CN2790051Y - Network isolation device based on PCI bus - Google Patents
Network isolation device based on PCI bus Download PDFInfo
- Publication number
- CN2790051Y CN2790051Y CN 200520057156 CN200520057156U CN2790051Y CN 2790051 Y CN2790051 Y CN 2790051Y CN 200520057156 CN200520057156 CN 200520057156 CN 200520057156 U CN200520057156 U CN 200520057156U CN 2790051 Y CN2790051 Y CN 2790051Y
- Authority
- CN
- China
- Prior art keywords
- network
- interface
- switch unit
- pci bus
- switch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
Images
Landscapes
- Small-Scale Networks (AREA)
Abstract
The utility model discloses a network isolation device based on PCI buses, which comprises a PCI bus interface, an SCM controller, a network exchange unit and a hard disk exchange unit, wherein the SCM controller is respectively connected with the network exchange unit and the hard disk exchange unit. The utility model is characterized in that the network isolation device also comprises a filter, an input end of the filter is connected with a PCI bus interface and an output end is connected with the SCM controller. The utility model can accomplish the physical isolation among different networks and has the advantages of low cost, high network security, simple networks exchange operation, etc., and the utility model is suitable for the network systems of enterprises, governments, banks and other institutions.
Description
Technical field
The utility model relates to a kind of physical isolation apparatus of filed of network information security, particularly a kind of network isolating device based on computer PCI bus.
Background technology
Along with fast development of computer technology, the continuous expansion of computer network scale, the relation of our routine work, life and computer network is also more and more closer; But when we inserted public network (the Internet) with computer, network security and information security just became a problem that can not be ignored.Particularly in enterprises and institutions such as office, government, banks, its internal information or to relate to secret, secret data be not wish to be stolen by the user of extranets, in case the leakage of significant data takes place, will make the interests of our unit or our company suffer heavy losses, even national security and interests are caused significant impact.
The measure that solves the network information security at present mainly contains following three kinds of methods:
(1) adopts the dual network system.That is, independently network system is overlapped in configuration two, and wherein a cover is in-house network, and the computer of Connected Corp. inside is realized services such as internal data, information sharing; Another set of is extranets, can connect the Internet.Simultaneously, insert different networks respectively at user terminal configuration two computers.The defective of this method is: the networking cost is higher, and the user need operate two computers respectively, not only takes up room but also inconvenient.
(2) adopt technology such as fire compartment wall or acting server.The advantage of this method is: easy to use, it is little to take up room.But this method can only realize the logic isolation of server end, in case fire compartment wall or acting server suffer external attack and paralyse that external user can obtain significant data and the information on the inner computer easily; And the core technology of this method is still by external introduction, so its strick precaution ability is still reliable inadequately.
(3) adopt the specific computer network physical isolation apparatus.That is, special network isolating device is installed on subscriber computer, is realized the physical isolation of inside and outside net by this network isolating device, the advantage of this method is: fail safe is higher, and data are taken precautions against reliable.Dual mode is arranged usually: the one, " high-end physical isolation " mode promptly adopts a hard disk, two networks (in-house network and extranets), and carries out the network switching by network isolating device.Though this method can realize physical isolation, the switching of in-house network and extranets and server thereof, guarantee the information security of in-house network, but at the corresponding same data hard disk of two network of user terminal, external user may take place steal data or information on the terminal hard disk, but can not directly steal data or information on the Intranet server hard disc.The 2nd, " full physical isolation " mode promptly adopts two hard disks, two networks (in-house network and extranets), the corresponding data hard disk of each network, and carry out the switching of network or hard disk by network isolating device.This mode can strict physical isolation in-house network and extranets, and the data of intranet and extranet, both can realize network security, can realize the information security of intranet and extranet again, also are the main development trends of the present network information security.
