CN102034055B - High safety information system-based network system platform - Google Patents
High safety information system-based network system platform Download PDFInfo
- Publication number
- CN102034055B CN102034055B CN200910235363A CN200910235363A CN102034055B CN 102034055 B CN102034055 B CN 102034055B CN 200910235363 A CN200910235363 A CN 200910235363A CN 200910235363 A CN200910235363 A CN 200910235363A CN 102034055 B CN102034055 B CN 102034055B
- Authority
- CN
- China
- Prior art keywords
- storage component
- information processing
- processing apparatus
- state
- hardware switch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Abstract
The invention provides a high safety information system-based network system platform, which comprises a first information processing component, a second information processing component, a control component, a second storage component and a network connecting component, wherein the first information processing component is connected or disconnected with the second information processing component through an information communication wire and a pluggable signal connecting component as required; the control component comprises a hardware switch which at least comprises two states, namely, a first state and a second state; at least one control signal wire, which is used for performing writing operation on the second storage component, of the second information processing component is connected with the second storage component through the control component; the network connecting component is connected with the information processing components; and before the second information processing component operates a network connecting program, the hardware switch is in the first state. Attacks of hackers and viruses are prevented effectively and the contents of the second storage component can be updated safely by the first information processing component.
Description
Technical field
The present invention relates to the network system platform based on high-security information system, the method that particularly adopts processor controls to be connected signal with hardware between the memory bank prevents computer virus invasion and the method and apparatus of computer hacker's attack in the network connection service.
Background technology
The term explanation: said computer virus or virus all are identical implications among the present invention; It is the clearly definition that comprises in the employing " Computer Information System Security Protection Ordinance of the People's Republic of China "; Be that computer virus " refers to work out or the destruction computer function that in computer program, inserts or destroy data, influence computing machine use and a set of computer instructions or program code that can self-replacation "; Be also contained in the destruction infosystem function inserted in the infosystem except computing machine or destroy data, influence that infosystem is used and perhaps program code of one group of infosystem instruction that can self-replacation.Like the virus in portable terminals such as mobile phone, multimedia portable equipment.
The term explanation: said infosystem is meant with electronic hardware with calculation process device and information recording device and the electronic system of having stored a software program at least, like PC (PC), server, communication apparatus, multimedia equipment, portable terminal etc. among the present invention.
The development of Along with computer technology, the popularity rate of infosystems such as computing machine, portable terminal, communication apparatus is increasingly high, and the kind of computer virus is more and more, causes entirely collapsing of hardware loss, loss of data even infosystem.Particularly along with the development of internet technique, broadcast of computer virus and infection speed improve rapidly, bring the massive losses of a lot of puzzlements and aspects such as economy, spirit for people use infosystem.
Assault provides prestige, the service quality of website to cause great infringement for information service, and the report of the major event that the government website that occurs often is modified by assault, webpage influences the image of government.
Prevention method for computer virus adopts computer fire proof wall and installation anti-virus software to carry out killing virus more at present.Wherein computer fire proof wall mainly is to limit or the restriction of part computer program process interface through some PORT COM for computing machine; This method can not be removed the virus that has existed in the infosystem, can not stop the non-network port such as serial ports, parallel port, the USB physical interfaces such as (USBs) of viruliferous file through computing machine to import in the infosystem.Anti-virus software generally is made up of virus checking engine (Scan Engine) and virus characteristic storehouse (VirusDefinition).The virus checking engine is checked the file in the infosystem according to the virus characteristic in the virus characteristic storehouse computer documents; If find to have corresponding virus pattern code to exist; Then show this document by specific computer virus infection, anti-virus software adopts relative measures that computer virus is removed.Utilize anti-virus software to carry out Prevention and Cure of Computer Virus, need frequent renewal virus characteristic storehouse, because every kind of new computer virus all can have the condition code that is different from known viruse; After new virus produces,, just can find out its condition code through it is analyzed; It is added in original virus characteristic storehouse, and the new virus of anti-virus software ability killing of constantly upgrading this shows; This method always lags behind the appearance of new virus, can't find for the new virus that in normal program or data, does not also show effect of hiding, and can't realize the prevention to new virus; In case the condition of new virus outbreak satisfies; Will damage infosystem, light then influence the operation of system, heavy then cause the paralysis of infosystem.And frequent anti-virus software is upgraded and is made troubles and economically continuous input to the user.Even so, because new virus constantly occurs, still can not use by the normal fully of guarantee information system.
For solving the shortcoming of present anti-virus software, people have also proposed some solutions.
On February 16th, 2005 disclosed one Chinese patent application number be 03143793.1 patent name for disclose in the file of " a kind of method and device that prevents computer virus " be employed in operating file before the method judgement of raw information data and current file information material of record and comparison file whether allow to move this document; This method can refuse that the file of infective virus is performed at this machine, avoids computer virus further to infect alternative document.But because this document has been stored in this computing machine; Possibly be copied in other infosystems through network or other modes; Thereby do not solve the infection of computer virus problem, this document have computer virus before raw information how to judge file simultaneously generated?
On August 17th, 2005 disclosed one Chinese patent application number be to disclose in the file of 038118423.4 patent name for " The deformation calculation machine virus detects " to adopt register signatures to detect the virus of distortion and other types, but still be based on the viral test mode of having imported into after the infosystem.
Operation action through watchdog routine is disclosed on August 16th, 2006, disclosed one Chinese patent application number was for the file of 200510007682.X patent name for " computer protecting method of analyzing based on program behavior "; With attack record in the recognition rule storehouse and compare and judge whether infective virus of file; This method requires to judge through executive routine; Cause viruliferous file to move also transmitted virus, and malicious in spite of illness file can can't be found viruliferous program in advance with being intended to copy between storage medium.
On April 14th, 2004 disclosed one Chinese patent application number be to disclose employing client-server mode in the file of 03156347.3 patent name for " method of ring property detection computations machine virus is duplicated in a kind of utilization "; Metadata on the client computer is sent to the method for carrying out risk assessment in the server, does not still solve the problem of the system of importing into malicious file.
Because such scheme does not still solve the problem that computer virus is propagated, the technological solution that therefore needs to seek other prevents broadcast of computer virus and infection effectively.
The application number that applicant of the present invention applied on November 20th, 2007 is that 200710177690.8 denominations of invention are that " a kind of method and apparatus that prevents computer virus " is though also solved the problem of cutting off the approach of virus disseminating by the patented claim of Grant Patent Right for Invention; But the network problem for assault causes does not still solve, and is not had fine solution for webpage by the problem of illegal especially.
Summary of the invention
The objective of the invention is to overcome the shortcoming of above-mentioned prior art; Propose a kind of high-security information system and solve the shortcoming of prior art, and the method that just in high-security information system of the present invention, how to realize electrifying startup, software installation, operating software, connection network is studied with security with not by illegal with realizing infosystem with part at least.
For addressing the above problem, the technical solution that the present invention proposes is based on following knowledge and method:
Cause the infosystem of prior art to be by assault or by the essence of infective virus: all information of existing information system are stored in the memory unit of infosystem with data mode; The software of infosystem operation can carry out write operation for memory unit, and promptly the memory contents of memory unit can be made amendment by software.Though existing software such as Windows operating system have been taked a lot of safety practices, on the one hand, as long as just might there be leak in the software that people write; Be meant on the other hand and want software can control the write operation for memory unit, the hacker just can revise the content of memory unit, and virus just can write the data of destroying memory unit in the memory unit with its Virus Info.
