CN1361476A - Inner and outer network separating physical method and switch unit - Google Patents
Inner and outer network separating physical method and switch unit Download PDFInfo
- Publication number
- CN1361476A CN1361476A CN 00136750 CN00136750A CN1361476A CN 1361476 A CN1361476 A CN 1361476A CN 00136750 CN00136750 CN 00136750 CN 00136750 A CN00136750 A CN 00136750A CN 1361476 A CN1361476 A CN 1361476A
- Authority
- CN
- China
- Prior art keywords
- switch
- intranet
- mutual exclusion
- control
- software
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The present invention has designed a scheme for separating Intranet and Internet physically and its autoamtic intelligent software control. Physically, only Intranet or Internet may be selected in all cases and the automatic transparent software selection ensures the absolute safety and convenient and transparent to the user. The seamless combination to be retransmission system raises the safety of the retransmission system. The present invention may be widely used in similar systems and may be integrated with browser, etc.
Description
The present invention relates to a kind of Internal And External Network Physic Isolation Method And Switchgear, particularly a kind of Internal And External Network Physic Isolation Method And Switchgear that is used to isolate the network segment that the heterogeneous networks safe requirement is arranged.
Along with the raising day by day of internal-external network safety requirements, the present invention has designed a kind of intranet and extranet (Intranet/Internet) or two safe physical isolation method and switchgears that the network segment of heterogeneous networks safe requirement is arranged, and has realized software controlled.
The purpose of this invention is to provide a kind of inside and outside network physical partition method and switchgear of being used for, it guarantees that inside and outside network physical isolates, well combine again simultaneously with other application systems, by software according to the network segment inside and outside the automatic gating of Different Rule of setting.
Safe mutual exclusion switch hardware has physically guaranteed under any circumstance can only network segment of gating, selects by the automatic transparent realization of software, thereby has both guaranteed to be perfectly safe, and it is convenient, transparent fully to have accomplished again the user.
Mainly contain a power supply and one or more relay in the safe mutual exclusion switch.Utilize the combination of a plurality of relays can realize different exclusive mode.The simplest situation is, that utilizes a relay often opens the power supply that can pick out a pair of mutual exclusion with normally closed contact.
Control on the computing machine of safe mutual exclusion switch a switching value card is housed, it can call the software interface that is provided by the switching value card driver according to predetermined steering logic, output switching value signal (high and low level), control the relay in the safe mutual exclusion switch, determine which group power connection, only have one group of power supply power supply thereby reach a moment.
Specifically describe the preferred embodiments of the present invention with reference to the accompanying drawings.
Fig. 1 issues the synoptic diagram of (relay) system for the security information that in first embodiment of the invention safe mutual exclusion switch of the present invention is used for;
Fig. 2 is for being used for safe mutual exclusion switch of the present invention the synoptic diagram of safe e-mail system in second embodiment of the invention;
Fig. 3 is the synoptic diagram of safe mutual exclusion switch of the present invention and the integrated use of browser in third embodiment of the invention.
In Fig. 1, collector 12 is computing machines that many operation webpages grasp software; Control Server 16 is computing machines of a running control software, and the control image data is uploaded to the process of mirror image server 17 by collector 12.Safe mutual exclusion switch 15 is by the connection of Modem or Hub11 control collector 12 and outer net 10; Like this, Control Software also can be contained on the computing machine with collector 12.
Safe mutual exclusion switch 15 reaches which network segment of control connection by the power supply 19 of control Hub or Modem11.
The following describes safety switch 15 operating position in the security information delivery system that intranet and extranet are isolated.
In Fig. 1, can be connected to many collectors 12 and little subnet of acquisition controlling of Control Server 16 compositions on the Hub 13, when normally gathering webpage, Hub 13 energisings, collector 12 and Control Server 16 are communicated with, when wherein having any collector 12 to upload image data, Control Server 16 receives the data that transmit on the collector 12, in case judge and upload end, and there are not this moment other collectors 12 (uploading data uploading data if other collectors 12 are arranged, then wait for up to all collectors 12 always and upload end), Control Software is called the output function that the driver of switching value card provides on the Control Server 16, level signal of switching value card output, thereby pilot relay is connected another group power supply, at this moment, Hub 14 energisings, like this, Control Server 16 and mirror image server 17 subnets are communicated with, Control Server 16 is the data upload that transmits on the collector 12 being arranged to mirror image server 17, wait to upload finish after, Control Software is called the output function that the driver of switching value card provides, allow the switching value card export an opposite level signal, Hub 14 power supplys are cut off like this, Hub 13 power supplys are switched on, and system has got back to initial acquisition state again.Safe mutual exclusion switch 15 is realized seamless combination with security information issue (relay) system, has improved information issue (relay) security of system.The with good grounds current state of other similar system selects to be communicated with the requirement of different segment, also can adopt safety switch to realize.