In the device of above-mentioned realization the " physical isolation ", main at present external control switch and the computer software control dual mode of adopting, wherein, the defective of external control switch mode is: inconvenient operation, the handoff procedure required time is longer; And the computer software control mode mainly to adopt computer serial port or the pci bus input as control signal, existing network security separate card all be to adopt computer serial port control mode basically, but serial port is eliminated gradually.And pci bus interface special chip (pci bus interface chip CH365 for example, PCI9050 etc.) though can be quick, read the control signal on the pci bus easily, but, because the message transmission rate on the pci bus (is supported 64 transmission very soon, its data transmission rate is 133MB/s, the bus operating rate reaches 66MHz), because of the cost of special chip very high, must improve the cost of Related product, and, the complex structure of special chip, must cause the rising of the expense of researching and developing, can't utilize the internal resource of chip again fully, cause the unnecessary wasting of resources etc.
Summary of the invention
In order to solve the deficiencies in the prior art, the utility model provides a kind of network isolating device based on computer PCI bus, this device adopts the GAL chip as the pci bus interface chip, be programmed for the feature codes digits filter, singlechip controller carries out discerning on the sequential to the signal by filter, information is effectively just carried out corresponding network handover operation, realizes that low cost reaches physical isolation control and switches purpose.
The technical scheme that the utility model adopted: a kind of network isolating device based on pci bus, comprise pci bus interface, singlechip controller, network switch unit and hard disk switch unit, singlechip controller is connected with network switch unit, hard disk switch unit respectively, it is characterized in that, also comprise a filter, the input of this filter is connected with pci bus interface, and output is connected with singlechip controller.
Above-mentioned network switch unit comprises interior network interface, outer network interface, computer network interface and diverter switch; The input of diverter switch is connected with singlechip controller, and output is connected with interior network interface, outer network interface, computer network interface respectively.
Network interface, outer network interface and computer network interface all adopt the RJ45 interface in above-mentioned.
Above-mentioned network switch unit also comprises the control switch interface.
Above-mentioned hard disk switch unit is combined separately by data wire switch unit or power supply switch unit; Or by data wire switch unit and power supply switch unit the two comprehensively forms.
Above-mentioned hard disc data line switch unit comprises Intranet hard disc data line interface, outer net hard disc data line interface, computer data line interface and data wire bus switch; Between Intranet hard disc data line interface and the computer data line interface, be connected by the data wire bus switch between outer net hard disc data line interface and the computer data line interface, and the Enable Pin of data wire bus switch is connected with singlechip controller.
Above-mentioned hard disk power supply switch unit comprises Intranet hard disk power interface, outer net hard disk power interface, computer power supply interface and diverter switch; The input of diverter switch is connected with singlechip controller, and output is connected with Intranet hard disk power interface, outer net hard disk power interface, computer power supply interface respectively.
Above-mentioned filter is made up of general programmable array logic chip (GAL) and output latch (d type flip flop), and the input of programmable logic array microarray biochip is connected with pci bus interface, and output is connected with singlechip controller through latch.
The beneficial effects of the utility model: (1) cost is low, general programmable logic array chip (GAL) the replacement special chip of this network isolating device employing reads the control signal on the pci bus, not only can reduce cost, and resources of chip utilance height, control is simple.The computer user only needs to increase a cassette spacer assembly and a hard disk storage devices in a computer, can realize the physical isolation of two cover networks, and switches mutually; For the user, its cost is lower, need not to dispose two computers, and can save the space of the many computers of other placement.(2) internet security height, this network isolating device can be realized " high-end physical isolation " (or the title " terminal logic isolation ") between the inside and outside net, at one time, the user can only connect a wherein cover network, therefore, between heterogeneous networks, can't exchange visits, and impossible outgoing access the other side's server, promptly server end is carried out physical isolation, and user terminal is carried out logic isolation, avoid effectively attacking the harm that brings between the network, guarantee the network security of inside and outside net.(3) this network isolating device can also be realized " full physical isolation " (or cry " real physical isolation ") between the inside and outside net, at one time, the user can only connect a wherein cover network, and different network correspondences different hard disk storage devices, therefore, between heterogeneous networks, not only can't exchange visits, and not have shared memory device, guarantee the information security between the inside and outside net.(4) the network handover operation is simple, and this network isolating device is furnished with special-purpose switching software, and the user only needs can finish switching by mouse or keyboard operation, also has the switching of hand switch simultaneously concurrently.
