Boundary access control method based on double one-way separation gatekeepers

Abstract

The invention discloses a boundary access control method based on double one-way separation gatekeepers. A boundary access control mode based on the double one-way separation gatekeepers is adopted for realizing two-way information exchange, high-security information is controlled not to flow to a low-grade security domain from a high-grade security domain by guaranteeing independence and separation of two one-way transmission channels, hostile attack based on two-way network protocols is effectively shielded, and the protection capability of security domain boundaries is improved; identity authentication information of an information sending source is introduced by adding identity credibility authentication of an information source and the data encryption technology, transmitted application data are encrypted through the identity information, reduction processing on the application data can be carried out only after the information source is judged to be credible, relevant data will not be decrypted if the information source does not pass the identity credibility authentication, and credibility and confidentiality of information transmission between security domains and the anti-risk capability of a system are improved by adding the credibility authentication, content detection and other security mechanisms to the application level.

Description

technical field [0001] The invention relates to a border access control method based on double-unidirectional isolation gatekeepers, which belongs to the technical field of optical one-way isolation technology and information source identity credible verification technology, and the optical one-way isolation technology is mainly used for security domains of different levels Boundary isolation protection and one-way information transmission, while the identity trusted verification technology that introduces information sources into the optical one-way isolation technology is mainly used for trusted exchange of data between security domains. Background technique [0002] In the face of the rapid development of informatization and the increasingly rampant development of network attacks, how to solve the security isolation of the network and the security exchange of data has become a common concern. In order to meet the growing demand for network security, security vendors conti...

AI Technical Summary

Problems solved by technology

As far as the protocol is concerned, the firewall adopts the general TCP/IP protocol, which can enhance the security of the internal network, and the security protection of the network boundary can be strengthened through the principle of bidirectional minimum authorization. It may cause the internal network boundary to be breached from the outside, and the entire internal network will be threatened; moreover, the firewall is a logical isolation based on software, which may be manipulated by hackers and internal users, and cannot meet the needs of important departments such as the government and military enterprises. and sensitive units' data security requ

Images