Shown in Figure 2 is the application of safe mutual exclusion switch in safe e-mail system.
Mail server 21 is connected with HUB13 with outer net 10, and HUB13 is connected to Control Server 16, and Control Server 16 is also connected to HUB14, and is connected to internal mail server 17 by HUB14, and internal mail server 17 is connected to in-house network.HUB13 and HUB14 energising is alternately given in the operation of the safe mutual exclusion switch 15 of Control Server 16 controls, make when HUB13 switches on, the HUB14 outage, thus Control Server 16 is connected to mail server 21 and receives the mail that is received from outer net 10 by mail server.According to the control strategy of setting, the safe mutual exclusion switch 15 of Control Server 16 controls switches, make HUB13 cut off the power supply and the HUB14 energising, thereby Control Server 16 is connected with internal mail server 17, the mail that receives from the outside is forwarded to internal mail server 17, by internal mail server 17 mail is sent on each personal computer (PC) by in-house network 18 again.The process that sends mail is similar with reception mail process, in the description of this omission to it.
Because Control Server 16 at any time only connects outer net or Intranet, thereby the security that has improved network.
Safe mutual exclusion switch also can with the integrated use of browser, for example, in browser, embed two toolbar buttons.The most at the beginning, the connection of computing machine and network all has been under an embargo, and only when pressing one of them, safety switch just is communicated with internal network or external network, and the switching that intranet and extranet are communicated with must be undertaken by these two buttons.Can control the power supply input of another safety switch with the output of a safety switch, satisfy different steering logics.
Shown in Figure 3 the example of safe mutual exclusion switch and the integrated use of browser.
In Fig. 3, at synchronization, this computing machine that Control Software is housed can only be communicated with outer net or Intranet, can not be communicated with two network segments simultaneously, has only the different level of switching value integrated circuit board output by Control Software control to come gating outer net or Intranet.Like this, we can embed two toolbar buttons at browser and come the output of gauge tap template card, reach the purpose of gating different segment.
Safe mutual exclusion switch can be widely used in the system of other similar requirement, as long as there is the requirement of isolating between the different segment in this system, just can adopt the way in the similar top accompanying drawing, automatically select to be communicated with the different network segments by software according to rule various, intelligence, reach the purpose of isolation, and the realization of whole transparent procedures, easy to use, physically can only connect, guarantee safety by a direction.
Be compared with existing technology, on the one hand, present technique can guarantee that physically synchronization can only have A network segment is communicated with the situation that does not exist software error to cause two network segments to connect simultaneously, security Good; On the other hand, software can be controlled which network segment of gating automatically according to different rules, because of And the application integration of similar safety requirements can be arranged with other easily.
Claims (10)
1. intranet and extranet (Intranet/Internet) physical isolation method, it is characterized in that, alternately be communicated with connection Intranet or the hub (HUB13 or HUB14) of outer net or the power supply of modulator-demodular unit (11) by hard-wired mutual exclusion switch (15), make fully physical isolation of intranet and extranet (Intranet/Internet), the situation that the both connects can not appear in perhaps interior Netcom or outer Netcom.
2. inside and outside network physical partition method according to claim 1 is characterized in that, described mutual exclusion switch (15) by Control Server (16) according to current state and collocation strategy and automatically control switch.
3. inside and outside network physical partition method according to claim 1 is characterized in that, described mutual exclusion switch (15) is by operating in software control on the Control Server (16).
4. inside and outside network physical partition method according to claim 1 is characterized in that, the physical isolation of described mutual exclusion switch (15) is absolute, can both guarantee to have a net to be communicated with under any hardware and software fault.
5. inside and outside network physical partition method according to claim 1 is characterized in that, the software of described mutual exclusion switch (15) control is embedded to be integrated in the various software system use.
