CN1553362A - Apparatus and method for realizing computer network internal and external net separation - Google Patents
Apparatus and method for realizing computer network internal and external net separation Download PDFInfo
- Publication number
- CN1553362A CN1553362A CNA031372120A CN03137212A CN1553362A CN 1553362 A CN1553362 A CN 1553362A CN A031372120 A CNA031372120 A CN A031372120A CN 03137212 A CN03137212 A CN 03137212A CN 1553362 A CN1553362 A CN 1553362A
- Authority
- CN
- China
- Prior art keywords
- network
- signal
- selection
- connect
- signal wire
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The device consists of network selecting unit which is coupled with at least two networks to be selectable and is used to select one of them, sychronous switching unit which is coupled on said network selection device for responding to its selected signal and switches the selected network signal line to sigal line of computer on the network, interface unit which connects at least two networks to be selectable to synchronous switching unit connects synchronous switching unit to computer on the network and connects selected network signal line with signal line of computer on the network.
Description
Technical field
The present invention relates to computer networking technology, be specifically related to a kind of apparatus and method that realize that the computer network intranet and extranet are isolated.
Background technology
Along with development of computer and computer utility are popularized, in many fields that relate to national economy, national security, computing machine has also obtained using widely, thereupon is the information security issue in these fields.Relevant regulations according to country, relate to state secret department's (particularly important department such as government, army) computer information system must with the public information network physical isolation, with information equipment that public information network links to each other on must not store, handle and transmit state secret information, so how safety, realize that LAN (Local Area Network) has become network security construction problem demanding prompt solution with the network physical isolating problem of the Internet easily.
Network Isolation generally is based on the solution of common computer, the method that useful two computers inserts respectively in the prior art, the method that two computers is assembled to (reality also is the computer of two platform independent) in the big cabinet is arranged, also some is based on the solution of two hard disks, two network interface cards, and there are problems such as cost of investment is too high, the wasting of resources usually in these methods.The appearance of network computer, the pattern of a kind of concentrated computing, centralized stores is provided, and beginning is popularized in government, army, network computer that can be present does not generally have the function that two nets are isolated, though the two nets of realizing that have are isolated, be by specialized apparatus such as special switch, cost height, realize trouble, and can not adapt to the existing network of present government.
In Chinese patent " a kind of network physical isolation centralized control system ", publication number is: " 1357838 " application number: in 00127704.9, disclose a kind of network physical and isolated centralized control system, be applied in two many nets of net formula systems, the network physical of this prior art is isolated centralized control system and comprised: a plurality of data collecting cards are used for obtaining from the unit that is attached thereto the duty of unit; Data acquisition module is used for from the duty of each each unit of blocks of data capture card collection; Data processing module, the duty of judging, and send execution command; Outside network interface card and inner network interface card on the execution module, every unit all are connected on the execution module, carry out the execution command that receives data processing module output, cut off being connected of corresponding unit and in-house network or extranets according to execution command.This application has been utilized two network interface cards.
In addition, patented claim " network security computer with single motherboard " publication number is " 1281190 "; And patented claim " single-motherboard network security computer " publication number is " 1283826 "; And patented claim " a kind of inside and outside net network unit-switch and change-over circuit " publication number is " 1331439 "; These patented claims or patent all are based on the implementation of PC, and all bind with PC.
In order to overcome these deficiencies of prior art, at the characteristics of network computer, the invention provides a kind of easy easy-to-use independently isolated device, use this equipment, common single network interface network computer just can be realized the isolation use of two nets easily.By physical isolation, guaranteed the security of information between the heterogeneous networks to network signal.As separate equipment, do not need install driver, be not subjected to the restriction of operating system, with the diverse network computing machine good compatibility is arranged all.
Summary of the invention
The objective of the invention is to overcome the above-mentioned shortcoming of prior art, a kind of easy easy-to-use independently isolated device is provided, use this equipment, common single network interface network computer just can be realized the isolation use of two nets easily.By the isolation of network signal, guaranteed the security of information between the heterogeneous networks.As separate equipment, good compatibility is all arranged with the diverse network computing machine.
The invention provides a kind of device of realizing that the computer network intranet and extranet are isolated comprises:
Network selection apparatus, being coupled to can selecteed at least two network, is used to select one of them;
Synchronous switching device is coupled to described network selection apparatus, is used to respond it and selects signal, the signal wire of the network of described selection is switched to the signal wire of the computing machine of online;
Interface arrangement, be used to connect described can selecteed at least two networks to synchronous switching device, connect the computing machine of described synchronous switching device to described online, be used to connect the signal wire of the computing machine of the signal wire of selecteed network and online.
