SHENYANG INSTITUTE OF AUTOMATION, CHINESE ACADEMY OF SCIENCES
The present invention relates to an industrial embedded system-oriented network information security protection unit and protection method. The specific method is forming a network guard unit (NGU) by means of security technologies such as an integrated access control, identity authentication, and communication data encryption to provide active protection for a field control device. The NGU comprises an access control module, an identity authentication module, a data encryption module, a key negotiation module, and a PCIE communication module, and supports dual network interface card and PCIE bus communication modes. According to the present invention, on the basis of the correctness and feasibility of ensuring the security of terminal devices in an industrial control system, a secure and trusted operating environment is constructed for the industrial control system by combining an active protection technical measure in the field of information security.