Description of drawings
Fig. 1 is the structural representation of spacer assembly described in the utility model;
Fig. 2 is the structural representation of spacer assembly first embodiment described in the utility model;
Fig. 3 is the structural representation of spacer assembly second embodiment described in the utility model;
Fig. 4 is one of circuit theory diagrams of spacer assembly first embodiment described in the utility model;
Fig. 5 be spacer assembly first embodiment described in the utility model circuit theory diagrams two;
Fig. 6 is the circuit theory diagrams of spacer assembly second embodiment described in the utility model;
Fig. 7 is the structural representation of spacer assembly the 3rd embodiment described in the utility model;
Fig. 8 is a signal flow graph of the present utility model;
Fig. 9 is a control flow chart of the present utility model;
Figure 10 is a network connection architecture schematic diagram of the present utility model.
Embodiment
As shown in Figure 1, a kind of network isolating device based on pci bus comprises pci bus interface 1, singlechip controller 2, network switch unit 3, hard disk switch unit 4 and filter 5; The output of singlechip controller 2 connects network switch unit 3 and hard disk switch unit 4 respectively, and the input of filter 5 is connected with pci bus interface 1, and output is connected with singlechip controller 2.Wherein, described hard disk switch unit 4 can be combined separately by data wire switch unit 41 or power supply switch unit 42; Also can the two comprehensively forms by data wire switch unit 41 and power supply switch unit 42.
Below will introduce operation principle of the present utility model and structure thereof by specific embodiment:
Embodiment one
As shown in Figure 2, a kind of network isolating device based on pci bus, comprise pci bus interface 1, singlechip controller 2, network switch unit 3, data wire switch unit 41 and filter 5, singlechip controller 2 is connected with network switch unit 3, data wire switch unit 41 respectively, and filter 5 is connected between pci bus interface 1 and the singlechip controller 2.Wherein, network switch unit 3 comprises interior network interface 311, outer network interface 312, computer network interface 313, control switch interface 32 and diverter switch 33, the output of diverter switch 33 is connected with interior network interface 311, outer network interface 312, computer network interface 313 respectively, and the input of diverter switch 33 is connected with singlechip controller 2.Data wire switch unit 41 comprises Intranet hard disc data line interface 411, outer net hard disc data line interface 412, computer data line interface 413 and data wire bus switch 410, between Intranet hard disc data line interface 411 and the computer data line interface 413, be connected by data wire bus switch 410 between outer net hard disc data line interface 412 and the computer data line interface 413, and the Enable Pin of data wire bus switch 410 is connected with singlechip controller 2.Filter 5 is made up of programmable logic array chip (GAL) 51 and output latch (d type flip flop) 52, and the input of programmable logic array chip 51 is connected with pci bus, and output is connected with singlechip controller 2 through latch 52.
Be depicted as the circuit theory diagrams of present embodiment as Fig. 4,5, the address/data bus AD[00 of pci bus interface U1]~AD[11], control bus C/BE[0]~C/BE[3], clock signal clk, transmission of control signals FRAME be connected with the input of programmable logic array chip U5, reset signal RET is connected with the middle fracture INT0 of singlechip controller U2.Output signal IO4~IO6 of programmable logic array chip U5 is connected with input port P3.3~P3.5 of singlechip controller U2 through latch U51, U52, U53.The output control terminal P1.3 of singlechip controller U2 is connected with relay switch U31, U32 through triode amplifier T1, switch contact A, the B of relay switch U31, U32 connects computer network interface NC, contact A NO, BNO connect outer network interface NB, network interface NA in contact A NC, BNC connect; Another group output control terminal P1.6, the P1.7 of singlechip controller U2 are connected with the Enable Pin OE of data wire bus switch chip U41A, U41B, U42A, U42B, U43A, U43B, U44A, U44B; Another output P1.2 of singlechip controller U2 is connected with the reset terminal CD of latch U51; Another input P3.0, the P3.1 of singlechip controller U2 are connected with outside connected switch SW1, SW2.In Fig. 5, computer data line interface IDE-C is connected with Intranet hard disc data line interface IDE-A through data wire bus switch U41A, U41B, U42A, U42B, and computer data line interface IDE-C is connected with outer net hard disc data line interface IDE-B through data wire bus switch U43A, U43B, U44A, U44B; When enable signal ENA was effective, the Intranet hard disk was switched on; When enable signal ENB was effective, the outer net hard disk was switched on.
