission protocol.
The transmission of the files and data in S8 and S9 completely complies with the information transmission protocol.
In S10, the file conversion system converts the file into a picture or a program.
The system communication method comprises the transmission of both data and files, and the transmission of the files is safer.
It will be evident to those skilled in the art that the invention is not limited to the details of the foregoing illustrative embodiments, and that the present invention may be embodied in other specific forms without departing from the spirit or essential attributes thereof. The present embodiments are therefore to be considered in all respects as illustrative and not restrictive, the scope of the invention being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.

Claims (10)

1. A gatekeeper system communication method based on an embedded multi-core processing mode is characterized in that: the gatekeeper system communication method based on the embedded multi-core processing mode comprises the following steps:
s1, the user of the external network uses the client of the external network to input the data into the external network;
s2, the data are processed by the external network filtering host, the data are audited and IP detected by the external network filtering host, and then the audited and detected data are sorted and packaged by the external network filtering host;
s3, the external network filtering host transmits the filtered data to the gateway system through data transmission;
s4, the gatekeeper system transmits the processed data to an intranet, the intranet is distributed to a specified intranet client, and the intranet client performs simple manual review on the data and then uses the data;
s5, when the internal network needs to transmit external information, the internal network firstly detects and audits the manual audit check data;
s6, after the data after manual review is sorted, the data are transmitted to an intranet filtering host;
s7, after receiving the arranged data, the internal network filtering host searches and eliminates the IP address and the user information of the data, then arranges the data and transmits the data to the gateway system;
s8, after receiving the arranged data, the network gate system transmits the data to the external network through data transmission, and an external network client in the external network receives the data;
s9, when the user of the external network needs to transmit the office file, the file is transmitted to the file conversion system through the external client;
and S10, after the file conversion system receives the file, converting the picture or format of the file, converting data in the file, and then arranging and sending the processed file to the intranet client.
2. The communication method of the gatekeeper system based on the embedded multi-core processing mode according to claim 1, wherein: the data in S1 includes various data such as file content, delivery information, package metadata, and the like.
3. The communication method of the gatekeeper system based on the embedded multi-core processing mode according to claim 1, wherein: when the data is processed by the extranet filtering host in S2, the content and the IP address in the data are detected, and a trusted IP is set, and the trusted IP can continue to be transmitted through the extranet filtering host, while the untrusted IP and the data with the virus are eliminated by the extranet filtering host.
4. The communication method of the gatekeeper system based on the embedded multi-core processing mode according to claim 1, wherein: the data transmission in the S3 completely complies with the information transmission protocol for transmission.
5. The communication method of the gatekeeper system based on the embedded multi-core processing mode according to claim 1, wherein: the gateway in S4 transmits data transmitted according to the information transmission protocol to the intranet.
6. The communication method of the gatekeeper system based on the embedded multi-core processing mode according to claim 1, wherein: and in the S5, the manual review strictly follows the OA/BPM review process.
7. The communication method of the gatekeeper system based on the embedded multi-core processing mode according to claim 1, wherein: the data transmission after the manual review in S6 completely complies with the information transmission protocol for transmission.
8. The communication method of the gatekeeper system based on the embedded multi-core processing mode according to claim 1, wherein: the S7 will clear the key program information from the intranet user and arrange it for transmission to the gatekeeper system according to the information transmission protocol.
9. The communication method of the gatekeeper system based on the embedded multi-core processing mode according to claim 1, wherein: the transmission of the files and data in S8 and S9 completely complies with the information transmission protocol.
10. The communication method of the gatekeeper system based on the embedded multi-core processing mode according to claim 1, wherein: in S10, the file conversion system converts the file into a picture or a program.
CN202011148034.7A 2020-10-23 2020-10-23 Network gate system communication method based on embedded multi-core processing mode Pending CN112261053A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011148034.7A CN112261053A (en) 2020-10-23 2020-10-23 Network gate system communication method based on embedded multi-core processing mode

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011148034.7A CN112261053A (en) 2020-10-23 2020-10-23 Network gate system communication method based on embedded multi-core processing mode

Publications (1)

Publication Number Publication Date
CN112261053A true CN112261053A (en) 2021-01-22

Family

ID=74261076

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011148034.7A Pending CN112261053A (en) 2020-10-23 2020-10-23 Network gate system communication method based on embedded multi-core processing mode

