CN201403104Y - Network fixation safety isolation and data exchange system - Google Patents

Network fixation safety isolation and data exchange system Download PDF

Info

Publication number
CN201403104Y
CN201403104Y CN2009201376562U CN200920137656U CN201403104Y CN 201403104 Y CN201403104 Y CN 201403104Y CN 2009201376562 U CN2009201376562 U CN 2009201376562U CN 200920137656 U CN200920137656 U CN 200920137656U CN 201403104 Y CN201403104 Y CN 201403104Y
Authority
CN
China
Prior art keywords
data
net
port
hardware
outside
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related
Application number
CN2009201376562U
Other languages
Chinese (zh)
Inventor
陈京鹭
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
XIAMEN BEST INFORMATION TECHNOLOGY CO LTD
Original Assignee
XIAMEN BEST INFORMATION TECHNOLOGY CO LTD
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by XIAMEN BEST INFORMATION TECHNOLOGY CO LTD filed Critical XIAMEN BEST INFORMATION TECHNOLOGY CO LTD
Priority to CN2009201376562U priority Critical patent/CN201403104Y/en
Application granted granted Critical
Publication of CN201403104Y publication Critical patent/CN201403104Y/en
Anticipated expiration legal-status Critical
Expired - Fee Related legal-status Critical Current

Links

Images

Abstract

The utility model discloses a network fixation safety isolation and data exchange system, wherein an inner/outer net double-machine banked port and an inner/outer net standby port are connected with aprocessor, the processor is further connected with a COM port, an inner/outer management port, a hardware isolating card and a data memory, the data memory is connected with the hardware isolating card, an IDE port is arranged between the data memory and the hardware isolating card, the hardware isolating card is further connected with an inner/outer network port, an ATX interface is arranged between the processor and a power supply, an internal memory slot is arranged between the processor and an internal memory, and a PCI slot is arranged between the processor and the hardware isolating card. The network fixation safety isolation and data exchange system realizes cushioning area internal memory mapping function of an inner and outer net host machine module through an exclusive hardwareisolating exchange card, and data of assigned areas are copied to corresponding areas, thereby finishing the exchange of data. A safety chip is embedded in the hardware isolating exchange card, whichcan fully satisfy the requirements of high-speed data exchange. The network fixation safety isolation and data exchange system can guarantee that no data packs are exchanged between a credible net and an incredible net, and no network connection is built.