Embodiment two
Be illustrated in figure 3 as the structural representation of another embodiment of the utility model, different with embodiment one is, in the present embodiment, and the data wire switch unit 41 that adopts power supply switch unit 42 to replace among the embodiment one.Wherein, power supply switch unit 42 comprises Intranet hard disk power interface 421, outer net hard disk power interface 422, computer power supply interface 423 and diverter switch 420, the output of diverter switch 420 is connected with Intranet hard disk power interface 421, outer net hard disk power interface 422, computer power supply interface 423 respectively, and the input of diverter switch 420 is connected with singlechip controller 2.Other annexation is identical with embodiment one, and no longer class is stated.
As shown in Figure 6, the circuit theory diagrams of present embodiment and embodiment one are basic identical, different is, output control terminal P1.6, the P1.7 of singlechip controller U2 are through triode amplifier T3, T2, be connected with relay switch U41, U42, switch contact A, the B of relay switch U41, U42 connects computer power supply interface PC respectively, the contact A NO of relay switch U41, BNO connect outer net hard disk power interface PB, and the contact A NO of relay switch U42, BNO connect Intranet hard disk power interface PA.
Embodiment three
As shown in Figure 7, present embodiment has been gathered the structure of embodiment one, two, this network isolating device comprises pci bus interface 1, singlechip controller 2, network switch unit 3, hard disk switch unit 4 and filter 5, singlechip controller 2 is connected with network switch unit 3, hard disk switch unit 4 respectively, and filter 5 is connected between pci bus interface 1 and the singlechip controller 2; Wherein, hard disk switch unit 4 is comprehensively formed by data wire switch unit 41 and power supply switch unit 42, and data wire switch unit 41 and power supply switch unit 42 are by singlechip controller 2 controls.The circuit theory diagrams of present embodiment can be by the circuit diagram of the foregoing description one, two in conjunction with drawing, this no longer class state.
The above is three kinds of specific embodiments of the present utility model, and the concrete structure schematic diagram and the circuit theory diagrams of this network isolating device, below will further specify its operation principle:
As shown in Figure 8, the utility model is by the pci bus transmission of control signals of computer-internal, selected address/data bus AD[00 for use]~AD[11], control bus C/BE[0]~C/BE[3], clock signal clk and transmission of control signals FRAME, when digital filter (forming) when receiving above-mentioned signal by general programmable array logic chip and output latch, according to its predefined filtering mode, therefrom extract condition code (predefined special string), user's switching signal of sending etc. just, and latch by output, wait for that singlechip controller reads; After singlechip controller all collects above-mentioned condition code (condition code length is set according to actual conditions), can compare identification.If condition code meets the requirements, then carry out associative operation according to the definition of this condition code: when the user need switch to in-house network, singlechip controller is promptly connected interior network interface, opens the Intranet hard disk simultaneously, and computer is connected with in-house network; When the user need switch to extranets, singlechip controller is promptly connected outer network interface, opens the outer net hard disk simultaneously, and computer is connected with extranets (the Internet).Singlechip controller can also be selected its working method according to the state of jumper switch.
