CN104517070A - Double-system computer and application method thereof - Google Patents
Double-system computer and application method thereof Download PDFInfo
- Publication number
- CN104517070A CN104517070A CN201310455625.2A CN201310455625A CN104517070A CN 104517070 A CN104517070 A CN 104517070A CN 201310455625 A CN201310455625 A CN 201310455625A CN 104517070 A CN104517070 A CN 104517070A
- Authority
- CN
- China
- Prior art keywords
- nonvolatile memory
- network
- port
- fpdp
- dual
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/74—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information operating in dual or compartmented mode, i.e. at least one secure mode
Abstract
The invention discloses a double-system computer. The double-system computer comprises a main board, at least two nonvolatile memories, a data port, a network port and a display port; a code for selecting a first system and/ or a second system and codes for distributing and initializing the nonvolatile memories, the data port and the network port are solidified in a BIOS (Basic Input/ Output System) of the main board; the first system which is a cloud operation system is solidified in the first nonvolatile memory; the second system which is the general operation system is mounted in the second nonvolatile memory; the data port comprises at least two data ports connected with a mouse, a data port connected with a keyboard, and a display port; the network port comprises at least one first network port connected only to the internal network, and a second network port connected only to the external network. The invention also discloses an application method of the double-system computer. With the adoption of the double-system computer and the application method, the information safety of the internal network can be ensured while the use convenience of a user is improved.
Description
Technical field
The application relates to a kind of dual-system computer, and the first system is wherein only for connecting internal network, and second system is only for connecting external network.These two systems can independent operating, also can run simultaneously.
Background technology
Along with IT technology development, increasing unit starts to set up and uses internal network with satisfied office and privacy requirements, and Typical Representative is the government affairs office network of government bodies, the Research and development network etc. of enterprises and institutions.And inner at constituent parts, how guaranteeing that the information of internal network is not leaked to external network (i.e. Internet), is then the important process of the maintain internal network information security.
Some unit uses common computing machine, but only accesses internal network, and does not access external network, and the applied environment of this single network can the information security of maintain internal network largely.But it is very difficult for wanting to completely cut off external network completely.Intentional or unintentional blabber can be surfed the Net by telephone line dialing, by mobile phone accessing mobile communication network, be linked wifi hotspot etc. by intelligent mobile terminal at internal institution, and these all may cause the information leakage of internal network.
Other units need to access internal network and external network simultaneously, simultaneously for the applied environment of this dual network has formulated strict specification.Such as, internal network and external network is accessed respectively by different computing machines; Only allow to use do not have take pictures, the old money mobile phone of function of surfing the Net; The FPDP (such as USB port) of all computing machines is closed; Remote monitoring and record etc. are carried out to the network port of all computing machines, FPDP service condition.These operating specifications serve the effect of the maintain internal network information security to a great extent, but 100% ground realizes this object only to use common computing machine to guarantee.
Nowadays, increasing unit allows mobile office.User can be connected in the internal network of unit in any place beyond unit, and this is that the information security of internal network brings acid test more.Such as, the computing machine of mobile office is used by the people had ulterior motives, change disk, even stolen, all may cause the information leakage in internal network that is on this computing machine and even unit.
The rise of cloud computing (Cloud Computing) concept, for the establishment of internal network and use provide another kind of approach.Internal network is constructed as system for cloud computing by some unit, is undertaken calculating and storing by unified data center, and unit computing machine is all only provided with cloud operating system and is called cloud terminal.This cloud operating system only allows computing machine to be connected to unified data center to handle official business, and does not allow to be connected to external network.But this cloud operating system has closure, itself and various general operating system have larger difference, and the employee of some unit resists because it uses inconvenience.
Summary of the invention
Technical problems to be solved in this application are to provide a kind of computing machine be applicable under dual network environment, and this computing machine can access the internal network of unit, can access public external network again, guarantee again to have Secure isolation between dual network simultaneously.For this reason, the application also will provide the implementation method of described computing machine.
For solving the problems of the technologies described above, the application's dual-system computer comprises one piece of mainboard, at least two nonvolatile memories, FPDP, the network port and display ports;
Be solidified with for selecting the code of the first system and/or second system and for distributing and initialized code nonvolatile memory, FPDP, display port, the network port in the BIOS of mainboard;
In the first nonvolatile memory, be solidified with the first system, this first system is cloud operating system; This first system correspondence is assigned display port, the first nonvolatile memory and first network port, and unallocated have the second nonvolatile memory and second network port;
In the second nonvolatile memory, be provided with second system, described second system is general operating system; This second system correspondence is assigned display port, the second nonvolatile memory and second network port, and unallocated have the first nonvolatile memory and first network port;
Described FPDP at least comprises the FPDP connecting mouse, the FPDP connecting keyboard;
The described network port at least comprises the first network port being only connected to internal network, the second network port being only connected to external network.