Description

Net Guan County is complete to be isolated and data exchange system
Technical field
The utility model relates to a kind of LAN information safety field, particularly a kind of internetwork data isolation and security exchange system at different level of securitys.
Background technology
Along with information technology in fields such as army, military enterprise, government, enterprises more and more widely, deep application, the electronic information technology of developing by leaps and bounds is when bringing the repayment of high efficiency service management revolution and great number business performance to every profession and trade, various violation crimes by means of computer information system are also risen year by year, take precautions against scientific and technological risk and computer crime and are faced with severe challenge.Inside threat is meant the validated user of system or the administrative staff of system because misoperation or deliberately in violation of rules and regulations, utilize behaviors such as system defect, rogue attacks, cause the system failure, service error, data tampering and leakage, assets impaired.Traditional safety product can satisfy the needs of our protected data and network security in a different manner, but can not solve the secure exchange problem of information between network fully, because various safe practice all has its limitation.For protecting the safety of important built-in system; in January, 2000; " computer information system Internet security management regulation " implemented in National Administration for the Protection of State Secrets's issue; explicitly call for: " computer information system that relates to state secret; must not link to each other with Internet or other public information networks directly or indirectly must be carried out physical isolation." 2002 No. 17 file of General Office of the CPC Central Committee " national IT application leading group is about China's e-government development instruction " also clearly emphasize: " physical isolation between government affairs Intranet and the government affairs outer net, logic isolation between government affairs outer net and the Internet.”
Increasing government and enterprise be in order to strengthen self external service quality and inner operating efficiency, and the quickening of E-Government and IT application in enterprises process all impels them to set up external Internet to be connected etc. in addition.But losing of the sensitive data that when offering convenience, also causes the visit of assault, unauthorized user and cause.In old way is information such as these E-Government to be placed on be connected to an independent network on the independent server, and this network is directly not to be connected with the network of outside.
In the process of office automation, the exchange of file is a very common but very important process, and because the certain situation that the occurs process at swap file that makes returns back to manual intervention, promptly regularly wanting data updated to pass through third party's storage media replication in objective network.But the data of a magnanimity have been reached along with the exchanges data between the different network of the expansion of IT application in enterprises scale, can not satisfy the requirement of work by manual intervention, and artificial intervention causes error easily, and inefficiency in the process of swap data and hysteresis, cause the pause of work to lose even thus.So this mode more and more can not satisfy user's requirement.
The utility model content
At the deficiencies in the prior art part, the utility model provides full isolation in a kind of net Guan County and data exchange system, and the exchange that it can guarantee not have between trusted networks and the untrusted net packet does not have the network establishment of connection.
For achieving the above object, technical solutions of the utility model are:
Net Guan County is complete to be isolated and data exchange system, and it is by an inside/outside net two-node cluster hot backup mouth and an inside/outside net standby port connection processing device, and processor also is connected with a com port, inside/outside management mouth, a hardware isolated card and a data storage.Described data storage connection hardware isolation card, and it is provided with the IDE mouth between the two.Described hardware isolated card also is connected with an inside/outside port; The ATX interface is set between described processor and the power supply; Be provided with memory bank between processor and the internal memory; Be provided with the PCI slot between processor and the hardware isolated card.Described processor is responsible for response and is handled all request instructions; Com port internally/the outer net mainboard is configured; The inside/outside port connects inside and outside network.Inside/outside net management mouthful internally, outer net manages and dispose; Inside/outside net two-node cluster hot backup mouth is a product two-node cluster hot backup function mouth; Inside/outside net standby port is as inside and outside net standby port; The PCI slot is an outer net hardware isolated card slot; The IDE mouth is used to connect data storage; The ATX interface is used to connect power supply; Memory bank is a core buffer.
The usefulness of technique scheme is:
The utility model is realized the buffering area memory-mapped function of intranet and extranet host module by proprietary hardware isolated switching card, and the data of appointed area are copied to corresponding zone, finishes the exchange of data.The embedded safety chip of hardware isolated switching card can satisfy the needs that high-speed data exchanges fully.
Product solidifies control logic on hardware, with the read-write operation that only has core buffer in the middle of the intranet and extranet exchanges data, without any the forwarding of procotol and packet.Isolate switching subsystem and adopt mutual exclusion mechanism, before the data of read-write one end host module, end operation earlier to the other end, guarantee to isolate switching system can be not simultaneously internally the data of outer net host module handle, to guarantee there is not mode link layer access between trusted networks and untrusted net at any time, realize that the safety of network is isolated.
Description of drawings
Fig. 1 is the utility model fundamental diagram.
Embodiment
