CN105991561A - Implementation method and apparatus of dual-network isolation, and electronic equipment - Google Patents
Implementation method and apparatus of dual-network isolation, and electronic equipment Download PDFInfo
- Publication number
- CN105991561A CN105991561A CN201510059860.7A CN201510059860A CN105991561A CN 105991561 A CN105991561 A CN 105991561A CN 201510059860 A CN201510059860 A CN 201510059860A CN 105991561 A CN105991561 A CN 105991561A
- Authority
- CN
- China
- Prior art keywords
- network
- chip
- control
- control command
- access
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Semiconductor Integrated Circuits (AREA)
- Small-Scale Networks (AREA)
Abstract
The embodiment of the invention discloses an implementation method and apparatus of dual-network isolation, and electronic equipment, and relates to the technical field of network safety, solving the defect that the implementation cost of dual-network isolation is high in the prior art. The implementation method of dual-network isolation comprises the steps: an embedded control chip receives a control command sent from a chipset, wherein the control command is used for indicating access of a first network or a second network; and the embedded control chip emits a corresponding network control signal to a first network chip or a second network chip according to the control command, and controls the first network chip or the second network chip to work to so as to access the first network or the second network. The implementation method and apparatus of dual-network isolation are mainly used for implementation of isolation between internal network and external network.
Description
Technical field
The present invention relates to technical field of network security, particularly relate to implementation method, device and the electronic equipment of a kind of double net isolation.
Background technology
Double net isolation technologies refer to that external network can not invade internal network, prevent internal network information leakage to the technology of external network simultaneously.Existing pair of net isolation scheme be achieved in that the control command output intranet and extranet control signal that C8051F320/1 chip sends according to chipset, described intranet and extranet control signal is transmitted to the Intranet RJ45 adapter or outer net RJ45 adapter of network chip by network switching chip, thus realizes the isolation of intranet and extranet.
But such scheme is owing to have to use C8051F320/1 chip, and connect due to Intranet RJ45 adapter and outer net RJ45 adapter is same network chip, so the program also must use network switching chip to carry out the switching of intranet and extranet, in addition the price comparison of C8051F320/1 chip and switching chip is high so that double net isolation scheme to realize cost higher.
Summary of the invention
The present invention provides implementation method, device and the electronic equipment of a kind of double net isolation, and what it can reduce double net isolation realizes cost.
On the one hand, the present invention provides the implementation method of a kind of double net isolation, including:
Embedded control chip receives the control command that chipset sends, and described control command is used for indicating access first network or the second network;
Described embedded control chip, according to described control command, sends corresponding network control signal to first network chip or the second network chip, control first network chip or the work of the second network chip, access first network or the second network.
Wherein, when described control command is used for indicating access first network, described embedded control chip is according to described control command, send corresponding network control signal to first network chip or the second network chip, control first network chip or the work of the second network chip, access first network or the second network includes: described embedded control chip, according to described control command, sends first network and controls signal to first network chip, control described first network chip operation, access first network.
When described control command is used for indicating access the second network, described embedded control chip is according to described control command, send corresponding network control signal to first network chip or the second network chip, control first network chip or the work of the second network chip, access first network or the second network includes: described embedded control chip is according to described control command, send the second network control signal to the second network chip, control described second network chip work, access the second network.
Alternatively, described embedded control chip receives the control command that chipset is sent by usb bus.
Alternatively, described first network is internal network, and described second network is external network;Correspondingly, described first network chip is internal network chip, and described second network chip is external network chip.
On the other hand, what the present invention provided a kind of double net isolation realizes device, and described device includes chipset, embedded control chip, first network chip and the second network chip, wherein,
Described embedded control chip, for receiving the control command that described chipset sends, described control command is used for indicating access first network or the second network, and according to described control command, send corresponding network control signal to described first network chip or the second network chip, control described first network chip or the work of the second network chip, access first network or the second network.
Alternatively, when described control command is used for indicating access first network, described embedded control chip, control signal to described first network chip for sending first network according to described control command, control described first network chip operation, access first network.
When described control command is used for indicating access the second network, described embedded control chip, for according to described control command, send the second network control signal extremely described second network chip, control described second network chip work, access the second network.
Alternatively, described first network is internal network, and described second network is external network;Correspondingly, described first network chip is internal network chip, and described second network chip is external network chip.