Country Status (1)

Country Link
CN (1) CN112261053A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113114622A (en) * 2021-03-08 2021-07-13 北京世纪安图数码科技发展有限责任公司 Real estate registration multi-source heterogeneous data exchange method
CN113271301A (en) * 2021-05-12 2021-08-17 大连交通大学 Network gate system communication method based on embedded multi-core processing mode
CN113472801A (en) * 2021-07-12 2021-10-01 中国人民解放军陆军勤务学院 Physically isolated network communication method and module

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105635079A (en) * 2014-11-11 2016-06-01 无锡清杨机械制造有限公司 Network isolation gap data exchange system
CN105656883A (en) * 2015-12-25 2016-06-08 冶金自动化研究设计院 Unidirectional transmission internal and external network secure isolating gateway applicable to industrial control network
CN109587119A (en) * 2018-11-13 2019-04-05 中国人民解放军国防科技大学 Data transmission system and method

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN105635079A (en) * 2014-11-11 2016-06-01 无锡清杨机械制造有限公司 Network isolation gap data exchange system
CN105656883A (en) * 2015-12-25 2016-06-08 冶金自动化研究设计院 Unidirectional transmission internal and external network secure isolating gateway applicable to industrial control network
CN109587119A (en) * 2018-11-13 2019-04-05 中国人民解放军国防科技大学 Data transmission system and method

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
寇磊等: "多用户并发方式的网闸实验系统设计", 《四川大学学报(自然科学版)》 *
张友能: "基于网闸技术的网络安全研究", 《通信技术》 *

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN113114622A (en) * 2021-03-08 2021-07-13 北京世纪安图数码科技发展有限责任公司 Real estate registration multi-source heterogeneous data exchange method
CN113271301A (en) * 2021-05-12 2021-08-17 大连交通大学 Network gate system communication method based on embedded multi-core processing mode
CN113271301B (en) * 2021-05-12 2023-04-25 大连交通大学 Communication method of network gate system based on embedded multi-core processing mode
CN113472801A (en) * 2021-07-12 2021-10-01 中国人民解放军陆军勤务学院 Physically isolated network communication method and module
CN113472801B (en) * 2021-07-12 2022-10-14 中国人民解放军陆军勤务学院 Physically isolated network communication method and module

Similar Documents

Publication Publication Date Title
CN111066008B (en) Method and device for protecting KVM matrix
CN112261053A (en) Network gate system communication method based on embedded multi-core processing mode
US5822303A (en) Repeaters for secure local area networks
US20090064326A1 (en) Method and a system for advanced content security in computer networks
CN116760566B (en) Data transmission method, system, first end, intermediate network device and control device
US7096497B2 (en) File checking using remote signing authority via a network
CN103139058A (en) Internet of things security access gateway
CN105656883A (en) Unidirectional transmission internal and external network secure isolating gateway applicable to industrial control network
US7216233B1 (en) Apparatus, methods, and computer program products for filtering information
JP2005229573A (en) Network security system and operation method thereof
JP2002533792A (en) Method and system for protecting the operation of a trusted internal network
CN108390857B (en) Method and device for exporting file from high-sensitivity network to low-sensitivity network
CN108234506B (en) Unidirectional isolation network gate and data transmission method
CN114500068B (en) Information data exchange system based on safety isolation gatekeeper
CN101694683A (en) Method for preventing Trojans ferrying via movable memories to steal files
CN105577705B (en) For the safety protecting method and system of IEC60870-5-104 agreements
CN100547996C (en) Intranet and extranet information safety transmission system and method
CN215222201U (en) Device for realizing one-way optical transmission
CN112532603B (en) Cross-domain file exchange leading-in device and method based on exchange authorization file
JP4699893B2 (en) Packet analysis system, packet analysis program, packet analysis method, and packet acquisition device
CN114785611A (en) Communication protocol configuration method, equipment and medium for intelligent monitoring terminal
CN113110354A (en) Ferry-based industrial data security system and method
CN112564982A (en) Automatic safety risk reporting method and system
CN101815059A (en) Multistage network structure and data transmission method thereof
CN116319075B (en) Secret communication interaction system based on cloud computing

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20210122

RJ01 Rejection of invention patent application after publication