CN1421794A - Network safety control equipment based on physical isolation and data exchange monitoring - Google Patents
Network safety control equipment based on physical isolation and data exchange monitoring Download PDFInfo
- Publication number
- CN1421794A CN1421794A CN 01131559 CN01131559A CN1421794A CN 1421794 A CN1421794 A CN 1421794A CN 01131559 CN01131559 CN 01131559 CN 01131559 A CN01131559 A CN 01131559A CN 1421794 A CN1421794 A CN 1421794A
- Authority
- CN
- China
- Prior art keywords
- controller
- hard disk
- write
- network
- circuit
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Storage Device Security (AREA)
Abstract
The network safety control equipment based on physical isolation and data exchange monitoring includes main controller, power supply controller, network controller and fixed disc controller. The output of the main controller is connected to the power supply controller, the network controller and the fixed disc controller. The equipment is connected to double-fixed disc computer to protect important data alone. Physically, the present invention can avoid the attack from the network completely and prevent virus invasion effectively to ensure the computer safety in data storage and log-in with the network. At the same time, the fixed disc controller monitors and isolates according to the protocol to realize the mono-way data transmission and exchange safety between two fixed discs.
Description
Technical field:
The present invention relates to a kind of computer network security equipment, be meant a kind of network safety control equipment especially based on physical isolation and exchanges data monitoring.
Background technology:
Nineteen sixties, people link up several computing machines, realize the information transmission between the computing machine, and having changed the previous calculation machine can only be as pure data processor.People can exchange or obtain information quickly and easily mutually by computer networking.Particularly along with compunication in recent years and rapid development of network technology, the enforcement of " project of government's surfing the net ", human society has progressively marched toward an information age with rapid changepl. never-ending changes and improvements, and computer network also becomes the main means that people exchanged, obtained information mutually.Yet how people prevent the intrusion of computer virus and network hacker when obtaining information, and the data security of guaranteeing online computer itself has become current society and pressed for most the problem that is solved.The safety practice that present online computer is taked mainly contains following several: 1, adopt firewall software, the IP bag by fire wall is filtered, guarantee that the user who only obtains the authorization just can visit, to prevent unauthorized access.Because fire wall is a software product, has security breaches, be subject to the lawless person and attack, therefore, adopt fire wall can not guarantee to be perfectly safe; 2, Intranet, the outer net of online computer are implemented physical isolation, guarantee the safety of computing machine, as Chinese patent 98206671.6 disclosed " secure network that can connect Intranet and outer net simultaneously calculates ", it is made up of two main frames, one of them computing machine is connected with internal network, another computing machine is connected with external network, and two computing machines are by the shared cover keyboard of controller, Genius mouse, display.Guarantee to communicate between two main frames by controller, realize from physically isolating.This secure network computer need be provided with two main frames, and its cost height, volume are big, and difficult in maintenance.
Summary of the invention:
The object of the present invention is to provide a kind of simple in structure, cost is low, security good, and network safety control equipment based on physical isolation and exchanges data monitoring easy to use.
The objective of the invention is to adopt following proposal to realize: it comprises master controller, power-supply controller of electric, network link controller, read-write controller for hard disk, and the control output of master controller connects power-supply controller of electric, network controller, read-write controller for hard disk respectively.
Described read-write controller for hard disk comprises that hard disk writes capture circuit, writes by-pass switch circuit, virtual hard disk, hard disk is write input termination main controller controls signal, the mainboard IDE1 signal wire of capture circuit, the output terminal that hard disk is write capture circuit connects respectively writes by-pass switch circuit, virtual hard disk, write the input termination IDE signal wire of by-pass switch circuit, output termination virtual hard disk, hard disk.
Described read-write controller for hard disk also comprises an one-way data channel circuit, is connected between write switch circuit and the hard disk, and the control end of one-way data channel circuit and hard disk are write capture circuit and joined.
The present invention is owing to take technique scheme; make that data important, need to be keep secret obtain separately protected in the computing machine; from physically thoroughly having avoided coming the attack of automatic network; and effectively prevented viral intrusion, thereby solved the data storage safety and the Internet Security problem of computing machine well.Simultaneously, hard disk controller is isolated by protocol monitor, has realized the data one-way transmission between two hard disks, has realized data exchange safety.