Another further aspect, the present invention provides a kind of electronic equipment, and what described electronic equipment included the double net isolation described in any of the above-described item realizes device.
Implementation method, device and the electronic equipment of double net isolation that the present invention provides, embedded control chip receives the control command that chipset sends, and described control command is used for indicating access first network or the second network;
Described embedded control chip, according to described control command, sends corresponding network control signal to first network chip or the second network chip, control first network chip or the work of the second network chip, access first network or the second network.Compared with prior art, it is no longer necessary to expensive C8051F320/1 chip and network switching chip, but uses embedded control chip and two network chips to realize double net isolation, thus greatly reduce double net isolation realize cost.
Accompanying drawing explanation
For the technical scheme being illustrated more clearly that in the embodiment of the present invention, in describing embodiment below, the required accompanying drawing used is briefly described, apparently, accompanying drawing in describing below is only some embodiments of the present invention, for those of ordinary skill in the art, on the premise of not paying creative work, it is also possible to obtain other accompanying drawing according to these accompanying drawings.
Fig. 1 is the schematic flow sheet of implementation method one embodiment of the present invention double net isolation;
Fig. 2 is the structural representation realizing device one embodiment of the present invention double net isolation;
Fig. 3 is the structural representation realizing another embodiment of device of the present invention double net isolation;
Fig. 4 is the structural representation realizing another embodiment of device of the present invention double net isolation.
Detailed description of the invention
Below in conjunction with the accompanying drawing in the embodiment of the present invention, the technical scheme in the embodiment of the present invention is clearly and completely described, it is clear that described embodiment is only a part of embodiment of the present invention rather than whole embodiments.Based on the embodiment in the present invention, all other embodiments that those of ordinary skill in the art are obtained under not making creative work premise, broadly fall into the scope of protection of the invention.
As it is shown in figure 1, the embodiment of the present invention provides the implementation method of a kind of double net isolation, described method includes:
S11, embedded control chip receive the control command that chipset sends, and described control command is used for indicating access first network or the second network;
S12, described embedded control chip, according to described control command, send corresponding network control signal to first network chip or the second network chip, control first network chip or the work of the second network chip, access first network or the second network.
Specifically, when described control command is used for indicating access first network, described embedded control chip, according to described control command, sends first network and controls signal to first network chip, controls described first network chip operation, accesses first network.
When described control command is used for indicating access the second network, described embedded control chip, according to described control command, sends the second network control signal to the second network chip, controls described second network chip work, access the second network.
Wherein, described first network can be internal network, and described second network can be external network;Correspondingly, described first network chip is internal network chip, and described second network chip is external network chip, thus realizes the isolation of internal network and external network, but is not limited only to this.
Alternatively, in the present embodiment, described embedded control chip receives the control command of chipset transmission can be the control command that described embedded control chip receives that chipset is sent by usb bus.
Alternatively, in the present embodiment, described first network chip accesses first network by RJ45 adapter, and similarly, described second network chip accesses the second network by RJ45 adapter.
While being additionally carried out double net isolation, needing to switch over corresponding internal memory and hard disk, implementing can be that internal memory and hard disk are switched to internal memory and the hard disk of internal network by internal memory/hard disk switching chip for when accessing internal network;When accessing external network, internal memory and hard disk are switched to internal memory and the hard disk of external network by internal memory/hard disk switching chip.
Wherein, described internal memory can be USB and DDR(Double Data Rate Double Data Rate synchronous DRAM), described hard disk can be SATA(Serial Advanced Technology Attachment) hard disk, but it is not limited only to this.
The implementation method of double net isolation that the embodiment of the present invention provides, embedded control chip receives the control command that chipset sends, and described control command is used for indicating access first network or the second network;Described embedded control chip, according to described control command, sends corresponding network control signal to first network chip or the second network chip, control first network chip or the work of the second network chip, access first network or the second network.
Compared with prior art, it is no longer necessary to expensive C8051F320/1 chip and network switching chip, but the embedded control chip all can used when using electronic device design, use two network chips to realize double net isolation simultaneously, thus greatly reduce double net isolation realize cost.
As shown in Figure 2, what a kind of double nets of embodiment of the present invention offer were isolated realizes device, described device includes chipset 21, embedded control chip 22, first network chip 23 and the second network chip 24, wherein, described embedded control chip 22 receives the control command that described chipset 21 sends, and according to described control command, send corresponding network control signal to described first network chip 23 or the second network chip 24, control described first network chip 23 or the second network chip 24 works, access first network or the second network.
