98results about How to "Achieve security isolation" patented technology

Disclosed are an intelligent terminal isolation system and an intelligent terminal isolation method both based on processor safety extension. The intelligent terminal isolation system comprises a safety starting module, a transaction commission module, a communication agent module, a safety extension abstraction layer, a safety operating system, safety middleware, credible application modules and a common application module. The safety starting module simply initializes hardware environment of an intelligent terminal, and authenticates and guides the safety operating system. The communication agent module is responsible for encapsulation and communication of bottom layer data of the credible application modules and the common application module. The safety extension abstraction layer provides a uniform calling interface to the safety operating system. The safety operating system provides mutually independent operation space for the credible application modules in a whole safety domain and manages all software and hardware resources in the safety domain. The safety middleware is a core library related to implementation of safety functions and transaction commissions and provides related functional interfaces to credible applications. The intelligent terminal isolation system and the intelligent terminal isolation method aim to provide a complete safety isolation mechanism to the intelligent terminal and improve safety of software operation environment.

The invention provides an IPSEC (internet protocol security) VPN (virtual private network) device, an isolation method thereof and an isolation system thereof. The device comprises an inner end host, an outer end host and a non-network isolation card, the inner end host and the outer end host respectively maintain the same IP (internet protocol) mapping table, each table entry defines information such as a primary address, a destination address and IP mapping ID (identity), a data packet realizes network isolation by modes such as IP head stripping and recombination, IP mapping table search and filtering, private protocol capsulation and decapsulation and non-network isolation card transmission, an IPSEC VPN network data packet is encrypted and decrypted on an internal network host by the data packet, the device can resist malicious attack behaviors and transmission of viruses, Trojans and malicious plug-ins, security isolation in connection of an internal network and an external network is really achieved, higher-strength security protection for the internal network, the IPSEC VPN device and the network service data packet is realized, and the IPSEC VPN isolation device is high in security degree.

The invention provides a virtual machine level security protection system and method. The system comprises a packet management unit, a data unit, a communication processing unit and a log unit, wherein the communication processing unit is connected to the packet management unit, the data unit and the log unit; a packet management strategy of virtual machines is stored in the packet management unit, the data unit is used for receiving and sending a communication data packet and sending the communication data packet between the virtual machines to the communication processing unit, and the communication processing unit controls the communication process between the virtual machines according to the packet management strategy in the packet management unit and generates log information for the log unit. By adopting the virtual machine level security protection system and method provided by the scheme of the invention, comprehensive and precise convergence management and monitoring of the flow generated by the communication between the virtual machines can be realized, the packet communication management between the virtual machines can be realized, the security protection of a virtual machine level network system is finally realized by the flow convergence management and the packet communication management, and the virtual machine level security protection system and method have broad promotion and application prospects.

The invention provides a manuscript system-based internal and external network data transmission method and system. The method comprises the following steps: an external network proxy server receives data sent by a manuscript system unit, and uploads the data to an external network of a universal serial bus (USB) ferrying unit; the USB ferrying unit kills viruses of the data, and ferries the data to an internal network of the USB ferrying unit from the external network through a USB wire; an internal network proxy server acquires the data from the internal network, and transmits the data to a making system unit for making and processing; the internal network proxy server receives the processed data returned by the making system unit, and uploads the data to the internal network of the USB ferrying unit; the USB ferrying unit kills viruses of the data, and ferries the data to the external network from the internal network; and the external network proxy server acquires the data from the external network, and retransmits the data to the manuscript system unit. According to the method and the system disclosed by the invention, the security in the data transmission process is ensured.

The invention provides a processing method and device as well as acquisition method and device for security information. The processing method for the security information comprises the following steps: enabling an access control functional entity to generate security information; and sending the security information to a control entity. According to the embodiment of the invention, the access control functional entity authenticates and authorizes the terminal and is responsible for generating different security information for different network slices signed with the terminal, the network slices process high layer information sent by the terminal by using the generated security information to ensure that the terminal is accessed to the network slices, and thus the security isolation among the different network slices can be achieved, the access security can be improved, and the security isolation among the different network slices can be achieved.