The implementation method of the application's dual-system computer is: after dual-system computer starts, be first presented at the option carrying out between the first system and/or second system selecting by the BIOS of mainboard;
When the first system is selected separately, the BIOS of described mainboard first carries out initialization to the first hardware set, then the first hardware set is distributed to the first system and guide to enter this first system; Described first hardware set comprises the first nonvolatile memory, connects the FPDP of mouse, the FPDP connecting keyboard, first network port and display port, do not comprise the second nonvolatile memory, do not comprise remainder data port, do not comprise second network port;
When second system is selected separately, the BIOS of described mainboard first carries out initialization to the second hardware set, then the second hardware set is distributed to second system and guide to enter this second system; Described second hardware set comprises the second nonvolatile memory, whole FPDP, second network port and display port, does not comprise the first nonvolatile memory, does not comprise first network port;
When the first system and second system are selected simultaneously, the BIOS of described mainboard first carries out initialization to the first hardware set and the second hardware set, then the first hardware set is distributed to the first system, the second hardware set is distributed to second system and simultaneously guide enter dual system; The different physical regions of the different physics kernels of CPU, different internal memory or same internal memory are also distributed to two systems by the BIOS of described mainboard respectively; Two systems share a display port and carry out display by hot key and switch.
The application's dual-system computer and its implementation, using cloud operating system as the first system, general operating system as second system, two systems are solidified respectively, are arranged in same computer, realize the access of internal network, external network respectively.With traditional dual network environment facies ratio, the application can save a computing machine, thus reduces cost.When using internal network, all data handled by the first system all can not be preserved in this locality, thus ensure that confidential data dual-system computer not relating to internal network, even if by other people use, change hard disk so that stealing, the data of internal network all can not be caused to leak.When using external network, second system cannot access internal network completely, ensure that the thorough isolation of inside and outside network.And user also can install any software in second system, carry out personalized use.The application also can run dual system simultaneously, and carries out the switching of two system display interface by hot key.
Accompanying drawing explanation
Fig. 1 is an embodiment of the application's dual-system computer;
Fig. 2 is an embodiment of the implementation method of the application's dual-system computer.
Embodiment
Refer to Fig. 1, this is an embodiment of the application's dual-system computer.It comprises one piece of mainboard, at least two nonvolatile memories, FPDP, the network port and display ports.
Be solidified with in the BIOS of mainboard for selecting the code of the first system and/or second system and for distributing and initialized code nonvolatile memory, FPDP, the network port.First any computing machine, when starting, all can carry out hardware check by the code solidified in the BIOS of mainboard, and then guiding enters operating system.The option that the application increases in BIOS shows before being put into hardware check and is selected by user.
In the network port, described dual-system computer comprises the first network port being only connected to internal network, the second network port etc. being only connected to external network.In FPDP, described dual-system computer comprises the FPDP and other FPDP (such as USB interface) that connect mouse and keyboard.
Described dual-system computer is solidified with the first system in the first nonvolatile memory, " solidification " namely means that this first system can not be covered and can not be stored in revising in this first nonvolatile memory, and this first nonvolatile memory can not carry out data write or amendment.Only have through special firmware upgrade procedure, just the first system in this first nonvolatile memory can be wiped, write, amendment etc.Described first nonvolatile memory is also such as the BIOS of mainboard, or other ROM of mainboard, or flash memory (Flash), or disk.This first system is cloud operating system, and correspondence is assigned display port, the first nonvolatile memory and first network port, and unallocated have the second nonvolatile memory and second network port.Thus this first system can only be connected to internal network, and can not be connected to external network.Further, this first system is only assigned the FPDP being connected with mouse, keyboard, and other FPDP unallocated, unless these FPDP are monitored by the keeper of internal network.The all data of this first system in operational process are all stored in the cloud computation data center of internal network, and can not be stored in local any nonvolatile memory.
Described dual-system computer is provided with second system in the second nonvolatile memory.Described second nonvolatile memory is such as flash memory, or disk.Described second system is general operating system, such as Windows, Linux, Unix etc., and correspondence is assigned display port, the second nonvolatile memory and second network port, and unallocated have the first nonvolatile memory and first network port.Thus this second system can only be connected to external network, and can not be connected to internal network.This second system is assigned whole FPDP.The data of this second system in operational process can be stored in any nonvolatile memory of this locality except the first nonvolatile memory.