This device also comprises alternatively: the network indicating device, be coupled to described network selection apparatus or described synchronous switching device, and be used to indicate the network of described selection.
Preferably, described network selection apparatus comprises first switchgear, is used to select the network that will select; Filter is used for the interference of filtering from the signal of first switchgear; Chromacoder, the conversion of signals that is used for filtering is the signal that is applicable to that described synchronous switching device uses.
Alternatively, described first switchgear is a selector switch, and its first end is connected to noble potential, and second end is connected to ground, and the 3rd end is connected to described filter, to select sending noble potential or electronegative potential to described filter; Described filter comprises that the 3rd end that connects described first switchgear arrives first electric capacity on ground; Described chromacoder comprises first triode, its base stage is connected to the 3rd end of described first switchgear by second resistance, the emitter-base bandgap grading of described first triode and collector be connected respectively to and be connected to power supply or be connected respectively to power supply and be connected to ground by the 3rd resistance by the 3rd resistance, described collector coupled is to described synchronous switching device.
Preferably, described synchronous switching device, comprise that signal wire connects control device and signal line connecting, wherein, described signal wire connects control device and is coupled to described network selection apparatus, and the selection that is used to respond described network selection apparatus is controlled described signal line connecting and connected the signal wire of the signal wire of described selecteed network to described computing machine.
Alternatively, it is transistor switching circuit that described signal wire connects control device, signal line connecting is the relay that comprises at least one contact, the output of described relay response transistor switching circuit, and the signal that connects described selecteed network is to described computing machine.
Preferably, described network indicating device comprises at least one pilot lamp, is used to indicate described selecteed network.
The present invention also provides a kind of method that realizes that the computer network intranet and extranet are isolated to comprise step:
The network that selection will connect;
According to the network that will connect of described selection, drive synchronous switching device and connect the described network that will select;
Wherein, the step of the described network that will select of described driving synchronous switching device connection comprises that the contact that drives relay connects the signal wire of the network that will connect of described selection; The step of the network that described selection will connect comprises the drive unit of output selection signal to described relay.
Alternatively, the step of the network that described selection will connect also comprises: the change-over switch state responds this state and switches, the output switch-over control signal; Described output selects signal to comprise the described switch-over control signal of response for the step of the drive unit of described relay, and oxide-semiconductor control transistors switch driving circuit output drive signal is given described relay.
Preferably, this method also comprises step: click the icon of the above network that will connect of display screen, and with the startup linker, the IP address of revising this machine, the IP address of setting server logs on the described network that will connect.
Utilize the present invention, can be on the basis of existing two net layouts based on PC of common network computer and unit, realize two net isolation solutions of computing machine Network Based easily, do not need special equipment, as switch of special use etc., thereby reduce the investment that the user realizes the two net isolation schemes of network computer, shorten the time of realizing.
Isolated device of the present invention, take into full account the work characteristics of network computer, can thoroughly realize the physical isolation of intranet and extranet, simple to operate, meet user's use habit, because employing is universal elements, cheap, the reliability height does not need to drive, and all has good versatility with the diverse network computing machine.
Description of drawings
Fig. 1 shows the circuit system schematic diagram of the preferred embodiments of the present invention;
The system that Fig. 2 shows the preferred embodiments of the present invention uses connection diagram.
Embodiment
In an embodiment of the present invention, equipment of the present invention can make things convenient for network computer to be connected, and this equipment has two RJ45 interfaces, can realize and being connected of two heterogeneous networks; Have a USB joint, can realize and being connected of main frame USB mouth, to obtain the electric power supply of device drives; Have a RJ45 joint, can be connected with the RJ45 of main frame, the realization main frame is connected with network; Have a control line, link control module realizes the indication of network state and the switching between heterogeneous networks.
By the performer of equipment choosing is the microminiature solid-state relay, and multitool interlock double-throw is realized the synchronous switching of each signal wire of RJ45 interface.。
Because network computer does not have local storage, by server or the network storage equipment calculates and data storage, in use, pass through switching device shifter, guarantee that network computer at any one only and a network-in-dialing, guaranteed the safety of Intranet information constantly.
Understand the present invention for the ease of persons skilled in the art, the present invention is described in further detail below in conjunction with drawings and embodiments:
At first with reference to Fig. 1, Fig. 1 shows the circuit system schematic diagram of the preferred embodiments of the present invention.