Wherein, described control command is used for indicating access first network or the second network.
Specifically, when described control command is used for indicating access first network, described embedded control chip 22 sends first network according to described control command and controls signal to described first network chip 23, controls described first network chip 23 and works, and accesses first network.
When described control command is used for indicating access the second network, described embedded control chip 22, according to described control command, sends the second network control signal extremely described second network chip 24, controls described second network chip 24 and work, access the second network.
Alternatively, in the present embodiment, described embedded control chip 22 receives the control command of described chipset 21 transmission can be that described embedded control chip 22 receives the control command that chipset 21 is sent by usb bus.
Alternatively, in the present embodiment, described first network chip 23 accesses first network by RJ45 adapter, and similarly, described second network chip 24 accesses the second network by RJ45 adapter.
What double nets that the embodiment of the present invention provides were isolated realizes device, described device includes chipset, embedded control chip, first network chip and the second network chip, described embedded control chip, for receiving the control command that described chipset sends, described control command is used for indicating access first network or the second network, and according to described control command, send corresponding network control signal to described first network chip or the second network chip, control described first network chip or the work of the second network chip, access first network or the second network.Compared with prior art, it is no longer necessary to expensive C8051F320/1 chip and network switching chip, but the embedded control chip all can used when using electronic device design, use two network chips to realize double net isolation simultaneously, thus greatly reduce double net isolation realize cost.
As shown in Figure 3, what a kind of double nets of embodiment of the present invention offer were isolated realizes device, it is applied to realize the isolation of internal network and external network, described device includes chipset 21, embedded control chip 22, internal network chip 23 and external network chip 24, wherein, described embedded control chip 22 receives the control command that described chipset 21 sends, and according to described control command, send corresponding network control signal to described internal network chip 23 or external network chip 24, control described internal network chip 23 or external network chip 24 works, access internal network or external network.
Wherein, described control command is used for indicating access internal network or external network.
Alternatively, in the present embodiment, described internal network chip 23 accesses internal network by RJ45 adapter, and similarly, described external network chip 24 accesses external network by RJ45 adapter.
Alternatively, in the present embodiment, described chipset 21 can be used for indicating access first network or the second network-based control order to the transmission of described embedded control chip 22 by usb bus.
What double nets that the embodiment of the present invention provides were isolated realizes device, it is applied to realize the isolation of internal network and external network, described device includes chipset, embedded control chip, internal network chip and external network chip, described embedded control chip, for receiving the control command that described chipset sends, described control command is used for indicating access internal network or external network, and according to described control command, send corresponding network control signal to described internal network chip or external network chip, control described internal network chip or external network chip operation, access first network or the second network.Compared with prior art, it is no longer necessary to expensive C8051F320/1 chip and network switching chip, but the embedded control chip all can used when using electronic device design, internal network chip and two network chips of external network chip realize the isolation of internal network and internal network simultaneously, thus greatly reduce tertiary-structure network realize cost.
As shown in Figure 4, in the embodiment above, while carrying out internal network and external network isolation, need corresponding internal memory and hard disk are switched over, thus, the device that realizes of described double net isolation also includes internal memory/hard disk switching chip 25, described internal memory/hard disk switching chip 25, for when accessing internal network, internal memory and hard disk being switched to internal memory and the hard disk of internal network;When accessing external network, internal memory and hard disk are switched to internal memory and the hard disk of external network.
Wherein, described internal memory can be USB and DDR(Double Data Rate Double Data Rate synchronous DRAM), described hard disk can be SATA(Serial Advanced Technology Attachment) hard disk, but it is not limited only to this.
What double nets that the embodiment of the present invention provides were isolated realizes device, it is applied to realize the isolation of internal network and external network, described device includes chipset, embedded control chip, internal network chip and external network chip, described embedded control chip, for receiving the control command that described chipset sends, described control command is used for indicating access internal network or external network, and according to described control command, send corresponding network control signal to described internal network chip or external network chip, control described internal network chip or external network chip operation, access first network or the second network.Compared with prior art, it is no longer necessary to expensive C8051F320/1 chip and network switching chip, but the embedded control chip all can used when using electronic device design, internal network chip and two network chips of external network chip realize the isolation of internal network and internal network simultaneously, thus greatly reduce tertiary-structure network realize cost.