6. intranet and extranet (Intranet/Internet) physical isolation electronic switch, it is characterized in that, comprise by software control by hard-wired mutual exclusion switch (15), described mutual exclusion switch alternately is communicated with and connects Intranet or the hub (HUB13 or HUB14) of outer net or the power supply of modulator-demodular unit (11), makes the complete physical isolation of intranet and extranet (Intranet/Internet) alternately be communicated with.
7. inside and outside network physical insulating electron switch according to claim 6 is characterized in that, described mutual exclusion switch (15) by Control Server (16) according to current state and collocation strategy and automatically control switch.
8. inside and outside network physical insulating electron switch according to claim 6 is characterized in that, described mutual exclusion switch (15) is by operating in software control on the Control Server (16).
9. inside and outside network physical insulating electron switch according to claim 6 is characterized in that the physical isolation of described mutual exclusion switch (15) is absolute, can both guarantee to have a net to be communicated with under any hardware and software fault.
10. inside and outside network physical insulating electron switch according to claim 6 is characterized in that, the software of described mutual exclusion switch (15) control is embedded to be integrated in the various software system use.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB001367501A CN1163825C (en) | 2000-12-28 | 2000-12-28 | Inner and outer network separating physical method and switch unit |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB001367501A CN1163825C (en) | 2000-12-28 | 2000-12-28 | Inner and outer network separating physical method and switch unit |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1361476A true CN1361476A (en) | 2002-07-31 |
| CN1163825C CN1163825C (en) | 2004-08-25 |
Family
ID=4597457
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB001367501A Expired - Fee Related CN1163825C (en) | 2000-12-28 | 2000-12-28 | Inner and outer network separating physical method and switch unit |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1163825C (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100367716C (en) * | 2004-12-17 | 2008-02-06 | 北邮英科(北京)信息技术研究所有限公司 | Isolation method and isolation switch apparatus between multiple different safety class networks |
| CN100435512C (en) * | 2005-04-18 | 2008-11-19 | 梁雁文 | Network isolating device based on PCI bus and its method |
| CN103532978A (en) * | 2013-10-30 | 2014-01-22 | 北京艾斯蒙科技有限公司 | Secure access mode for intranet and extranet |
| WO2014015514A1 (en) * | 2012-07-27 | 2014-01-30 | 华为技术有限公司 | Cloud terminal |
| CN106354466A (en) * | 2016-10-21 | 2017-01-25 | 国网黑龙江省电力有限公司信息通信公司 | Inner network host and outer network host switching device sharing same display device, and inner network host and outer network host switching method |
| CN106502946A (en) * | 2016-10-21 | 2017-03-15 | 国网黑龙江省电力有限公司信息通信公司 | There is intranet and extranet mian engine changeover device and the intranet and extranet mian engine changeover method of authentication functions |
| CN107329735A (en) * | 2017-05-19 | 2017-11-07 | 北京北信源软件股份有限公司 | A kind of intranet patch update method and device |
| CN116149304A (en) * | 2023-04-21 | 2023-05-23 | 中国第一汽车股份有限公司 | Vehicle diagnosis system, method, equipment and storage medium |
-
2000
- 2000-12-28 CN CNB001367501A patent/CN1163825C/en not_active Expired - Fee Related
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100367716C (en) * | 2004-12-17 | 2008-02-06 | 北邮英科(北京)信息技术研究所有限公司 | Isolation method and isolation switch apparatus between multiple different safety class networks |
| CN100435512C (en) * | 2005-04-18 | 2008-11-19 | 梁雁文 | Network isolating device based on PCI bus and its method |
| WO2014015514A1 (en) * | 2012-07-27 | 2014-01-30 | 华为技术有限公司 | Cloud terminal |
| CN103532978A (en) * | 2013-10-30 | 2014-01-22 | 北京艾斯蒙科技有限公司 | Secure access mode for intranet and extranet |
| CN106354466A (en) * | 2016-10-21 | 2017-01-25 | 国网黑龙江省电力有限公司信息通信公司 | Inner network host and outer network host switching device sharing same display device, and inner network host and outer network host switching method |
| CN106502946A (en) * | 2016-10-21 | 2017-03-15 | 国网黑龙江省电力有限公司信息通信公司 | There is intranet and extranet mian engine changeover device and the intranet and extranet mian engine changeover method of authentication functions |