Refer to Fig. 2, this is an embodiment of the implementation method of the application's dual-system computer.Described method is: after dual-system computer starts, be first presented on the option carrying out between the first system and/or second system selecting on the display device by the code solidified in the BIOS of mainboard.
When the first system is selected separately, the code solidified in the BIOS of described mainboard first identifies and initialization the first hardware set, then the first hardware set is distributed to the first system and guide to enter this first system.FPDP, first network port, display port that described first hardware set comprises the first nonvolatile memory, connects the FPDP of mouse, connects keyboard, do not comprise the second nonvolatile memory, do not comprise remainder data port, do not comprise second network port.The all data of described the first system in operational process are all stored in the cloud computation data center of internal network, and are not stored in local any nonvolatile memory.Further, the BIOS of described mainboard masks the second nonvolatile memory, second network port.If the FPDP except connecting mouse and keyboard is monitored by the keeper of internal network, also these FPDP can not be shielded.
When second system is selected separately, the code solidified in the BIOS of described mainboard first identifies and initialization the second hardware set, then the second hardware set is distributed to second system and guide to enter this second system.Described second hardware set comprises the second nonvolatile memory, whole FPDP, second network port, display port, does not comprise the first nonvolatile memory, does not comprise first network port.The data of described second system in operational process are stored in the local nonvolatile memory except the first nonvolatile memory.Further, the BIOS of described mainboard masks the first nonvolatile memory, first network port.
When the first system and second system are selected simultaneously, the BIOS of described mainboard first identifies and initialization the first hardware set and the second hardware set, then the first hardware set is distributed to the first system, the second hardware set is distributed to second system and simultaneously guide enter dual system.The different physics kernels of CPU, different internal memory (or different physical regions of same internal memory) are also distributed to two systems by the BIOS of described mainboard respectively; Two systems share a display port and carry out display by hot key and switch.Now, the FPDP connecting mouse, the FPDP connecting keyboard are used by the system taking display port.The all data of described the first system in operational process are all stored in the cloud computation data center of internal network, and are not stored in local any nonvolatile memory; The data of described second system in operational process are stored in the local nonvolatile memory except the first nonvolatile memory; Data between two systems are without alternately.Further, the BIOS of described mainboard is that the first system masks the second nonvolatile memory, FPDP, second network port except connecting mouse and keyboard; Also for second system masks the first nonvolatile memory, first network port.
Further, the BIOS of the mainboard of existing computing machine all can be configured by user.The application's dual-system computer has then carried out considered critical to the BIOS of mainboard, except being selected between the two systems by user when dual-system computer starts, user is not allowed to carry out any configuration, to guarantee the safety of dual-system computer to the FPDP of the BIOS of mainboard, the network port.
Further, described dual-system computer, after entering the first system, if will access internal network, needs the checking carrying out following three aspects.The first, the first system gathers the biological characteristic (fingerprint, iris etc.) of user and is passed to cloud computation data center and carries out authentication.The second, cloud computation data center judges that the MAC Address of the first network port (network interface card) in dual-system computer is whether in the database prestored.3rd, user also needs the username and password of input reference internal network, and is passed to cloud computation data center by the first system and carries out authentication.Like this, even if other people obtain unit computing machine, also normally internal network cannot be accessed.
Further, if need to carry out exchanges data between internal network and external network.Then needing to send data to special server from a network, such as, is mail server, ftp server etc.This server being specifically designed to exchanges data is supervised by webmaster personnel, and after webmaster personnel inspection qualified (comprising whether information divulges a secret, whether information is safe), data could arrive recipient.This be specially adapted to from external network internally network carry out the demand of data transmission.
These are only the preferred embodiment of the application, and be not used in restriction the application.For a person skilled in the art, the application can have various modifications and variations.Within all spirit in the application and principle, any amendment done, equivalent replacement, improvement etc., within the protection domain that all should be included in the application.
Claims (9)
1. a dual-system computer, is characterized in that, described dual-system computer comprises one piece of mainboard, at least two nonvolatile memories, FPDP, the network port and display ports;
Be solidified with for selecting the code of the first system and/or second system and for distributing and initialized code nonvolatile memory, FPDP, the network port, display port in the BIOS of mainboard;
In the first nonvolatile memory, be solidified with the first system, this first system is cloud operating system; This first system correspondence is assigned display port, the first nonvolatile memory and first network port, and unallocated have the second nonvolatile memory and second network port;
In the second nonvolatile memory, be provided with second system, described second system is general operating system; This second system correspondence is assigned display port, the second nonvolatile memory and second network port, and unallocated have the first nonvolatile memory and first network port;
Described FPDP at least comprises the FPDP connecting mouse, the FPDP connecting keyboard;
The described network port at least comprises the first network port being only connected to internal network, the second network port being only connected to external network.
