It is a kind of prevent between network exchange visits when visitor's malicious sabotage initial data real time accessMethod and its systemTechnical field
The present invention relates to a kind of real time access method for guaranteeing initial data safety, particularly one kind are prevented between network mutuallyThe real time access method and its system of visitor's malicious sabotage initial data during visit.
Background technology
In OA Automatic work systems and MIS information management systems, in the OA and MIS particularly in public security system, oftenThe access seen with operation is:1. data are inquired about;2. data are changed;3. interpolation data;4. data are deleted;5. replicate data;6. gluePatch data.
Current processing method and shortcoming:
Cause OA or mis system to be destroyed to prevent the infringement of external malicious act, generally believe that on-mechanical connects at presentTactile interconnection is safe, and the use for then simply restricting Ethernet card and ethernet line is just slept without any anxiety, under hardly realizingThese interconnection accessing methods of face still still have open defect:
1st, CD is crossed:In needing to access, perhaps referred to as the data carving of instruction, information, to read-write CD, then leads to againCross the optical disc read-write mechanism of accessed system to obtain the requirement of visitor and write back on this CD the data of the response, visitorAgain CD is put on the equipment for can read this optical disc information the corresponding requirements for reading that its information for needing can reach access.
Shortcoming:Because the readable writing optical disk for obtaining on the market is general, other compatible read-write CD-ROM drive can also be to whichBe written and read, thus CD when leaking its information also and then can leak, and when being written and read to which, malicious code also can be withPropagation, do not reach needs isolation take precautions against purpose.
2nd, the USB flash disk and other electronic storage mediums of published common store form:User is desired for and its existsDefect and CD to cross be the same.
3rd, the on-mechanicals such as the radio and optoelectronic transceivers of data exchange or electric are carried out using published communications protocolThe access mode of directly contact:As the versatility of agreement, the propagation of malicious code just have opportunity, user is to its phaseIt is the same that the defect hoped and its exist also is crossed with CD.
4th, make the desire carrier of visitor using papery, conducted interviews agency by operator and human translation, and resultGive original visitor after being printed upon on paper carrier again.Although this method can prevent the infringement of malicious code, visitAsk that speed is but severely impacted, and paper consuming amount is also big, does not meet the requirement of low-carbon environment-friendly.
5th, above-mentioned listed rete mirabile access method, all away from the requirement of real-time, takes larger.
6th, the safety product such as electronic warfare before use, although solve real time problems, but from some media reportsLearn, some servers still can Jing often by assault.
The content of the invention
It is an object of the invention to provide preventing the real time access of visitor's malicious sabotage initial data during exchanging visit between networkMethod and its system, using access protocal privately owned or that title is special, and only allow limited access instruction, using existing on the marketCommunications transceiver realize the requirement of real time access, prevent to exist initial data can be produced modification, addition, deletion, stickup,The instruction of overlapping operation, so as to prevent penetrating for malicious code.
To solve the above problems, the technical solution used in the present invention is:Visitor's malice when one kind prevents from exchanging visits between networkThe real time access method of destruction initial data, it is characterised in that:The method is, using privately owned access protocal, and only to allow limitedAccess instruction, realizes the requirement of real time access by using existing communications transceiver on the market, prevents to exist to initial dataThe instruction of modification, addition, deletion, stickup, overlapping operation can be produced, so as to prevent the method for penetrating of malicious code;The methodMainly comprise the steps:
Step one:The requirement of visitor is directly sent out by the communication being connected with access computer by the proprietary protocol run on access computerDevice I is sent to be transmitted directly to the communication receiver II being connected on accessed computer;
Step 2:Accessed computer captures the visiting demand of visitor again by the communication receiver II being connected thereto, thenAgain result is sent directly to by the communication transmitter II being connected on accessed computer according to specific requirement and accesses computerOn the communication receiver I being connected;
Step 3:Access computer to send from the communication being connected with accessed computer by connected communication receiver I againThe result of response is obtained on device II.
Its further technical scheme is:The communications transceiver is optoelectronic transceivers, or is radio transceiver, or isWire communication transceiver, or be one or two of transceiver with mechanical wave as media;The communication transmitter I is connect with communicationReceive device II to be mutually paired, communication transmitter II is mutually paired with communication receiver I.
Its further technical scheme is:The optoelectronic transceivers include fiber optical transceiver, photoelectronic coupler and infraredTransceiver.
