TCP connection separation with complete semantic, control method and system

A control method and complete technology, applied in the field of network information security, can solve problems such as the inability to guarantee the semantic integrity of TCP connections, and achieve the effect of ensuring semantic integrity and security.

Inactive Publication Date: 2011-08-31
SHANGHAI JIAOTONG UNIV +1
View PDF0 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

The present invention solves the problem that the above-mentioned network security isolation system cannot guarantee the semantic integrity of the TCP connection, can support various network applications based on the TCP protocol, and presents the TCP connection characteristics consistent with the connection and data exchange permission to the client, that is, if it can establish TCP connection can complete data exchange based on TCP

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • TCP connection separation with complete semantic, control method and system
  • TCP connection separation with complete semantic, control method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0035] The embodiments of the present invention are described in detail below in conjunction with the accompanying drawings: this embodiment is implemented on the premise of the technical solution of the present invention, and detailed implementation methods and specific operating procedures are provided, but the protection scope of the present invention is not limited to the following the described embodiment.

[0036] Such as figure 1 As shown, in the semantically complete TCP connection isolation and control system, the module structures on the internal and external network processing units are completely equivalent, including: TCP handshake processing module, application layer protocol processing module, TCP connection inspection module, An application data inspection module, and a secure data exchange channel module involving two processing units.

[0037] The TCP handshake processing module is used to ensure a semantically complete TCP handshake process, specifically in...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

PUM

No PUM Login to view more

Abstract

The invention relates to a method for ensuring semantic integrity for the isolation and control of TCP connection and a system thereof, which pertains to the field of information safety. After TCP processing step after the modification of the method of the invention ensures that an SYN message is received, the information of the characteristics of the message is notified to another network processing unit; the SYN message is regenerated and sent to a network by another network processing unit; after another network processing unit receives an ACK, a protocol stack generates a corresponding message. The system of the invention comprises a TCP handshake processing module, a TCP connecting and checking module, an application-layer data checking module, an application-layer protocol processing module and a safe data switching channel module. The method and system of the invention can not only isolate the TCP connection between an internal network and an external network and carry out application-layer data switching, but also can ensure the semantic integrity of the TCP and the situation that a server is closed, but a client still can establish the TCP connection cannot occur.

Description

technical field [0001] The invention relates to a method and system in the technical field of network information security, in particular to a method and system for isolating and controlling TCP connections with complete semantics. Background technique [0002] With the development of information technology and network interconnection technology, network and information security issues have become increasingly prominent. Due to the continuous improvement and development of network attack methods and hacking techniques, ordinary network security products cannot meet the security requirements of important networks and data. For users with high-level network security requirements such as finance, government and scientific research institutions, they often establish a dedicated internal network, which is physically or logically isolated from the public network. This brings inconvenience to information exchange between different trust domains, and various isolation technologies ...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to view more

Application Information

Patent Timeline
no application Login to view more
Patent Type & Authority Patents(China)
IPC IPC(8): H04L29/06H04L29/08H04L12/56H04L1/16
Inventor 李建华訾小超姚立红潘理
Owner SHANGHAI JIAOTONG UNIV
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Try Eureka
PatSnap group products