| CN107329735A (en) * | 2017-05-19 | 2017-11-07 | 北京北信源软件股份有限公司 | A kind of intranet patch update method and device |
| CN116149304A (en) * | 2023-04-21 | 2023-05-23 | 中国第一汽车股份有限公司 | Vehicle diagnosis system, method, equipment and storage medium |
| CN116149304B (en) * | 2023-04-21 | 2023-07-18 | 中国第一汽车股份有限公司 | Vehicle diagnosis system, method, equipment and storage medium |
Also Published As
| Publication number | Publication date |
|---|---|
| CN1163825C (en) | 2004-08-25 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN205018777U (en) | Intelligent curtain | |
| CN1361476A (en) | Inner and outer network separating physical method and switch unit | |
| CN105022362A (en) | Coordinated control system and coordinated control method of smart home equipment | |
| CN106712613B (en) | A kind of stepper motor crossing redundancy driving control system | |
| EP0853367A3 (en) | Electric power control system | |
| CN105786742A (en) | Server serial port switching apparatus and method, and server | |
| CN203466798U (en) | Serial-port switching device based on electronic switch | |
| CN101847893B (en) | Network control type universal change-over switch with CCLink communication | |
| US20080125888A1 (en) | Offline configuration using USB download in an itegrated power distribution system | |
| CN106163022A (en) | Lamp switch device with ammeter function and intelligent lamp control system | |
| JP3370252B2 (en) | Field equipment | |
| CN110380515B (en) | Experimental network monitoring system for power distribution network | |
| CN108572635A (en) | Industrial network node based on shared drive pond and modified round-robin method | |
| CN1885674A (en) | Intelligent network low-voltage distribution and control system using bus technique | |
| CN204651757U (en) | A kind of breaker handcart of switch cabinet, grounding switch electric controller | |
| CA1088148A (en) | Speed control for rotatable element driven by direct current motors | |
| CN101533554B (en) | A sending method for wireless instructions, receiving nodes and a system | |
| CN106020104A (en) | Intelligent switch device based on conventional mechanical switch | |
| CN103713602B (en) | Remote control two-channel control system | |
| CN219266948U (en) | Circuit for multiplexing RS485, RS232 and CAN buses based on dial | |
| CN212028698U (en) | Exquisite intelligent control module of partial-rotation electric actuator | |
| CN211375413U (en) | Simple and reliable engraving machine spindle control system | |
| CN212083959U (en) | Visual anti-fatigue control terminal | |
| CN207361618U (en) | A kind of crane master controller signal conversion and wireless launcher | |
| CN1485009A (en) | Composite cooking machine |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C06 | Publication | ||
| PB01 | Publication | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| EE01 | Entry into force of recordation of patent licensing contract |
Assignee: Beijing Zhong Wei Wei Technology Co., Ltd. Assignor: Institute of Computing Technology, Chinese Academy of Sciences Contract fulfillment period: 2007.11.6 to 2012.11.6 contract change Contract record no.: 2008110000222 Denomination of invention: Inner and outer network separating physical method and switch unit Granted publication date: 20040825 License type: Exclusive license Record date: 20081230 |
|
| LIC | Patent licence contract for exploitation submitted for record |
Free format text: EXCLUSIVE LICENSE; TIME LIMIT OF IMPLEMENTING CONTACT: 2007.11.6 TO 2012.11.6; CHANGE OF CONTRACT Name of requester: BEIJING ZHONGHENGWEI SCIENCE CO., LTD. Effective date: 20081230 |
|
| ASS | Succession or assignment of patent right |
Owner name: CHEN DIGUI Free format text: FORMER OWNER: INSTITUTE OF COMPUTING TECHNOLOGY HINESE ACADEMY OF SCIENCES Effective date: 20121228 |
|
| C41 | Transfer of patent application or patent right or utility model | ||
| COR | Change of bibliographic data |
Free format text: CORRECT: ADDRESS; FROM: 100080 HAIDIAN, BEIJING TO: 518131 SHENZHEN, GUANGDONG PROVINCE |
|
| TR01 | Transfer of patent right |
Effective date of registration: 20121228 Address after: 518131 Guangdong city of Shenzhen province Longhua new city street Whitehead Jinlong Road East Tiande building room 1205 Patentee after: Chen Digui Address before: 100080 Haidian District, Zhongguancun Academy of Sciences, South Road, No. 6, No. Patentee before: Institute of Computing Technology, Chinese Academy of Sciences |
|
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20040825 Termination date: 20121228 |