Summary of the invention
In order to solve the problem that exists in the available data exchange process; The invention provides a kind of method and device of safely exchange computer data; This method and device can connect complete physics with inner and outside network and cut off, and can carry out transfer of data and the exchange between the two effectively.
Another object of the present invention provides a kind of computer data switching method and device that can only exchange the safety of specific data; This method and apparatus can be provided with unique identity authorization system; Prevent inadvertent disclosure, make existing virus and the hacker can't the attacking network switching plane.
The present invention is achieved in that
A kind of method of safely exchange computer data; Computer system has embedded computer system and external network system; It is characterized in that between embedded computer system and external network system, being provided with can be with the data security switch of the complete physics partition of said two devices, and the exchanges data step is:
A log-on data secure exchange device,
B data security switch connects embedded computer system, and at this moment, the data security switch only is connected with embedded computer system,
C selectes the data that need exchange, and it is transferred to the data security switch,
The d interruption is connected with embedded computer system,
E connects the external network system,
F arrives the external network system with transfer of data,
G interrupt data secure exchange device is connected with the external network system.
The exchanges data of external network system during to embedded computer system, the steps include:
A data security switch connects the external network system, and (this moment, it was connected with the external network system),
B selectes the data that need exchange, and it is transferred to the data security switch,
The c interruption is connected with the external network system,
D data security switch connects embedded computer system
E arrives embedded computer system with transfer of data,
F interrupt data secure exchange device is connected with embedded computer system.
Described embedded computer system need be when outside network system swap data, earlier the legitimacy of the data that exchange to this device is carried out authentication, and this device restarted after authentication finished; Carry out exchanges data, after exchanges data was accomplished, the data security switch emptied its data of storing immediately; Retrieval has or not the data of external network system need exchange to embedded computer system then; If have, the data of required exchange are sent to the data security switch, and the data that exchange to this device are carried out the legitimacy authentication; Restart this device after the authentication, again transfer of data is arrived embedded computer system.
Operating system and application program that described control data secure exchange device starts and carry out exchanges data are solidificated in this device.
Describedly can carry out encryption to the transmission of data, the data security switch is only deciphered transmission to the data of carrying out correct encryption, and other is not encrypted or encrypt incorrect data deletion.
The legitimacy authentication information of above-mentioned transfer of data is stored in the particular memory region of data security switch, and each startup can only be discerned once.This information does not externally all have backup on any computer in network system and the embedded computer system, makes and has only just qualified swap data of authorized user.
A kind of device of safely exchange computer data; Computer system has embedded computer system and external network system, and it is characterized in that between embedded computer system and external network system, being provided with can be with the data security switch of the complete physics partition of said two devices.
Be provided with the hard card that solidifies its operating system and application program in the described data security switch.
Described when embedded computer system employing internal network server, when the external network system adopted external network server, the data security switch can adopt the secure exchange server; When embedded computer system adopted independent computer, the data security switch can be set to independently hard disk, and the hard card that solidifies its operating system and application program directly is plugged in the PC slot of computer.
Described this device also is provided with guarantees the accurately encrypting and decrypting module of transmission of data.
Described this device can also wooden horse be set and unknown virus stops module, and to carrying three kinds of data files of wooden horse or virus: the script file of the word file of executable file, portability macrovirus, browser capable of using or VB operation is provided with interception.
Leak the classified information in the embedded computer system unintentionally for preventing the user; This device can also be provided with keyword inspection module; The user can be provided with the keyword message that needs inspection as the case may be voluntarily, before the data of needs exchange are encrypted, automatically the data file is carried out keyword search; Can transmit according to setting refusal the file that includes keyword, retransfer after perhaps pointing out the user to examine.
Described this device also can be provided with the information audit module, through this module being set, data directory in the time of can writing down swap data, the transmission situation of understanding data file.
Core of the present invention is to utilize the transition instrument of an intermediate data secure exchange device as exchanges data; This device is a platform with single-threaded operating system; Utilize procotol to be connected with embedded computer system that NT or WINDOWS2000SERVER version are installed or external network system (the normally webserver); Then with these servers in the appointment Shared Folders set up network and hint obliquely at, at last the data of desire exchange are carried out swap operation.In exchange process; This intermediate data secure exchange device all the time only with embedded computer system, external network system in a maintenance be connected; Guarantee it whenever all is physically-isolated between embedded computer system and the external network system; And can carry out transfer of data and the exchange between the two effectively, the present invention is applicable to the exchanges data of any computer of embedded computer system or many computer realization and external network system.
This method and apparatus can be provided with unique identity authorization system, prevents inadvertent disclosure, makes existing virus and the hacker can't the attacking network switching plane.