The radio transceiver includes radio set, wireless data transmission equipment, WIFI equipment and bluetooth equipment.
The wire communication transceiver includes that wired network adapter, photoelectronic coupler, CAN, RS-485 buses, RS-422 are totalLine, RS-232 interface communication apparatus, IIC and SPI interface communication apparatus.
The transceiver with mechanical wave as media includes the audible common sound wave transmitting-receiving of ultrasonic transmitter-receiver and human earDevice.
Related another technical scheme is:A kind of visitor malicious sabotage initial data when preventing from exchanging visits between network isSystem, the system include:Access computer, communications transceiver, accessed computer;The communications transceiver includes communication transmitter I, leads toNews receptor I, communication transmitter II and communication receiver II;The communication transmitter I and communication receiver I with access computerConnection;The communication transmitter II and communication receiver II are connected with accessed computer;The communication transmitter I is connect with communicationReceive device II to be mutually paired, communication transmitter II is mutually paired with communication receiver I;
It is described to access the man machine interface that computer is available to visitor, conducted interviews by proprietary protocol for visitor, according to visitObjective requirement, is given and meets computer data, the command information collection of message reference for requiring, the computer data, message referenceCommand information collection be referred to as require information;
The communication transmitter I is used to send visitor's requirement information;
The communication receiver II is used to receive visitor's requirement information, and passes to accessed computer;
The accessed computer is the storage device for storing initial data, for providing initial data access service for visitor, i.e.,Visitor's requirement is answered, and provides echo message;
The communication transmitter II is used to send the echo message that visitor claims;
The communication receiver I is used to receive the echo message that visitor claims, and passes to access computer, is returned visitorThe result answered.
Its further technical scheme is:The communication transmitter I to access computer screen, take the photograph for accessed by communication receiver IIAs head, the communication transmitter II is accessed computer screen, and communication receiver I is access photographic head.
Its further technical scheme or:The communications transceiver is optoelectronic transceivers, or is radio transceiver,Or be wire communication transceiver, or be transceiver with mechanical wave as media one or two.
Its further technical scheme is:The optoelectronic transceivers include fiber optical transceiver, photoelectronic coupler and infraredTransceiver;The radio transceiver includes radio set, wireless data transmission equipment, WIFI equipment and bluetooth equipment;It is described wiredCommunications transceiver includes that wired network adapter, photoelectronic coupler, CAN, RS-485 buses, RS-422 buses, RS-232 interface are led toNews equipment, IIC and SPI interface communication apparatus;The transceiver with mechanical wave as media includes ultrasonic transmitter-receiver and human earAudible common sound wave transceiver.
Due to taking above technical scheme, visitor's malicious sabotage original number when one kind of the present invention prevents from exchanging visits between networkAccording to real time access method and its system compared with prior art, have the characteristics that and beneficial effect:
Visitor's malicious sabotage initial data is prevented when the 1st, exchanging visits between network;
2nd, the speed of real-time exchanging visit is reached while initial data is protected;
3rd, to the existing hardware device for remaining to normally use need not be changed during the network rebuilding.
Below, when preventing from conjunction with the accompanying drawings and embodiments exchanging visits between network to one kind of the present invention, visitor's malicious sabotage is originalThe technical characteristic of the real time access method and its system of data is further described.
Description of the drawings
Fig. 1 is the system structure block diagram of visitor's malicious sabotage initial data when the present invention prevents from exchanging visits between network;
Fig. 2 is system structure block diagram described in embodiment one;
Fig. 3 is system structure block diagram described in embodiment two;
Fig. 4 is system structure block diagram described in embodiment three;
Fig. 5 is system structure block diagram described in example IV;
Fig. 6 is system structure block diagram described in embodiment five;
Fig. 7 is system structure block diagram described in embodiment six.
In figure:
1- accesses computer;
2- communication transmitters I, 21- access computer screen, and 22- photoelectric senders I, 23- transmitting sets I, 24- wire communications are sent outSend device I, 25- mechanical wave generators I, 26- infrared transmitters;
3- communication receivers I, 31- access photographic head, and 32- photelectric receivers I, 33- radio receivers I, 34- wire communications connectReceive device I, 35- mechanical wave receivers I, 36- ultrasonic receivers;
4- communication receivers II, 41- are accessed photographic head, 42- photelectric receivers II, 43- radio receivers II, and 44- is wiredCommunication receiver II, 45- mechanical wave receivers II, 46- infrared light receivers;
5- communication transmitters II, 51- are accessed computer screen, 52- photoelectric senders II, 53- transmitting sets II, and 54- is wiredCommunication transmitter II, 55- mechanical wave generators II, 56- supersonic generators;
6- is accessed computer.