Technology of the present invention is a kind of new safety information system of design; The write operation of the memory unit in the infosystem is not to be controlled by software fully; But the write operation through the memory unit in the connection control information system of hardware signal and make this connection control not realized by the software of infosystem or program; When infosystem when the outside provides information, thereby the hardware signal of the write operation through cut off realizing memory unit is realized any assault or virus attack and all can't be revised the content in the memory unit.The hardware signal that when needing the content of updated stored parts, passes through the write operation of connection realization memory unit is simultaneously realized the renewal operation of information.Cut-out or connection to hardware signal do not receive the instruction or the software control of infosystem fully, but are controlled by special hardware switch.The method of corresponding electrifying startup, software installation, operating software, connection network also is different from prior art.
Solution based on the network system platform of high-security information system has a plurality of schemes, is respectively:
1, a kind of network system platform based on high-security information system is characterized in that comprising:
First information processing element;
Second information processing apparatus;
But the signal connecting element part of said first information processing element through an information communication line and a plug is connected when needed with said second information processing apparatus or breaks off;
Control assembly, said control assembly comprises hardware switch, and said hardware switch comprises two states at least: first state and second state;
Second storage component; Said second storage component is carried out write operation and/or Data Update operation and/or data modification operation to said second information processing apparatus and/or data are added operation and/or data deletion is operated and/or at least one control signal wire of Refresh Data operation is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal to be connected with the signal wire of said second storage component;
The network link, said network link is connected with information processing apparatus;
Said hardware switch is in first state before the said second information processing apparatus operational network linker.
2, a kind of network system platform based on high-security information system is characterized in that comprising:
First information processing element;
Second information processing apparatus;
But the signal connecting element part of said first information processing element through an information communication line and a plug is connected when needed with said second information processing apparatus or breaks off;
The system bootstrap routine that solidifies, said system bootstrap routine makes said second information processing apparatus be in running status;
Control assembly, said control assembly comprises hardware switch, and said hardware switch comprises two states at least: first state and second state;
Second storage component; Said second storage component is carried out write operation and/or Data Update operation and/or data modification operation to said second information processing apparatus and/or data are added operation and/or data deletion is operated and/or at least one control signal wire of Refresh Data operation is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal to be connected with the signal wire of said second storage component;
The network link, said network link is connected with information processing apparatus;
Said hardware switch is in first state before the said second information processing apparatus operational network linker.
3, a kind of network system platform based on high-security information system is characterized in that comprising:
First information processing element;
Second information processing apparatus;
But the signal connecting element part of said first information processing element through an information communication line and a plug is connected when needed with said second information processing apparatus or breaks off;
Control assembly, said control assembly comprises hardware switch, and said hardware switch comprises two states at least: first state and second state;
First storage component, said second information processing apparatus can carry out to said first storage component that data read and data write operation;
Second storage component; Said second storage component is carried out write operation and/or Data Update operation and/or data modification operation to said second information processing apparatus and/or data are added operation and/or data deletion is operated and/or at least one control signal wire of Refresh Data operation is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal to be connected with the signal wire of said second storage component;
The network link, said network link is connected with information processing apparatus;
Said hardware switch is in first state before the said second information processing apparatus operational network linker.
4, a kind of network system platform based on high-security information system is characterized in that comprising:
First information processing element;
Second information processing apparatus;
But the signal connecting element part of said first information processing element through an information communication line and a plug is connected when needed with said second information processing apparatus or breaks off;
The system bootstrap routine that solidifies, said system bootstrap routine makes said second information processing apparatus be in running status;
Control assembly, said control assembly comprises hardware switch, and said hardware switch comprises two states at least: first state and second state;
First storage component, said second information processing apparatus can carry out to said first storage component that data read and data write operation;
Second storage component; Said second storage component is carried out write operation and/or Data Update operation and/or data modification operation to said second information processing apparatus and/or data are added operation and/or data deletion is operated and/or at least one control signal wire of Refresh Data operation is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal to be connected with the signal wire of said second storage component;
The network link, said network link is connected with information processing apparatus;
Said hardware switch is in first state before the said second information processing apparatus operational network linker.
5, above four kinds of scheme optimizations is further to comprise to comprise information input part; Said information input part comprises at least one specific keys; The signal wire of said specific keys is connected with said control assembly, through the state that controls said hardware switch to said specific keys.
6, above four kinds of scheme optimizations is further to comprise system shell; Said system shell comprises at least one specific keys; The signal wire of said specific keys is connected with said control assembly, through the state that controls said hardware switch to said specific keys.
7, above four kinds of scheme optimizations is that said control assembly further comprises electrify restoration circuit, the hardware switch of said control assembly is powered on after always acquiescence be in first state.
8, above four kinds of scheme optimizations is that the hardware switch of said control assembly further comprises the third state.
9, above-mentioned information processing apparatus carries out at least one write control signal line of write operation to said second storage component and at least one read control signal line of read operation is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said write control signal and is connected with the signal wire of said second storage component and keeps said read control signal to be connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said write control signal to be connected with the signal wire of said second storage component keeping said read control signal to be connected with the signal wire of said second storage component simultaneously; When said hardware switch was in the third state, said control assembly cut off said write control signal and is connected with the signal wire of said second storage component and cuts off said read control signal simultaneously and be connected with the signal wire of said second storage component.
The method for energizing and starting of high-security information system is:
1, a kind of method for energizing and starting of high-security information system comprises following operation:
Said high-security information system comprises information processing apparatus, control assembly, second storage component; Said control assembly comprises hardware switch; Said information processing apparatus carries out write operation to said second storage component at least one control signal wire is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal to be connected with the signal wire of said second storage component, comprises following steps;
Operating said hardware switch makes said hardware switch be in first state;
Power on for said system;
Said control assembly cuts off said control signal and is connected with the signal wire of said second storage component;
Said information processing apparatus is accomplished power-up initializing.
2, a kind of method for energizing and starting of high-security information system is characterized in that:
Said high-security information system comprises information processing apparatus, control assembly, first storage component, second storage component; Said control assembly comprises hardware switch; Said second storage component has been stored at least one software program that can move at said information processing apparatus; Said information processing apparatus carries out write operation to said second storage component at least one control signal wire is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal to be connected with the signal wire of said second storage component, comprises following steps;
Operating said hardware switch makes said hardware switch be in first state;
Power on for said system;
Said control assembly cuts off said control signal and is connected with the signal wire of said second storage component;
Said information processing apparatus is accomplished power-up initializing;
Said information processing apparatus reads said software program and stores said first storage component into from said second storage component;
The said software program of said first storage component is stored in said information processing apparatus operation into.
3, a kind of method for energizing and starting of high-security information system is characterized in that:
Said high-security information system comprises the system bootstrap routine of information processing apparatus, control assembly, first storage component, second storage component, curing; Said control assembly comprises hardware switch; Said second storage component has been stored at least one software program that can move at said information processing apparatus; Said information processing apparatus carries out write operation to said second storage component at least one control signal wire is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal to be connected with the signal wire of said second storage component, comprises following steps;
Operating said hardware switch makes said hardware switch be in first state;
Power on for said system;
Said control assembly cuts off said control signal and is connected with the signal wire of said second storage component;
Said information processing apparatus is carried out the system bootstrap routine of said curing and is accomplished power-up initializing;
Said information processing apparatus reads said software program and stores said first storage component into from said second storage component;
The said software program of said first storage component is stored in said information processing apparatus operation into.