2. dual-system computer according to claim 1, is characterized in that, described the first system is also corresponding is assigned the FPDP connecting mouse, the FPDP connecting keyboard; The unallocated FPDP had in addition;
Described second system is also corresponding is assigned whole FPDP.
3. an implementation method for dual-system computer, is characterized in that, after dual-system computer starts, is first presented at the option carrying out between the first system and/or second system selecting by the BIOS of mainboard;
When the first system is selected separately, the BIOS of described mainboard first carries out initialization to the first hardware set, then the first hardware set is distributed to the first system and guide to enter this first system; FPDP, first network port, display port that described first hardware set comprises the first nonvolatile memory, connects the FPDP of mouse, connects keyboard, do not comprise the second nonvolatile memory, do not comprise remainder data port, do not comprise second network port;
When second system is selected separately, the BIOS of described mainboard first carries out initialization to the second hardware set, then the second hardware set is distributed to second system and guide to enter this second system; Described second hardware set comprises the second nonvolatile memory, whole FPDP, second network port, display port, does not comprise the first nonvolatile memory, does not comprise first network port;
When the first system and second system are selected simultaneously, the BIOS of described mainboard first carries out initialization to the first hardware set and the second hardware set, then the first hardware set is distributed to the first system, the second hardware set is distributed to second system and simultaneously guide enter dual system; The different physical regions of the different physics kernels of CPU, different internal memory or same internal memory are also distributed to two systems by the BIOS of described mainboard respectively; Two systems share a display port and carry out display by hot key and switch.
4. the implementation method of dual-system computer according to claim 3, is characterized in that, when the first system and second system are selected simultaneously, connects the FPDP of mouse, connects the FPDP of keyboard by the system use taking display port.
5. the implementation method of dual-system computer according to claim 3, is characterized in that,
When the first system is selected separately, all data of described the first system in operational process are all stored in the cloud computation data center of internal network, and are not stored in local any nonvolatile memory;
When second system is selected separately, the data of described second system in operational process are stored in the local nonvolatile memory except the first nonvolatile memory;
When the first system and second system are selected simultaneously, all data of described the first system in operational process are all stored in the cloud computation data center of internal network, and are not stored in local any nonvolatile memory; The data of described second system in operational process are stored in the local nonvolatile memory except the first nonvolatile memory; Data between two systems are without alternately.
6. the implementation method of dual-system computer according to claim 3, is characterized in that,
When the first system is selected separately, the BIOS of described mainboard masks the second nonvolatile memory, FPDP, second network port except connecting mouse and keyboard;
When second system is selected separately, the BIOS of described mainboard masks the first nonvolatile memory, first network port;
When the first system and second system are selected simultaneously, the BIOS of described mainboard is that the first system masks the second nonvolatile memory, FPDP, second network port except connecting mouse and keyboard; Also for second system masks the first nonvolatile memory, first network port.
7. the implementation method of dual-system computer according to claim 3, is characterized in that, described dual-system computer is after entering the first system, and the checking also will carrying out following three aspects could access internal network;
The first, the first system gathers the biological characteristic of user and is passed to cloud computation data center and carries out authentication;
The second, cloud computation data center judges that the MAC Address of the first network port in dual-system computer is whether in the database prestored;
3rd, user also needs the username and password of input reference internal network, and is passed to cloud computation data center by the first system and carries out authentication.
8. the implementation method of dual-system computer according to claim 3, is characterized in that, if need to carry out exchanges data between internal network and external network, is then sent to special server from a network by for exchanging data; Described for exchanging data after this special server is qualified on inspection, be sent to the recipient of another network.
