[0025] The technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only a part of the embodiments of the present invention, but not all of the embodiments. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.
[0026] see Figure 1-5 , the present invention provides a technical solution: a secure computer network communication system, comprising a sending end sandbox isolation system 1, a file transmission unit 2 and a receiving end 3, the sending end sandbox isolation system 1 includes an analog signal copying output module 11 , analog signal storage module 12, file compression system 13, security encryption system 14, key file conversion unit 15, file decryption program 16, signal key binding module 17 and firewall protection system 18, the output end of the file compression system 13 and The input end of the security encryption system 14 is connected, the output end of the security encryption system 14 is respectively connected with the input end of the key file conversion unit 15 and the signal key binding module 17, and the output end of the key file conversion unit 15 is respectively connected with the signal encryption system. The key binding module 17 is connected to the input end of the file decryption program 16 , and the signal key binding module 17 and the output end of the file decryption program 16 are both connected to the input end of the file transmission unit 2 .
[0027]The output end of the analog signal storage module 12 is connected with the input end of the analog signal copying output module 11, the output end of the analog signal copying output module 11 is connected with the input end of the signal key binding module 17, and the receiving end 3 includes an analog signal detection unit 31 and the file storage decryption unit 32, the output end of the file transmission unit 2 is connected with the input end of the analog signal detection unit 31, the output end of the analog signal detection unit 31 is connected with the input end of the file storage decryption unit 32, the analog signal detection unit 31 Including an analog signal receiving module 311, an analog signal comparison module 312 and an integrity feedback module 313, the output end of the analog signal reception module 311 is connected with the input end of the analog signal comparison module 312, and the output end of the analog signal comparison module 312 is connected with the integrity feedback The input end of the module 313 is connected, and the analog signal is bound to the compressed package of the file to be transmitted and the file decryption program 16 and is transmitted together, and then is detected by the analog signal detection unit 31 of the receiving end 3. Integrity can judge whether there is data theft or unstable transmission during the transmission process, which is convenient for fast and timely tracing of the cause, and effectively improves the stability and security of later data transmission.
[0028] The key file conversion unit 15 includes a key entry module 151, a key encoding unit 152, a key decomposition module 153, a first key 154, a second key 155 and a key output module 156. The output of the key entry module 151 The terminal is connected to the input terminal of the key encoding unit 152, the output terminal of the key encoding unit 152 is connected to the input terminal of the key decomposition module 153, and the output terminal of the key decomposition module 153 is respectively connected to the first key 154 and the second encryption key. The input end of the key 155 is connected, the output end of the first key 154 and the second key 155 are respectively connected to the input end of the signal key binding module 17 and the file decryption program 16 through the key output module 156, and the file decryption program 16 It includes a secondary key storage module 161, a key synthesis module 162, a key decryption module 163 and a file decompression module 164. The output end of the secondary key storage module 161 is connected to the input end of the key synthesis module 162, and the secret key is synthesized Module 162 is connected to the input end of the key decryption module 163, the output end of the key decryption module 163 is connected to the input end of the file decompression module 164, the file is compressed and then encrypted, which can effectively improve security, and the key is according to the specified The encoding sequence is divided into two parts, which are respectively bound to the compressed package to be transmitted and the file decryption program 16, and are divided into two transmissions. The single key is incomplete, and the two transmissions are separated. Even if one group is stolen, the file cannot be cracked. , which further ensures the security of data and is suitable for the transmission of confidential files. At the same time, it comes with a file decryption program 16. After all data is completely received, it can quickly decrypt and decompress itself without manual operation step by step, saving time and effort. This operation The key can be complicated, and it is difficult to manually decrypt it if it is stolen.
[0029] The firewall protection system 18 includes a protection wall monitoring system 181 , a danger warning module 182 , a forced suspension module 183 and a transmission recording module 184 . The terminal is connected to the input terminal of the forced suspension module 183, and the output terminal of the forced suspension module 183 is connected to the input terminal of the transmission recording module 184. By setting the danger warning module 182 and the forced suspension module 183, when illegal intrusion is detected, not only can The pop-up window warns the user, and it can also quickly interrupt the data transmission, thereby avoiding the problem of data theft during the transmission process, and the response is fast, which effectively improves the security of data transmission.
[0030] Meanwhile, the contents not described in detail in this specification belong to the prior art known to those skilled in the art.
[0031] When in use, the operator transfers the files to be sent on the computer to the sandbox isolation system 1 at the sending end, which is first compressed by the file compression system 13, and then encrypted by the security encryption system 14, and the encrypted files are transmitted to the signal. The key binding module 17 temporarily stores the key, the key is transmitted to the key file conversion unit 15, and the key entry module 151 receives the key and transmits it to the key encoding unit 152, encodes each character, and then converts odd and even numbers. The characters corresponding to the codes are disassembled to form two sets of new keys, which are respectively stored in the signal key binding module 17 and the file decryption program 16 through the key output module 156, and then the first key 154 is transmitted to the signal key. The binding module 17 temporarily stores, and then the analog signal copy output module 11 copies a copy of the analog signal code from the analog signal storage module 12, and also transmits it to the signal key binding module 17 for temporary storage, the first key 154 and the analog signal The code is bound to the compressed file through the signal key binding module 17 and transmitted to the receiving end 3 together.
[0032] After the receiving end 3 receives the first batch of documents, the analog signal comparison module 312 of the analog signal detection unit 31 compares and detects the received analog signal codes to detect the integrity of the analog signal transmission, and then the staff makes corresponding decisions according to the severity. If there is no problem, then the file decryption program 16 and its bound second key 155 are sent to the receiving end 3, and the received file, key and file decryption program 16 are all stored in the file storage decryption unit 32 , the key synthesis module 162 in the file decryption program 16 synthesizes the two sets of keys according to the coding sequence, then decrypts the file compressed package with the complete key, and then uses the file decompression module 164 to decompress, and the required file can be obtained .
[0033] During the running process and transmission process in the sandbox isolation system 1 of the sending end, the protective wall monitoring system 181 monitors in real time, if an illegal intrusion is detected, a warning is issued through the danger warning module 182, and the forced suspension module 183 is activated to forcibly suspend the operation , the transmission recording module 184 records the progress of the transmission, and then the staff performs corresponding processing.
[0034] It should be noted that, in this document, relational terms such as first and second are used only to distinguish one entity or operation from another entity or operation, and do not necessarily require or imply any relationship between these entities or operations. any such actual relationship or sequence exists. Moreover, the terms "comprising", "comprising" or any other variation thereof are intended to encompass non-exclusive inclusion such that a process, method, article or device comprising a list of elements includes not only those elements, but also includes not explicitly listed or other elements inherent to such a process, method, article or apparatus.
[0035] Although embodiments of the present invention have been shown and described, it will be understood by those skilled in the art that various changes, modifications, and substitutions can be made in these embodiments without departing from the principle and spirit of the invention and modifications, the scope of the present invention is defined by the appended claims and their equivalents.