The invention discloses an output voltage isolation sampling circuit of a high-voltage inverter. The isolation sampling circuit is composed of a resistor and divider sampling circuit, a differential amplifier conditioning circuit, an optocoupler isolation sampling circuit, and an operational amplifier conditioning circuit. The input terminal of the resistor and divider sampling circuit is connected with a voltage output terminal of a high-voltage inverter; the differential amplifier conditioning circuit is connected with the resistor and divider sampling circuit electrically; and the operational amplifier conditioning circuit is connected with the optocoupler isolation sampling circuit electrically. The voltage after processing is a voltage meeting a digital-analog signal converter sampling pin of a digital signal processing chip and is sent into a digital-analog signal converter sampling pin of a digital signal processing chip; and the digital signal processing chip carries out sampling and computing processing, so that the system is controlled to monitor the output voltage of the high-voltage inverter in real time and overvoltage protection, undervoltage protection, phase-locked bypass and other functions can be realized.

The embodiment of the invention discloses a task processing method and a device, a server, a client, a system and a storage medium, and the task processing method comprises the steps: receiving a tasksubmission request sent by the client, and the task submission request comprises the configuration information of a task; generating a task submission script containing configuration information; andsubmitting the task submission script to a computing cluster, wherein the computing cluster is used for running the task according to the configuration information in the task submission script. According to the method of the invention, task submission is divided into a client and a server; a user only needs to configure configuration information during task running at a client; a user does not need to deeply learn meanings of various parameters of the computing cluster; therefore, on one hand, the learning cost of the user and the threshold that the user uses the computing cluster are reduced, and on the other hand, the user realizes safe isolation between the computing cluster and the user side through indirect reaction between the computing cluster and the server, and a guarantee is provided for the security of the computing cluster.

The invention discloses an industrial security communication gateway, which comprises a data receiving port connected with a lower computer system, a data sending port connected with an upper computer system, and an embedded platform connected between the two ports. The industrial security communication gateway comprises two embedded systems and a public cache, wherein the two embedded systems have different functions; the first embedded system comprises a data receiving module, a data resolving module and a data encrypting module; and the second embedded system comprises a data decrypting module and a data sending module. By the industrial security communication gateway, the security of the industrial security communication gateway can be improved.

The invention discloses a configuration method of a virtual machine. A mobile video transmission system is improved by an SDN technology, so that a controller and a switch are separated, and an algorithm is compiled and realized based on an SDN controller. The method comprises the following steps of receiving a command for configuring a virtual machine; and then calling VPC software, allocating anIP address in the IP address field corresponding to the type to the virtual machine according to the type of the virtual machine, wherein the IP address fields corresponding to the types are not overlapped; and allocating the resources to the virtual machines according to the preset rules, so that the virtual machines with different services or different security levels are allocated in differentIP address fields, the autonomous configuration of the virtual machines is realized, the security isolation among the virtual machines is realized, and the access security among the virtual machinesis improved. The invention also discloses a virtual machine configuration system and an SDN controller, which have the above beneficial effects.

One or more embodiments of the present specification provide a program running method and device, equipment and a medium. In one embodiment, the program running method comprises the steps that a mainprocess used for running a target application receives a module starting instruction; wherein the module starting instruction is used for starting a target function module in the target application; the main process responds to the module starting instruction and obtains a preset process identifier corresponding to the target function module; the main process creates a first sub-process corresponding to the target function module and a first secure channel between the first sub-program and the main program according to a preset process identifier; and the main process sends a module starting command to the first sub-process through the first secure channel, so that the first sub-process runs the target function module.

The invention relates to a mobile operation and maintenance auditing system. The system comprises a mobile auditing module, an operation and maintenance module and a background management module, thebackground management module is used for receiving the operation and maintenance work ticket, generating operation permission information according to the operation and maintenance work ticket, and sending the operation permission information to the mobile operation and maintenance auditing module; the operation and maintenance module is used for receiving an operation and maintenance operation ofa user, generating an operation and maintenance instruction according to the operation and maintenance operation, and sending the operation and maintenance instruction to the mobile auditing module;the mobile auditing module is used for judging whether the operation and maintenance authorization of the background management module is obtained or not according to the operation permission information when the operation and maintenance instruction is received; and if yes, executing the operation and maintenance instruction, and carrying out operation and maintenance on the plant station equipment according to the operation and maintenance instruction. By adopting the method, the problem that the operation and maintenance work of an existing power monitoring system is low in safety can be solved.

The invention provides a multitask security isolation system and method under a virtual-real interconnected environment of a cloud platform to solve the technical problem existing in the prior art that the unified management of multiple virtual and physical resources and the task security isolation cannot be implemented at the same time. The system comprises a task flow identification module for identifying different tasks, an access control module creating task resources according to the task identification, a task isolation module for security isolation between the tasks and between the resources, and a resource management module for unified management of the securely isolated resources. The implementing steps are as follows: the task flow label module adds a security label to a task and required resources thereof; the access control module verifies user identity and authority information and applies for the virtual and physical resources required by the task; the access control module performs network isolation and virtual resource isolation on the resources applied for the task; and the resource management module performs unified management on the securely isolated virtual and physical resources in the cloud platform and assigns the resources required by the task to the task.