The utility model now is described in conjunction with the accompanying drawings and embodiments.
Net Guan County as shown in Figure 1 is complete to be isolated and data exchange system, it is by an inside/outside net two-node cluster hot backup mouth 5 and an inside/outside net standby port 6 connection processing devices 1, and processor 1 also is connected with a com port 2, inside/outside management mouthful 4, one hardware isolated card and a data storage; Described data storage connection hardware isolation card, and it is provided with IDE mouth 8 between the two; Described hardware isolated card also is connected with an inside/outside port 3; Between described processor 1 and the power supply ATX interface 9 is set; Be provided with memory bank 10 between processor 1 and the internal memory; Be provided with PCI slot 7 between processor 1 and the hardware isolated card.
Described inside/outside host plate adopts industrial control mainboard, and good stable and reliability are arranged, and mainboard is made up of arithmetic unit, controller, memory, input equipment, output equipment and embedding worker chip.Processor 1 is the most crucial part of mainboard, mainly is made up of arithmetic unit and controller, is responsible for response and handles all request instructions.Other equipment all carry out work round processor on the mainboard.
Com port 2, internally main/outer net mainboard is configured, and mainboard has carried out default configuration when initialization, need in some cases the BIOS of mainboard is provided with to meet customer requirements.
Inside/outside port 3, from the hardware systems figure of product as can be seen product respectively by: the inside/outside net hardware isolated card on inside/outside host plate and the mainboard is formed.Inside/outside port 3 is to connect same network, connects in exchanges data being responsible for simultaneously.
Inside/outside net management mouth 4, the main system that is responsible for disposing on the inside/outside net hard disk that is connected with ide interface 8 on the management inside/outside host plate.Comprise the configuration of data isolation and secure exchange and system running environment etc.
Inside/outside net two-node cluster hot backup port 5 is as product two-node cluster hot backup functional interface.So-called hot-backup function refers to for any delay fault of machine or service disruption of system that causes, and all can trigger software flow and carry out wrong judgement, Fault Isolation and earthing in-line recovery and continue to carry out interrupted service.In this process, the user only need stand to a certain degree acceptable time delay, and the service of can in the shortest time, recovering.
Inside/outside net standby port 6 is as the product standby port.
PCI slot 7 connects other hardware devices, is used for connection hardware in this product and isolates switching card.The main function of carrying out data isolation and secure exchange.
Ide interface 8, it connects data storage, the formative data of process on the hardware isolated card that is used to preserve the operating system of product and pass through 7 connections of PCI slot.Deposit data in data storage through the legitimate request after processor 1 checking.Simultaneity factor is when starting, and memory bank 10 also can read some data cached being kept at when internal memory supplies operating system and call from ide interface 8.In data exchange process, have only through the legitimate request of processor 1 checking and could from ide interface 8, obtain formatted data, send data through PCI slot 8 format backs, the other side just can obtain data, finishes data exchange process one time.The data two ends that exchange in the middle of this process can not be read by any means without any passage, have only through the hardware isolated card and just can carry out secure exchange.
ATX interface 9 provides main board power supply to connect.
Memory bank 10, saved system some data when starting carry out carrying out in the exchange process effect of a terminal as buffering area in data simultaneously.
In actual product, data isolation and secure exchange are to finish by isolation card, and wherein inside and outside host's plate respectively is installed in the hardware isolated card.Processor 1 sends the hardware isolated card that data exchange request connects to outer IDE mouth 8 outside on the outer net mainboard.This moment, the Intranet mainboard at first received request by the hardware isolated switching card that interior IDE mouth 8 connects, outer net carries out further application layer security inspection in the request of the sending exchanges data data format of the enterprising line data of hardware isolated card that connects of the outer IDE mouth 8 on host's plate outside simultaneously according to the security strategy of local terminal.Through being up to the standards, then carry out reverse transformation, formatted data is converted to the TCP/IP packet that meets the RFC standard.The PCI slot 7 of Intranet motherboard hardware isolation card receives through after the formative data and sends request to inner treater 1, inner treater 1 inwardly receives behind the request instruction IDE mouth 8 and connects the operating system of moving on the hard disks and verify that interior IDE mouth 8 sends the checking result to inner treater 1.Inner treater 1 is for further processing according to the checking result, when checking by the time formatted data that interior PCI slot 7 is received be saved in the internal memory of memory bank 10 connections.The final hard disk that again deposit data in interior memory bank 10 core buffers is connected to interior IDE mouth 8.Data are through formaing in this data exchange process, and directly reading of data has only through isolation card coding back data and could discern, and data are deposited into interior memory bank 10 core buffers temporarily simultaneously.The read-write operation of memory bank 10 core buffers in the intranet and extranet intermodule only exists is without any the forwarding of procotol and packet.The hardware isolated switching subsystem adopts mutual exclusion mechanism, before the data of read-write one end host module, end operation earlier to the other end, guarantee to isolate switching system can be not simultaneously internally the data of outer net host module handle, to guarantee there is not mode link layer access between trusted networks and untrusted net at any time, realize that the safety of network is isolated.