Embodiment
As shown in Figure 1, inner computer system is to connect through interior network server, and the external network system connects through outer network server, and the secure exchange server that carries out exchanges data is set in the middle of the two.The secure exchange server is provided with the hard card that solidifies its operating system and application program, and promptly this secure exchange server mainly is integrated on the PC server by a PCI plug-in card (its structure is as shown in Figure 3) and forms, and it is used for accomplishing following work:
(1) when startup of server, can automatically perform boot on the card,
(2) this PCI plug-in card should provide the above memory space of 4M with deposit operation system and application program at least,
(3) can dos operating system be embedded in the card, and get into dos operating system as boot guidance system behind startup of server,
(4) provide flexible method to write and revise the application program on the card,
(5) the program memory space on the card can be arranged to readable writing or read-only mode with the hand switch mode as required,
(6) on the card special area is set, these regional data must can read through special calling, and can only read once after the system start-up, and this zone is used for depositing sensitive datas such as networking information, encrypted ones,
(7) this PCI plug-in card integrated network card function, and two RJ45 mouths are arranged, as shown in Figure 4, connect intranet and extranet respectively, get into the intranet and extranet signal physical isolation in the card, by software control network interface card and which bar network line communication.
Also be provided with encrypting and decrypting module, wooden horse and unknown virus on the secure exchange server and stop module, keyword inspection module, information audit module, to strengthen the strick precaution to virus and external hacker, accuracy, the security management of transmission information.
The secure exchange server is built-in to be solidificated in the dos operating system and all application programs on the hard card, and the hard disk on this server initially has no file in start, only is used for swap data.The data that exchanged can be accomplished exchange automatically through prior setting.
After the system hardware connection finishes; The switch that is provided with of secure exchange server is set; Connect its power supply; System can automatically get into be provided with the interface, content is set comprises: Intranet domain name and machine name, Intranet PWL file password, outer net domain name and machine name, external user name, outer net PWL file password, interior network server send data directory, interior network server and receive data directory, Intranet and send Data Filename characteristic, file encryption password, outer network server and send data directory, outer network server and receive data directory, outer net and send Data Filename characteristic, outer net and mail to intranet data and whether encrypt, receive intranet data running time, receive the outer net data run time.
After above-mentioned parameter had been set, the system of secure exchange server was retained in the specific zone after this partial information is encrypted, and this zone is read-write being provided with under the state, but under swap status, can only read and can not write; After accomplishing the reservation of above-mentioned information, just can carry out data exchange operation.
The software section of switching system mainly is made up of three parts such as authenticating user identification, exchange files and information audits, and it is designed to basically:
(1) file that will carry out exchange files is called authentication module earlier and with the password that has only authorized user just to know it is encrypted, the document storage after the encryption sends catalogue in the appointment of server.
(2) swap server regularly is communicated with inside and outside two servers respectively, after the connection, with the Data Receiving catalogue of the file copy in the hard disk in the interior or outer server, deletes the All Files in the hard disk earlier.
(3) All Files that sends in the data directory in the interior or outer server is copied to swap server.
(4) break off network and connect, with the file decryption in the hard disk, deletion is with the file of wrong password encryption.
(5) restart swap server, be connected, repeat above work with the another one webserver.
Below we introduce the implementation method of these three parts respectively:
(1) authentication part:
We are through encrypting with the password of user's input file; The password of setting with the keeper is then encrypted; Judge then the method whether two files conform to judges whether a file is legal swap file, selecting for use and we have considered following problem during the design document AES:
The intensity of encrypting is high, is difficult for being cracked by hacker and trojan horse program.
Enciphering rate is fast.
The file encryption password is not present in any station server and client to file encryption, is not present in encrypt file itself yet, but encrypt file is when arriving intermediate server, and the deciphering module of intermediate server should be able to judge whether this encrypted ones is correct.
For the purpose of safety; At the Intranet end to the encryption of file and slightly different to its processing procedure of file encryption from the outer net end: during in Intranet; The file that the user will exchange away at first should guarantee to carry classified information; In order to prevent that the user from divulging a secret unintentionally, before to file encryption, system can at first call content inspection module this document is carried out the keyword inspection.And when the outer net end, what at first should consider is to exchange into whether the file of Intranet contains virus, and therefore, system can call virus checker this document is carried out virus checking before exchange.
(2) exchange files part:
This part operates on the swap server, mainly accomplishes the work of following aspect:
The hardware of control swap server is connected with the network of appointment.
Read control information from the specific region.
User with appointment signs in to corresponding server.
With the specified server swap data.
Break off network, with the deciphering of the data file in the hard disk, deletion is with the file of wrong password encryption.
Restart server.
Below we introduce the above realization situation of introducing each several part respectively.
A. be connected with various network and be to realize through the pci card that the front is introduced; This card can be provided with network connection state through an interrupt call; But only after machine restarted, this was provided with just and can comes into force, and guaranteed that like this one-shot of server can only connect a network.
B. at swap server with after interior or outer network server is connected, swap server signs in to interior or outer network server with the user of appointment with the NETBUI agreement.