Specific embodiment
As shown in figure 1, it is a kind of prevent between network exchange visits when visitor's malicious sabotage initial data system, the system bagInclude:Access computer 1, communications transceiver, accessed computer 6;The communications transceiver includes communication transmitter I 2, communication receiverI 3, communication transmitter II 5 and communication receiver II 4;The communication transmitter I 2 and communication receiver I 3 are connected with access computer 1Connect;The communication transmitter II 5 and communication receiver II 4 are connected with accessed computer 6;The communication transmitter I 2 and communicationReceptor II 4 is mutually paired, and communication transmitter II 5 is mutually paired with communication receiver I 3.
It is described to access the man machine interface that computer 1 is available to visitor, conducted interviews by proprietary protocol for visitor, rootAccording to visitor's requirement, be given and meet computer data, the command information collection of message reference for requiring, after so similar lifting manipulationAbbreviation require information;
The communication transmitter I 2 is used to send visitor's requirement information;
The communication receiver II 4 is used to receive visitor's requirement information, and passes to accessed computer 6;
The accessed computer 6 be store initial data storage device, insider custom be called data server, be used forInitial data access service is provided for visitor, that is, is answered visitor's requirement, and is provided echo message;
The communication transmitter II 5 is used to send the echo message that visitor claims;
The communication receiver I 3 is used to receive the echo message that visitor claims, and passes to access computer 1, obtains visitorThe result of response.
The method of the real time access of visitor's malicious sabotage initial data when carrying out preventing from exchanging visits between network using the systemIt is:Using privately owned access protocal, and limited access instruction is only allowed, realized by using existing communications transceiver on the marketThe requirement of real time access, prevents the presence of the instruction that modification, addition, deletion, stickup, overlapping operation can be produced to initial data, fromAnd prevent the method for penetrating of malicious code;The method mainly comprises the steps:
Step one:The requirement of visitor directly by access on computer 1 proprietary protocol that runs by with access the communication that computer 1 is connectedTransmitter I 2 is transmitted directly to the communication receiver II 4 being connected on accessed computer 6;
Step 2:Accessed computer 6 captures the visiting demand of visitor again by the communication receiver II 4 being connected thereto, soAgain result is sent directly to and access by the communication transmitter II 5 being connected on accessed computer 6 according to specific requirement afterwardsOn the communication receiver I 3 that computer 1 is connected;
Step 3:Access computer 1 to send out from the communication being connected with accessed computer 6 by connected communication receiver I 3 againSend the result that response is obtained on device II 5.
According to selecting different communications transceivers to constitute different systems, there is following different embodiment.
Embodiment one:
The system of the present embodiment as shown in Fig. 2 in the present embodiment, respectively visit by communication transmitter I 2 and communication transmitter II 5Ask that computer screen 21 and accessed computer screen 51, the communication receiver I 3 and communication receiver II 4 respectively access photographic head 31With accessed photographic head 41;
The requirement of visitor is represented on computer screen 21 is accessed by accessing the proprietary protocol run on computer 1, is accessed computer 6 and leads toCross connected accessed photographic head 41 and capture the visiting demand represented computer screen 21 is accessed, then according to specific requirementAgain result is answered on coupled accessed computer screen 51, the access computer 1 of visitor is again by connected visitAsk that photographic head 31 obtains the result of response from accessed computer screen 51.
Represent that the require information and result of visitor answer the side of information by the output of computer display screen curtain in the present embodimentThe method that method answers information with require information and result that visitor is obtained by photographic head is corresponding, if the acquisition of informationMethod is the recognition methodss by image to word(It is referred to as in the industry OCR), then the interactive information being displayed on computer display screen curtainIt is exactly graph text information;If the acquisition methods of information are identified by Quick Response Code agreement, computer display screen is displayed inInteractive information on curtain is with regard to 2 D code information.For example, when the require information of visitor is displayed in access computer in the form of Quick Response CodeWhen on screen 21, accessed computer 6 captures the Quick Response Code A for accessing computer screen 21 by being accessed photographic head 41(Require information),Then answer message result to be equally displayed on accessed computer screen 51 in the form of Quick Response Code, then by accessing photographic head 31Capture the Quick Response Code B on accessed computer screen 51(As a result answer message)Pass on the access computer screen 21 for accessing computer 1, makeVisitor obtains the result responded.
Embodiment two:
As shown in figure 3, in the present embodiment, communications transceiver adopts optoelectronic transceivers to the system of the present embodiment.Photoelectric sender I22 used as communication transmitter I 2, and photoelectric sender II 52 is used as communication transmitter II 5;Photelectric receiver I 32 is received as communicationDevice I 3, photelectric receiver II 42 is used as communication receiver II 4.The requirement of visitor is directly by the privately owned association run on access computer 1View is media transmission to the opto-electronic receiver that be connected to accessed computer on 6 with light by connected photoelectric sender I 22 againDevice II 42, accessed computer 6 capture the visiting demand of visitor, Ran Hougen again by the photelectric receiver II 42 being connected theretoAgain result is sent to by the photoelectric sender II 52 being connected on accessed computer 6 according to specific requirement and accesses 1 phase of computerOn the photelectric receiver I 32 of connection, access computer 1 again by connected photelectric receiver I 32 from 6 phase of accessed computerThe result of response is obtained on the photoelectric sender II 52 of connection.
Optoelectronic transceivers or fiber optical transceiver or photoelectronic coupler or infrared transceiver in the present embodiment.
Embodiment three:
As shown in figure 4, in the present embodiment, communications transceiver adopts radio transceiver to the system of the present embodiment;Radio is sent out, used as communication transmitter I 2, transmitting set II 53 is used as communication transmitter II 5 for emitter I 23;I 33 conduct of radio receiverCommunication receiver I 3, radio receiver II 43 is used as communication receiver II 4.The requirement of visitor is directly by fortune on access computer 1Capable proprietary protocol is accessed electric to being connected to by media transmission of electromagnetic wave by connected transmitting set I 23 againRadio receiver II 43 on brain 6, accessed computer 6 catch visiting by the radio receiver II 43 being connected thereto againThe visiting demand of visitor, then according to specific requirement again result by the transmitting set II that is connected on accessed computer 653 are sent to as media with electromagnetic wave and are accessed on the radio receiver I 33 that is connected of computer 1, access computer 1 again by withThe radio receiver I 33 of its connection obtains the knot of response from the transmitting set II 53 being connected with accessed computer 6Really.
Radio transceiver or conventionally used radio set in the present embodiment or at present on the market wirelessData transmission equipment or WIFI equipment or bluetooth equipment.
Example IV:
As shown in figure 5, in the present embodiment, communications transceiver is using the wire communication for needing Mechanical Contact for the system of the present embodimentTransceiver;, used as communication transmitter I 2, wire communication transmitter II 54 is used as communication transmitter II 5 for wire communication transmitter I 24;, used as communication receiver I 3, wire communication receptor II 44 is used as communication receiver II 4 for wire communication receptor I 34.Visitor'sRequire directly directly to be transmitted by connected wire communication transmitter I 24 by the proprietary protocol run on access computer 1 againTo the wire communication receptor II 44 being connected on accessed computer 6, accessed computer 6 cable modem again by being connected theretoNews receptor II 44 captures the visiting demand of visitor, then according to specific requirement again result by being connected to accessed computerWire communication transmitter II 54 on 6 is sent directly to and accesses on the wire communication receptor I 34 that computer 1 is connected, and accessesComputer 1 is again by connected wire communication receptor I 34 from the wire communication transmitter II being connected with accessed computer 6The result of response is obtained on 54.
It is total that wire communication transceiver in the present embodiment includes but be not limited solely to wired network adapter, photoelectronic coupler, CANLine, RS-485 buses, RS-422 buses, RS-232 interface communication apparatus, IIC and SPI interface communication apparatus.
Embodiment five:
As shown in fig. 6, in the present embodiment, communications transceiver adopts the transmitting-receiving with mechanical wave as media to the system of the present embodimentDevice;, used as communication transmitter I 2, mechanical wave generator II 55 is used as communication transmitter II 5 for mechanical wave generator I 25;Mechanical wave connectsDevice I 35 is received as communication receiver I 3, mechanical wave receiver II 45 is used as communication receiver II 4.The requirement of visitor is directly by visitingAsk that the proprietary protocol run on computer 1 is transmitted directly to be connected to by connected mechanical wave generator I 25 again accessedMechanical wave receiver II 45 on computer 6, accessed computer 6 are captured by the mechanical wave receiver II 45 being connected thereto againThe visiting demand of visitor, then according to specific requirement again result by the mechanical wave generator that is connected on accessed computer 6II 55 are sent directly to and access on the mechanical wave receiver I 35 that computer 1 is connected, and access computer 1 again by connectedMechanical wave receiver I 35 obtains the result of response from the mechanical wave generator II 55 being connected with accessed computer 6.Such as Fig. 6It is shown.