Claims (1)

1, net Guan County is complete isolates and data exchange system, be characterised in that: it is by an inside/outside net two-node cluster hot backup mouth and inside/outside net standby port (a 6) connection processing device (1), and processor also is connected with a com port (2), inside/outside management mouthful (4), a hardware isolated card and a data storage; Described data storage connection hardware isolation card, and it is provided with IDE mouth (8) between the two; Described hardware isolated card also is connected with an inside/outside port (3); ATX interface (9) is set between described processor and the power supply; Be provided with memory bank (10) between processor and the internal memory; Be provided with PCI slot (7) between processor (1) and the hardware isolated card; Described
Processor (1): be responsible for response and handle all request instructions;
Com port (2): internal/outer net mainboard is configured;
Inside/outside port (3):, connect inside and outside network;
Inside/outside net management mouthful (4), internally, outer net manages and dispose;
Inside/outside net two-node cluster hot backup mouth (5): be product two-node cluster hot backup function mouth;
Inside/outside net standby port (6): as inside and outside net standby port;
PCI slot (7): be outer net hardware isolated card slot;
IDE mouth (8): be used to connect data storage;
ATX interface (9): be used to connect power supply;
Memory bank (10): be core buffer, preserve all buffered datas.
CN2009201376562U 2009-04-16 2009-04-16 Network fixation safety isolation and data exchange system Expired - Fee Related CN201403104Y (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN2009201376562U CN201403104Y (en) 2009-04-16 2009-04-16 Network fixation safety isolation and data exchange system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN2009201376562U CN201403104Y (en) 2009-04-16 2009-04-16 Network fixation safety isolation and data exchange system

Publications (1)

Publication Number Publication Date
CN201403104Y true CN201403104Y (en) 2010-02-10

Family

ID=41662903

Family Applications (1)

Application Number Title Priority Date Filing Date
CN2009201376562U Expired - Fee Related CN201403104Y (en) 2009-04-16 2009-04-16 Network fixation safety isolation and data exchange system

Country Status (1)

Country Link
CN (1) CN201403104Y (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101986638A (en) * 2010-09-16 2011-03-16 珠海市鸿瑞软件技术有限公司 Gigabit one-way network isolation device
CN104679558A (en) * 2015-02-09 2015-06-03 西安酷派软件科技有限公司 Switching method used among multiple systems and terminal

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101986638A (en) * 2010-09-16 2011-03-16 珠海市鸿瑞软件技术有限公司 Gigabit one-way network isolation device
CN104679558A (en) * 2015-02-09 2015-06-03 西安酷派软件科技有限公司 Switching method used among multiple systems and terminal

Similar Documents

Publication Publication Date Title
CN102844762B (en) Secure environment management during switches between different modes of multicore systems
CN107113084A (en) The processing of head parity error
CN106127043A (en) Method and apparatus data storage device being carried out security sweep from remote server
CN106022080A (en) Cipher card based on PCIe (peripheral component interface express) interface and data encryption method of cipher card
CN106557145A (en) Circuit breaking protective system and its method
CN105099711A (en) ZYNQ-based small-sized cipher machine and data encryption method
CN106970823A (en) Efficient secure virtual machine guard method and system based on nested virtualization
CN106022169A (en) Encryption protection method based on ZYNQ small-size cipher machine and device for realizing method
CN103237059B (en) Traffic information data and command interaction method
CN204089849U (en) A kind of network isolating device based on industrial control protocols
CN107544655A (en) Computer system protection method after UPS power-off
CN201403104Y (en) Network fixation safety isolation and data exchange system
CN106326757A (en) Data encryption device of storage system
CN102024115A (en) Computer with user security subsystem
CN202979014U (en) Network isolation device
CN101699456A (en) Computer security system and method thereof
US7873804B2 (en) Apparatus for facilitating disaster recovery
CN201936307U (en) Special physical isolation device for electric power system
CN107613026A (en) Distributed file management system based on cloud storage system
CN1659496B (en) Method and apparatus for communicating securely with a token
CN112419060B (en) Asset hosting system, asset management method, node and medium
CN201403103Y (en) Network fixation safety management system
CN201845340U (en) Safety computer provided with user safety subsystem
Ke et al. Towards evolving security requirements of industrial internet: a layered security architecture solution based on data transfer techniques
CN2582282Y (en) Physical isolation equipment for network safety

Legal Events

Date Code Title Description
C14 Grant of patent or utility model
GR01 Patent grant
C17 Cessation of patent right
CF01 Termination of patent right due to non-payment of annual fee

Granted publication date: 20100210

Termination date: 20120416