Home --- Finished Product Sales Agency --- Finished Product Sales Agency --- Data Security Gateway CPC-DSG0101
Data Security Gateway CPC-DSG0101

  • Data Security Gateway CPC-DSG0101

Data Security Gateway CPC-DSG0101

● Full Hardware Isolation Architecture

● Compliance with national cryptographic standards

● IPv4/IPv6 dual protocol stack

Inquire Now +

PRODUCT DESCRIPTION

Data Security Gateway (CPC-DSG0101) is a key component in Bangyan Cloud PC system. Its core function is to achieve secure isolation and data encryption transmission between different networks (for example, terminal access network and business data network) to prevent illegal data penetration between different networks. This product has features such as secure isolation, data encryption, IPv4/IPv6 dual protocols, and can meet the security requirements of cross-network unified operation and maintenance management of the Cloud PC management platform.


Product Features

Full Hardware Isolation Architecture

The data security gateway adopts a full FPGA hardware isolation architecture. Its business processing is completely implemented by the FPGA chips in the intranet processing module, isolation module, and external network processing module. The CPU is only responsible for configuration management and does not participate in specific business processing. The specific features are as follows:


1) The intranet processing module, isolation module, and external network processing module all implement business processing by FPGA chips, avoiding the intervention of the operating system and ensuring higher security and stability.


2) The isolation module is interconnected with the intranet processing module and the external network processing module through the LVDS bus, using a private protocol instead of the traditional network protocol, thereby further enhancing the security isolation capability of the system.


3) The FPGA modules of the intranet and the external network support filtering rules based on five tuples (including protocol type, source IP address, destination IP address, source port, destination port), effectively preventing intrusion and attacks from the external network.


Compliance with national cryptographic standards

The data security gateway supports the national cryptographic standard SM2, SM3, and SM4 cryptographic algorithms to protect the confidentiality, integrity, and authenticity of data. Compliance with national cryptographic standards is reflected in the following two aspects:


1) Supported national cryptographic algorithms

a) SM2 algorithm: used for public key encryption and digital signature. Used in data security gateways for key exchange, digital signature and identity authentication to ensure the authenticity and reliability of the identities of both parties in communication (data security gateways);

b) SM3 algorithm: used for hash function. Used in data security gateways to generate data summaries to ensure the integrity of data during transmission;

c) SM4 algorithm: used for symmetric encryption. Used in data security gateways to encrypt data to ensure the confidentiality of data during transmission.


2) Application scenarios of national secret algorithms

a) Data encryption transmission: The data security gateway uses the SM4 algorithm to encrypt the transmitted data to ensure that the data will not be stolen when it is transmitted in the network, and combines the SM3 algorithm for integrity check to ensure that the data has not been tampered with;

b) Key negotiation and management: The data security gateway uses the SM2 algorithm for key exchange and negotiation to ensure that the key exchange process is secure and cannot be eavesdropped when establishing a secure communication channel;

c) Digital signature and authentication: The data security gateway uses SM2 for digital signature and identity authentication to ensure that the identities of both parties in communication are credible and prevent man-in-the-middle attacks.


IPv4/IPv6 dual protocol stack

The data security gateway maintains independent routing and security policies for IPv4 and IPv6 protocols, applies unified security policy management rules, simplifies management, and supports cloud PC management platforms to access networks with different protocols.


1) Independent routing and security policies: The data security gateway maintains independent routing tables and security policies (including access control lists and encryption policies) for IPv4 and IPv6 respectively.

2) Unified security policy management: The data security gateway provides unified security policy management rules for IPv4 and IPv6, simplifying management and reducing the risk of configuration errors.

3) Dual-stack traffic parallel processing mechanism: The data security gateway allows the device to process IPv4 and IPv6 traffic simultaneously.

Product catalog

Contact Us

  • Tel.: +86 137 1417 1276
  • E-mail: qjdz2021@126.com
  • Add.: Apollo Industrial Park, Yuanshan Street, Longgang District, Shenzhen

Navigation

Request a Quote

Copyright © Shenzhen Qingjian Electronic Technology Co., Ltd. All Rights Reserved | Sitemap