Looking for breakthrough ideas for innovation challenges? Try Patsnap Eureka!

Boundary access control method based on double one-way separation gatekeepers

An access control and isolation network technology, applied in the direction of electrical components, transmission systems, etc., can solve problems such as internal network threats, failure to meet data security requirements, internal network boundary breakthroughs, etc., to improve credibility and confidentiality, and improve Risk defense ability and the effect of improving the anti-risk ability

Active Publication Date: 2014-01-01
中国航天系统科学与工程研究院
View PDF6 Cites 56 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

As far as the protocol is concerned, the firewall adopts the general TCP / IP protocol, which can enhance the security of the internal network, and the security protection of the network boundary can be strengthened through the principle of bidirectional minimum authorization. It may cause the internal network boundary to be breached from the outside, and the entire internal network will be threatened; moreover, the firewall is a logical isolation based on software, which may be manipulated by hackers and internal users, and cannot meet the needs of important departments such as the government and military enterprises. and sensitive units' data security requirements
The two-way isolation gatekeeper uses a private protocol for data transmission, which can resist protocol-based attacks and improves the security of the network. The focus of the two-way isolation gatekeeper is to completely cut off the direct connection of the network protocol between the internal and external networks, and adopt a bare data forwarding mechanism , to protect the security of the internal network and the host, but the two-way isolation gatekeeper has only one information transmission channel, and allows the two-way flow of information, as long as there is information transmission, there is the possibility of creating a covert channel

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Boundary access control method based on double one-way separation gatekeepers
  • Boundary access control method based on double one-way separation gatekeepers
  • Boundary access control method based on double one-way separation gatekeepers

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0038] The present invention completes security isolation and information exchange between different security domains by deploying two one-way isolation devices between two security domains, and at the same time prevents attack tools based on the TCP / IP protocol from working normally; The application layer of the gate joins the control mechanism, introduces the identity trusted authentication module of the information source, and establishes the trusted transmission of information between security domains. The one-way isolation gatekeeper realizes the access control function of network layer and application layer. The border access control model based on double-unidirectional isolation gatekeepers not only realizes the security isolation between the trusted security domain and the untrusted security domain, but also realizes the information exchange between the trusted security domain and the untrusted security domain. The specific content is as follows:

[0039] (1) Construc...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The invention discloses a boundary access control method based on double one-way separation gatekeepers. A boundary access control mode based on the double one-way separation gatekeepers is adopted for realizing two-way information exchange, high-security information is controlled not to flow to a low-grade security domain from a high-grade security domain by guaranteeing independence and separation of two one-way transmission channels, hostile attack based on two-way network protocols is effectively shielded, and the protection capability of security domain boundaries is improved; identity authentication information of an information sending source is introduced by adding identity credibility authentication of an information source and the data encryption technology, transmitted application data are encrypted through the identity information, reduction processing on the application data can be carried out only after the information source is judged to be credible, relevant data will not be decrypted if the information source does not pass the identity credibility authentication, and credibility and confidentiality of information transmission between security domains and the anti-risk capability of a system are improved by adding the credibility authentication, content detection and other security mechanisms to the application level.

Description

technical field [0001] The invention relates to a border access control method based on double-unidirectional isolation gatekeepers, which belongs to the technical field of optical one-way isolation technology and information source identity credible verification technology, and the optical one-way isolation technology is mainly used for security domains of different levels Boundary isolation protection and one-way information transmission, while the identity trusted verification technology that introduces information sources into the optical one-way isolation technology is mainly used for trusted exchange of data between security domains. Background technique [0002] In the face of the rapid development of informatization and the increasingly rampant development of network attacks, how to solve the security isolation of the network and the security exchange of data has become a common concern. In order to meet the growing demand for network security, security vendors conti...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L29/06H04L29/08
Inventor 张文涛艾伟赵斌杨海
Owner 中国航天系统科学与工程研究院
Who we serve
  • R&D Engineer
  • R&D Manager
  • IP Professional
Why Patsnap Eureka
  • Industry Leading Data Capabilities
  • Powerful AI technology
  • Patent DNA Extraction
Social media
Patsnap Eureka Blog
Learn More
PatSnap group products

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2024 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com