It addition, the embodiment of the present invention also provides for a kind of electronic equipment, what described electronic equipment included the double net isolation described in any of the above-described item realizes device.Wherein, described electronic equipment can be desk computer, notebook, but is not limited only to this.
One of ordinary skill in the art will appreciate that all or part of flow process realizing in above-described embodiment method, can be by computer program and complete to instruct relevant hardware, described program can be stored in a computer read/write memory medium, this program is upon execution, it may include such as the flow process of the embodiment of above-mentioned each method.Wherein, described storage medium can be magnetic disc, CD, read-only store-memory body (Read-Only Memory, ROM) or random store-memory body (Random Access Memory, RAM) etc..
The above; being only the detailed description of the invention of the present invention, but protection scope of the present invention is not limited thereto, any those familiar with the art is in the technical scope that the invention discloses; the change that can readily occur in or replacement, all should contain within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with scope of the claims.
Claims (10)
1. the implementation method of double net isolation, it is characterised in that including:
Embedded control chip receives the control command that chipset sends, and described control command is used for indicating access first network or the second network;
Described embedded control chip, according to described control command, sends corresponding network control signal to first network chip or the second network chip, control first network chip or the work of the second network chip, access first network or the second network.
Method the most according to claim 1, it is characterized in that, when described control command is used for indicating access first network, described embedded control chip is according to described control command, send corresponding network control signal to first network chip or the second network chip, control first network chip or the work of the second network chip, access first network or the second network includes: described embedded control chip is according to described control command, send first network and control signal to first network chip, control described first network chip operation, access first network.
Method the most according to claim 1, it is characterized in that, when described control command is used for indicating access the second network, described embedded control chip is according to described control command, send corresponding network control signal to first network chip or the second network chip, control first network chip or the work of the second network chip, access first network or the second network includes: described embedded control chip is according to described control command, send the second network control signal to the second network chip, control described second network chip work, access the second network.
Method the most according to claim 1, it is characterised in that described embedded control chip receives the control command of chipset transmission and includes: described embedded control chip receives the control command that chipset is sent by usb bus.
Method the most according to claim 1, it is characterised in that described first network is internal network, described second network is external network;Described first network chip is internal network chip, and described second network chip is external network chip.
6. double net isolation realize device, it is characterised in that described device includes chipset, embedded control chip, first network chip and the second network chip, wherein,
Described embedded control chip, for receiving the control command that described chipset sends, described control command is used for indicating access first network or the second network, and according to described control command, send corresponding network control signal to described first network chip or the second network chip, control described first network chip or the work of the second network chip, access first network or the second network.
Device the most according to claim 6, it is characterized in that, when described control command is used for indicating access first network, described embedded control chip, described first network chip is controlled signal to for sending first network according to described control command, control described first network chip operation, access first network.
Device the most according to claim 6, it is characterized in that, when described control command is used for indicating access the second network, described embedded control chip, for according to described control command, send the second network control signal extremely described second network chip, control described second network chip work, access the second network.
Device the most according to claim 6, it is characterised in that described first network is internal network, described second network is external network;Described first network chip is internal network chip, and described second network chip is external network chip.