In an embodiment of the present invention, the master switch that two-way toggle switch SW1 switches for the control intranet and extranet.The power supply of entire circuit by USB interface+5V provides.When the SW1Pin1 pin of first switch SW 1 is communicated with the SW1Pin8 pin of SW1, after main frame powers up, the base stage Q1Pin2 of the first transistor Q1 is a low level, the first transistor Q1 is ended, and therefore, base stage Q2-Pin2 and the Q3-Pin2 of second and third transistor Q2, Q3 are high level, so second and third transistor Q2, all conductings of Q3, first and second relay K 1 and all adhesives of K2, the state of this moment are that 8 data lines of the second interface JP2 are communicated with the 3rd interface JP3, and promptly second network 2 is connected.The pilot lamp D2 of second network 2 is bright.。In like manner, when the SW1Pin1 pin of switch SW 1 and SW1Pin3 pin are connected, first and second relay K 1, not adhesive of K2, therefore, 8 data lines of the first interface JP1 are communicated with the 3rd interface JP3, and promptly first network 1 is connected, and the pilot lamp D1 of first network 1 is bright.
System in the embodiment of the invention comprises:
The network selecting circuit
Form by first switch SW 1, first capacitor C 1, second and third resistance R 2, R3 and the first triode Q1.
Wherein, the SW1PIN3 pin of first switch SW 1 links to each other with the negative pole of the first light emitting diode D1, the SW1PIN8 pin ground connection of first switch SW 1, the SW1PIN1 pin of first switch SW 1 second resistance R 2 back of connecting links to each other with the ground level Q1PIN2 pin of first triode, and the collector Q1PIN3 of the first triode Q1 the 3rd resistance R 3 of connecting then links to each other with power supply VCC.The SW1PIN1 pin of the first switch SW 1 first capacitor C 1 back ground connection of connecting, the emitter Q1PIN1 pin ground connection of first triode.
Synchronous commutation circuit
Form by second and third triode Q2, Q3, third and fourth diode D3, D4 and first and second relay K 1, K2.
Wherein, second is in parallel with ground level Q2PIN2, the Q3PIN2 of the 3rd triode Q2, Q3, and the collector Q1PIN2 that is connected the first triode Q1 of network selecting circuit goes up and receives switching signal.The 3rd diode D3 is in parallel with the control input end of first relay K 1, promptly the K1PIN1 pin of the negative pole of the 3rd diode D3 and first relay K 1 links to each other with the emitter Q2PIN1 pin of the second triode Q2, and the K1PIN2 pin of the positive pole of the 3rd diode D3 and first relay K 1 is incorporated earth terminal into.In like manner, the 4th diode D4 is in parallel with the control input end of second relay K 2, promptly the K2PIN1 pin of the negative pole of the 4th diode D4 and second relay K 2 links to each other with the emitter Q3PIN1 pin of the 3rd triode Q3 with second light emitting diode D2 series connection back, and the K2PIN2 pin of the positive pole of the 4th diode D4 and second relay K 2 is incorporated earth terminal into.
Interface circuit
First, second and third interface head JP1, JP2, JP3 by the RJ45 interface type form.
Wherein, the JP1PIN1-JP1PIN8 of the first interface head JP1 links to each other with K2PIN5, K2PIN7, K2PIN11, the K2PIN13 of K1PIN5, K1PIN7, K1PIN11, K1PIN13 pin and second relay K 2 of first relay K 1 in the synchronous commutation circuit respectively;
The JP2PIN1-JP2PIN8 of the second interface head JP2 links to each other with K2PIN4, K2PIN8, K2PIN10, the K2PIN14 of K1PIN4, K1PIN8, K1PIN10, K1PIN14 pin and second relay K 2 of first relay K 1 in the synchronous commutation circuit respectively;
The JP3PIN1-JP3PIN8 of the 3rd interface head JP3 links to each other with K2PIN3, K2PIN6, K2PIN9, the K2PIN12 pin of K1PIN3, K1PIN6, K1PIN9, K1PIN12 pin and second relay K 2 of first relay K 1 respectively.
The network indicator light circuit
Form by first resistance R 1, first and second light emitting diode D1, D2.
Wherein, the SW1Pin3 pin of first switch SW 1 that first resistance R 1 and the first light emitting diode D1 of power supply VCC by the series connection in the network indicator light circuit is connected to the network selecting circuit, the SW1Pin8 pin of first switch SW 1 is held with being connected to.The SW1Pin1 pin of first switch SW 1 is connected to an end of first capacitor C 1, and the other end of first capacitor C 1 is held with being connected to.The SW1Pin1 pin of first switch SW 1 also is connected to the base stage Q1Pin2 of first triode by second resistance.
The system that Fig. 2 shows the preferred embodiments of the present invention uses connection diagram.
Be connected respectively to the first and second interface RJ45_IN1, the RJ45_IN2 of isolated device from two netting twines (twisted-pair feeder) of heterogeneous networks (network 1 and network 2), this equipment is by output RJ45_OUT interface, use twisted-pair feeder to be connected with network computer, also can omit output RJ45_OUT interface, directly draw twisted-pair feeder and be connected, be used to realize the data transmission of main frame and network with network computer from isolated device; Directly draw or link to each other from isolated device, to obtain the required electric energy of equipment by the USB interface that USB interface is drawn USB connecting line and network computer; For the easy to use of user drawn control line from this equipment, link control module, the user obtains to different positions and being connected of heterogeneous networks by stirring selector switch.
In the present embodiment, switching controls adopts toggle switch, considers user's use habit, and mode that can also be by increasing trigger at circuit changes toggle switch the mode of selector button into, and it is convenient that the user is used.
A kind of method that realizes that the computer network intranet and extranet are isolated of the present invention, realize through the following steps:
At first, the network that will select of selection;
Then, according to the described network that will select, drive synchronous switching device and connect the described network that will select.
Wherein, drive the described network that will select of synchronous switching device connection and comprise that driving can connect selectable network connects the network of described selection to the contact of the relay of computing machine signal wire; The network that selection will be selected comprises the drive unit of output selection signal to described relay.
Wherein, the network that described selection will be selected also comprises: the change-over switch state responds this state and switches, the output switch-over control signal; Described output selects signal to comprise the described switch-over control signal of response for the drive unit of described relay, and oxide-semiconductor control transistors switch driving circuit output drive signal is given described relay.
Though described the present invention by embodiment, those of ordinary skills know, the present invention has many distortion and variation and do not break away from spirit of the present invention, wish that appended claim comprises these distortion and variation and do not break away from spirit of the present invention.
Claims (10)
1. device of realizing that the computer network intranet and extranet are isolated is characterized in that described device comprises:
Network selection apparatus, being coupled to can selecteed at least two network, is used to select one of them;
Synchronous switching device is coupled to described network selection apparatus, is used to respond it and selects signal, the signal wire of the network of described selection is switched to the signal wire of the computing machine of online;
Interface arrangement, be used to connect described can selecteed at least two networks to synchronous switching device, connect the computing machine of described synchronous switching device to described online, be used to connect the signal wire of the computing machine of the signal wire of selecteed network and online.
2. device as claimed in claim 1 is characterized in that, also comprises: the network indicating device, be coupled to described network selection apparatus or described synchronous switching device, and be used to indicate the network of described selection.
3. device as claimed in claim 1 is characterized in that, described network selection apparatus comprises first switchgear, is used to select the network that will select; Filter is used for the interference of filtering from the signal of first switchgear; Chromacoder, the conversion of signals that is used for filtering is the signal that is applicable to that described synchronous switching device uses.
4. device as claimed in claim 3 is characterized in that, described first switchgear is a selector switch, its first end is connected to noble potential, second end is connected to ground, and the 3rd end is connected to described filter, to select sending noble potential or electronegative potential to described filter; Described filter comprises that the 3rd end that connects described first switchgear arrives first electric capacity on ground; Described chromacoder comprises first triode, its base stage is connected to the 3rd end of described first switchgear by second resistance, the emitter-base bandgap grading of described first triode and collector be connected respectively to and be connected to power supply or be connected respectively to power supply and be connected to ground by the 3rd resistance by the 3rd resistance, described collector coupled is to described synchronous switching device.
5. device as claimed in claim 1, it is characterized in that, described synchronous switching device, comprise that signal wire connects control device and signal line connecting, wherein, described signal wire connects control device and is coupled to described network selection apparatus, and the selection that is used to respond described network selection apparatus is controlled described signal line connecting and connected the signal wire of the signal wire of described selecteed network to described computing machine.
6. device as claimed in claim 5, it is characterized in that, it is transistor switching circuit that described signal wire connects control device, signal line connecting is the relay that comprises at least one contact, the output of described relay response transistor switching circuit, the signal that connects described selecteed network is to described computing machine.