The invention will be further described below in conjunction with accompanying drawing.
Description of drawings:
Accompanying drawing 1 is a theory diagram of the present invention.Comprise master controller, power-supply controller of electric, network link controller, read-write controller for hard disk composition, the control output of master controller connects power-supply controller of electric, network controller, read-write controller for hard disk respectively.
Accompanying drawing 1 is a theory diagram of the present invention
Accompanying drawing 2 is the master controller theory diagram.
Accompanying drawing 3 is the power-supply controller of electric theory diagram.
Accompanying drawing 4 is the network link controller theory diagram.
Accompanying drawing 5 is the read-write controller for hard disk theory diagram.
Embodiment:
Referring to Fig. 1, the present invention includes master controller, power-supply controller of electric, network link controller, read-write controller for hard disk, the control output of master controller connects power-supply controller of electric, network link controller, read-write controller for hard disk power-supply controller of electric respectively and also joins with host power supply, hard disk E0 power supply, hard disk E1 power supply respectively, network link controller is also joined with network interface card interface, internet interface, extranet interfaces respectively, and read-write controller for hard disk joins with hard disk E1, mainboard IDE1 interface respectively.
Referring to Fig. 2, master controller of the present invention adopts single-chip microcomputer, and the input end of its single-chip microcomputer and mode selector switch K1, K2, K3, K4 link.Its output terminal is connected to power controller controls signal, network link controller signal, read-write controller for hard disk control signal respectively.Single-chip microcomputer sends control signal corresponding according to the state of mode selector switch K1, K2, K3, K4, makes computing machine by corresponding pattern work.
Referring to accompanying drawing 3, power-supply controller of electric is made up of the relay group, and it receives the control signal that the master controller single-chip microcomputer sends, and pilot relay is connected the power supply of corresponding hard disk.
Mainly be made up of the miniature electronic switch matrix referring to accompanying drawing 4, network link controller, the control signal that its miniature electronic switch matrix is sent by the master controller single-chip microcomputer is controlled.The output terminal of miniature electronic switch matrix joins with host network card interface, internet interface, extranet interfaces respectively.
Referring to Fig. 5, read-write controller for hard disk by hard disk write capture circuit, write the by-pass switch circuit, virtual hard disk, one-way data path circuitry form, hard disk is write input termination main controller controls signal, the mainboard IDE1 signal wire of capture circuit, hard disk is write persistent respectively by-pass switch circuit, the empty hard disk write of output terminal of capture circuit, write the input termination IDE1 signal wire of by-pass switch circuit, output termination virtual hard disk, the one-way data channel circuit is connected between write switch circuit and the hard disk E1, and the control end of one-way data channel circuit and hard disk are write capture circuit and joined.
The present networks safety control device connects by Fig. 1 with computing machine can form fail-safe computer, two hard disks of computing machine are made as non-the Internet hard disk E0 and the Internet hard disk E1 respectively, the deposit data of important need to be keep secret is on hard disk EO, and other deposit data that need not maintain secrecy is on hard disk E1.Hard disk E0 and hard disk E1 connect respectively on the PrimaryIDE controller and SecondaryIDE controller of mainboard, and system CMOS is provided with first startup and is IDEO, and second startup is IDE1.
The present networks safety control device connects three kinds of mode of operations forming fail-safe computer with computing machine as follows:
1, pattern 1-disconnected internet mode.Press the mode selector switch K1 of master controller when system powers on, master controller is sent out control signal to power-supply controller of electric, only connects the power supply of hard disk EO; Master controller is sent out control signal to network link controller simultaneously, network interface card is connected with in-house network, computing machine just is operated in disconnected internet mode, K2 is used for control computer and whether connects in-house network in the mode switch, when K2 presses, computing machine disconnects with in-house network and being connected, and does not link to each other with any net.
