CN2588677Y - Safety isolation network gate - Google Patents
Safety isolation network gate Download PDFInfo
- Publication number
- CN2588677Y CN2588677Y CN 02290850 CN02290850U CN2588677Y CN 2588677 Y CN2588677 Y CN 2588677Y CN 02290850 CN02290850 CN 02290850 CN 02290850 U CN02290850 U CN 02290850U CN 2588677 Y CN2588677 Y CN 2588677Y
- Authority
- CN
- China
- Prior art keywords
- circuit
- module
- computer system
- card
- information
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The utility model relates to a safe isolating network brake for protecting network and information safety. On the basis of disconnecting link layer, information interchange is conducted between two networks. The network brake is composed of an inner network computer system, an outer network computer system and an isolating hardware card, wherein, the isolating hardware card is connected between two computer systems by a data transmission line; the inner network computer system is provided with a plurality of application modules, system management and safety management modules and artificial audit management modules. Work such as artificial information validation, secret examination, etc. can ensure the accuracy and the reliability of information transmission. On the basis of the hardware operating identity certification, access control, content review, virus check kill, security audit, intrusion detection, hardware isolation and data transmission drive software for link layer isolating table on the computer systems, the sensitive information and the harmful information obtain effective control. The utility model is suitable for industries and departments, which require high security, such as government agencies, polices, securities, armies, etc.
Description
Technical field
The utility model relates to a kind of network information security device, is specifically related to the safe isolation gap of a kind of protecting network and information security.
Background technology
Existing network security technology mainly is to adopt fire compartment wall and Intrusion Detection Technique to guarantee the safety of network.With immediate another safe practice of the utility model, it is physical isolation (Air Gap) technology, this physical isolation technology is mainly by " time-division " hardware (mainly comprising CPU, internal memory and mainboard etc.) that uses a computer, and different systems, software and the data of using the specialized hardware technology insulation on different networks, to use, do not allow to mix or exchange.Target is the physical isolation that realizes between the network, and emphasis guarantees that inner trust network does not suffer the attack of outside non-trust network.Do like this, use two computers in essence different not that are connected on the different networks, do not reduce cost with each user.The main weak point that this isolation technology exists is that each user needs to set the isolation hardware card, approaches each user and uses two computers just can reach the purpose that safety is isolated simultaneously, and the function of the information exchange of safety appropriateness between network can not be provided.
The utility model content
The technical problems to be solved in the utility model is, a kind of safe isolation gap is provided, this safe isolation gap, use the method for " the empty branch " with isolating hardware, be connected between the separate network, make not have direct data link between two networks, and can carry out the exchange of internetwork information and data, its range of application is much wide than the physical isolation technology.
The utility model provides following technical scheme: a kind of safe isolation gap, by inner net computer system and outer net computer system and isolate hardware card and form, isolating hardware card is connected between two computer systems by data line, two computer systems are provided with multiple Secure Application Module, and Secure Application Module is by the difference connected system management of local and remote administration module and safety management module and artificial audit management module.
Described isolation hardware card can be made up of the isolation card circuit pci card circuit identical with user interface section circuit and two.
Described pci card circuit can be made up of pci interface chip and FPGA hardware programming device, and pci interface chip is connected with address wire and control line by data wire with FPGA hardware programming device; The user interface section circuit is made up of display interface circuit and input interface circuit and power switch circuit; The isolation card circuit is made up of CPLD controller, two groups of buffers and four groups of analog switching circuits; The CPLD controller connects four groups of analog switching circuits, FPGA hardware programming device, display interface circuit and input interface circuit simultaneously by control line; Two groups of FPGA hardware programming devices connect first and second group analog switching circuit by data wire respectively, and first and second group analog switching circuit connects first buffer and second buffer respectively simultaneously by data wire again; First buffer also is connected third and fourth group analog switching circuit respectively by control line simultaneously with second buffer, third and fourth group analog switching circuit connects first, second pci interface chip respectively by address wire again, connects first, second FPGA hardware programming device by control line.