The transceiver with mechanical wave as media described in the present embodiment includes but is not limited solely to ultrasonic transmitter-receiver, peopleThe audible common sound wave transceiver of ear, the latter include microphone(MIC)And its acoustic receiver that amplifier is constituted(Also be commonly called asPick up)The sonic generator constituted with audio frequency power amplifier and loudspeaker.
Embodiment six:
As shown in fig. 7, in the present embodiment, infrared transmitter 26 is used as communication transmitter I 2, ultrasound for the system of the present embodimentWave producer 56 is used as communication transmitter II 5;Ultrasonic receiver 36 is used as communication receiver I 3,46 conduct of infrared light receiverCommunication receiver II 4.The requirement of visitor directly passes through connected infrared light again by the proprietary protocol run on access computer 1Emitter 26 is transmitted directly to the infrared light receiver 46 being connected on accessed computer 6, and accessed computer 6 is again by being connected toInfrared light receiver 46 thereon captures the visiting demand of visitor, then according to specific requirement again result by be connected to byAccess the supersonic generator 56 on computer 6 to be sent directly to and access on the ultrasonic receiver 36 that computer 1 is connected, accessComputer 1 is obtained from the supersonic generator 56 being connected with accessed computer 6 by connected ultrasonic receiver 36 againFetch the result answered.
In the present embodiment, we referred to as access transceiver the communications transceiver of transmission visiting demand(As communication is sent outSend device I 2 and communication receiver I 3), the referred to as accessed transceiver of communications transceiver for answering visiting demand(As communication sendsDevice II 5 and communication receiver II 4), described access transceiver and accessed transceiver be not necessarily by the use of identical media asThe transceiver of the similar media of carrier wave, as long as the communication transmitter I 2 is mutually paired with communication receiver II 4, communication transmitterII 5 are mutually paired with communication receiver I 3.
Used as one kind conversion of the present embodiment, described access transceiver and accessed transceiver may each be but not only officeIt is limited to embodiment one to any one transceiver being mutually paired described in embodiment five.The transmitting-receiving that can be used is enumerated nowDevice, but it is not limited solely to any pair product of following pairing:1st, ultrasonic transmitter-receiver;2nd, the audible common sound wave of human ear is receivedSend out device(Common are by microphone(MIC)And its acoustic receiver that amplifier is constituted(Also it is commonly called as pick up)And audio frequency power amplifierAnd the sound transmitter that loudspeaker are constituted);3rd, optoelectronic transceivers;4th, fiber optical transceiver;5th, bluetooth equipment;6th, WIFI equipment;7th, haveGauze card;8th, wireless network card;9th, twoway radio;10th, display screen and photographic head;11st, wire communication equipment:Such as wired networkCard, the communication of CAN interface communication apparatus, RS-485 bus interface equipments, RS-422 bus interface equipments, RS-232 interface setStandby, IIC and SPI interface communication apparatus, other buses or parallel interface communication apparatus.
Using the technical scheme of the present embodiment, communications transceiver adopts two kinds of different types, internetwork physical isolationMore preferably, initial data is just less by the probability of visitor's malicious sabotage for effect.
Privately owned access protocal in the present invention can be regarded as:The agreement of initial data can be directly accessed, is also included:When the 3rdWhen square application program provides access service for visitor using interface function, the function is removing the letter of the accessed data safety of harmThis privately owned access protocal is reused after breath and transmits remaining visiting demand information, so as to reach the visit for visitor being met to desired dataAsk requirement.
Above content is with reference to specific preferred implementation further description made for the present invention, it is impossible to assertThe present invention be embodied as be confined to the record of the various embodiments described above, for the ordinary skill people of the technical field of the inventionFor member, without departing from the inventive concept of the premise, some simple deduction or replace can also be made, should be all considered as belonging toThe scope of patent protection that the present invention is determined by the claims submitted to.