Be illustrated in figure 9 as the Network Isolation method of the utility model, finish by following steps based on pci bus:
A. the user sends switching command;
B. filter extracts condition code from the pci data mouth, and latchs;
C. singlechip controller reads condition code, and discerns processing;
D. singlechip controller is carried out the defined handover operation of condition code.
Network isolating device described in the utility model can be realized following two kinds of handover operations:
(1) logic isolation: when the user selected the logic isolation operation, above-mentioned singlechip controller only carried out the network handover operation, and switch data is not stored employed hard disk.That is to say that adopt this switching mode, computer need not to restart, and can finish the handover operation of inside and outside net, and before and after switching, in-house network and extranets use same hard disk.
(2) physical isolation: when the user selected the physics isolated operation, above-mentioned singlechip controller not only carried out the network handover operation, and switch data is stored employed hard disk simultaneously.That is to say that adopt this switching mode, computer must restart, finish intranet and extranet and corresponding hard disk handover operation thereof, before and after switching, in-house network uses different hard disks with extranets.
Be the network connection diagram in the utility model practical application as shown in figure 10, isolation card (promptly, network isolating device) is installed in the PCI slot of personal computer, its computer network interface is connected with network interface card by netting twine, interior network interface is connected with interior network switch, outer network interface is connected with outer network switch, and interior network switch is connected Intranet and outer net (that is the Internet) respectively with outer network switch.Connect in a manner described, can realize the physical isolation between Intranet and the outer net, but at user terminal, can be implemented in switching between Intranet and the outer net by network security separate card, in the same time, the user can only be connected with one of them network, has effectively realized the effect of Network Isolation, is specially adapted to the network system of enterprises and institutions such as office, government, bank.
Claims (8)
1. network isolating device based on pci bus, comprise pci bus interface (1), singlechip controller (2), network switch unit (3) and hard disk switch unit (4), singlechip controller (2) is connected with network switch unit (3), hard disk switch unit (4) respectively, it is characterized in that, also comprise a filter (5), the input of this filter (5) is connected with pci bus interface (1), and output is connected with singlechip controller (2).
2. the network isolating device based on pci bus according to claim 1 is characterized in that, described network switch unit (3) comprises interior network interface (311), outer network interface (312), computer network interface (313) and diverter switch (33); The input of diverter switch (33) is connected with singlechip controller (2), and output is connected with interior network interface (311), outer network interface (312), computer network interface (313) respectively.
3. the network isolating device based on pci bus according to claim 2 is characterized in that, described interior network interface (311), outer network interface (312) and computer network interface (313) all adopt the RJ45 interface.
4. the network isolating device based on pci bus according to claim 1 and 2 is characterized in that, described network switch unit (3) also comprises control switch interface (32).
5. the network isolating device based on pci bus according to claim 1 is characterized in that, described hard disk switch unit (4) is combined separately by data wire switch unit (41) or power supply switch unit (42); Or by data wire switch unit (41) and power supply switch unit (42) the two comprehensively forms.
6. the network isolating device based on pci bus according to claim 5, it is characterized in that described hard disc data line switch unit (41) comprises Intranet hard disc data line interface (411), outer net hard disc data line interface (412), computer data line interface (413) and data wire bus switch (410); Between Intranet hard disc data line interface (411) and the computer data line interface (413), be connected by data wire bus switch (410) between outer net hard disc data line interface (412) and the computer data line interface (413), and the Enable Pin of data wire bus switch (410) is connected with singlechip controller (2).
7. the network isolating device based on pci bus according to claim 5, it is characterized in that described hard disk power supply switch unit (42) comprises Intranet hard disk power interface (421), outer net hard disk power interface (422), computer power supply interface (423) and diverter switch (420); The input of diverter switch (420) is connected with singlechip controller (2), and output is connected with Intranet hard disk power interface (421), outer net hard disk power interface (422), computer power supply interface (423) respectively.