The software installation method of high-security information system is:
1, a kind of software installation method of high-security information system is characterized in that:
Said high-security information system comprises information processing apparatus, control assembly, second storage component; Said control assembly comprises hardware switch; Said information processing apparatus carries out write operation to said second storage component at least one control signal wire is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal to be connected with the signal wire of said second storage component, comprises following steps;
Make said high-security information system be in normal operating condition;
Operate said hardware switch and make said hardware switch be in second state, make said control assembly be communicated with said control signal and be connected with the signal wire of said second storage component;
Said information processing apparatus will need installed software to be installed in said second storage component becomes install software;
Operate said hardware switch and make said hardware switch be in first state, make said control assembly cut off said control signal and be connected with the signal wire of said second storage component.
2, a kind of software installation method of high-security information system is characterized in that:
Said high-security information system comprises information processing apparatus, control assembly, first storage component, second storage component; Said control assembly comprises hardware switch; Said information processing apparatus carries out write operation to said second storage component at least one control signal wire is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal to be connected with the signal wire of said second storage component, comprises following steps;
Make said high-security information system be in normal operating condition;
Said information processing apparatus will need installed software to be installed in said first storage component becomes install software;
Operate said hardware switch and make said hardware switch be in second state, make said control assembly be communicated with said control signal and be connected with the signal wire of said second storage component;
Said information processing apparatus writes said second storage component after said install software is read from said first storage component;
Operate said hardware switch and make said hardware switch be in first state, make said control assembly cut off said control signal and be connected with the signal wire of said second storage component;
3, a kind of software installation method of high-security information system is characterized in that:
Said high-security information system comprises information processing apparatus, control assembly, first storage component, second storage component; Said control assembly comprises hardware switch; Said information processing apparatus carries out write operation to said second storage component at least one control signal wire is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal to be connected with the signal wire of said second storage component, comprises following steps;
Make said high-security information system be in normal operating condition;
Operate said hardware switch and make said hardware switch be in second state, make said control assembly be communicated with said control signal and be connected with the signal wire of said second storage component;
Said information processing apparatus will need installed software to be installed in said second storage component becomes install software;
Operate said hardware switch and make said hardware switch be in first state, make said control assembly cut off said control signal and be connected with the signal wire of said second storage component.
The operating software method of high-security information system is:
1, a kind of operating software method of high-security information system is characterized in that:
Said high-security information system comprises information processing apparatus, control assembly, second storage component; Said control assembly comprises hardware switch; Said second storage component has been stored at least one software program that can move at said information processing apparatus; Said information processing apparatus carries out write operation to said second storage component at least one control signal wire is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal to be connected with the signal wire of said second storage component, comprises following steps;
Operating said hardware switch makes said hardware switch be in first state;
Said information processing apparatus leaves in the storage space of information processing apparatus from the part or all of code that said second storage component reads said software program;
Said information processing apparatus moves said part or all of code.
2, a kind of operating software method of high-security information system is characterized in that:
Said high-security information system comprises information processing apparatus, control assembly, first storage component, second storage component; Said control assembly comprises hardware switch; Said second storage component has been stored at least one software program that can move at said information processing apparatus; Said information processing apparatus carries out write operation to said second storage component at least one control signal wire is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal to be connected with the signal wire of said second storage component, comprises following steps;
Operating said hardware switch makes said hardware switch be in first state;
Said information processing apparatus reads said software program and stores said first storage component into from said second storage component;
The said software program of said first storage component is stored in said information processing apparatus operation into.
3, a kind of operating software method of high-security information system is characterized in that:
Said high-security information system comprises the system bootstrap routine of information processing apparatus, control assembly, first storage component, second storage component, curing; Said control assembly comprises hardware switch; Said second storage component has been stored at least one software program that can move at said information processing apparatus; Said information processing apparatus carries out write operation to said second storage component at least one control signal wire is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal to be connected with the signal wire of said second storage component, comprises following steps;
Operating said hardware switch makes said hardware switch be in first state;
Said information processing apparatus reads said software program and stores said first storage component into from said second storage component;
The said software program of said first storage component is stored in said information processing apparatus operation into.
The method that high-security information system connects network is:
1, a kind of high-security information system connects the method for network, it is characterized in that:
Said high-security information system comprises information processing apparatus, control assembly, second storage component, network components; Said control assembly comprises hardware switch; Said second storage component has been stored the network linker that can move at said information processing apparatus; Said information processing apparatus carries out write operation to said second storage component at least one control signal wire is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch is in second state; Said control assembly keeps said control signal to be connected with the signal wire of said second storage component; Said high-security information system is connected with network through network components under the control of said information processing apparatus, comprises following steps;
Operating said hardware switch makes said hardware switch be in first state;
Said information processing apparatus leaves in the storage space of information processing apparatus from the code that said second storage component reads said network linker;
Said information processing apparatus moves said code and realizes and being connected of network.
2, a kind of high-security information system connects the method for network, it is characterized in that:
Said high-security information system comprises information processing apparatus, control assembly, second storage component, network components; Said control assembly comprises hardware switch; Said second storage component has been stored the network linker that can move at said information processing apparatus; Said information processing apparatus carries out write operation to said second storage component at least one control signal wire is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch is in second state; Said control assembly keeps said control signal to be connected with the signal wire of said second storage component; Said high-security information system is connected with network through network components under the control of said information processing apparatus, comprises following steps;
Operating said hardware switch makes said hardware switch be in first state;
Said information processing apparatus moves said network linker in the said second storage component and realizes and being connected of network.
3, a kind of high-security information system connects the method for network, it is characterized in that:
Said high-security information system comprises information processing apparatus, control assembly, first storage component, second storage component, network components; Said control assembly comprises hardware switch; Said second storage component has been stored the network linker that can move at said information processing apparatus; Said information processing apparatus carries out write operation to said second storage component at least one control signal wire is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch is in second state; Said control assembly keeps said control signal to be connected with the signal wire of said second storage component; Said high-security information system is connected with network through network components under the control of said information processing apparatus, comprises following steps;
Operating said hardware switch makes said hardware switch be in first state;
Said information processing apparatus reads said network linker and stores said first storage component into from said second storage component;
The said network linker realization of said first storage component and being connected of network are stored in said information processing apparatus operation into.
4, a kind of high-security information system connects the method for network, it is characterized in that:
Said high-security information system comprises system bootstrap routine, the network components of information processing apparatus, control assembly, first storage component, second storage component, curing; Said control assembly comprises hardware switch; Said second storage component has been stored the network linker that can move at said information processing apparatus; Said information processing apparatus carries out write operation to said second storage component at least one control signal wire is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said control signal and is connected with the signal wire of said second storage component; When said hardware switch is in second state; Said control assembly keeps said control signal to be connected with the signal wire of said second storage component; Said high-security information system is connected with network through network components under the control of said information processing apparatus, comprises following steps;
Operating said hardware switch makes said hardware switch be in first state;
Said information processing apparatus reads said network linker and stores said first storage component into from said second storage component;
The said network linker realization of said first storage component and being connected of network are stored in said information processing apparatus operation into.