Described inner net computer system can be connected internal network and external network respectively by Ethernet interface with the outer net computer system.
Described Secure Application Module can or be browsed Switching Module or their combination for database Switching Module, exchange files module, mail Switching Module.
Because isolation gap of the present utility model is installed between two computer networks, can realize the partition of hardware to link layer, the setting of safety management module and artificial audit management module, can make each application module on two computer systems, move authentication, access control, Content inspection, checking and killing virus, security audit, intrusion detection and hardware isolated and transfer of data drive software, realization is to the authentication of user and information, control, check, audit, can carry out safety between two information networks that safe isolation gap is connected, the information exchange of appropriateness can be controlled effectively to sensitive information and the harmful information that another network sends from a network.The setting of its artificial audit management module, can carry out work such as artificial validation of information, censorship, accuracy and reliability that information is transmitted have fully been guaranteed, this information exchange system between the network that carries out on the basis of disconnecting link layer, can be widely used in fields such as database exchange, exchange files, mail virus filtration, information browse, be suitable for all in industry and departments very high such as government organs, public security, security, armies to security requirement.
Description of drawings
Fig. 1 is a theory diagram of the present utility model.
Fig. 2 is a specific embodiments schematic diagram of the present utility model.
Fig. 3 isolates the theory diagram of hardware card for the utility model.
Embodiment
As shown in Figure 1, a kind of safe isolation gap, by inner net computer system and outer net computer system and isolate hardware card and form, isolating hardware card is connected between two computer systems by data line, two computer systems are provided with multiple Secure Application Module, and Secure Application Module is by the difference connected system management of local and remote administration module and safety management module and artificial audit management module.
As shown in Figure 2, described isolation hardware card is made up of the isolation card circuit pci card circuit identical with user interface section circuit and two.
As shown in Figure 2, the pci card circuit is made up of pci interface chip and FPGA hardware programming device, and pci interface chip is connected with address wire and control line by data wire with FPGA hardware programming device; The user interface section circuit is made up of display interface circuit and input interface circuit and power switch circuit; The isolation card circuit is made up of CPLD controller, two groups of buffers and four groups of analog switching circuits; The CPLD controller connects four groups of analog switching circuits, FPGA hardware programming device, display interface circuit and input interface circuit simultaneously by control line; Two groups of FPGA hardware programming devices connect first and second group analog switching circuit by data wire respectively, and first and second group analog switching circuit connects first buffer and second buffer respectively simultaneously by data wire again; First buffer also is connected third and fourth group analog switching circuit respectively by control line simultaneously with second buffer, third and fourth group analog switching circuit connects first, second pci interface chip respectively by address wire again, connects first, second FPGA hardware programming device by control line.Isolate hardware card and connect two computer systems by two pci card circuit respectively.
As shown in Figure 3, the inner net computer system is connected internal network and external network with the outer net computer system respectively by Ethernet interface.
As shown in Figure 1, Secure Application Module can or be browsed Switching Module or their combination for database Switching Module, exchange files module, mail Switching Module, also can select or dispose other Secure Application Module according to user's demand.
Its artificial audit management module has artificial audit function, under artificial audit form, can audit by artificial selection information, harmfulness and secret to exchange message authenticate fully, accuracy and reliability that guarantee information is transmitted, user interface section is provided with console switch, the multiple transmission means of selective data, the i.e. one-way transmission of two kinds of directions, transmitted in both directions and stop transmission etc., its use can be selected the pattern of data information exchange according to user's needs.
Claims (8)
1. safe isolation gap, it is characterized in that: this safe isolation gap, by inner net computer system and outer net computer system and isolate hardware card and form, isolating hardware card is connected between two computer systems by data line, computer system is provided with multiple Secure Application Module, and Secure Application Module is by the difference connected system management of local and remote administration module and safety management module and artificial audit management module.
2. safe isolation gap according to claim 1 is characterized in that: described isolation hardware card is made up of the isolation card circuit pci card circuit identical with user interface section circuit and two.