9. the implementation method of dual-system computer according to claim 8, is characterized in that, described special server is one of mail server, ftp server.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310455625.2A CN104517070A (en) | 2013-09-29 | 2013-09-29 | Double-system computer and application method thereof |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201310455625.2A CN104517070A (en) | 2013-09-29 | 2013-09-29 | Double-system computer and application method thereof |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN104517070A true CN104517070A (en) | 2015-04-15 |
Family
ID=52792354
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201310455625.2A Pending CN104517070A (en) | 2013-09-29 | 2013-09-29 | Double-system computer and application method thereof |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104517070A (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789931A (en) * | 2016-11-29 | 2017-05-31 | 北京元心科技有限公司 | The Network Isolation sharing method and device of multisystem |
| CN108959979A (en) * | 2018-06-28 | 2018-12-07 | 上海酷卓信息科技有限公司 | A kind of dual net physical shielding system |
| CN112911353A (en) * | 2019-12-03 | 2021-06-04 | 海信视像科技股份有限公司 | Display device, port scheduling method and storage medium |
| CN114168203A (en) * | 2020-09-10 | 2022-03-11 | 成都鼎桥通信技术有限公司 | Dual-system running state control method and device and electronic equipment |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101977179A (en) * | 2010-08-20 | 2011-02-16 | 河南省电力公司 | Dual-network dual-system computer communication method |
| CN201845329U (en) * | 2010-11-19 | 2011-05-25 | 惠州市创亿鑫科技有限公司 | Dual independent security computer system with one mainboard |
| CN203191973U (en) * | 2013-04-01 | 2013-09-11 | 深圳市天方信安电子科技有限公司 | Electronic device with dual systems |
-
2013
- 2013-09-29 CN CN201310455625.2A patent/CN104517070A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101977179A (en) * | 2010-08-20 | 2011-02-16 | 河南省电力公司 | Dual-network dual-system computer communication method |
| CN201845329U (en) * | 2010-11-19 | 2011-05-25 | 惠州市创亿鑫科技有限公司 | Dual independent security computer system with one mainboard |
| CN203191973U (en) * | 2013-04-01 | 2013-09-11 | 深圳市天方信安电子科技有限公司 | Electronic device with dual systems |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106789931A (en) * | 2016-11-29 | 2017-05-31 | 北京元心科技有限公司 | The Network Isolation sharing method and device of multisystem |
| CN106789931B (en) * | 2016-11-29 | 2020-05-19 | 北京元心科技有限公司 | Multi-system network isolation sharing method and device |
| CN108959979A (en) * | 2018-06-28 | 2018-12-07 | 上海酷卓信息科技有限公司 | A kind of dual net physical shielding system |
| CN112911353A (en) * | 2019-12-03 | 2021-06-04 | 海信视像科技股份有限公司 | Display device, port scheduling method and storage medium |
| CN112911353B (en) * | 2019-12-03 | 2023-01-20 | 海信视像科技股份有限公司 | Display device, port scheduling method and storage medium |
| CN114168203A (en) * | 2020-09-10 | 2022-03-11 | 成都鼎桥通信技术有限公司 | Dual-system running state control method and device and electronic equipment |
| CN114168203B (en) * | 2020-09-10 | 2024-02-13 | 成都鼎桥通信技术有限公司 | Dual-system running state control method and device and electronic equipment |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106599694B (en) | Security protection manages method, computer system and computer readable memory medium | |
| US9077747B1 (en) | Systems and methods for responding to security breaches | |
| CN105453102B (en) | The system and method for the private cipher key leaked for identification | |
| CN103002445A (en) | Safe mobile electronic equipment for providing application services | |
| US9740867B2 (en) | Securely passing user authentication data between a pre-boot authentication environment and an operating system | |
| CN104733008A (en) | Mobile storage equipment capable of realizing cloud storage based on fingerprint identification | |
| Arfaoui et al. | Trusted execution environments: A look under the hood | |
| US10582387B2 (en) | Disabling a mobile device that has stolen hardware components | |
| CN104603770A (en) | Network system for implementing a cloud platform | |
| CN103778381A (en) | Application screen locking method and device based on Android | |
| CN109587106A (en) | Cross-domain safety in the cloud of password subregion | |
| Rijswijk-Deij et al. | Using trusted execution environments in two-factor authentication: comparing approaches | |
| EP3494482B1 (en) | Systems and methods for storing administrator secrets in management controller-owned cryptoprocessor | |
| US10366025B2 (en) | Systems and methods for dual-ported cryptoprocessor for host system and management controller shared cryptoprocessor resources | |
| CN104517070A (en) | Double-system computer and application method thereof | |
| CN109076054A (en) | System and method for managing the encryption key of single-sign-on application program | |
| US11281773B2 (en) | Access card penetration testing | |
| CN103020542B (en) | Store the technology of the secret information being used for global data center | |
| CN108200073A (en) | A kind of sensitive data safety system | |
| CN104125223B (en) | A kind of security protection system of mobile device private data | |
| CN107950007B (en) | Single solution for user asset control | |
| Shamim et al. | A review on mobile cloud computing | |
| CN102984044A (en) | Method and device based on virtual private network (VPN) to achieve data transmission security | |
| CN114239015A (en) | Data security management method and device, data cloud platform and storage medium | |
| CN106295267B (en) | It is a kind of access electronic equipment physical memory in private data method and apparatus |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20150415 |
|
| WD01 | Invention patent application deemed withdrawn after publication |