5, a kind of high-security information system connects the method for network, it is characterized in that:
Said high-security information system comprises information processing apparatus, control assembly, second storage component, network components; Said control assembly comprises hardware switch; Said second storage component has been stored the network linker that can move at said information processing apparatus; Said second storage component is carried out at least one write control signal line of write operation to said information processing apparatus and at least one read control signal line of read operation is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said write control signal and is connected with the signal wire of said second storage component and keeps said read control signal to be connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said write control signal to be connected with the signal wire of said second storage component keeping said read control signal to be connected with the signal wire of said second storage component simultaneously; When said hardware switch is in the third state; Said control assembly cuts off said write control signal and is connected with the signal wire of said second storage component and cuts off said read control signal simultaneously and be connected with the signal wire of said second storage component; Said high-security information system is connected with network through network components under the control of said information processing apparatus, comprises following steps;
Operating said hardware switch makes said hardware switch be in first state;
Said information processing apparatus leaves in the storage space of information processing apparatus from the code that said second storage component reads said network linker;
Operating said hardware switch makes said hardware switch be in the third state;
Said information processing apparatus moves said code and realizes and being connected of network.
6, a kind of high-security information system connects the method for network, it is characterized in that:
Said high-security information system comprises information processing apparatus, control assembly, first storage component, second storage component, network components; Said control assembly comprises hardware switch; Said second storage component has been stored the network linker that can move at said information processing apparatus; Said second storage component is carried out at least one write control signal line of write operation to said information processing apparatus and at least one read control signal line of read operation is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said write control signal and is connected with the signal wire of said second storage component and keeps said read control signal to be connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said write control signal to be connected with the signal wire of said second storage component keeping said read control signal to be connected with the signal wire of said second storage component simultaneously; When said hardware switch is in the third state; Said control assembly cuts off said write control signal and is connected with the signal wire of said second storage component and cuts off said read control signal simultaneously and be connected with the signal wire of said second storage component; Said high-security information system is connected with network through network components under the control of said information processing apparatus, comprises following steps;
Operating said hardware switch makes said hardware switch be in first state;
Said information processing apparatus reads said network linker and stores said first storage component into from said second storage component;
Operating said hardware switch makes said hardware switch be in the third state;
The said network linker realization of said first storage component and being connected of network are stored in said information processing apparatus operation into.
Beneficial effect of the present invention: utilize the present invention; The control of hardware resources power of infosystem is not exclusively by software control; But the resource of infosystem is controlled by the parts beyond the software through artificial control; So when some resource of hoping infosystem is invalid for certain operational order; Just can make this resource of infosystem inoperative through artificial control for certain operational order; When some resource of hoping infosystem is effective for certain operational order, just can this resource of infosystem be worked for certain operational order through artificial control, like this computer virus or Hacker Program also with regard to the purpose that can not realize computer virus or Hacker Program and normal software still artificial control down completion for the write operation of certain resource; Make infosystem reach immunocompetence up hill and dale, realize real safety information system for computer virus or Hacker Program.
Description of drawings:
Fig. 1 is first kind of solution principle schematic that the present invention realizes high-security information system
Fig. 2 is second kind of solution principle schematic that the present invention realizes high-security information system
Fig. 3 is the third solution principle schematic that the present invention realizes high-security information system
Fig. 4 is the 4th kind of solution principle schematic that the present invention realizes high-security information system
Fig. 5 is the 5th kind of solution principle schematic that the present invention realizes high-security information system
Fig. 6 is the method for energizing and starting process flow diagram of the high-security information system realized of the present invention
Fig. 7 is first kind of software installation method process flow diagram of the high-security information system realized of the present invention
Fig. 8 is second kind of software installation method process flow diagram of the high-security information system realized of the present invention
Fig. 9 is the operating software method flow diagram of the high-security information system realized of the present invention
Figure 10 is that first kind of the high-security information system realized of the present invention connects the network method process flow diagram
Figure 11 is that second kind of the high-security information system realized of the present invention connects the network method process flow diagram
Figure 12 is that first kind of network service based on high-security information system that the present invention realizes provides the platform synoptic diagram
Figure 13 is that second kind of network service based on high-security information system that the present invention realizes provides the platform synoptic diagram
Figure 14 is that the third network service based on high-security information system that the present invention realizes provides the platform synoptic diagram
Figure 15 is that the 4th kind of network service based on high-security information system that the present invention realizes provides the platform synoptic diagram
Figure 16 is that the 5th kind of network service based on high-security information system that the present invention realizes provides the platform synoptic diagram
Figure 17 is that the 6th kind of network service based on high-security information system that the present invention realizes provides the platform synoptic diagram
Embodiment:
In order to make those skilled in the art person understand the present invention better, the present invention is done further detailed description below in conjunction with accompanying drawing and embodiment.
Because infosystem is controlled for the hardware resource of infosystem based on operational order: storage data, reading matter data, calculation process etc.Just become the software of infosystem when the function set of writing these operational orders according to the function of concrete completion.People control for the hardware resource of infosystem through software, also comprise for the software that is stored in the infosystem to carry out read-write operation.And computer virus and Hacker Program also are to operate or control for the hardware resource of infosystem through the operational order that infosystem is supported; Make infosystem move the hardware resource of control information system according to computer-virus program or the desirable mode of Hacker Program.Because the existing information system can be by effective use for the hardware resource that makes infosystem, these resources are available for operating system and application software, promptly can carry out read operation, write operation, renewal operation etc.This also becomes computer virus or Hacker Program is accomplished the necessary condition of attacking.Be stored in the information of infosystem like the Hacker Program desired modifications, then need obtain for the write operation of the memory unit of infosystem or upgrade the ability of operation.Because the ability of the write operation of the memory unit of infosystem or renewal operation is to open to the software of operate as normal, Hacker Program also can find the write operation of the memory unit of infosystem or upgrade the breach of operating and revise the infosystem canned data.Same computer virus just can be in infosystem constantly the resource of control information system reach the purpose of computer virus.If but the control of hardware resources of infosystem power is not exclusively by software control; But the resource of infosystem is controlled by the parts beyond the software through artificial control; So when some resource of hoping infosystem is invalid for certain operational order; Just can make this resource of infosystem inoperative through artificial control for certain operational order; When some resource of hoping infosystem is effective for certain operational order; Just can this resource of infosystem be worked for certain operational order through artificial control; Like this computer virus or Hacker Program also with regard to the purpose that can not realize computer virus or Hacker Program and normal software still artificial control down completion make infosystem reach immunocompetence up hill and dale for the write operation of certain resource for computer virus or Hacker Program, realize real safety information system.
With reference to Fig. 1, Fig. 1 is first kind of solution principle schematic that the present invention realizes high-security information system.Information processing apparatus 101 and part signal 105 during signal between the second storage component 103 is connected are to be connected with second storage component 103 after becoming control output signal 106 after being handled by control assembly 102 again.Wherein control assembly 102 comprises a hardware switch 104.Said hardware switch 104 comprises two states: first state and second state; When hardware switch 104 was in first state, said control assembly 102 cut off said part signal 105 and is connected with the signal wire of said second storage component, and control output signal 106 does not reflect the information of part signal 105; When said hardware switch 104 was in second state, said control assembly 102 kept said part signal 105 to be connected with the signal wire of said second storage component, and control output signal 106 is identical with the information of part signal 105.Obviously; When part signal 105 is the signal of information processing apparatus 101 control second storage components 103 write operations; Can realize that information processing apparatus 101 depends on the state of hardware switch 104 for second storage component 103 write operations; And the state of hardware switch 104 can be artificial control, simultaneously hardware switch 104 is not controlled by information processing apparatus, infosystem just can artificially be controlled the storage resources that makes infosystem and instructs inoperative for write operation like this.In like manner, part signal 105 also can be the signal of information processing apparatus 101 control second storage components 103 read operations, can realize that artificial control makes the storage resources of infosystem inoperative for the read operation instruction.Equally also can realize realizing artificial controls and not receiving the control of information system software for all controlled hardware resources of infosystem.