2, pattern 2-connection internet mode.Press the mode selector switch K3 of master controller when system powers on, master controller is sent out control signal to power-supply controller of electric, only connects the power supply of hard disk E1; Master controller is sent out control signal to network link controller simultaneously, and network interface card is connected with the Internet, and the meter computing machine just is operated in the connection internet mode.
3, mode 3-secure data switch mode.Press the mode selector switch K4 of master controller when system powers on, master controller is sent out control signal to power-supply controller of electric, connects the power supply of hard disk EO and hard disk E1; Master controller is sent out control signal to network link controller simultaneously, and network interface card and the Internet are disconnected; When the control signal of sending when master controller was effective, hard disk was write capture circuit by command port number and command word form, caught and was sent to the data write operation that connects the Internet hard disk E1, and produce to write and catch trigger pip.Write and catch trigger pip control and write by-pass switch, data are write all relevant signals switch on the virtual hard disk.Virtual hard disk accepts to write lock-on signal control, according to the signal that bypass is come, finishes with writing of main frame and replys logic.The one-way data passage accepts to write lock-on signal control, and the most-significant byte that connects the data bus of hard disk E1 is set to uniflux, further guarantees to stop the data to the E1 hard disk to write.
If the control signal that master controller sends is invalid, then the data write operation of subtend hard disk E1 does not apply any control.
Claims (3)
1. a niche is in the network safety control equipment of physical isolation and exchanges data monitoring, it comprises master controller, power-supply controller of electric, network controller, hard disk controller, and the control output of master controller connects power-supply controller of electric, network controller, read-write controller for hard disk respectively.
2. network safety control equipment according to claim 1, it is characterized in that: described read-write controller for hard disk comprises that hard disk writes capture circuit, writes by-pass switch circuit, virtual hard disk, hard disk is write input termination main controller controls signal, the mainboard IDE1 signal wire of capture circuit, the output terminal that hard disk is write capture circuit connects respectively writes by-pass switch circuit, virtual hard disk, write the input termination IDE1 signal wire of by-pass switch circuit, output termination virtual hard disk, hard disk.
3. read-write controller for hard disk according to claim 2 is characterized in that: also comprise an one-way data channel circuit, be connected between write switch circuit and the hard disk that the control end of one-way data channel circuit and hard disk are write capture circuit and joined.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB011315598A CN100424672C (en) | 2001-11-22 | 2001-11-22 | Network safety control equipment based on physical isolation and data exchange monitoring |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB011315598A CN100424672C (en) | 2001-11-22 | 2001-11-22 | Network safety control equipment based on physical isolation and data exchange monitoring |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1421794A true CN1421794A (en) | 2003-06-04 |
| CN100424672C CN100424672C (en) | 2008-10-08 |
Family
ID=4670685
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB011315598A Expired - Fee Related CN100424672C (en) | 2001-11-22 | 2001-11-22 | Network safety control equipment based on physical isolation and data exchange monitoring |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100424672C (en) |
Cited By (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100362793C (en) * | 2004-06-23 | 2008-01-16 | 北京中科诚毅科技发展有限公司 | Physic separated controlling circuit and computer system of physic separated network |
| CN1630245B (en) * | 2003-12-17 | 2011-07-20 | 趋势株式会社 | Method of network system virus prevention, network system |
| CN1964272B (en) * | 2005-11-09 | 2012-01-04 | 陈宏宪 | A method and device to safely exchange computer data |
| CN101175073B (en) * | 2006-11-01 | 2012-01-11 | 英业达股份有限公司 | Double-controller communication system and method based on hard disk controller |
| CN102420000A (en) * | 2011-09-30 | 2012-04-18 | 河南腾龙信息工程有限公司 | Single-interface electronic isolation dual-solid-state disk |