8. the network isolating device based on pci bus according to claim 1, it is characterized in that, described filter (5) is made up of programmable logic array chip (51) and output latch (52), the input of programmable logic array chip (51) is connected with pci bus interface (1), and output is connected with singlechip controller (2) through latch (52).
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200520057156 CN2790051Y (en) | 2005-04-18 | 2005-04-18 | Network isolation device based on PCI bus |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 200520057156 CN2790051Y (en) | 2005-04-18 | 2005-04-18 | Network isolation device based on PCI bus |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN2790051Y true CN2790051Y (en) | 2006-06-21 |
Family
ID=36790383
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 200520057156 Expired - Fee Related CN2790051Y (en) | 2005-04-18 | 2005-04-18 | Network isolation device based on PCI bus |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN2790051Y (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100435512C (en) * | 2005-04-18 | 2008-11-19 | 梁雁文 | Network isolating device based on PCI bus and its method |
| CN101800649A (en) * | 2010-03-03 | 2010-08-11 | 武汉华源电力集团股份有限公司 | Physical isolation card |
| CN102932372A (en) * | 2012-11-22 | 2013-02-13 | 山东中孚信息产业股份有限公司 | Network security isolation card and implementation method thereof |
-
2005
- 2005-04-18 CN CN 200520057156 patent/CN2790051Y/en not_active Expired - Fee Related
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100435512C (en) * | 2005-04-18 | 2008-11-19 | 梁雁文 | Network isolating device based on PCI bus and its method |
| CN101800649A (en) * | 2010-03-03 | 2010-08-11 | 武汉华源电力集团股份有限公司 | Physical isolation card |
| CN102932372A (en) * | 2012-11-22 | 2013-02-13 | 山东中孚信息产业股份有限公司 | Network security isolation card and implementation method thereof |
| CN102932372B (en) * | 2012-11-22 | 2015-04-15 | 山东中孚信息产业股份有限公司 | Network security isolation card and implementation method thereof |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN102012791B (en) | Flash based PCIE (peripheral component interface express) board for data storage | |
| TW202040580A (en) | Methods for operating memory, memory apparatuses, and electronic memory apparatuses | |
| CN105468298B (en) | A kind of key assignments storage method based on log-structured merging tree | |
| CN101267361A (en) | A high-speed network data packet capturing method based on zero duplication technology | |
| CN101320348A (en) | Log function implementing method of embedded system | |
| CN2790051Y (en) | Network isolation device based on PCI bus | |
| CN102652313B (en) | Flash memory controller and operation method | |
| CN1688129A (en) | Network isolating device based on PCI bus and its method | |
| CN102724305A (en) | Method for remotely accessing to terminal U (universal serial bus) flash disk | |
| CN102610269A (en) | Write-once read-many disc internal memory | |
| CN101208673A (en) | Techniques for providing communications in a data storage system using a single IC for both storage device communications and peer-to-peer communications | |
| CN101692249B (en) | Method for performing data access on power demand side system | |
| CN2684479Y (en) | Security isolation apparatus for unidirectional connection network | |
| CN1845084A (en) | Embedded remote monitoring system based on Ethernet and PSTN communication mode | |
| WO2008103590A1 (en) | System and method for improving data caching | |
| CN116136748B (en) | High-bandwidth NVMe SSD read-write system and method based on FPGA | |
| Chen et al. | PATCH: Process-variation-resilient space allocation for open-channel SSD with 3D flash | |
| US7114031B2 (en) | Structure and method of cache memory data update | |
| CN2790053Y (en) | Mixed network isolation system | |
| CN101031053A (en) | Video-information storing device and method | |
| CN115562574A (en) | NVMe acceleration system, method, equipment and readable medium | |
| CN109871337A (en) | A kind of SSD storaging medium switching method and its system | |
| CN103150129B (en) | PXI e interface Nand Flash data flow table access accelerated method | |
| CN1278248C (en) | Data isolation switching transmission method based on extended data bus of embedded system | |
| CN2667565Y (en) | Integrated network isolating card |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| C17 | Cessation of patent right | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20060621 |