Fig. 2 is second kind of solution principle schematic that the present invention realizes high-security information system.Compare with the realization instance of Fig. 1, on the basis of Fig. 1, the solution of Fig. 2 further comprises first storage component 201.Because the program of information processing apparatus operation can be carried out write operation to memory bank usually and done; And second storage component 103 is in the write operation disarmed state in the present invention usually to resist virus or hacker's attack; Be head it off; Increase a first storage component 201, information processing apparatus 101 can carry out read operation and write operation with first storage component 201.Deposited the program that needs operation at second storage component 103; Do not attacked in order to make the program that is stored in the second storage component 103; Information processing apparatus 101 is working procedure in second storage component 103 not; Write first storage component 201 but read out program from second storage component 103 earlier, then the program in the information processing apparatus 101 operation first storage components 201.Even virus or assault the program of first storage component 201; Also can be through reading the program that original program covers the first storage component of being attacked 201 fully again from second storage component 103, thus can remove the service disruption problem that virus or assault bring rapidly.
Fig. 3 is the third solution principle schematic that the present invention realizes high-security information system.On the basis of Fig. 2, the solution of Fig. 3 further comprises the system bootstrap routine 301 of curing.Realize that infosystem is in power up; The system bootstrap routine 301 that information processing apparatus 101 operations are solidified; Comprising will need further the program of operation to read out from second storage component 103 to write first storage component 201 automatically, then the program in the information processing apparatus 101 operation first storage components 201.What the system bootstrap routine 301 that solidifies usually adopted is read-only memory bank, and virus or hacker can not attack.And the system bootstrap routine 301 that increase to solidify, make infosystem can according to design philosophy of the present invention guarantee infosystem power at every turn the back automatically loadings need the program that move.
Fig. 4 is the 4th kind of solution principle schematic that the present invention realizes high-security information system.The solution of Fig. 4 is the further improvement on the solution basis of Fig. 3.Mainly be that control assembly 402 comprises a hardware switch 404.Said hardware switch 404 comprises three kinds of states: first state, second state and the third state; Can the control information processing element 101 with a plurality of signals of second storage component 103 to be in hardware manually controlled.When hardware switch 404 is in first state; Said control assembly 402 cuts off said part signal 105 and is connected with the signal wire of said second storage component; Control output signal 106 does not reflect the information of part signal 105 but keeps said part signal 405 to be connected with the signal wire of said second storage component simultaneously that control input signals 406 is identical with the information of part signal 405; When said hardware switch 404 is in second state; Said control assembly 402 keeps said part signal 105 to be connected with the signal wire of said second storage component; The information of control output signal 106 and part signal 105 is identical but keep said part signal 405 to be connected with the signal wire of said second storage component simultaneously, and control input signals 406 is identical with the information of part signal 405; When said hardware switch 404 is in the third state; Said control assembly 402 cuts off said part signal 105 and is connected with the signal wire of said second storage component; Control output signal 106 does not reflect the information of part signal 105 but cuts off said part signal 405 simultaneously and be connected with the signal wire of said second storage component that control input signals 406 does not reflect the information of part signal 405.Obviously; When part signal 105 is that the signal of information processing apparatus 101 control second storage components 103 write operations is when part signal 405 is the signal of information processing apparatus 101 control second storage components 103 read operations simultaneously; Can realize that information processing apparatus 101 all depends on the state of hardware switch 404 for second storage component 103 write operations and read operation; And the state of hardware switch 404 can be artificial control; Hardware switch 404 is not controlled by information processing apparatus simultaneously, and it is inoperative for write operation instruction and/or read operation that infosystem just can artificially be controlled the storage resources that makes infosystem like this.Equally also can realize realizing artificial controls and not receiving the control of information system software for all controlled hardware resources of infosystem.
Fig. 5 is the 5th kind of solution principle schematic that the present invention realizes high-security information system.The solution of Fig. 4 is the further improvement on the solution basis of Fig. 3.Mainly be further to increase electrify restoration circuit 501.Through electrify restoration circuit 501, when being powered on, infosystem make control assembly 402 be in the duty of hope.As but the state of forgetting manual switchover hardware switch 404 when avoiding the use of infosystem causes the power on undesirable state of state of back hardware switch 404 of system to become virus or the hacker attack to second storage component 103 like the write operation state.The improvement of more optimizing is, the state that forms when electrify restoration circuit 501 and the state of hardware switch 404 are to seasonable increase prompting parts, thereby the prompting user is correctly switched the state of hardware switch 404.
Fig. 6 is the method for energizing and starting process flow diagram of the high-security information system realized of the present invention.Solution with Fig. 3 is that example is explained method for energizing and starting flow process of the present invention.The said hardware switch of step 601 operation makes said hardware switch be in first state; Step 602 powers on for said system; The said control assembly of step 603 cuts off said control signal and is connected with the signal wire of said second storage component; The said information processing apparatus of step 604 is carried out the system bootstrap routine of said curing and is accomplished power-up initializing; The said information processing apparatus of step 605 reads said software program and stores said first storage component into from said second storage component; The said software program of said first storage component is stored in the said information processing apparatus operation of step 606 into.All read said software program and store said first storage component into owing to power at every turn, thereby even the back that guarantees at every turn to power on by virus or assault, makes the fast quick-recovery of infosystem through re-powering to remove fast from said second storage component.
Fig. 7 is first kind of software installation method process flow diagram of the high-security information system realized of the present invention.Solution with Fig. 1 is that example is explained software installation method flow process of the present invention.Step 701 infosystem is in normal operating condition; Make said hardware switch be in second state at the said hardware switch of step 702 operation, make said control assembly be communicated with said write operation control signal and be connected with the signal wire of said second storage component; Entering step 703 control information processing apparatus will need installed software to be installed in said second storage component becomes install software; Make said hardware switch be in first state at the said hardware switch of step 704 operation then, make said control assembly cut off said write operation control signal and be connected with the signal wire of said second storage component.Owing to only when software is installed, could carry out write operation, install the back just through hardware switch disconnection write operation signal, thereby make the software can be by infective virus or by assault to second storage component.
Fig. 8 is second kind of software installation method process flow diagram of the high-security information system realized of the present invention.Solution with Fig. 3 is that example is explained software installation method flow process of the present invention.Step 801 infosystem is in normal operating condition, and this moment, said hardware switch was in first state, made said control assembly cut off said write operation control signal and was connected with the signal wire of said second storage component; To need installed software to be installed in said first storage component at the said information processing apparatus of step 802 and become install software; Get into the said hardware switch of step 803 operation and make said hardware switch be in second state, make said control assembly be communicated with said write operation control signal and be connected with the signal wire of said second storage component; , the said information processing apparatus of step 804 writes said second storage component reading said install software from said first storage component after then; Get into the said hardware switch of step 805 operation again and make said hardware switch be in first state, make said control assembly cut off said write operation control signal and be connected with the signal wire of said second storage component.Owing to could carry out write operation to second storage component when writing said second storage component after only after the software installation, from said first storage component, reading; Write operation signal is just broken off through hardware switch in the copy back that finishes, thereby makes the software can be by infective virus or by assault.