7. device as claimed in claim 2 is characterized in that, described network indicating device comprises at least one pilot lamp, is used to indicate described selecteed network.
8. method that realizes that the computer network intranet and extranet are isolated is characterized in that described method comprises step:
The network that selection will connect;
According to the network that will connect of described selection, drive synchronous switching device and connect the described network that will select;
Wherein, the step of the described network that will select of described driving synchronous switching device connection comprises that the contact that drives relay connects the signal wire of the network that will connect of described selection; The step of the network that described selection will connect comprises the drive unit of output selection signal to described relay.
9. method as claimed in claim 8 is characterized in that, the step of the network that described selection will connect also comprises: the change-over switch state responds this state and switches, the output switch-over control signal; Described output selects signal to comprise the described switch-over control signal of response for the step of the drive unit of described relay, and oxide-semiconductor control transistors switch driving circuit output drive signal is given described relay.
10. method as claimed in claim 8 or 9 is characterized in that, also comprises step: the icon of clicking the above network that will connect of display screen, to start linker, the IP address of this machine of modification, the IP address of setting server logs on the described network that will connect.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031372120A CN100476786C (en) | 2003-05-26 | 2003-05-26 | Apparatus for realizing internal and external net separation of network computer |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNB031372120A CN100476786C (en) | 2003-05-26 | 2003-05-26 | Apparatus for realizing internal and external net separation of network computer |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN1553362A true CN1553362A (en) | 2004-12-08 |
| CN100476786C CN100476786C (en) | 2009-04-08 |
Family
ID=34323527
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNB031372120A Expired - Lifetime CN100476786C (en) | 2003-05-26 | 2003-05-26 | Apparatus for realizing internal and external net separation of network computer |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN100476786C (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100373867C (en) * | 2005-01-14 | 2008-03-05 | 北邮英科(北京)信息技术研究所有限公司 | Massive parallel processing apparatus and method for network isolation and information exchange module |
-
2003
- 2003-05-26 CN CNB031372120A patent/CN100476786C/en not_active Expired - Lifetime
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100373867C (en) * | 2005-01-14 | 2008-03-05 | 北邮英科(北京)信息技术研究所有限公司 | Massive parallel processing apparatus and method for network isolation and information exchange module |
Also Published As
| Publication number | Publication date |
|---|---|
| CN100476786C (en) | 2009-04-08 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN1606282A (en) | Home appliance network system and method for operating the same | |
| CN1179569A (en) | Input apparatus | |
| CN1244686A (en) | Apparatus and method for positioning in multiple caught image and function menu | |
| CN2874403Y (en) | Fireworks set-off controller | |
| CN2791777Y (en) | Control system of multi-media platform | |
| CN1324193A (en) | Method of using key-words to test and then to use functions for portable communication device | |
| CN2828928Y (en) | Computer switchover device and computer switchover system controlled by multi-task | |
| CN202364197U (en) | Button detection and LED control circuit | |
| CN1553362A (en) | Apparatus and method for realizing computer network internal and external net separation | |
| CN1320456C (en) | Automatic forming method for intelligent instrument interface | |
| CN1855856A (en) | Household electrical appliance network system | |
| CN1913608A (en) | TV set backlight brightness control system and method and TV set | |
| CN1220941C (en) | Method for realizing computer multi-functional starting up | |
| CN1180354C (en) | USB control circuit capable of switching path automatically | |
| CN1267883C (en) | Image signal generating device and method, program for executing the method and its recording medium | |
| CN102289307B (en) | Mouse button identification circuit, device and mouse | |
| CN1414780A (en) | Method of browsing and selection of television channel program | |
| CN1285992C (en) | Computer I/O port selector and selection method | |
| CN2789858Y (en) | Remote monitoring household appliance system | |
| CN1496166A (en) | USB communication equipment and method using mobile communication terminal earphone jack | |
| CN1825251A (en) | Multiple level converter of mobile communication terminal | |
| CN2874616Y (en) | Computer switcher | |
| CN2677999Y (en) | RS-232 communcation prot and communication switchover device of USB communication port | |
| CN1254939C (en) | Hand held two-way infrared remote control method and its device | |
| CN1475890A (en) | Network type switchover device of computer input/output device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CX01 | Expiry of patent term |
Granted publication date: 20090408 |
|
| CX01 | Expiry of patent term |