| CN101789866B (en) * | 2010-02-03 | 2012-06-13 | 国家保密科学技术研究所 | High-reliability safety isolation and information exchange method |
| CN106790293A (en) * | 2016-12-14 | 2017-05-31 | 中国电子科技集团公司第三十研究所 | A kind of network domains isolating device and control method based on physics switching |
| CN109167772A (en) * | 2018-08-22 | 2019-01-08 | 深圳市星火电子工程公司 | A kind of inter-network exchange data computer and method |
Family Cites Families (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1283826A (en) * | 1999-10-19 | 2001-02-14 | 深圳市宏网实业有限公司 | Single-motherboard network security computer |
| CN2426622Y (en) * | 2000-07-24 | 2001-04-11 | 南京旭峰千禧科技实业有限公司 | Safety isolation control card for network |
-
2001
- 2001-11-22 CN CNB011315598A patent/CN100424672C/en not_active Expired - Fee Related
Cited By (9)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1630245B (en) * | 2003-12-17 | 2011-07-20 | 趋势株式会社 | Method of network system virus prevention, network system |
| CN100362793C (en) * | 2004-06-23 | 2008-01-16 | 北京中科诚毅科技发展有限公司 | Physic separated controlling circuit and computer system of physic separated network |
| CN1964272B (en) * | 2005-11-09 | 2012-01-04 | 陈宏宪 | A method and device to safely exchange computer data |
| CN101175073B (en) * | 2006-11-01 | 2012-01-11 | 英业达股份有限公司 | Double-controller communication system and method based on hard disk controller |
| CN101789866B (en) * | 2010-02-03 | 2012-06-13 | 国家保密科学技术研究所 | High-reliability safety isolation and information exchange method |
| CN102420000A (en) * | 2011-09-30 | 2012-04-18 | 河南腾龙信息工程有限公司 | Single-interface electronic isolation dual-solid-state disk |
| CN102420000B (en) * | 2011-09-30 | 2014-09-17 | 河南腾龙信息工程有限公司 | Single-interface electronic isolation dual-solid-state disk |
| CN106790293A (en) * | 2016-12-14 | 2017-05-31 | 中国电子科技集团公司第三十研究所 | A kind of network domains isolating device and control method based on physics switching |
| CN109167772A (en) * | 2018-08-22 | 2019-01-08 | 深圳市星火电子工程公司 | A kind of inter-network exchange data computer and method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100424672C (en) | 2008-10-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US20210006407A1 (en) | Usb security gateway | |
| CN203299904U (en) | Access control device and system | |
| CN1421794A (en) | Network safety control equipment based on physical isolation and data exchange monitoring | |
| KR101255008B1 (en) | The automatic controlling panel and the controlling method | |
| DE112012003293T5 (en) | Apparatus and method for improving data security in a host computer device and a peripheral device | |
| CN105516189A (en) | Network security enforcement system and method based on big data platform | |
| CN101127760A (en) | Bidirectional protocol isolation method and its device in network | |
| CN101699457A (en) | Computer interface signal transmission management system and interface monitoring method | |
| CN107483514A (en) | Attack monitoring device and smart machine | |
| CN108270590A (en) | A kind of high security network communication system for railway equipment maintenance management | |
| CN207676391U (en) | One kind can across the controller fire-fighting linkage control system of off line | |
| CN111371807A (en) | Security system based on access layer, construction method thereof, terminal and storage medium | |
| CN203835140U (en) | Table-attached-type fingerprint confidential cabinet | |
| KR101224993B1 (en) | Automatic control panel with enhanced security function | |
| CN1281190A (en) | Network security computer with single motherboard | |
| CN111885179B (en) | External terminal protection device and protection system based on file monitoring service | |
| CN107483870A (en) | Internet video communication system | |
| CN210112051U (en) | Multi-information-source communication management device based on security isolation network gate | |
| CN1556633A (en) | Route exchanger of integrated fire proof wall | |
| CN206258999U (en) | A kind of long-range garden safety-protection system | |
| CN111859434A (en) | External terminal protection device and protection system for providing confidential file transmission | |
| CN111131793A (en) | Video network access safety device | |
| CN109729103A (en) | A kind of dedicated network intellectual analysis safety control and method | |
| TWI221591B (en) | Digital AV network monitoring system | |
| CN202548769U (en) | Host-slave-structure-based KVM (Keyboard & Video & Mouse) signal transmission device for computer |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20081008 Termination date: 20101122 |