Fig. 9 is the operating software method flow diagram of the high-security information system realized of the present invention.Solution with Fig. 3 is that example is explained software installation method flow process of the present invention.Infosystem is in normal operating condition, and the common switch of said hardware this moment is in first state, makes said control assembly cut off said write operation control signal and is connected with the signal wire of said second storage component; If not then at first making said hardware switch be in first state at the said hardware switch of step 901 operation; Getting into step 902 information processing apparatus then reads said software program and stores said first storage component into from said second storage component; Store the said software program of said first storage component in the operation of step 903 information processing apparatus.Because each run software all reads said software program and stores said first storage component into and in the operation of said first storage component from said second storage component; Virus or hacker can only attack the information of said first storage component but the information that can not attack said second storage component; And each run all reads said software program and stores said first storage component into from said second storage component, thereby makes the software can be by infective virus or by assault.
Figure 10 is that first kind of the high-security information system realized of the present invention connects the network method process flow diagram.Solution with Fig. 3 is that example is explained connection network method flow process of the present invention.Infosystem is in normal operating condition, and the common switch of said hardware this moment is in first state, makes said control assembly cut off said write operation control signal and is connected with the signal wire of said second storage component; If not then at first making said hardware switch be in first state at the said hardware switch of step 1001 operation; Getting into step 1002 information processing apparatus then reads said network linker and stores said first storage component into from said second storage component; Store the said network linker realization of said first storage component and being connected of network in the operation of step 1003 information processing apparatus.Because each run network linker all reads said network linker and stores said first storage component into and in the operation of said first storage component from said second storage component; Virus or hacker can only attack the network linker of said first storage component but can not attack the network linker of said second storage component; And each run all reads said network linker and stores said first storage component into from said second storage component, thereby makes the network linker can be by infective virus or by assault.
Figure 11 is that second kind of the high-security information system realized of the present invention connects the network method process flow diagram.Solution with Fig. 4 is that example is explained connection network method flow process of the present invention.Infosystem is in normal operating condition, and the common switch of said hardware this moment is in first state, makes said control assembly cut off said write operation control signal and is connected with the signal wire of said second storage component; If not then at first making said hardware switch be in first state at the said hardware switch of step 1101 operation; Getting into step 1102 information processing apparatus then reads said network linker and stores said first storage component into from said second storage component; Make said hardware switch be in the third state at the said hardware switch of step 1103 operation, make said control assembly cut off said write operation control signal and be connected with the signal wire of said second storage component with the read operation signal; And then the said network linker realization of said first storage component and being connected of network are stored in the operation of entering step 1104 information processing apparatus into.Because each run network linker all reads said network linker and stores said first storage component into and in the operation of said first storage component from said second storage component; And before the operation of said first storage component, operate said hardware switch and make said hardware switch be in the third state; Making said control assembly cut off said write operation control signal is connected with the signal wire of said second storage component with the read operation signal; Thereby cut off the read and write access of network or working procedure for said second storage component; Be that said second storage component is invisible as far as virus or hacker; Therefore virus or hacker can only attack the network linker of said first storage component but can not attack the network linker of said second storage component; And each run all reads said network linker and stores said first storage component into from said second storage component, thereby makes the network linker can be by infective virus or by assault.
Figure 12 is that first kind of network service based on high-security information system that the present invention realizes provides the platform synoptic diagram.Said high-security information system comprises information processing apparatus 1202, control assembly 1204, second storage component 1205 and network link 1206.Information processing apparatus 1202 and part signal during signal between the second storage component 1205 is connected are to be connected with second storage component 1205 after being handled by control assembly 1204 again.Wherein control assembly 1204 comprises a hardware switch.Said hardware switch comprises two states: first state and second state; When hardware switch was in first state, said control assembly 1204 cut off said part signal and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly 1204 kept said part signal to be connected with the signal wire of said second storage component.Said network link 1206 is connected with information processing apparatus 1202.When hardware switch is in first state before the said information processing apparatus 1202 operational network linkers; Said control assembly 1204 cuts off said part signal and is connected with the signal wire of said second storage component 1205; Be connected with the internet through said network link 1206 behind the operational network linker like this, carry out information communication.Even the information of transmitting in the interconnection network is by virus or assault, owing to can not revise information and data for said second storage component, thereby can be by the virus attack of hacker's goods.Make infosystem have very high security.
Figure 13 is that second kind of network service based on high-security information system that the present invention realizes provides the platform synoptic diagram.Different with the implementation of Figure 12 is to upgrade for the information of second storage component through another information processing apparatus; Particularly for information service system as one type on government's electronic service platform; If its information spinner offers popular information reliably; And by internal network connection the carrying out renewal of exhibition information; Infosystem in the past is the security through enhanced system such as fire wall, antivirus softwares, but because the memory bank of its canned data can carry out write operation through software, is occurred by the report of illegal and incident by assault, original information thereby government website often occurs.The system that employing is invented can avoid the appearance of similar incidents.Said high-security information system comprises first information processing element 1301, second information processing apparatus 1302, control assembly 1304, second storage component 1305 and network link 1306.But the signal connecting element part 1307 that said first information processing element 1301 is passed through an information communication line 1303 and a plug is connected when needed with said second information processing apparatus 1302 or breaks off.Said information processing apparatus 1302 and part signal during signal between the second storage component 1305 is connected are to be connected with second storage component 1305 after being handled by control assembly 1304 again.Wherein control assembly 1304 comprises a hardware switch.Said hardware switch comprises two states: first state and second state; When hardware switch was in first state, said control assembly 1304 cut off said part signal and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly 1304 kept said part signal to be connected with the signal wire of said second storage component.Said network link 1306 is connected with information processing apparatus 1302.When hardware switch is in first state before said second information processing apparatus, the 1302 operational network linkers; Said control assembly 1304 cuts off said part signal and is connected with the signal wire of said second storage component 1305; Be connected with the internet through said network link 1306 behind the operational network linker like this, carry out information communication.Even the information of transmitting in the interconnection network is by virus or assault, owing to can not revise information and data for said second storage component, thereby can be by the virus attack of hacker's goods.Make infosystem have very high security.When needing to upgrade the information of said second storage component 1305, said second information processing apparatus is re-powered startup to cover the storage space that possibly attacked when said second information processing apparatus is connected network with program that does not receive virus or assault in the said second storage component and data simultaneously.And keep said network link 1306 to be in off-state with the internet; But said then first information processing element 1301 is connected with said second information processing apparatus 1302 through the signal connecting element part 1307 of an information communication line 1303 and a plug; When controlling said hardware switch and being in second state; Said control assembly 1304 keeps said part signal to be connected with the signal wire of said second storage component, thereby makes said first information processing element 1301 just can data updated be write said second storage component through second information processing apparatus 1302.After Data Update was accomplished, when the control hardware switch was in first state, said control assembly 1304 cut off said part signal and is connected with the signal wire of said second storage component.The information in the second storage component is upgraded in realization safely like this.