3. safe isolation gap according to claim 2 is characterized in that: described pci card circuit is made up of pci interface chip and FPGA hardware programming device, and pci interface chip is connected with address wire and control line by data wire with FPGA hardware programming device; The user interface section circuit is made up of display interface circuit and input interface circuit and power switch circuit; The isolation card circuit is made up of CPLD controller, two groups of buffers and four groups of analog switching circuits; The CPLD controller connects four groups of analog switching circuits, FPGA hardware programming device, display interface circuit and input interface circuit simultaneously by control line; Two groups of FPGA hardware programming devices connect first and second group analog switching circuit by data wire respectively, and first and second group analog switching circuit connects first buffer and second buffer respectively simultaneously by data wire again; First buffer also is connected third and fourth group simulation respectively by control line simultaneously with second buffer
Switching circuit, third and fourth group analog switching circuit connects first, second pci interface chip respectively by address wire again, connects first, second FPGA hardware programming device by control line.
4. according to claim 1,2 or 3 described safe isolation gaps, it is characterized in that: described inner net computer system is connected internal network and external network with the outer net computer system respectively by Ethernet interface.
5. safe isolation gap according to claim 4 is characterized in that: described Secure Application Module is the database Switching Module.
6. safe isolation gap according to claim 5 is characterized in that: described Secure Application Module is the exchange files module.
7. safe isolation gap according to claim 6 is characterized in that: described Secure Application Module is the mail Switching Module.
8. safe isolation gap according to claim 7 is characterized in that: described Secure Application Module is for browsing Switching Module.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02290850 CN2588677Y (en) | 2002-12-10 | 2002-12-10 | Safety isolation network gate |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 02290850 CN2588677Y (en) | 2002-12-10 | 2002-12-10 | Safety isolation network gate |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN2588677Y true CN2588677Y (en) | 2003-11-26 |
Family
ID=33749900
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 02290850 Expired - Fee Related CN2588677Y (en) | 2002-12-10 | 2002-12-10 | Safety isolation network gate |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN2588677Y (en) |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100367703C (en) * | 2004-03-10 | 2008-02-06 | 浙江大学 | Data exchange method and device between double-channel asymmetric isolation networks |
| CN100373867C (en) * | 2005-01-14 | 2008-03-05 | 北邮英科(北京)信息技术研究所有限公司 | Massive parallel processing apparatus and method for network isolation and information exchange module |
| CN102610022A (en) * | 2012-02-09 | 2012-07-25 | 浪潮齐鲁软件产业有限公司 | Method for verifying authenticity of invoice invoiced from network |
| CN102916960A (en) * | 2012-10-18 | 2013-02-06 | 中国电力科学研究院 | Strategy synchronization method and system applied to physical isolation gap |
| CN105676676A (en) * | 2015-12-03 | 2016-06-15 | 广西理工职业技术学院 | Physical isolation gap management system controller |
| CN106341397A (en) * | 2016-08-25 | 2017-01-18 | 柏盟(北京)科技发展有限公司 | Industrial safety isolation GAP |
| CN106657051A (en) * | 2016-12-16 | 2017-05-10 | 湖南大唐先科技有限公司 | FPGA (Field Programmable Gate Array) based data isolation physical card |
| CN107968787A (en) * | 2017-12-07 | 2018-04-27 | 徐珊 | A kind of rete mirabile signaling alarm systems of man-computer cooperation |
| CN109660565A (en) * | 2019-02-18 | 2019-04-19 | 安徽励图信息科技股份有限公司 | A kind of isolation gap equipment and implementation method |
| CN114766086A (en) * | 2019-12-19 | 2022-07-19 | 西门子交通有限责任公司 | Transmission device for transmitting data |
-
2002