The invention relates to a storage battery monitoring activation device. The device comprises a controller U1, a data acquisition circuit, a charging and discharging control circuit, a discharging load RL and a communication circuit; the controller U1 is electrically connected with a storage battery pack to be tested through the data acquisition circuit; the controller U1 is electrically connectedwith the charging and discharging control circuit; the discharging load RL and an external mains supply are electrically connected with the battery pack to be tested through the charging and discharging control circuit; and the controller U1 is electrically connected with the communication circuit and is wirelessly connected with an external monitoring terminal through the communication circuit.With the storage battery monitoring activation device provided by the invention adopted, the performance of the battery pack can be monitored online, the remaining capacity of the battery pack can beestimated, and the performance data and the remaining capacity data can be transmitted the monitoring terminal.

The invention discloses a protocol security isolation system oriented to a railway signal control network. The protocol security isolation system is composed of a first communication interface 101, a second communication interface 203, a first processor 102, a second processor 202, a high-speed dual-port RAM communication buffer memory 302, a memory RAM, a power-failure memory FLASH, a human-computer interaction platform 105 and a power module 301. The first communication interface and the second communication interface intercept and capture data, corresponding the network, from a link layer, the data are sent to the first processer to be analyzed, an analysis result and communication content are sent to the human-computer interaction platform 105 to be displayed and are written into a data base, safe network data information is sent to the second processor through the high-speed dual-port RAM communication buffer memory 302 in a ferry mode at the same time, and the safe network information is sent to a target terminal or a target network through the second communication interface 203 driven by the second processor. According to the protocol security isolation system oriented to the railway signal control network, multiple network technologies are combined and real-time monitoring and security isolation are carried out on the existing railway signal control network.

A maglev train passive speed measuring device comprises the following parts: a passive train beacon arranged on the maglev train; a beacon reading circuit arranged in a long stator power supply interval and mounted on the track, and used for reading a beacon of the passive train and generating a corresponding train beacon signal when the maglev train passes through. According to the device, the key control parameters of a traction system do not need to be transmitted by adopting a wireless communication mode; therefore, not only can physical security isolation be realized, but also potential safety hazards caused by the fact that illegal invasion is easily caused through wireless network access can be prevented; in addition, the device can greatly improve the stability, the real-time performance and the security of data transmission.

An electric power communication wireless private network operation and maintenance support platform comprises a service system, a third-party platform and a third-party system. The service system is divided into an acquisition module and an application module from the aspect of functional targets. The acquisition module can support multi-protocol data acquisition; the alarm and performance data ofall core network managers and base station network managers are pulled or received in multiple modes; in order to guarantee data safety, the acquisition module is provided with an independent database storage service and supports file form storage, the data is pushed to the application module in real time through the forward and reverse isolation device, and the application module is also supported to actively pull the data. The application module covers all service function modules, and comprises core modules such as a card opening and account opening module, an alarm management module, a performance monitoring module, a service support module, a statistical analysis module and a system support module. According to the invention, the standard unified management can be formed for provinces and manufacturers, and the safe transmission of data on the Internet can be ensured.

The invention discloses a network isolation system. The network isolation system comprises a data processing system used for transmitting data between an internal network and an external network, wherein the internal network is provided with a memory and transmission certificate; the external network is provided with access certificate; the data processing system consists of a data monitoring unit a and a data monitoring unit b; the transmission certificate performs one-way data transmission with the data monitoring unit b and the external network in sequence; the access certificate performs one-way data transmission with the data monitoring unit a and the internal network in sequence; the information of an internal network user is certificated by utilizing the transmission certificate; the information of an external network user is certificated by utilizing the access certificate; the memory of the internal network automatically records the information such as transmission data and user; a series of safe processing is performed by utilizing the data monitoring unit a and the data monitoring unit b; the potential safety hazard such as hacker attack, infiltration of malice code and virus and information leakage can be prevented effectively; and the safe isolation and the safe information exchange of the internal network and the external network are realized.

The invention relates to a tenant security isolation method under cloud computing, comprising a tenant isolation step: distinguishing different tenants based on a VRF (Virtual Routing & Forwarding Instance) so as to isolate tenants; and a tenant inner isolation step: for each tenant, utilizing the PVLAN (Private VLAN) technology to realize tenant inner security isolation. Accordingly, the tenant security isolation method under cloud computing can meanwhile realize external isolation and internal isolation, is applicable to cloud computing multi-tenant conditions, and can reasonably program and manage tenants, and improve data security.