Figure 14 is that the third network service based on high-security information system that the present invention realizes provides the platform synoptic diagram.Said high-security information system comprises first information processing element 1401, second information processing apparatus 1402, control assembly 1404, second storage component 1405 and network link 1406.Said first information processing element 1401 respectively could the said second storage component 1405 of connected reference through said control assembly 1404 with said second information processing apparatus 1402.Wherein control assembly 1404 comprises a hardware switch.A kind of implementation of said control assembly 1404 is that said hardware switch comprises two states at least: first state and second state; When hardware switch is in first state; Said control assembly 1404 cuts off said first information processing element 1401 and the signal wire of said second storage component 1405 write operations to be connected, to cut off said second information processing apparatus 1402 and be connected with the signal wire of said second storage component 1405 write operations and connect said second information processing apparatus 1402 simultaneously and be connected with the read operation signal wire of said second storage component 1405, realizes that said second information processing apparatus 1402 is only with the information that reads said second storage component 1405 but can not revise or increase the data of said second storage component 1405.When said hardware switch is in second state; Said control assembly 1404 connects said first information processing element 1401 and is connected, cuts off said second information processing apparatus 1402 with the signal wire of said second storage component 1405 write operations and be connected with the signal wire of said second storage component 1405 write operations, realizes that said first information processing element 1401 can upgrade or increase or revise the information of said second storage component 1405.When hardware switch is in first state before said second information processing apparatus, the 1402 operational network linkers, be connected with the internet through said network link 1406 behind the operational network linker, carry out information communication.Even the information of transmitting in the interconnection network is by virus or assault, owing to can not revise information and data for said second storage component 1405, thereby can be by the virus attack of hacker's goods.Make infosystem have very high security.Simultaneously when needing to upgrade the information of said second storage component 1405; Operate said hardware switch and be in second state; Said first information processing element 1401 is connected with the write operation signal of said second storage component 1405; And this moment, said second information processing apparatus 1402 was not connected with the write operation of said second storage component 1405; Therefore said second storage component 1405 can not receive virus or assault, and said like this first information processing element 1401 realizes upgrading safely the information in the second storage component.
Figure 15 is that the 4th kind of network service based on high-security information system that the present invention realizes provides the platform synoptic diagram.Different with technical scheme shown in Figure 12 is to have increased first storage component 1511; When the insufficient memory of said information processing apparatus 1202 working procedures; Can be through connecting first storage component 1511 expansion working procedure spaces; And first storage component 1611 can also be stored through the information of network interaction when connecting as the infosystem internet of speaking temporarily; Have only said first storage component 1511 canned datas of affirmation not have just possibly add in the said second storage component behind virus or the Hacker Program, be, increase system flexibility and interactivity in the security that improves said high-security information system.
Figure 16 is that the 5th kind of network service based on high-security information system that the present invention realizes provides the platform synoptic diagram.Different with technical scheme shown in Figure 13 is to have increased first storage component 1611; When the insufficient memory of said second information processing apparatus, 1302 working procedures; Can be through connecting first storage component 1611 expansion working procedure spaces; And first storage component 1611 can also be stored through the information of network interaction when connecting as the infosystem internet of speaking temporarily; Having only through the information of confirming said first storage component 1611 does not have just possibly add in the said second storage component behind virus or the Hacker Program, in the security that improves said high-security information system is, increases system flexibility and interactivity.
Figure 17 is that the 6th kind of network service based on high-security information system that the present invention realizes provides the platform synoptic diagram.Different with technical scheme shown in Figure 14 is to have increased first storage component 1711; When the insufficient memory of said second information processing apparatus, 1402 working procedures; Can be through connecting first storage component 1411 expansion working procedure spaces; And first storage component 1711 can also be stored through the information of network interaction when connecting as the infosystem internet of speaking temporarily; Having only through the information of confirming said first storage component 1711 does not have just possibly add in the said second storage component behind virus or the Hacker Program, in the security that improves said high-security information system is, increases system flexibility and interactivity; Simultaneously, this technical scheme has also increased characteristic: but the signal connecting element part 1707 that said first information processing element 1401 is passed through an information communication line 1703 and a plug is connected with said second information processing apparatus 1402.Through such connection, can handle through the information of 1401 pairs of said first storage components 1711 of said first information processing element, as remove virus, Hacker Program, judgement information availability etc.
Claims (11)
1. network system platform based on high-security information system is characterized in that comprising:
First information processing element;
Second information processing apparatus;
But the signal connecting element part of said first information processing element through an information communication line and a plug is connected when needed with said second information processing apparatus or breaks off;
Control assembly, said control assembly comprises hardware switch, and said hardware switch comprises two states at least: first state and second state;
Second storage component;
Being used for said second information processing apparatus is connected with said second storage component through said control assembly at least one control signal wire that said second storage component carries out the Data Update operation; When said hardware switch was in first state, said control assembly cut off said control signal wire and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal wire to be connected with the signal wire of said second storage component;
The network link, said network link is connected with said second information processing apparatus;
Said hardware switch is in first state before the said second information processing apparatus operational network linker;
When needs upgrade the information of said second storage component; Make said network link and internet be in off-state; But said then first information processing element is connected with said second information processing apparatus through the signal connecting element part of said information communication line and said plug; Control said hardware switch and be in second state, thereby make the said first information processing element data updated write said second storage component through said second information processing apparatus.
2. network system platform based on high-security information system is characterized in that comprising:
First information processing element;
Second information processing apparatus;
But the signal connecting element part of said first information processing element through an information communication line and a plug is connected when needed with said second information processing apparatus or breaks off;
The system bootstrap routine that solidifies, said system bootstrap routine makes said second information processing apparatus be in running status;
Control assembly, said control assembly comprises hardware switch, and said hardware switch comprises two states at least: first state and second state;
Second storage component;
Being used for said second information processing apparatus is connected with said second storage component through said control assembly at least one control signal wire that said second storage component carries out the Data Update operation; When said hardware switch was in first state, said control assembly cut off said control signal wire and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal wire to be connected with the signal wire of said second storage component;
The network link, said network link is connected with said second information processing apparatus;
Said hardware switch is in first state before the said second information processing apparatus operational network linker;
When needs upgrade the information of said second storage component; Make said network link and internet be in off-state; But said then first information processing element is connected with said second information processing apparatus through the signal connecting element part of said information communication line and said plug; Control said hardware switch and be in second state, thereby make the said first information processing element data updated write said second storage component through said second information processing apparatus.
3. network system platform based on high-security information system is characterized in that comprising:
First information processing element;
Second information processing apparatus;
But the signal connecting element part of said first information processing element through an information communication line and a plug is connected when needed with said second information processing apparatus or breaks off;
Control assembly, said control assembly comprises hardware switch, and said hardware switch comprises two states at least: first state and second state;
First storage component, said second information processing apparatus can carry out to said first storage component that data read and data write operation;
Second storage component;
Being used for said second information processing apparatus is connected with said second storage component through said control assembly at least one control signal wire that said second storage component carries out the Data Update operation; When said hardware switch was in first state, said control assembly cut off said control signal wire and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal wire to be connected with the signal wire of said second storage component;
The network link, said network link is connected with said second information processing apparatus;
Said hardware switch is in first state before the said second information processing apparatus operational network linker;
When needs upgrade the information of said second storage component; Make said network link and internet be in off-state; But said then first information processing element is connected with said second information processing apparatus through the signal connecting element part of said information communication line and said plug; Control said hardware switch and be in second state, thereby make the said first information processing element data updated write said second storage component through said second information processing apparatus.