- 2002-12-10 CN CN 02290850 patent/CN2588677Y/en not_active Expired - Fee Related
Cited By (12)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100367703C (en) * | 2004-03-10 | 2008-02-06 | 浙江大学 | Data exchange method and device between double-channel asymmetric isolation networks |
| CN100373867C (en) * | 2005-01-14 | 2008-03-05 | 北邮英科(北京)信息技术研究所有限公司 | Massive parallel processing apparatus and method for network isolation and information exchange module |
| CN102610022A (en) * | 2012-02-09 | 2012-07-25 | 浪潮齐鲁软件产业有限公司 | Method for verifying authenticity of invoice invoiced from network |
| CN102916960A (en) * | 2012-10-18 | 2013-02-06 | 中国电力科学研究院 | Strategy synchronization method and system applied to physical isolation gap |
| CN102916960B (en) * | 2012-10-18 | 2016-12-21 | 中国电力科学研究院 | A kind of policy synchronization method being applied to physics isolation net gap and system thereof |
| CN105676676A (en) * | 2015-12-03 | 2016-06-15 | 广西理工职业技术学院 | Physical isolation gap management system controller |
| CN106341397A (en) * | 2016-08-25 | 2017-01-18 | 柏盟(北京)科技发展有限公司 | Industrial safety isolation GAP |
| CN106657051A (en) * | 2016-12-16 | 2017-05-10 | 湖南大唐先科技有限公司 | FPGA (Field Programmable Gate Array) based data isolation physical card |
| CN106657051B (en) * | 2016-12-16 | 2023-06-06 | 湖南大唐先一科技有限公司 | Based on FPGA data isolation physical card |
| CN107968787A (en) * | 2017-12-07 | 2018-04-27 | 徐珊 | A kind of rete mirabile signaling alarm systems of man-computer cooperation |
| CN109660565A (en) * | 2019-02-18 | 2019-04-19 | 安徽励图信息科技股份有限公司 | A kind of isolation gap equipment and implementation method |
| CN114766086A (en) * | 2019-12-19 | 2022-07-19 | 西门子交通有限责任公司 | Transmission device for transmitting data |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN207283594U (en) | Power transmission and transformation equipment state monitoring system based on network security subregion | |
| CN2588677Y (en) | Safety isolation network gate | |
| Graham et al. | Improving cybersecurity for industrial control systems | |
| CN100539499C (en) | A kind of safe star-shape local network computer system | |
| WO2021227465A1 (en) | Security defense method and system for industrial control system network | |
| CN105516189A (en) | Network security enforcement system and method based on big data platform | |
| CN1614941A (en) | Method for establishing complex network running environmental analog stimulative platform | |
| CN109660565A (en) | A kind of isolation gap equipment and implementation method | |
| Nessett | Factors affecting distributed system security | |
| CN201491036U (en) | Host monitoring and auditing system | |
| CN2337611Y (en) | Safety network computer capable of simultaneously connecting internal network and external network | |
| CN107743117A (en) | Gateway and the method and apparatus of control data transmission | |
| CN216819851U (en) | Safety access device in transformer substation | |
| WO1997016782A2 (en) | Computer network security arrangements | |
| CN1601955A (en) | Data one-way transmission system based on one-way isolated hardware channel | |
| CN103841050B (en) | A kind of LAN admittance control method of nuclear power plant analog machine and system | |
| CN2435881Y (en) | Network safety switching device | |
| CN108985083A (en) | A kind of Computer Data Security management system and method | |
| CN201403103Y (en) | Network fixation safety management system | |
| CN201403104Y (en) | Network fixation safety isolation and data exchange system | |
| CN212752295U (en) | Block chain agent module for access control of Internet of things equipment | |
| CN202584231U (en) | Highway toll collection network system having safety protection function | |
| CN107729096A (en) | Shunting information method and system | |
| CN221728347U (en) | Double unidirectional data exchange equipment | |
| CN108710807A (en) | It is gone beyond one's commission management method and its system based on regional electrical energy system |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C19 | Lapse of patent right due to non-payment of the annual fee | ||
| CF01 | Termination of patent right due to non-payment of annual fee |