C. be used for respectively setting up two share directories on the interior or outer network server of swap data, be used separately as and send data and receive data.At swap server with after this server is connected; Swap server at first (is initially sky with all data in its hard disk; All be from the transmission catalogue of another one server, to duplicate to obtain later on) copy in the reception data directory; All Files in the deletion hard disk duplicates All Files in the hard disk of swap server then, and in internal memory, sets up the table of file name of these files from send data directory.
D. because native system adopts is the operating system and the application program of solidifying; Therefore unique function of hard disk is used for depositing swap file exactly on the intermediate server; That is to say on the hard disk that except depositing the data file that will exchange, other any file all is illegal data.Utilize this characteristics, in the exchange files process, we can carry out validity checking to the All Files in the hard disk, guarantee to have only the file that will exchange to be exchanged out.After All Files in sending catalogue copies to hard disk, break off network from hardware, this moment, specially designed hardware not permission system reconnected any one network before restarting, and at this moment, intermediate server becomes the stand-alone environment of a sealing.We just can adopt the method for a kind of being similar to " killing of dog behind closed doors " to check whether there is invalid data in the hard disk afterwards.At first All Files in the hard disk and the table of file name that before had been based upon in the internal memory are compared, all not files in table of file name are not the files of being come by system copies, and we assert that it is an invalid data, with its deletion.Then the All Files in the hard disk is carried out decryption processing; Have only the file of correct encryption finally to be retained on the hard disk; Whether final system also can be checked the script file of the word file of executable file, portability macrovirus, IE browser capable of using or VB operation according to keeper's setting decision, to prevent that trojan horse program from being exchanged.
E. set the network state that next time starts, restart computer, repeat with cocycle.
Whether (3) information audit part: audit software operates in the server end that is used for sending and receiving data, is used to write down all and carries out the operation of file read-write to sending data directory, write down this document simultaneously and successfully exchanged by document exchange system.In addition, this system also generates a cryptographic operation log sheet based on the information of swap server passback, and whether make things convenient for the client user to inquire about its file transfer operation successful.This software may operate under NT and the WINDOWS 2000 SERVER end.
As shown in Figure 2, the detailed process of exchanges data is following:
1. the secure exchange server system is connected it with interior network server, isolates with outer network server simultaneously;
2. get into DOS after the said system self check finishes, automatically perform the systems exchange program;
3. at first reading system is provided with information from the specific region; Read should the zone after finishing before system restart, all be not read-write together with system; System all reads this area information earlier behind so each startup of server, has guaranteed the safety of the information that is provided with effectively;
4. the secure exchange server system uses the user name that is provided with in the information to be connected to the specified domain of interior network server;
5. on the hard disk of said system inspection secure exchange server free of data is arranged, its appointment that copies to interior network server is received catalogue, delete all data on the hard disk then,, carry out next step operation if do not have if having;
6. said system specifies all data that transmit in the data directory to copy in the hard disk of secure exchange server interior network server, and transmission is preceding with all data encryptions;
7. disconnection is connected with the network of Intranet, after this before restarting, does not allow the secure exchange server to be connected with any end of Intranet, outer net;
8. the data on the inspection secure exchange server hard disc confirm that all data on the hard disk are that switching system reads from the appointed area, and to not being the data that above-mentioned channel exchange comes, system thinks illegal, will automatically it be deleted from hard disk;
9. the data on the above-mentioned hard disk are deciphered; Character string (normally 8 bytes) and the length information (4 bytes) of file and preceding 8 bytes of file with the fixed password encryption; And the Crypted password of appointment is set in the information deciphers; System uses preceding 8 bytes of fixed password declassified document earlier; Judge that then whether with before encrypting file size meets; If do not meet, then generation error daily record, and deletion this document; The designated pin that from information is set, obtains of system is deciphered file then; With 8 byte datas obtaining after the deciphering with by 8 byte datas that obtain after the fixed password deciphering relatively, if identical, then think correct encrypt file; Otherwise deletion this document, and generation error daily record;
10. the data after the deciphering are carried out the file structure inspection; Confirm whether it is the word file of executable file, portability macrovirus, the script file that can utilize IE browser or VB to allow; And, confirm whether to delete above this part type file based on prior setting;
Link to each other 11. the network of secure exchange server connected to be made as with outer network server, make after the secure exchange server restarts to link to each other with outer network server automatically;
12. check system is waited for as if then continuing less than the time that appointment in the information is set from starting to present total permission time, otherwise restarting systems;
13. the secure exchange server links to each other with outer network server, and isolates with Intranet;
The back gets into DOS 14. the said system self check finishes, and automatically performs the systems exchange program;
15. reading system is provided with information from the specific region;
16. the secure exchange server system uses the user name that is provided with in the information to be connected to the specified domain of outer network server;
17. data on the hard disk of said system inspection secure exchange server, and, delete all data on the hard disk then with its appointment reception data directory that copies to outer network server;
18. if, behind the last EOS data that will exchange in the outer net are copied to the hard disk of secure exchange server, and delete the original data on the hard disk automatically there are data need exchange to Intranet on the outer network server;
19. the secure exchange server restarts again then, and transfer of data is arrived Intranet.