4. network system platform based on high-security information system is characterized in that comprising:
First information processing element;
Second information processing apparatus;
But the signal connecting element part of said first information processing element through an information communication line and a plug is connected when needed with said second information processing apparatus or breaks off;
The system bootstrap routine that solidifies, said system bootstrap routine makes said second information processing apparatus be in running status;
Control assembly, said control assembly comprises hardware switch, and said hardware switch comprises two states at least: first state and second state;
First storage component, said second information processing apparatus can carry out to said first storage component that data read and data write operation;
Second storage component;
Being used for said second information processing apparatus is connected with said second storage component through said control assembly at least one control signal wire that said second storage component carries out the Data Update operation; When said hardware switch was in first state, said control assembly cut off said control signal wire and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said control signal wire to be connected with the signal wire of said second storage component;
The network link, said network link is connected with said second information processing apparatus;
Said hardware switch is in first state before the said second information processing apparatus operational network linker;
When needs upgrade the information of said second storage component; Make said network link and internet be in off-state; But said then first information processing element is connected with said second information processing apparatus through the signal connecting element part of said information communication line and said plug; Control said hardware switch and be in second state, thereby make the said first information processing element data updated write said second storage component through said second information processing apparatus.
5. according to each described network system platform in the claim 1 to 4; It is characterized in that further comprising information input part; Said information input part comprises at least one specific keys; The signal wire of said specific keys is connected with said control assembly, through the state that controls said hardware switch to said specific keys.
6. according to each described network system platform in the claim 1 to 4; It is characterized in that further comprising system shell; Said system shell comprises at least one specific keys; The signal wire of said specific keys is connected with said control assembly, through the state that controls said hardware switch to said specific keys.
7. according to each described network system platform in the claim 1 to 4, it is characterized in that said control assembly further comprises electrify restoration circuit, the hardware switch of said control assembly is powered on after always acquiescence be in first state.
8. according to each described network system platform in the claim 1 to 4; It is characterized in that said second information processing apparatus is connected with said second storage component through said control assembly at least one write control signal line that said second storage component carries out write operation; When said hardware switch was in first state, said control assembly cut off said write control signal line and is connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said write control signal line to be connected with the signal wire of said second storage component.
9. according to each described network system platform in the claim 1 to 4, it is characterized in that the hardware switch of said control assembly further comprises the third state.
10. network system platform according to claim 9; It is characterized in that being used for that said second information processing apparatus carries out at least one write control signal line of write operation to said second storage component and at least one read control signal line of read operation is connected with said second storage component through said control assembly; When said hardware switch was in first state, said control assembly cut off said write control signal line and is connected with the signal wire of said second storage component and keeps said read control signal line to be connected with the signal wire of said second storage component; When said hardware switch was in second state, said control assembly kept said write control signal line to be connected with the signal wire of said second storage component keeping said read control signal line to be connected with the signal wire of said second storage component simultaneously; When said hardware switch was in the third state, said control assembly cut off said write control signal line and is connected with the signal wire of said second storage component and cuts off said read control signal line simultaneously and be connected with the signal wire of said second storage component.
11., it is characterized in that said Data Update operation comprises the data modification operation and/or data are added operation and/or data deletion operation according to each described network system platform in the claim 1 to 4.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910235363A CN102034055B (en) | 2009-10-10 | 2009-10-10 | High safety information system-based network system platform |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN200910235363A CN102034055B (en) | 2009-10-10 | 2009-10-10 | High safety information system-based network system platform |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102034055A CN102034055A (en) | 2011-04-27 |
| CN102034055B true CN102034055B (en) | 2012-10-17 |
Family
ID=43886935
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN200910235363A Expired - Fee Related CN102034055B (en) | 2009-10-10 | 2009-10-10 | High safety information system-based network system platform |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102034055B (en) |
Families Citing this family (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106203099B (en) * | 2016-07-26 | 2019-02-05 | 北京航空航天大学 | A kind of guard method of hardware supported embedded system program cue mark |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2160940Y (en) * | 1993-02-24 | 1994-04-06 | 汤军其 | Disk writing protecting structure for microcomputer |
| CN1248018A (en) * | 1999-10-29 | 2000-03-22 | 张煜升 | Antiviral computer |
| CN1425988A (en) * | 2003-01-30 | 2003-06-25 | 王淳 | Hard disc with writing protection function and its ralizing method |
| CN101506815A (en) * | 2006-08-17 | 2009-08-12 | 爱特梅尔公司 | Bi-processor architecture for secure systems |
-
2009
- 2009-10-10 CN CN200910235363A patent/CN102034055B/en not_active Expired - Fee Related
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN2160940Y (en) * | 1993-02-24 | 1994-04-06 | 汤军其 | Disk writing protecting structure for microcomputer |
| CN1248018A (en) * | 1999-10-29 | 2000-03-22 | 张煜升 | Antiviral computer |
| CN1425988A (en) * | 2003-01-30 | 2003-06-25 | 王淳 | Hard disc with writing protection function and its ralizing method |
| CN101506815A (en) * | 2006-08-17 | 2009-08-12 | 爱特梅尔公司 | Bi-processor architecture for secure systems |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102034055A (en) | 2011-04-27 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102651061B (en) | System and method of protecting computing device from malicious objects using complex infection schemes | |
| CN101952809B (en) | Computer storage device having separate read-only space and read-write space, removable media component, system management interface, and network interface | |
| MXPA06002447A (en) | Personal computer internet security system. | |
| KR102313544B1 (en) | Data forwarding control method and system based on hardware control logic | |
| WO2014113367A1 (en) | System for and a method of cognitive behavior recognition | |
| CN102799817A (en) | System and method for malware protection using virtualization | |
| US20130091575A1 (en) | Antivirus system and method for removable media devices | |
| CN104769598A (en) | Systems and methods for detecting illegitimate applications | |
| CN105335197A (en) | Starting control method and device for application program in terminal | |
| CN1743992A (en) | Computer operating system safety protecting method | |
| Breuk et al. | Integrating DMA attacks in exploitation frameworks | |
| CN102034055B (en) | High safety information system-based network system platform | |
| CN102034057B (en) | Network connection method of high-safety information network platform | |
| CN101763483B (en) | Method for connecting network for high-security information system | |
| CN201514636U (en) | High-safety information equipment | |
| CN201514637U (en) | High-safety information network equipment | |
| CN101763276A (en) | Method for energizing and starting high-security information system | |
| CN101706729B (en) | Power-up starting method of high safety information network platform | |
| CN201523396U (en) | Interactive device of high safety information network | |
| CN102034056B (en) | Network service providing platform based on high safety information system | |
| CN101763484B (en) | High-security information network system | |
| CN201576287U (en) | Network system device based on high-safety information system | |
| CN201576288U (en) | Network service providing equipment based on high-safety information system | |
| CN101706858B (en) | Software installation method of high safety information network platform | |
| CN101763475B (en) | High-security information network interaction platform |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121017 Termination date: 20141010 |
|
| EXPY | Termination of patent right or utility model |