The invention provides a data flow transmission security control method and device. The method comprises the steps that: a UP (User Plane) entity independently configures security control informationto each DRB (Data Radio Bearer in a preset mode, wherein the preset mode comprises that: the UP entity independently configures the security control information, and the UP entity combines parameterssent by a CP (Control Plane) entity to configure the security control information, and the security control information comprises at least one of the follows: a security algorithm and a security configuration parameter; and the UP entity sends the security control information to UE (User Equipment) by the CP entity, so that the UE carries out a data uplink and downlink transmission security control operation. By the data flow transmission security control method and device provided by the invention, a problem how to carry out security management control processing of user service data flow transmission between a CP and a UP in a scene in which network-side CP and UP network element entities are physically separated in the related art is solved, and the technical effect of effectively carrying out security management control of user service data flow transmission is achieved.

The invention discloses an electronic appliance architecture of a commercial vehicle and a safe communication method of the architecture, and designs a CAN network system for six-way commercial vehicles, which can flexibly configure advanced systems such as ADAS to realize intelligent driving of commercial vehicles with the level of L3/L4, and performs network isolation on a remote terminal to ensure remote safety from the aspect of architecture connection. According to the method and the device, the ID configuration and verification of the remote terminal are realized, a reliable solution forensuring the legality of the terminal is provided through the storage and verification of the ID number of the remote terminal, and a feasible solution is provided for replacing the remote terminal in production and after-sales processes. Through ID gateway verification, electronic control unit ID confirmation and control information encryption, three-layer encryption of remote control is realized, and remote control security configuration is guaranteed. Through the double-rate and double-channel diagnosis and development, a reliable diagnosis scheme is provided for a multi-protocol and multi-configuration commercial vehicle, the problems that single diagnosis has high requirements on manual skills, diagnosis selection is prone to errors and the like are solved, and the automation and efficiency of diagnosis are improved.

The invention provides an internal and external network interaction method and system of a power terminal and a data transmission method, the interaction method is applied to an interaction device ata request terminal side, and comprises the following steps: receiving a request message sent by a request terminal; judging whether the request message meets a preset security verification condition or not; when the request message meets a preset security verification condition, extracting request parameter information from the request message, and writing the request parameter information into asecurity isolation device database; reading response parameter information from the security isolation device database, and generating a response message according to the response parameter information; and sending the response message to the request terminal to establish a communication connection between the request terminal and the response terminal. Therefore, transmission of the malformed message and carried virus data between the intranet and the extranet possibly caused by transmission of the whole message is avoided, safe isolation between the intranet and the extranet is achieved, andsafe communication between the request terminal and the response terminal is guaranteed.

The invention relates to an access layer and non-access layer secret key safety isolation device and a method thereof. The method comprises steps that an access layer secret key is generated by a terminal and an access point on the basis of both-way radio communication channel characteristics; a non-access layer secret key is generated by a terminal and a control center on the basis of the terminal identity information; an update process of the access layer secret key and an update process of the non-access layer secret key are completely independent, the access layer secret key can be randomly updated according to change of the radio communication channel characteristics. According to the method, uniqueness, reciprocity and time-dependent nature of a radio channel are utilized, the physical secret key for access layer encryption and integrity protection is generated, updated and managed by the access point and the terminal, the secret key for non-access layer encryption and integrity protection is generated, updated and managed by the safety control center and the terminal on the basis of identity identification, so not only can safety isolation of the access layer secret key and the non-access layer secret key be realized, radio communication safety is improved, but also access layer secret key distribution can be avoided, and system transmission efficiency is improved.

The invention discloses a method and system for establishing a security system based on a domain mechanism. The method includes the following steps of configuring domain management information, setting related information of a resource object, configuring and registering a failure diagnosis routine, starting the failure diagnosis routine, establishing a domain environment, initializing a securitycore, executing scheduling and running software, intersecting a software calling security API of a security domain with the security core, intersecting a software calling ordinary API of an ordinary domain with the security core, and regularly detecting the current system state through the security core. The system comprises system domains and application domains. The application domains include the security domain and the ordinary domain. The smaller the domain value of software is, the higher the authority is; software with high authority can have access to the software itself and resourceswith lower authorities, and software with the same authority can have access to one another. The domain mechanism is sufficiently used, and security isolation is achieved; the individualized securitysystem of different grades can be established; control is flexible, and strength is reasonable; hardware characteristics are not depended on, and portability is high.