10. an electronic equipment, it is characterised in that described electronic equipment includes the device according to any one of claim 6 to 9.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510059860.7A CN105991561B (en) | 2015-02-05 | 2015-02-05 | Method and device for realizing dual-network isolation and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510059860.7A CN105991561B (en) | 2015-02-05 | 2015-02-05 | Method and device for realizing dual-network isolation and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN105991561A true CN105991561A (en) | 2016-10-05 |
| CN105991561B CN105991561B (en) | 2020-01-31 |
Family
ID=57036119
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510059860.7A Active CN105991561B (en) | 2015-02-05 | 2015-02-05 | Method and device for realizing dual-network isolation and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN105991561B (en) |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1713581A (en) * | 2004-06-23 | 2005-12-28 | 北京中科诚毅科技发展有限公司 | Physic separated controlling circuit and computer system of physic separated network |
| CN101373448A (en) * | 2008-08-15 | 2009-02-25 | 华硕电脑股份有限公司 | Computer system with remote management |
| CN201331760Y (en) * | 2009-01-08 | 2009-10-21 | 山东超越数控电子有限公司 | Double hard disks network safe isolation card |
| CN201639589U (en) * | 2009-12-09 | 2010-11-17 | 上海广电通信技术有限公司 | Embedded dual-redundant network card based on ARM |
| CN202261380U (en) * | 2011-09-23 | 2012-05-30 | Tcl集团股份有限公司 | Network security system |
| CN102867158A (en) * | 2011-07-07 | 2013-01-09 | 联想(北京)有限公司 | Memory switching method, memory switching device and terminal with dual systems |
| CN103532977A (en) * | 2013-10-30 | 2014-01-22 | 北京艾斯蒙科技有限公司 | Secure access equipment for intranet and extranet |
| CN103853987A (en) * | 2012-11-29 | 2014-06-11 | 中晟国计科技有限公司 | Dual-network integrated type computer terminal |
-
2015
- 2015-02-05 CN CN201510059860.7A patent/CN105991561B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1713581A (en) * | 2004-06-23 | 2005-12-28 | 北京中科诚毅科技发展有限公司 | Physic separated controlling circuit and computer system of physic separated network |
| CN101373448A (en) * | 2008-08-15 | 2009-02-25 | 华硕电脑股份有限公司 | Computer system with remote management |
| CN201331760Y (en) * | 2009-01-08 | 2009-10-21 | 山东超越数控电子有限公司 | Double hard disks network safe isolation card |
| CN201639589U (en) * | 2009-12-09 | 2010-11-17 | 上海广电通信技术有限公司 | Embedded dual-redundant network card based on ARM |
| CN102867158A (en) * | 2011-07-07 | 2013-01-09 | 联想(北京)有限公司 | Memory switching method, memory switching device and terminal with dual systems |
| CN202261380U (en) * | 2011-09-23 | 2012-05-30 | Tcl集团股份有限公司 | Network security system |
| CN103853987A (en) * | 2012-11-29 | 2014-06-11 | 中晟国计科技有限公司 | Dual-network integrated type computer terminal |
| CN103532977A (en) * | 2013-10-30 | 2014-01-22 | 北京艾斯蒙科技有限公司 | Secure access equipment for intranet and extranet |
Also Published As
| Publication number | Publication date |
|---|---|
| CN105991561B (en) | 2020-01-31 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9948299B2 (en) | On-die termination control without a dedicated pin in a multi-rank system | |
| CN104956440A (en) | Apparatus, method and system for determining reference voltages for a memory | |
| US20140281139A1 (en) | Dual-interface flash drive | |
| US8756355B2 (en) | Methods and structure for configuring a Serial Attached SCSI domain via a Universal Serial Bus interface of a Serial Attached SCSI expander | |
| CN103441948A (en) | Data access method, network card and storage system | |
| US8140724B1 (en) | SATA pass through port | |
| CN106407145A (en) | An interface access method and system and a memory card | |
| CN104035731A (en) | Storage head node of blade server | |
| KR101898341B1 (en) | SSD test apparatus | |
| US8782298B2 (en) | Computing device and method for adjusting physical links of a SAS expander of the computing device | |
| CN104615565A (en) | SAS card device with transmission rate reaching 12Gb | |
| CN102237867B (en) | Semiconductor module including module control circuit and method for controlling the same | |
| CN105991561A (en) | Implementation method and apparatus of dual-network isolation, and electronic equipment | |
| US12001711B2 (en) | Determine link startup sequence (LSS) type using reference clock frequency and attribute | |
| CN103544079B (en) | Flash memory chip data recovery achieving system and method based on programmable logic controller | |
| KR20140065678A (en) | Semiconductor apparatus and operating method for semiconductor apparatus using the same | |
| CN105354504A (en) | Integrated data ferrying device and method | |
| CN102591825A (en) | Transmitting device and method between SATA (Serial Advanced Technology Attachment) controller and flash controller based on SYNC mechanism | |
| CN105989308A (en) | Method, device and electronic equipment for realizing double network isolation | |
| WO2015112150A1 (en) | Volume migration for a storage area network | |
| CN202796068U (en) | Hard disk expansion interface device | |
| KR101190885B1 (en) | Home storage system | |
| CN103064803A (en) | Data read-write method and device of NAND Flash storage device | |
| KR101393861B1 (en) | Data communication apparatus based on vehicle network and method using the same | |
| CN103902491B (en) | USB (universal serial bus)-based high-speed data transmission device and USB-based high-speed data transmission method |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |